]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/evp_extra_test.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
do_sigver_init: Allow reinitialization of an existing operation.
[thirdparty/openssl.git] / test / evp_extra_test.c
CommitLineData
440e5d80 1/*
4333b89f 2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
71ea6b48 3 *
909f1a2e 4 * Licensed under the Apache License 2.0 (the "License"). You may not use
440e5d80
RS		 5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
71ea6b48
MC		 8 */
9
41bbba53
P		 10/* We need to use some deprecated APIs */
11#define OPENSSL_SUPPRESS_DEPRECATED
12
71ea6b48
MC		 13#include <stdio.h>
14#include <stdlib.h>
bb5f281a 15#include <string.h>
71ea6b48 16#include <openssl/bio.h>
7bb82f92 17#include <openssl/conf.h>
71ea6b48
MC		 18#include <openssl/crypto.h>
19#include <openssl/err.h>
20#include <openssl/evp.h>
71ea6b48 21#include <openssl/x509.h>
4803717f 22#include <openssl/pem.h>
10d5b415 23#include <openssl/kdf.h>
847d0f81 24#include <openssl/provider.h>
9c45222d 25#include <openssl/core_names.h>
f54a4101 26#include <openssl/params.h>
d7e498ac 27#include <openssl/param_build.h>
9c45222d 28#include <openssl/dsa.h>
e295de1d 29#include <openssl/dh.h>
e5bc0ce2 30#include <openssl/aes.h>
d7e498ac 31#include <openssl/decoder.h>
e947a064 32#include <openssl/rsa.h>
0299094c 33#include <openssl/engine.h>
adcd8e37 34#include "testutil.h"
176db6dc 35#include "internal/nelem.h"
00bc1ad9 36#include "internal/sizes.h"
25f2138b 37#include "crypto/evp.h"
f0c62c53 38#include "../e_os.h" /* strcasecmp */
71ea6b48 39
b4250010 40static OSSL_LIB_CTX *testctx = NULL;
062490db
JS		 41static char *testpropq = NULL;
42
43static OSSL_PROVIDER *nullprov = NULL;
44static OSSL_PROVIDER *deflprov = NULL;
45static OSSL_PROVIDER *lgcyprov = NULL;
86dc26ba 46
71ea6b48
MC		 47/*
48 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
49 * should never use this key anywhere but in an example.
50 */
51static const unsigned char kExampleRSAKeyDER[] = {
52 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
53 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
54 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
55 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
56 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
57 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
58 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
59 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
60 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
61 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
62 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
63 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
64 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
65 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
66 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
67 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
68 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
69 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
70 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
71 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
72 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
73 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
74 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
75 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
76 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
77 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
78 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
79 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
80 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
81 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
82 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
83 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
84 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
85 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
86 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
87 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
88 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
89 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
90 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
91 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
92 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
93 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
94 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
95 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
96 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
97 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
98 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
99 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
100 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
101 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
102 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
103};
104
59d0e6c8
MC		 105/*
106* kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
107 * should never use this key anywhere but in an example.
108 */
f650ab47 109#ifndef OPENSSL_NO_DSA
59d0e6c8
MC		 110static const unsigned char kExampleDSAKeyDER[] = {
111 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
112 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
113 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
114 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
115 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
116 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
117 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
118 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
119 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
120 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
121 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
122 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
123 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
124 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
125 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
126 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
127 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
128 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
129 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
130 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
131 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
132 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
133 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
134 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
135 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
136 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
137 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
138 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
139 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
140 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
141 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
142 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
143 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
144 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
145 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
146 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
147 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
148 0x40, 0x48
149};
f650ab47 150#endif
59d0e6c8 151
2aee35d3
PY		 152/*
153 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
154 * components are not correct.
155 */
156static const unsigned char kExampleBadRSAKeyDER[] = {
157 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
158 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
159 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
160 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
161 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
162 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
163 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
164 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
165 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
166 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
167 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
168 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
169 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
170 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
171 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
172 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
173 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
174 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
175 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
176 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
177 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
178 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
179 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
180 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
181 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
182 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
183 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
184 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
185 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
186 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
187 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
188 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
189 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
190 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
191 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
192 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
193 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
194 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
195 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
196 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
197 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
198 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
199 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
200 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
201 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
202 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
203 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
204 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
205 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
206 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
207 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
208 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
209 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
210 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
211 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
212 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
213 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
214 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
215 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
216 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
217 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
218 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
219 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
220 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
221 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
222 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
223 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
224 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
225 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
226 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
227 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
228 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
229 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
230 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
231 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
232 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
233 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
234 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
235 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
236 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
237 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
238 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
239 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
240 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
241 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
242 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
243 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
244 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
245 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
246};
247
71ea6b48
MC		 248static const unsigned char kMsg[] = { 1, 2, 3, 4 };
249
250static const unsigned char kSignature[] = {
251 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
252 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
253 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
254 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
255 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
256 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
257 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
258 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
259 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
260 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
261 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
262};
263
264/*
265 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
266 * PrivateKeyInfo.
267 */
268static const unsigned char kExampleRSAKeyPKCS8[] = {
269 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
270 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
271 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
272 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
273 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
274 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
275 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
276 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
277 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
278 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
279 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
280 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
281 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
282 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
283 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
284 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
285 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
286 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
287 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
288 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
289 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
290 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
291 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
292 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
293 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
294 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
295 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
296 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
297 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
298 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
299 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
300 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
301 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
302 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
303 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
304 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
305 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
306 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
307 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
308 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
309 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
310 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
311 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
312 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
313 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
314 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
315 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
316 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
317 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
318 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
319 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
320 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
321 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
322};
323
a9880362 324#ifndef OPENSSL_NO_EC
71ea6b48
MC		 325/*
326 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
327 * structure.
328 */
329static const unsigned char kExampleECKeyDER[] = {
330 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
331 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
332 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
333 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
334 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
335 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
336 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
337 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
338 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
339 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
340 0xc1,
341};
342
343/*
344 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
345 * structure. The private key is equal to the order and will fail to import
346 */
347static const unsigned char kExampleBadECKeyDER[] = {
348 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
349 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
350 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
351 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
352 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
353 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
354 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
355 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
356 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
357};
b0004708
PY		 358
359/* prime256v1 */
360static const unsigned char kExampleECPubKeyDER[] = {
361 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
362 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
363 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
364 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
365 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
366 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
367 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
368 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
369};
370
5dc40a83 371/*
87762939 372 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
5dc40a83
BE		 373 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
374 */
375static const unsigned char kExampleBadECPubKeyDER[] = {
376 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
377 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
378 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
379 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
380 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
381 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
382 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
383 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
384};
385
b0004708
PY		 386static const unsigned char pExampleECParamDER[] = {
387 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
388};
2cf8bb46
MC		 389
390static const unsigned char kExampleED25519KeyDER[] = {
391 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
392 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
393 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
394 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
395};
396
397static const unsigned char kExampleED25519PubKeyDER[] = {
398 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
399 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
400 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
401 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
402};
403
a983764e
MC		 404# ifndef OPENSSL_NO_DEPRECATED_3_0
405static const unsigned char kExampleX25519KeyDER[] = {
406 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
407 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
408 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
409 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
410};
411# endif
412#endif
413
414/* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
415#ifndef OPENSSL_NO_DEPRECATED_3_0
416# ifndef OPENSSL_NO_DH
417static const unsigned char kExampleDHKeyDER[] = {
418 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
419 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
420 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
421 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
422 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
423 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
424 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
425 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
426 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
427 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
428 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
429 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
430 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
431 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
432 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
433 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
434 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
435 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
436 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
437 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
438 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
439 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
440 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
441 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
442 0x2e, 0x87, 0x2a, 0x0b, 0x7a
443};
444# endif
a9880362 445#endif
71ea6b48 446
063e0197
JC		 447static const unsigned char kCFBDefaultKey[] = {
448 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
449 0x09, 0xCF, 0x4F, 0x3C
450};
451
452static const unsigned char kGCMDefaultKey[32] = { 0 };
453
454static const unsigned char kGCMResetKey[] = {
455 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
456 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
457 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
458};
459
460static const unsigned char iCFBIV[] = {
461 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
462 0x0C, 0x0D, 0x0E, 0x0F
463};
464
465static const unsigned char iGCMDefaultIV[12] = { 0 };
466
467static const unsigned char iGCMResetIV1[] = {
468 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
469};
470
471static const unsigned char iGCMResetIV2[] = {
472 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
473};
474
475static const unsigned char cfbPlaintext[] = {
476 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
477 0x73, 0x93, 0x17, 0x2A
478};
479
480static const unsigned char gcmDefaultPlaintext[16] = { 0 };
481
482static const unsigned char gcmResetPlaintext[] = {
483 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
484 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
485 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
486 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
487 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
488};
489
490static const unsigned char cfbCiphertext[] = {
491 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
492 0xE8, 0x3C, 0xFB, 0x4A
493};
494
495static const unsigned char gcmDefaultCiphertext[] = {
496 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
497 0xba, 0xf3, 0x9d, 0x18
498};
499
500static const unsigned char gcmResetCiphertext1[] = {
501 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
502 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
503 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
504 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
505 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
506};
507
508static const unsigned char gcmResetCiphertext2[] = {
509 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
510 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
511 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
512 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
513 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
514};
515
516static const unsigned char gcmAAD[] = {
517 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
518 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
519};
520
521static const unsigned char gcmDefaultTag[] = {
522 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
523 0xd4, 0x8a, 0xb9, 0x19
524};
525
526static const unsigned char gcmResetTag1[] = {
527 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
528 0xfe, 0x2e, 0xa8, 0xf2
529};
530
531static const unsigned char gcmResetTag2[] = {
532 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
533 0xbb, 0x2d, 0x55, 0x1b
534};
535
adcd8e37
RS		 536typedef struct APK_DATA_st {
537 const unsigned char *kder;
538 size_t size;
5b5eea4b 539 const char *keytype;
adcd8e37 540 int evptype;
2aee35d3 541 int check;
b0004708
PY		 542 int pub_check;
543 int param_check;
544 int type; /* 0 for private, 1 for public, 2 for params */
adcd8e37
RS		 545} APK_DATA;
546
547static APK_DATA keydata[] = {
5b5eea4b
SL		 548 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
549 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
aa24cd1b 550#ifndef OPENSSL_NO_EC
5b5eea4b 551 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
aa24cd1b 552#endif
adcd8e37
RS		 553};
554
2aee35d3 555static APK_DATA keycheckdata[] = {
2cf8bb46
MC		 556 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
557 0},
5b5eea4b 558 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
e6774a72 559 0, 1, 1, 0},
2aee35d3 560#ifndef OPENSSL_NO_EC
5b5eea4b 561 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
b0004708 562 /* group is also associated in our pub key */
2cf8bb46
MC		 563 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
564 1, 1},
565 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
566 2},
567 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
568 EVP_PKEY_ED25519, 1, 1, 1, 0},
569 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
570 EVP_PKEY_ED25519, 0, 1, 1, 1},
2aee35d3
PY		 571#endif
572};
573
d7e498ac
RL		 574static EVP_PKEY *load_example_key(const char *keytype,
575 const unsigned char *data, size_t data_len)
71ea6b48 576{
d7e498ac 577 const unsigned char **pdata = &data;
71ea6b48 578 EVP_PKEY *pkey = NULL;
d7e498ac 579 OSSL_DECODER_CTX *dctx =
fe75766c 580 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
062490db 581 testctx, testpropq);
71ea6b48 582
d7e498ac
RL		 583 /* |pkey| will be NULL on error */
584 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
585 OSSL_DECODER_CTX_free(dctx);
586 return pkey;
587}
71ea6b48 588
d7e498ac
RL		 589static EVP_PKEY *load_example_rsa_key(void)
590{
591 return load_example_key("RSA", kExampleRSAKeyDER,
592 sizeof(kExampleRSAKeyDER));
71ea6b48
MC		 593}
594
f650ab47 595#ifndef OPENSSL_NO_DSA
59d0e6c8
MC		 596static EVP_PKEY *load_example_dsa_key(void)
597{
6ed4022c
RL		 598 return load_example_key("DSA", kExampleDSAKeyDER,
599 sizeof(kExampleDSAKeyDER));
59d0e6c8 600}
f650ab47 601#endif
59d0e6c8 602
15ff7d7c
MC		 603#ifndef OPENSSL_NO_EC
604static EVP_PKEY *load_example_ec_key(void)
605{
606 return load_example_key("EC", kExampleECKeyDER,
607 sizeof(kExampleECKeyDER));
608}
609#endif
610
a983764e
MC		 611#ifndef OPENSSL_NO_DEPRECATED_3_0
612# ifndef OPENSSL_NO_DH
613static EVP_PKEY *load_example_dh_key(void)
614{
615 return load_example_key("DH", kExampleDHKeyDER,
616 sizeof(kExampleDHKeyDER));
617}
618# endif
619
620# ifndef OPENSSL_NO_EC
a983764e
MC		 621static EVP_PKEY *load_example_ed25519_key(void)
622{
623 return load_example_key("ED25519", kExampleED25519KeyDER,
624 sizeof(kExampleED25519KeyDER));
625}
626
627static EVP_PKEY *load_example_x25519_key(void)
628{
629 return load_example_key("X25519", kExampleX25519KeyDER,
630 sizeof(kExampleX25519KeyDER));
631}
632# endif
633#endif /* OPENSSL_NO_DEPRECATED_3_0 */
634
6d242fa5
MC		 635static EVP_PKEY *load_example_hmac_key(void)
636{
637 EVP_PKEY *pkey = NULL;
638 unsigned char key[] = {
639 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
640 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
641 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
642 };
643
5af6e154
TM		 644 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
645 NULL, key, sizeof(key));
6d242fa5
MC		 646 if (!TEST_ptr(pkey))
647 return NULL;
648
649 return pkey;
650}
651
f9e504e8
P		 652static int test_EVP_set_default_properties(void)
653{
b4250010 654 OSSL_LIB_CTX *ctx;
f9e504e8
P		 655 EVP_MD *md = NULL;
656 int res = 0;
657
b4250010 658 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
f9e504e8
P		 659 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
660 goto err;
661 EVP_MD_free(md);
662 md = NULL;
663
664 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
665 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
666 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
667 goto err;
668 EVP_MD_free(md);
669 md = NULL;
670
671 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
672 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
673 goto err;
674 res = 1;
675err:
676 EVP_MD_free(md);
b4250010 677 OSSL_LIB_CTX_free(ctx);
f9e504e8
P		 678 return res;
679}
680
b8a1272d 681#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
fd19fc4c 682static int test_fromdata(char *keytype, int selection, OSSL_PARAM *params)
b8a1272d
MC		 683{
684 EVP_PKEY_CTX *pctx = NULL;
685 EVP_PKEY *pkey = NULL;
686 int testresult = 0;
fd19fc4c
MC		 687 int ret;
688 BIO *bio = BIO_new(BIO_s_mem());
b8a1272d 689
062490db 690 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
b8a1272d 691 goto err;
2db985b7
SL		 692 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
693 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
694 params), 0))
b8a1272d
MC		 695 goto err;
696
697 if (!TEST_ptr(pkey))
698 goto err;
699
fd19fc4c
MC		 700 /* Check we can use the resulting key */
701 ret = PEM_write_bio_PUBKEY(bio, pkey);
702 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
703 if (!TEST_true(ret))
704 goto err;
705 } else {
706 if (!TEST_false(ret))
707 goto err;
708 }
709 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
710 testctx, NULL);
711 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
712 if (!TEST_true(ret))
713 goto err;
714 } else {
715 if (!TEST_false(ret))
716 goto err;
717 }
718
b8a1272d
MC		 719 testresult = 1;
720 err:
721 EVP_PKEY_free(pkey);
722 EVP_PKEY_CTX_free(pctx);
fd19fc4c 723 BIO_free(bio);
b8a1272d
MC		 724
725 return testresult;
726}
727#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
728
2c04b341 729/*
8a9394c1 730 * Test combinations of private, public, missing and private + public key
2c04b341
JS		 731 * params to ensure they are all accepted
732 */
b8a1272d 733#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
2c04b341
JS		 734static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
735{
736 OSSL_PARAM_BLD *bld = NULL;
737 OSSL_PARAM *params = NULL;
738 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2c04b341
JS		 739 int ret = 0;
740
741 /*
742 * Setup the parameters for our pkey object. For our purposes they don't
743 * have to actually be *valid* parameters. We just need to set something.
744 */
b8a1272d 745 if (!TEST_ptr(p = BN_new())
2c04b341
JS		 746 || !TEST_ptr(q = BN_new())
747 || !TEST_ptr(g = BN_new())
748 || !TEST_ptr(pub = BN_new())
749 || !TEST_ptr(priv = BN_new()))
750 goto err;
751
752 /* Test !priv and !pub */
753 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
754 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
755 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
756 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
757 goto err;
758 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
759 goto err;
760
fd19fc4c 761 if (!test_fromdata(keytype, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, params))
2c04b341 762 goto err;
3f883c7c 763 OSSL_PARAM_free(params);
6bcbc369 764 params = NULL;
2c04b341
JS		 765 OSSL_PARAM_BLD_free(bld);
766
767 /* Test priv and !pub */
768 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
769 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
770 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
771 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
772 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
773 priv)))
774 goto err;
775 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
776 goto err;
777
fd19fc4c 778 if (!test_fromdata(keytype, OSSL_KEYMGMT_SELECT_PRIVATE_KEY, params))
2c04b341 779 goto err;
3f883c7c 780 OSSL_PARAM_free(params);
6bcbc369 781 params = NULL;
2c04b341
JS		 782 OSSL_PARAM_BLD_free(bld);
783
784 /* Test !priv and pub */
785 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
786 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
787 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
788 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
789 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
790 pub)))
791 goto err;
792 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
793 goto err;
794
fd19fc4c 795 if (!test_fromdata(keytype, OSSL_KEYMGMT_SELECT_PUBLIC_KEY, params))
2c04b341 796 goto err;
3f883c7c 797 OSSL_PARAM_free(params);
6bcbc369 798 params = NULL;
2c04b341
JS		 799 OSSL_PARAM_BLD_free(bld);
800
801 /* Test priv and pub */
802 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
803 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
804 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
805 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
806 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
807 pub))
808 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
809 priv)))
810 goto err;
811 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
812 goto err;
813
fd19fc4c 814 if (!test_fromdata(keytype, EVP_PKEY_KEYPAIR, params))
2c04b341
JS		 815 goto err;
816
817 ret = 1;
818 err:
3f883c7c 819 OSSL_PARAM_free(params);
2c04b341
JS		 820 OSSL_PARAM_BLD_free(bld);
821 BN_free(p);
822 BN_free(q);
823 BN_free(g);
824 BN_free(pub);
825 BN_free(priv);
826
827 return ret;
828}
8a9394c1 829#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
2c04b341 830
b8a1272d
MC		 831/*
832 * Test combinations of private, public, missing and private + public key
833 * params to ensure they are all accepted for EC keys
834 */
835#ifndef OPENSSL_NO_EC
836static unsigned char ec_priv[] = {
837 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
838 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
839 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
840};
841static unsigned char ec_pub[] = {
842 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
843 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
844 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
845 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
846 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
847 0x08, 0x09, 0xb8, 0xdb, 0x03
848};
849
850static int test_EC_priv_pub(void)
851{
852 OSSL_PARAM_BLD *bld = NULL;
853 OSSL_PARAM *params = NULL;
854 BIGNUM *priv = NULL;
855 int ret = 0;
856
857 /*
858 * Setup the parameters for our pkey object. For our purposes they don't
859 * have to actually be *valid* parameters. We just need to set something.
860 */
861 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
862 goto err;
863
864 /* Test !priv and !pub */
865 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
866 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
867 OSSL_PKEY_PARAM_GROUP_NAME,
868 "P-256", 0)))
869 goto err;
870 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
871 goto err;
872
fd19fc4c 873 if (!test_fromdata("EC", OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, params))
b8a1272d 874 goto err;
3f883c7c 875 OSSL_PARAM_free(params);
bfe2fcc8 876 params = NULL;
b8a1272d
MC		 877 OSSL_PARAM_BLD_free(bld);
878
879 /* Test priv and !pub */
880 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
881 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
882 OSSL_PKEY_PARAM_GROUP_NAME,
883 "P-256", 0))
884 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
885 priv)))
886 goto err;
887 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
888 goto err;
889
fd19fc4c
MC		 890 /*
891 * We indicate only parameters here. The "EVP_PKEY_fromdata" call will do
892 * the private key anyway, but the subsequent PEM_write_bio_PrivateKey_ex
893 * call is expected to fail because PEM_write_bio_PrivateKey_ex does not
894 * support exporting a private EC key without a corresponding public key
895 */
896 if (!test_fromdata("EC", OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, params))
b8a1272d 897 goto err;
3f883c7c 898 OSSL_PARAM_free(params);
bfe2fcc8 899 params = NULL;
b8a1272d
MC		 900 OSSL_PARAM_BLD_free(bld);
901
902 /* Test !priv and pub */
903 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
904 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
905 OSSL_PKEY_PARAM_GROUP_NAME,
906 "P-256", 0))
907 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
908 OSSL_PKEY_PARAM_PUB_KEY,
909 ec_pub, sizeof(ec_pub))))
910 goto err;
911 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
912 goto err;
913
fd19fc4c 914 if (!test_fromdata("EC", OSSL_KEYMGMT_SELECT_PUBLIC_KEY, params))
b8a1272d 915 goto err;
3f883c7c 916 OSSL_PARAM_free(params);
bfe2fcc8 917 params = NULL;
b8a1272d
MC		 918 OSSL_PARAM_BLD_free(bld);
919
920 /* Test priv and pub */
921 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
922 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
923 OSSL_PKEY_PARAM_GROUP_NAME,
924 "P-256", 0))
925 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
926 OSSL_PKEY_PARAM_PUB_KEY,
927 ec_pub, sizeof(ec_pub)))
d36a5dd0
MC		 928 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
929 priv)))
b8a1272d
MC		 930 goto err;
931 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
932 goto err;
933
fd19fc4c 934 if (!test_fromdata("EC", EVP_PKEY_KEYPAIR, params))
b8a1272d
MC		 935 goto err;
936
937 ret = 1;
938 err:
3f883c7c 939 OSSL_PARAM_free(params);
b8a1272d
MC		 940 OSSL_PARAM_BLD_free(bld);
941 BN_free(priv);
942
943 return ret;
944}
945
946/* Test that using a legacy EC key with only a private key in it works */
947# ifndef OPENSSL_NO_DEPRECATED_3_0
948static int test_EC_priv_only_legacy(void)
949{
950 BIGNUM *priv = NULL;
951 int ret = 0;
952 EC_KEY *eckey = NULL;
2145ba5e 953 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
b8a1272d
MC		 954 EVP_MD_CTX *ctx = NULL;
955
956 /* Create the low level EC_KEY */
957 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
958 goto err;
959
960 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
961 if (!TEST_ptr(eckey))
962 goto err;
963
964 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
965 goto err;
966
967 pkey = EVP_PKEY_new();
968 if (!TEST_ptr(pkey))
969 goto err;
970
971 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
972 goto err;
973 eckey = NULL;
974
2145ba5e
TM		 975 while (dup_pk == NULL) {
976 ret = 0;
977 ctx = EVP_MD_CTX_new();
978 if (!TEST_ptr(ctx))
979 goto err;
980
981 /*
982 * The EVP_DigestSignInit function should create the key on the
983 * provider side which is sufficient for this test.
984 */
985 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
986 testpropq, pkey, NULL)))
987 goto err;
988 EVP_MD_CTX_free(ctx);
989 ctx = NULL;
990
991 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
992 goto err;
993 /* EVP_PKEY_eq() returns -2 with missing public keys */
994 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
995 EVP_PKEY_free(pkey);
996 pkey = dup_pk;
997 if (!ret)
998 goto err;
999 }
b8a1272d
MC		 1000
1001 err:
1002 EVP_MD_CTX_free(ctx);
1003 EVP_PKEY_free(pkey);
1004 EC_KEY_free(eckey);
1005 BN_free(priv);
1006
1007 return ret;
1008}
1009# endif /* OPENSSL_NO_DEPRECATED_3_0 */
1010#endif /* OPENSSL_NO_EC */
1011
15ff7d7c
MC		 1012static int test_EVP_PKEY_sign(int tst)
1013{
1014 int ret = 0;
1015 EVP_PKEY *pkey = NULL;
1016 unsigned char *sig = NULL;
1017 size_t sig_len = 0, shortsig_len = 1;
1018 EVP_PKEY_CTX *ctx = NULL;
1019 unsigned char tbs[] = {
1020 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1021 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1022 };
1023
1287dabd 1024 if (tst == 0) {
15ff7d7c
MC		 1025 if (!TEST_ptr(pkey = load_example_rsa_key()))
1026 goto out;
1027 } else if (tst == 1) {
1028#ifndef OPENSSL_NO_DSA
1029 if (!TEST_ptr(pkey = load_example_dsa_key()))
1030 goto out;
1031#else
1032 ret = 1;
1033 goto out;
1034#endif
1035 } else {
1036#ifndef OPENSSL_NO_EC
1037 if (!TEST_ptr(pkey = load_example_ec_key()))
1038 goto out;
1039#else
1040 ret = 1;
1041 goto out;
1042#endif
1043 }
1044
1045 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1046 if (!TEST_ptr(ctx)
1047 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1048 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1049 sizeof(tbs)), 0))
1050 goto out;
1051 sig = OPENSSL_malloc(sig_len);
1052 if (!TEST_ptr(sig)
1053 /* Test sending a signature buffer that is too short is rejected */
1054 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1055 sizeof(tbs)), 0)
1056 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1057 0)
1058 /* Test the signature round-trips */
1059 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1060 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1061 0))
1062 goto out;
1063
1064 ret = 1;
1065 out:
1066 EVP_PKEY_CTX_free(ctx);
1067 OPENSSL_free(sig);
1068 EVP_PKEY_free(pkey);
1069 return ret;
1070}
1071
4547a719
P		 1072/*
1073 * n = 0 => test using legacy cipher
1074 * n = 1 => test using fetched cipher
1075 */
1076static int test_EVP_Enveloped(int n)
2eb2b4f3
SL		 1077{
1078 int ret = 0;
1079 EVP_CIPHER_CTX *ctx = NULL;
1080 EVP_PKEY *keypair = NULL;
1081 unsigned char *kek = NULL;
1082 unsigned char iv[EVP_MAX_IV_LENGTH];
1083 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1084 int len, kek_len, ciphertext_len, plaintext_len;
1085 unsigned char ciphertext[32], plaintext[16];
4547a719 1086 EVP_CIPHER *type = NULL;
062490db
JS		 1087
1088 if (nullprov != NULL)
1089 return TEST_skip("Test does not support a non-default library context");
1090
4547a719
P		 1091 if (n == 0)
1092 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1093 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1094 testpropq)))
1095 goto err;
2eb2b4f3
SL		 1096
1097 if (!TEST_ptr(keypair = load_example_rsa_key())
ed576acd 1098 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
2eb2b4f3
SL		 1099 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1100 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1101 &keypair, 1))
1102 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1103 msg, sizeof(msg)))
1104 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1105 &len)))
1106 goto err;
1107
1108 ciphertext_len += len;
1109
1110 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1111 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1112 ciphertext, ciphertext_len))
1113 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1114 goto err;
1115
1116 plaintext_len += len;
1117 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1118 goto err;
1119
1120 ret = 1;
1121err:
4547a719
P		 1122 if (n != 0)
1123 EVP_CIPHER_free(type);
2eb2b4f3
SL		 1124 OPENSSL_free(kek);
1125 EVP_PKEY_free(keypair);
1126 EVP_CIPHER_CTX_free(ctx);
1127 return ret;
1128}
1129
59d0e6c8 1130/*
6d242fa5
MC		 1131 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1132 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1133 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1134 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1135 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1136 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1137 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1138 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1139 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
15ff7d7c
MC		 1140 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1141 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1142 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1143 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1144 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1145 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
59d0e6c8
MC		 1146 */
1147static int test_EVP_DigestSignInit(int tst)
71ea6b48
MC		 1148{
1149 int ret = 0;
1150 EVP_PKEY *pkey = NULL;
78539b25 1151 unsigned char *sig = NULL, *sig2 = NULL;
15ff7d7c 1152 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
59d0e6c8
MC		 1153 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1154 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1155 BIO *mdbio = NULL, *membio = NULL;
1156 size_t written;
6d242fa5
MC		 1157 const EVP_MD *md;
1158 EVP_MD *mdexp = NULL;
59d0e6c8 1159
062490db
JS		 1160 if (nullprov != NULL)
1161 return TEST_skip("Test does not support a non-default library context");
1162
15ff7d7c 1163 if (tst >= 6 && tst <= 8) {
59d0e6c8
MC		 1164 membio = BIO_new(BIO_s_mem());
1165 mdbio = BIO_new(BIO_f_md());
1166 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1167 goto out;
1168 BIO_push(mdbio, membio);
1169 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1170 goto out;
1171 } else {
1172 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1173 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1174 goto out;
1175 }
71ea6b48 1176
15ff7d7c 1177 if (tst % 3 == 0) {
59d0e6c8
MC		 1178 if (!TEST_ptr(pkey = load_example_rsa_key()))
1179 goto out;
15ff7d7c 1180 } else if (tst % 3 == 1) {
f650ab47 1181#ifndef OPENSSL_NO_DSA
59d0e6c8
MC		 1182 if (!TEST_ptr(pkey = load_example_dsa_key()))
1183 goto out;
f650ab47
MC		 1184#else
1185 ret = 1;
1186 goto out;
1187#endif
6d242fa5
MC		 1188 } else {
1189 if (!TEST_ptr(pkey = load_example_hmac_key()))
1190 goto out;
59d0e6c8 1191 }
71ea6b48 1192
6d242fa5
MC		 1193 if (tst >= 3 && tst <= 5)
1194 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1195 else
1196 md = EVP_sha256();
1197
1198 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
71ea6b48 1199 goto out;
adcd8e37 1200
15ff7d7c 1201 if (tst >= 6 && tst <= 8) {
59d0e6c8
MC		 1202 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1203 goto out;
15ff7d7c 1204 } else if (tst < 6) {
59d0e6c8
MC		 1205 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1206 goto out;
1207 }
1208
15ff7d7c
MC		 1209 if (tst >= 9) {
1210 /* Determine the size of the signature. */
1211 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1212 sizeof(kMsg)))
1213 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1214 goto out;
1215 if (tst <= 11) {
1216 /* Test that supply a short sig buffer fails */
1217 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1218 sizeof(kMsg))))
1219 goto out;
1220 /*
1221 * We end here because once EVP_DigestSign() has failed you should
1222 * not call it again without re-initing the ctx
1223 */
1224 ret = 1;
1225 goto out;
1226 }
1227 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1228 sizeof(kMsg))))
1229 goto out;
1230 } else {
1231 /* Determine the size of the signature. */
1232 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1233 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1234 /*
1235 * Trying to create a signature with a deliberately short
1236 * buffer should fail.
1237 */
1238 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1239 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1240 goto out;
1241 }
71ea6b48 1242
6d242fa5
MC		 1243 /*
1244 * Ensure that the signature round-trips (Verification isn't supported for
1245 * HMAC via EVP_DigestVerify*)
1246 */
15ff7d7c
MC		 1247 if (tst % 3 != 2) {
1248 if (tst >= 6 && tst <= 8) {
78539b25
TM		 1249 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1250 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1251 goto out;
1252 }
1253
6d242fa5
MC		 1254 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1255 NULL, pkey)))
59d0e6c8 1256 goto out;
6d242fa5 1257
15ff7d7c 1258 if (tst >= 6 && tst <= 8) {
6d242fa5
MC		 1259 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1260 goto out;
1261 } else {
1262 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1263 sizeof(kMsg))))
1264 goto out;
1265 }
1266 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
59d0e6c8 1267 goto out;
78539b25
TM		 1268
1269 /* Multiple calls to EVP_DigestVerifyFinal should work */
1270 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1271 goto out;
1272 } else {
1273 /*
1274 * For HMAC a doubled call to DigestSignFinal should produce the same
1275 * value as finalization should not happen.
1276 */
1277 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1278 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1279 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1280 goto out;
1281
1282 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1283 goto out;
59d0e6c8 1284 }
71ea6b48
MC		 1285
1286 ret = 1;
1287
1288 out:
59d0e6c8
MC		 1289 BIO_free(membio);
1290 BIO_free(mdbio);
1291 EVP_MD_CTX_free(a_md_ctx);
1292 EVP_MD_CTX_free(a_md_ctx_verify);
c5ba2d99 1293 EVP_PKEY_free(pkey);
b548a1f1 1294 OPENSSL_free(sig);
78539b25 1295 OPENSSL_free(sig2);
6d242fa5 1296 EVP_MD_free(mdexp);
71ea6b48
MC		 1297
1298 return ret;
1299}
1300
1301static int test_EVP_DigestVerifyInit(void)
1302{
1303 int ret = 0;
1304 EVP_PKEY *pkey = NULL;
adcd8e37 1305 EVP_MD_CTX *md_ctx = NULL;
71ea6b48 1306
062490db
JS		 1307 if (nullprov != NULL)
1308 return TEST_skip("Test does not support a non-default library context");
1309
adcd8e37
RS		 1310 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1311 || !TEST_ptr(pkey = load_example_rsa_key()))
1312 goto out;
71ea6b48 1313
adcd8e37
RS		 1314 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1315 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1316 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
1317 sizeof(kSignature))))
71ea6b48 1318 goto out;
ae6b68b7
TM		 1319
1320 /* test with reinitialization */
1321 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
1322 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1323 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
1324 sizeof(kSignature))))
1325 goto out;
71ea6b48
MC		 1326 ret = 1;
1327
1328 out:
bfb0641f 1329 EVP_MD_CTX_free(md_ctx);
c5ba2d99 1330 EVP_PKEY_free(pkey);
71ea6b48
MC		 1331 return ret;
1332}
1333
8d8dd09b
TM		 1334/*
1335 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1336 */
1337static int test_EVP_Digest(void)
1338{
1339 int ret = 0;
1340 EVP_MD_CTX *md_ctx = NULL;
1341 unsigned char md[EVP_MAX_MD_SIZE];
062490db
JS		 1342 EVP_MD *sha256 = NULL;
1343 EVP_MD *shake256 = NULL;
8d8dd09b
TM		 1344
1345 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1346 goto out;
1347
062490db
JS		 1348 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1349 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1350 goto out;
1351
1352 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
8d8dd09b
TM		 1353 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1354 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1355 /* EVP_DigestFinal resets the EVP_MD_CTX. */
f6c95e46 1356 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
8d8dd09b
TM		 1357 goto out;
1358
062490db 1359 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
8d8dd09b
TM		 1360 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1361 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1362 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
f6c95e46 1363 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
8d8dd09b
TM		 1364 /*
1365 * EVP_DigestInit_ex with NULL type should work on
1366 * pre-initialized context.
1367 */
1368 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1369 goto out;
1370
062490db 1371 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
8d8dd09b
TM		 1372 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1373 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1374 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
f6c95e46 1375 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
8d8dd09b
TM		 1376 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1377 goto out;
1378 ret = 1;
1379
1380 out:
1381 EVP_MD_CTX_free(md_ctx);
062490db
JS		 1382 EVP_MD_free(sha256);
1383 EVP_MD_free(shake256);
8d8dd09b
TM		 1384 return ret;
1385}
1386
adcd8e37 1387static int test_d2i_AutoPrivateKey(int i)
71ea6b48
MC		 1388{
1389 int ret = 0;
1390 const unsigned char *p;
1391 EVP_PKEY *pkey = NULL;
adcd8e37
RS		 1392 const APK_DATA *ak = &keydata[i];
1393 const unsigned char *input = ak->kder;
1394 size_t input_len = ak->size;
1395 int expected_id = ak->evptype;
71ea6b48
MC		 1396
1397 p = input;
adcd8e37
RS		 1398 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1399 || !TEST_ptr_eq(p, input + input_len)
ed576acd 1400 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
71ea6b48 1401 goto done;
71ea6b48
MC		 1402
1403 ret = 1;
1404
1405 done:
c5ba2d99 1406 EVP_PKEY_free(pkey);
71ea6b48
MC		 1407 return ret;
1408}
1409
a9880362 1410#ifndef OPENSSL_NO_EC
cad8347b
SL		 1411
1412static const unsigned char ec_public_sect163k1_validxy[] = {
1413 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1414 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1415 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1416 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1417 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1418 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1419};
1420
1421static const unsigned char ec_public_sect163k1_badx[] = {
1422 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1423 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1424 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1425 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1426 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1427 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1428};
1429
1430static const unsigned char ec_public_sect163k1_bady[] = {
1431 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1432 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1433 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1434 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1435 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1436 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1437};
1438
1439static struct ec_der_pub_keys_st {
1440 const unsigned char *der;
1441 size_t len;
1442 int valid;
1443} ec_der_pub_keys[] = {
1444 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1445 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1446 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1447};
1448
1449/*
1450 * Tests the range of the decoded EC char2 public point.
1451 * See ec_GF2m_simple_oct2point().
1452 */
1453static int test_invalide_ec_char2_pub_range_decode(int id)
1454{
1455 int ret = 0;
5b5eea4b 1456 EVP_PKEY *pkey;
cad8347b 1457
5b5eea4b
SL		 1458 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1459 ec_der_pub_keys[id].len);
1460
1461 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1462 || TEST_ptr_null(pkey);
1463 EVP_PKEY_free(pkey);
cad8347b
SL		 1464 return ret;
1465}
1466
71ea6b48
MC		 1467/* Tests loading a bad key in PKCS8 format */
1468static int test_EVP_PKCS82PKEY(void)
1469{
1470 int ret = 0;
1471 const unsigned char *derp = kExampleBadECKeyDER;
1472 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1473 EVP_PKEY *pkey = NULL;
1474
adcd8e37
RS		 1475 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1476 sizeof(kExampleBadECKeyDER))))
1477 goto done;
71ea6b48 1478
adcd8e37
RS		 1479 if (!TEST_ptr_eq(derp,
1480 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
71ea6b48 1481 goto done;
71ea6b48 1482
adcd8e37 1483 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
71ea6b48 1484 goto done;
71ea6b48
MC		 1485
1486 ret = 1;
1487
1488 done:
e0e920b1 1489 PKCS8_PRIV_KEY_INFO_free(p8inf);
c5ba2d99 1490 EVP_PKEY_free(pkey);
71ea6b48
MC		 1491
1492 return ret;
1493}
8be513ae 1494
a9880362 1495#endif
8be513ae
DB		 1496static int test_EVP_PKCS82PKEY_wrong_tag(void)
1497{
1498 EVP_PKEY *pkey = NULL;
1499 EVP_PKEY *pkey2 = NULL;
1500 BIO *membio = NULL;
1501 char *membuf = NULL;
1502 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1503 int ok = 0;
1504
1505 if (testctx != NULL)
1506 /* test not supported with non-default context */
1507 return 1;
1508
1509 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1510 || !TEST_ptr(pkey = load_example_rsa_key())
1511 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1512 NULL, 0, NULL, NULL),
1513 0)
1514 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1515 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1516 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
5d8ad7d3 1517 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
8be513ae
DB		 1518 goto done;
1519 }
1520
1521 ok = 1;
1522 done:
1523 EVP_PKEY_free(pkey);
1524 EVP_PKEY_free(pkey2);
1525 PKCS8_PRIV_KEY_INFO_free(p8inf);
1526 BIO_free_all(membio);
1527 return ok;
1528}
71ea6b48 1529
29c49b25
RL		 1530/* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1531static int test_privatekey_to_pkcs8(void)
1532{
1533 EVP_PKEY *pkey = NULL;
1534 BIO *membio = NULL;
1535 char *membuf = NULL;
e2cc68c8 1536 long membuf_len = 0;
29c49b25
RL		 1537 int ok = 0;
1538
1539 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1540 || !TEST_ptr(pkey = load_example_rsa_key())
1541 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1542 NULL, 0, NULL, NULL),
1543 0)
e2cc68c8
SL		 1544 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1545 || !TEST_ptr(membuf)
1546 || !TEST_mem_eq(membuf, (size_t)membuf_len,
29c49b25
RL		 1547 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1548 /*
1549 * We try to write PEM as well, just to see that it doesn't err, but
1550 * assume that the result is correct.
1551 */
1552 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1553 NULL, 0, NULL, NULL),
1554 0))
1555 goto done;
1556
1557 ok = 1;
1558 done:
1559 EVP_PKEY_free(pkey);
1560 BIO_free_all(membio);
1561 return ok;
1562}
1563
f0c62c53
RL		 1564#ifndef OPENSSL_NO_EC
1565static const struct {
1566 int encoding;
1567 const char *encoding_name;
1568} ec_encodings[] = {
1569 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1570 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1571};
1572
1573static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1574{
1575 const OSSL_PARAM *p;
1576 const char *enc_name = NULL;
1577 int *enc = arg;
1578 size_t i;
1579
1580 *enc = -1;
1581
1582 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1583 OSSL_PKEY_PARAM_EC_ENCODING))
1584 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1585 return 0;
1586
1587 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1588 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1589 *enc = ec_encodings[i].encoding;
1590 break;
1591 }
1592 }
1593
1594 return (*enc != -1);
1595}
1596
1597static int test_EC_keygen_with_enc(int idx)
1598{
1599 EVP_PKEY *params = NULL, *key = NULL;
1600 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1601 int enc;
1602 int ret = 0;
1603
1604 enc = ec_encodings[idx].encoding;
1605
1606 /* Create key parameters */
1607 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1608 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
1609 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
1610 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1611 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
1612 || !TEST_ptr(params))
1613 goto done;
1614
1615 /* Create key */
1616 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1617 || !TEST_true(EVP_PKEY_keygen_init(kctx))
1618 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1619 || !TEST_ptr(key))
1620 goto done;
1621
1622 /* Check that the encoding got all the way into the key */
1623 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1624 ec_export_get_encoding_cb, &enc))
1625 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1626 goto done;
1627
1628 ret = 1;
1629 done:
1630 EVP_PKEY_free(key);
1631 EVP_PKEY_free(params);
1632 EVP_PKEY_CTX_free(kctx);
1633 EVP_PKEY_CTX_free(pctx);
1634 return ret;
1635}
1636#endif
1637
f844f9eb 1638#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
ddb634fe 1639
a6c4cb84
JL		 1640static int test_EVP_SM2_verify(void)
1641{
a6c4cb84 1642 const char *pubkey =
d0b79f86
PY		 1643 "-----BEGIN PUBLIC KEY-----\n"
1644 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1645 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1646 "-----END PUBLIC KEY-----\n";
a6c4cb84
JL		 1647
1648 const char *msg = "message digest";
1649 const char *id = "ALICE123@YAHOO.COM";
1650
1651 const uint8_t signature[] = {
d0b79f86
PY		 1652 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1653 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1654 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1655 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1656 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1657 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1658 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
a6c4cb84
JL		 1659 };
1660
1661 int rc = 0;
1662 BIO *bio = NULL;
1663 EVP_PKEY *pkey = NULL;
1664 EVP_MD_CTX *mctx = NULL;
1665 EVP_PKEY_CTX *pctx = NULL;
062490db 1666 EVP_MD *sm3 = NULL;
a6c4cb84
JL		 1667
1668 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1669 if (!TEST_true(bio != NULL))
1670 goto done;
1671
062490db 1672 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
a6c4cb84
JL		 1673 if (!TEST_true(pkey != NULL))
1674 goto done;
1675
8a288609 1676 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
a6c4cb84
JL		 1677 goto done;
1678
1679 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1680 goto done;
1681
062490db 1682 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
a6c4cb84
JL		 1683 goto done;
1684
a6c4cb84
JL		 1685 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1686
062490db
JS		 1687 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1688 goto done;
1689
1690 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
a6c4cb84
JL		 1691 goto done;
1692
d0b79f86
PY		 1693 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1694 goto done;
1695
a6c4cb84
JL		 1696 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1697 goto done;
1698
1699 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
1700 goto done;
1701 rc = 1;
1702
1703 done:
1704 BIO_free(bio);
1705 EVP_PKEY_free(pkey);
1706 EVP_PKEY_CTX_free(pctx);
1707 EVP_MD_CTX_free(mctx);
062490db 1708 EVP_MD_free(sm3);
a6c4cb84
JL		 1709 return rc;
1710}
1711
ddb634fe
JL		 1712static int test_EVP_SM2(void)
1713{
1714 int ret = 0;
1715 EVP_PKEY *pkey = NULL;
bfb56a97 1716 EVP_PKEY *pkeyparams = NULL;
ddb634fe
JL		 1717 EVP_PKEY_CTX *pctx = NULL;
1718 EVP_PKEY_CTX *kctx = NULL;
4803717f 1719 EVP_PKEY_CTX *sctx = NULL;
ddb634fe
JL		 1720 size_t sig_len = 0;
1721 unsigned char *sig = NULL;
1722 EVP_MD_CTX *md_ctx = NULL;
1723 EVP_MD_CTX *md_ctx_verify = NULL;
1724 EVP_PKEY_CTX *cctx = NULL;
42423ac9 1725 EVP_MD *check_md = NULL;
ddb634fe
JL		 1726
1727 uint8_t ciphertext[128];
1728 size_t ctext_len = sizeof(ciphertext);
1729
1730 uint8_t plaintext[8];
1731 size_t ptext_len = sizeof(plaintext);
1732
4803717f
PY		 1733 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1734
bfb56a97
MC		 1735 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1736 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1737 int i;
a0fff549 1738 char mdname[OSSL_MAX_NAME_SIZE];
bfb56a97 1739
42423ac9
RL		 1740 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
1741 "SM2", testpropq)))
ddb634fe
JL		 1742 goto done;
1743
1744 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1745 goto done;
1746
1747 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1748 goto done;
1749
bfb56a97 1750 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
ddb634fe
JL		 1751 goto done;
1752
42423ac9
RL		 1753 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1754 pkeyparams, testpropq)))
ddb634fe
JL		 1755 goto done;
1756
1757 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1758 goto done;
1759
1760 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1761 goto done;
1762
ddb634fe
JL		 1763 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1764 goto done;
1765
1766 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1767 goto done;
1768
062490db 1769 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
4803717f
PY		 1770 goto done;
1771
1772 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1773 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1774
42423ac9 1775 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
062490db
JS		 1776 goto done;
1777
42423ac9 1778 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
4803717f
PY		 1779 goto done;
1780
d0b79f86 1781 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
ddb634fe
JL		 1782 goto done;
1783
42423ac9 1784 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
ddb634fe
JL		 1785 goto done;
1786
1787 /* Determine the size of the signature. */
1788 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1789 goto done;
1790
ddb634fe
JL		 1791 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1792 goto done;
1793
1794 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1795 goto done;
1796
1797 /* Ensure that the signature round-trips. */
1798
42423ac9
RL		 1799 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1800 pkey)))
ddb634fe
JL		 1801 goto done;
1802
d0b79f86
PY		 1803 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1804 goto done;
1805
ddb634fe
JL		 1806 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1807 goto done;
1808
1809 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1810 goto done;
1811
1812 /* now check encryption/decryption */
1813
bfb56a97
MC		 1814 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1815 mdname, sizeof(mdname));
1816 for (i = 0; i < 2; i++) {
42423ac9
RL		 1817 const char *mdnames[] = {
1818#ifndef OPENSSL_NO_SM3
1819 "SM3",
1820#else
1821 NULL,
1822#endif
1823 "SHA2-256" };
bfb56a97 1824 EVP_PKEY_CTX_free(cctx);
ddb634fe 1825
42423ac9
RL		 1826 if (mdnames[i] == NULL)
1827 continue;
1828
1829 sparams[0] =
1830 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1831 (char *)mdnames[i], 0);
ddb634fe 1832
42423ac9
RL		 1833 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1834 pkey, testpropq)))
bfb56a97 1835 goto done;
ddb634fe 1836
bfb56a97
MC		 1837 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1838 goto done;
ddb634fe 1839
bfb56a97
MC		 1840 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1841 goto done;
ddb634fe 1842
bfb56a97
MC		 1843 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1844 sizeof(kMsg))))
1845 goto done;
ddb634fe 1846
bfb56a97
MC		 1847 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1848 goto done;
1849
1850 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1851 goto done;
1852
1853 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1854 ctext_len)))
1855 goto done;
1856
1857 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1858 goto done;
1859
42423ac9
RL		 1860 /*
1861 * Test we're still using the digest we think we are.
1862 * Because of aliases, the easiest is to fetch the digest and
1863 * check the name with EVP_MD_is_a().
1864 */
1865 EVP_MD_free(check_md);
1866 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
bfb56a97 1867 goto done;
42423ac9
RL		 1868 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
1869 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
bfb56a97 1870 goto done;
42423ac9 1871 }
bfb56a97
MC		 1872
1873 if (!TEST_true(ptext_len == sizeof(kMsg)))
1874 goto done;
1875
1876 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1877 goto done;
1878 }
ddb634fe
JL		 1879
1880 ret = 1;
1881done:
1882 EVP_PKEY_CTX_free(pctx);
1883 EVP_PKEY_CTX_free(kctx);
4803717f 1884 EVP_PKEY_CTX_free(sctx);
ddb634fe
JL		 1885 EVP_PKEY_CTX_free(cctx);
1886 EVP_PKEY_free(pkey);
bfb56a97 1887 EVP_PKEY_free(pkeyparams);
ddb634fe
JL		 1888 EVP_MD_CTX_free(md_ctx);
1889 EVP_MD_CTX_free(md_ctx_verify);
42423ac9 1890 EVP_MD_free(check_md);
ddb634fe
JL		 1891 OPENSSL_free(sig);
1892 return ret;
1893}
1894
1895#endif
1896
bb5f281a
MC		 1897static struct keys_st {
1898 int type;
1899 char *priv;
1900 char *pub;
1901} keys[] = {
1902 {
1903 EVP_PKEY_HMAC, "0123456789", NULL
92b83537
TM		 1904 },
1905 {
1906 EVP_PKEY_HMAC, "", NULL
5af6e154 1907#ifndef OPENSSL_NO_POLY1305
bb5f281a
MC		 1908 }, {
1909 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
5af6e154
TM		 1910#endif
1911#ifndef OPENSSL_NO_SIPHASH
bb5f281a
MC		 1912 }, {
1913 EVP_PKEY_SIPHASH, "0123456789012345", NULL
5af6e154 1914#endif
896dcb80
MC		 1915 },
1916#ifndef OPENSSL_NO_EC
1917 {
bb5f281a
MC		 1918 EVP_PKEY_X25519, "01234567890123456789012345678901",
1919 "abcdefghijklmnopqrstuvwxyzabcdef"
1920 }, {
1921 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1922 "abcdefghijklmnopqrstuvwxyzabcdef"
1923 }, {
1924 EVP_PKEY_X448,
1925 "01234567890123456789012345678901234567890123456789012345",
1926 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1927 }, {
1928 EVP_PKEY_ED448,
1929 "012345678901234567890123456789012345678901234567890123456",
1930 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1931 }
896dcb80 1932#endif
bb5f281a
MC		 1933};
1934
86dc26ba 1935static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
bb5f281a
MC		 1936{
1937 int ret = 0;
1938 unsigned char buf[80];
1939 unsigned char *in;
15ff7d7c 1940 size_t inlen, len = 0, shortlen = 1;
bb5f281a
MC		 1941 EVP_PKEY *pkey;
1942
1943 /* Check if this algorithm supports public keys */
5af6e154 1944 if (pub && keys[tst].pub == NULL)
bb5f281a
MC		 1945 return 1;
1946
1947 memset(buf, 0, sizeof(buf));
1948
1949 if (pub) {
5af6e154 1950#ifndef OPENSSL_NO_EC
bb5f281a
MC		 1951 inlen = strlen(keys[tst].pub);
1952 in = (unsigned char *)keys[tst].pub;
86dc26ba 1953 if (uselibctx) {
d8652be0 1954 pkey = EVP_PKEY_new_raw_public_key_ex(
86dc26ba
MC		 1955 testctx,
1956 OBJ_nid2sn(keys[tst].type),
1957 NULL,
1958 in,
1959 inlen);
1960 } else {
1961 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1962 NULL,
1963 in,
1964 inlen);
1965 }
5af6e154
TM		 1966#else
1967 return 1;
1968#endif
bb5f281a
MC		 1969 } else {
1970 inlen = strlen(keys[tst].priv);
1971 in = (unsigned char *)keys[tst].priv;
86dc26ba 1972 if (uselibctx) {
d8652be0 1973 pkey = EVP_PKEY_new_raw_private_key_ex(
86dc26ba
MC		 1974 testctx, OBJ_nid2sn(keys[tst].type),
1975 NULL,
1976 in,
1977 inlen);
1978 } else {
1979 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1980 NULL,
1981 in,
1982 inlen);
1983 }
bb5f281a
MC		 1984 }
1985
1986 if (!TEST_ptr(pkey)
5af6e154 1987 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
bb5f281a
MC		 1988 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1989 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
15ff7d7c
MC		 1990 || !TEST_true(len == inlen))
1991 goto done;
1992 if (tst != 1) {
1993 /*
1994 * Test that supplying a buffer that is too small fails. Doesn't apply
1995 * to HMAC with a zero length key
1996 */
1997 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
1998 &shortlen)))
1999 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
2000 &shortlen))))
2001 goto done;
2002 }
2003 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
bb5f281a
MC		 2004 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
2005 || !TEST_mem_eq(in, inlen, buf, len))
2006 goto done;
2007
2008 ret = 1;
2009 done:
2010 EVP_PKEY_free(pkey);
2011 return ret;
2012}
2013
2014static int test_set_get_raw_keys(int tst)
2015{
5af6e154 2016 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
86dc26ba 2017 && test_set_get_raw_keys_int(tst, 0, 1)
5af6e154 2018 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
86dc26ba 2019 && test_set_get_raw_keys_int(tst, 1, 1);
bb5f281a
MC		 2020}
2021
41bbba53 2022#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3
PY		 2023static int pkey_custom_check(EVP_PKEY *pkey)
2024{
2025 return 0xbeef;
2026}
2027
b0004708
PY		 2028static int pkey_custom_pub_check(EVP_PKEY *pkey)
2029{
2030 return 0xbeef;
2031}
2032
2033static int pkey_custom_param_check(EVP_PKEY *pkey)
2034{
2035 return 0xbeef;
2036}
2037
2aee35d3 2038static EVP_PKEY_METHOD *custom_pmeth;
41bbba53 2039#endif
2aee35d3
PY		 2040
2041static int test_EVP_PKEY_check(int i)
2042{
2043 int ret = 0;
2aee35d3
PY		 2044 EVP_PKEY *pkey = NULL;
2045 EVP_PKEY_CTX *ctx = NULL;
41bbba53 2046#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3 2047 EVP_PKEY_CTX *ctx2 = NULL;
41bbba53 2048#endif
2aee35d3
PY		 2049 const APK_DATA *ak = &keycheckdata[i];
2050 const unsigned char *input = ak->kder;
2051 size_t input_len = ak->size;
2052 int expected_id = ak->evptype;
2053 int expected_check = ak->check;
b0004708
PY		 2054 int expected_pub_check = ak->pub_check;
2055 int expected_param_check = ak->param_check;
2056 int type = ak->type;
b0004708 2057
5b5eea4b
SL		 2058 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
2059 goto done;
2060 if (type == 0
ed576acd 2061 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
5b5eea4b 2062 goto done;
2aee35d3 2063
062490db 2064 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2aee35d3
PY		 2065 goto done;
2066
b0004708
PY		 2067 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
2068 goto done;
2069
2070 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
2071 goto done;
2072
2073 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
2074 goto done;
2aee35d3 2075
41bbba53 2076#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3
PY		 2077 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
2078 /* assign the pkey directly, as an internal test */
2079 EVP_PKEY_up_ref(pkey);
2080 ctx2->pkey = pkey;
2081
2082 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
2083 goto done;
2084
b0004708
PY		 2085 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
2086 goto done;
2087
2088 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
2089 goto done;
41bbba53 2090#endif
b0004708 2091
2aee35d3
PY		 2092 ret = 1;
2093
2094 done:
2095 EVP_PKEY_CTX_free(ctx);
41bbba53 2096#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3 2097 EVP_PKEY_CTX_free(ctx2);
41bbba53 2098#endif
2aee35d3
PY		 2099 EVP_PKEY_free(pkey);
2100 return ret;
2101}
2102
fab8fde3 2103#ifndef OPENSSL_NO_CMAC
e5bc0ce2
MC		 2104static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
2105{
2106 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
2107 const char msg[] = "Hello World";
cff7d58e 2108 size_t maclen = AES_BLOCK_SIZE;
e5bc0ce2
MC		 2109 int ret = 1;
2110
2111 if (!TEST_ptr(mdctx)
062490db
JS		 2112 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
2113 testpropq, pkey, NULL))
e5bc0ce2
MC		 2114 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
2115 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
2116 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
2117 ret = 0;
2118
2119 EVP_MD_CTX_free(mdctx);
2120
2121 return ret;
2122}
a87820e1
RL		 2123static int test_CMAC_keygen(void)
2124{
e5bc0ce2
MC		 2125 static unsigned char key[] = {
2126 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2127 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2128 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2129 };
062490db 2130 EVP_PKEY_CTX *kctx = NULL;
a87820e1 2131 int ret = 0;
e5bc0ce2 2132 EVP_PKEY *pkey = NULL;
a3d267f1
RS		 2133 unsigned char mac[AES_BLOCK_SIZE];
2134# if !defined(OPENSSL_NO_DEPRECATED_3_0)
2135 unsigned char mac2[AES_BLOCK_SIZE];
2136# endif
e5bc0ce2 2137
062490db
JS		 2138 if (nullprov != NULL)
2139 return TEST_skip("Test does not support a non-default library context");
2140
2141 /*
2142 * This is a legacy method for CMACs, but should still work.
2143 * This verifies that it works without an ENGINE.
2144 */
2145 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2146
e5bc0ce2
MC		 2147 /* Test a CMAC key created using the "generated" method */
2148 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2149 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2150 EVP_PKEY_CTRL_CIPHER,
2151 0, (void *)EVP_aes_256_ecb()), 0)
2152 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2153 EVP_PKEY_CTRL_SET_MAC_KEY,
2154 sizeof(key), (void *)key), 0)
2155 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2156 || !TEST_ptr(pkey)
2157 || !TEST_true(get_cmac_val(pkey, mac)))
2158 goto done;
a87820e1 2159
a3d267f1 2160# if !defined(OPENSSL_NO_DEPRECATED_3_0)
e5bc0ce2
MC		 2161 EVP_PKEY_free(pkey);
2162
2163 /*
2164 * Test a CMAC key using the direct method, and compare with the mac
2165 * created above.
2166 */
2167 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
2168 if (!TEST_ptr(pkey)
2169 || !TEST_true(get_cmac_val(pkey, mac2))
2170 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
a87820e1 2171 goto done;
a3d267f1 2172# endif
e5bc0ce2 2173
a87820e1
RL		 2174 ret = 1;
2175
2176 done:
e5bc0ce2 2177 EVP_PKEY_free(pkey);
a87820e1
RL		 2178 EVP_PKEY_CTX_free(kctx);
2179 return ret;
2180}
fab8fde3 2181#endif
a87820e1 2182
10d5b415
MC		 2183static int test_HKDF(void)
2184{
2185 EVP_PKEY_CTX *pctx;
2186 unsigned char out[20];
2187 size_t outlen;
2188 int i, ret = 0;
2189 unsigned char salt[] = "0123456789";
2190 unsigned char key[] = "012345678901234567890123456789";
2191 unsigned char info[] = "infostring";
2192 const unsigned char expected[] = {
2193 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2194 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2195 };
2196 size_t expectedlen = sizeof(expected);
2197
062490db 2198 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
10d5b415
MC		 2199 goto done;
2200
2201 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2202 for (i = 0; i < 2; i++) {
2203 outlen = sizeof(out);
2204 memset(out, 0, outlen);
2205
2206 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2207 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2208 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2209 sizeof(salt) - 1), 0)
2210 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2211 sizeof(key) - 1), 0)
2212 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2213 sizeof(info) - 1), 0)
2214 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2215 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2216 goto done;
2217 }
2218
2219 ret = 1;
2220
2221 done:
2222 EVP_PKEY_CTX_free(pctx);
2223
2224 return ret;
2225}
2226
2cd3ebc7
BK		 2227static int test_emptyikm_HKDF(void)
2228{
2229 EVP_PKEY_CTX *pctx;
2230 unsigned char out[20];
2231 size_t outlen;
2232 int ret = 0;
2233 unsigned char salt[] = "9876543210";
2234 unsigned char key[] = "";
2235 unsigned char info[] = "stringinfo";
2236 const unsigned char expected[] = {
2237 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2238 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2239 };
2240 size_t expectedlen = sizeof(expected);
2241
062490db 2242 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2cd3ebc7
BK		 2243 goto done;
2244
2245 outlen = sizeof(out);
2246 memset(out, 0, outlen);
2247
2248 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2249 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2250 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2251 sizeof(salt) - 1), 0)
2252 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2253 sizeof(key) - 1), 0)
2254 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2255 sizeof(info) - 1), 0)
2256 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2257 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2258 goto done;
2259
2260 ret = 1;
2261
2262 done:
2263 EVP_PKEY_CTX_free(pctx);
2264
2265 return ret;
2266}
2267
5dc40a83
BE		 2268#ifndef OPENSSL_NO_EC
2269static int test_X509_PUBKEY_inplace(void)
2270{
808c63c5 2271 int ret = 0;
62653483 2272 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
808c63c5
P		 2273 const unsigned char *p = kExampleECPubKeyDER;
2274 size_t input_len = sizeof(kExampleECPubKeyDER);
5dc40a83 2275
62653483
MC		 2276 if (!TEST_ptr(xp))
2277 goto done;
2278 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
808c63c5 2279 goto done;
5dc40a83 2280
808c63c5
P		 2281 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2282 goto done;
5dc40a83 2283
808c63c5
P		 2284 p = kExampleBadECPubKeyDER;
2285 input_len = sizeof(kExampleBadECPubKeyDER);
5dc40a83 2286
808c63c5
P		 2287 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2288 goto done;
5dc40a83 2289
808c63c5
P		 2290 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2291 goto done;
5dc40a83 2292
808c63c5 2293 ret = 1;
5dc40a83 2294
808c63c5
P		 2295 done:
2296 X509_PUBKEY_free(xp);
2297 return ret;
2298}
2299
2300static int test_X509_PUBKEY_dup(void)
2301{
2302 int ret = 0;
2303 X509_PUBKEY *xp = NULL, *xq = NULL;
2304 const unsigned char *p = kExampleECPubKeyDER;
2305 size_t input_len = sizeof(kExampleECPubKeyDER);
2306
62653483
MC		 2307 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2308 if (!TEST_ptr(xp)
2309 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
808c63c5
P		 2310 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2311 || !TEST_ptr_ne(xp, xq))
2312 goto done;
2313
2314 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2315 || !TEST_ptr(X509_PUBKEY_get0(xp))
7e35458b 2316 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
808c63c5
P		 2317 goto done;
2318
2319 X509_PUBKEY_free(xq);
2320 xq = NULL;
2321 p = kExampleBadECPubKeyDER;
2322 input_len = sizeof(kExampleBadECPubKeyDER);
2323
2324 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2325 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2326 goto done;
2327
2328 X509_PUBKEY_free(xp);
2329 xp = NULL;
2330 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2331 goto done;
2332
2333 ret = 1;
2334
2335 done:
2336 X509_PUBKEY_free(xp);
2337 X509_PUBKEY_free(xq);
2338 return ret;
5dc40a83 2339}
7bb82f92 2340#endif /* OPENSSL_NO_EC */
784883fc 2341
9c45222d 2342/* Test getting and setting parameters on an EVP_PKEY_CTX */
f54a4101 2343static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
9c45222d 2344{
9a071fef 2345 EVP_MD_CTX *mdctx = NULL;
9c45222d 2346 EVP_PKEY_CTX *ctx = NULL;
9c45222d 2347 const OSSL_PARAM *params;
00bc1ad9 2348 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
9c45222d
MC		 2349 int ret = 0;
2350 const EVP_MD *md;
00bc1ad9 2351 char mdname[OSSL_MAX_NAME_SIZE];
9a071fef 2352 char ssl3ms[48];
9c45222d 2353
9c45222d 2354 /* Initialise a sign operation */
062490db 2355 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
9c45222d 2356 if (!TEST_ptr(ctx)
c9c4a356 2357 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
9c45222d
MC		 2358 goto err;
2359
2360 /*
f54a4101 2361 * We should be able to query the parameters now.
9c45222d
MC		 2362 */
2363 params = EVP_PKEY_CTX_settable_params(ctx);
2364 if (!TEST_ptr(params)
0cb3f4f9
RL		 2365 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2366 OSSL_SIGNATURE_PARAM_DIGEST)))
9c45222d
MC		 2367 goto err;
2368
9c45222d
MC		 2369 params = EVP_PKEY_CTX_gettable_params(ctx);
2370 if (!TEST_ptr(params)
0cb3f4f9
RL		 2371 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2372 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
0cb3f4f9
RL		 2373 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2374 OSSL_SIGNATURE_PARAM_DIGEST)))
9c45222d
MC		 2375 goto err;
2376
2377 /*
2378 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2379 * EVP_PKEY_CTX_get_params()
2380 */
00bc1ad9
RL		 2381 strcpy(mdname, "SHA512");
2382 param_md = param;
2383 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2384 mdname, 0);
9c45222d
MC		 2385 *param++ = OSSL_PARAM_construct_end();
2386
2387 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2388 goto err;
2389
00bc1ad9
RL		 2390 mdname[0] = '\0';
2391 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2392 mdname, sizeof(mdname));
9c45222d 2393 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
00bc1ad9 2394 || !TEST_str_eq(mdname, "SHA512"))
9c45222d
MC		 2395 goto err;
2396
2397 /*
2398 * Test the TEST_PKEY_CTX_set_signature_md() and
2399 * TEST_PKEY_CTX_get_signature_md() functions
2400 */
2401 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2402 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2403 || !TEST_ptr_eq(md, EVP_sha256()))
2404 goto err;
2405
9a071fef
MC		 2406 /*
2407 * Test getting MD parameters via an associated EVP_PKEY_CTX
2408 */
2409 mdctx = EVP_MD_CTX_new();
2410 if (!TEST_ptr(mdctx)
062490db 2411 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
af6171b3 2412 pkey, NULL)))
9a071fef
MC		 2413 goto err;
2414
2415 /*
2416 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2417 * able to obtain the digest's settable parameters from the provider.
2418 */
2419 params = EVP_MD_CTX_settable_params(mdctx);
2420 if (!TEST_ptr(params)
2421 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2422 /* The final key should be NULL */
2423 || !TEST_ptr_null(params[1].key))
2424 goto err;
2425
2426 param = ourparams;
2427 memset(ssl3ms, 0, sizeof(ssl3ms));
2428 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2429 ssl3ms, sizeof(ssl3ms));
2430 *param++ = OSSL_PARAM_construct_end();
2431
2432 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2433 goto err;
2434
9c45222d
MC		 2435 ret = 1;
2436
2437 err:
9a071fef 2438 EVP_MD_CTX_free(mdctx);
9c45222d 2439 EVP_PKEY_CTX_free(ctx);
f54a4101
RL		 2440
2441 return ret;
2442}
2443
2444#ifndef OPENSSL_NO_DSA
2445static int test_DSA_get_set_params(void)
2446{
6ed4022c
RL		 2447 OSSL_PARAM_BLD *bld = NULL;
2448 OSSL_PARAM *params = NULL;
f54a4101 2449 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
6ed4022c 2450 EVP_PKEY_CTX *pctx = NULL;
f54a4101
RL		 2451 EVP_PKEY *pkey = NULL;
2452 int ret = 0;
2453
2454 /*
2455 * Setup the parameters for our DSA object. For our purposes they don't
2456 * have to actually be *valid* parameters. We just need to set something.
2457 */
6ed4022c
RL		 2458 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2459 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2460 || !TEST_ptr(p = BN_new())
2461 || !TEST_ptr(q = BN_new())
2462 || !TEST_ptr(g = BN_new())
2463 || !TEST_ptr(pub = BN_new())
2464 || !TEST_ptr(priv = BN_new()))
2465 goto err;
2466 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2467 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2468 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2469 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2470 pub))
2471 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2472 priv)))
2473 goto err;
2474 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
f54a4101 2475 goto err;
f54a4101 2476
2db985b7
SL		 2477 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2478 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2479 params), 0))
f54a4101
RL		 2480 goto err;
2481
6ed4022c
RL		 2482 if (!TEST_ptr(pkey))
2483 goto err;
f54a4101
RL		 2484
2485 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2486
2487 err:
9c45222d 2488 EVP_PKEY_free(pkey);
6ed4022c 2489 EVP_PKEY_CTX_free(pctx);
3f883c7c 2490 OSSL_PARAM_free(params);
6ed4022c 2491 OSSL_PARAM_BLD_free(bld);
9c45222d
MC		 2492 BN_free(p);
2493 BN_free(q);
2494 BN_free(g);
cd32a0f5
RL		 2495 BN_free(pub);
2496 BN_free(priv);
9c45222d
MC		 2497
2498 return ret;
2499}
2c04b341
JS		 2500
2501/*
8a9394c1 2502 * Test combinations of private, public, missing and private + public key
2c04b341
JS		 2503 * params to ensure they are all accepted
2504 */
2505static int test_DSA_priv_pub(void)
2506{
2507 return test_EVP_PKEY_ffc_priv_pub("DSA");
2508}
2509
2510#endif /* !OPENSSL_NO_DSA */
9c45222d 2511
f54a4101
RL		 2512static int test_RSA_get_set_params(void)
2513{
d7e498ac
RL		 2514 OSSL_PARAM_BLD *bld = NULL;
2515 OSSL_PARAM *params = NULL;
f54a4101 2516 BIGNUM *n = NULL, *e = NULL, *d = NULL;
d7e498ac 2517 EVP_PKEY_CTX *pctx = NULL;
f54a4101
RL		 2518 EVP_PKEY *pkey = NULL;
2519 int ret = 0;
2520
2521 /*
2522 * Setup the parameters for our RSA object. For our purposes they don't
2523 * have to actually be *valid* parameters. We just need to set something.
2524 */
d7e498ac
RL		 2525 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2526 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2527 || !TEST_ptr(n = BN_new())
2528 || !TEST_ptr(e = BN_new())
2529 || !TEST_ptr(d = BN_new()))
2530 goto err;
2531 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2532 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2533 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2534 goto err;
2535 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
f54a4101 2536 goto err;
f54a4101 2537
2db985b7
SL		 2538 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2539 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2540 params), 0))
f54a4101
RL		 2541 goto err;
2542
d7e498ac
RL		 2543 if (!TEST_ptr(pkey))
2544 goto err;
f54a4101
RL		 2545
2546 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2547
2548 err:
2549 EVP_PKEY_free(pkey);
d7e498ac 2550 EVP_PKEY_CTX_free(pctx);
3f883c7c 2551 OSSL_PARAM_free(params);
d7e498ac 2552 OSSL_PARAM_BLD_free(bld);
f54a4101
RL		 2553 BN_free(n);
2554 BN_free(e);
2555 BN_free(d);
2556
2557 return ret;
2558}
2559
b4be6937
MC		 2560#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2561static int test_decrypt_null_chunks(void)
2562{
2563 EVP_CIPHER_CTX* ctx = NULL;
062490db 2564 EVP_CIPHER *cipher = NULL;
b4be6937
MC		 2565 const unsigned char key[32] = {
2566 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2567 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2568 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2569 };
2570 unsigned char iv[12] = {
2571 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2572 };
2573 unsigned char msg[] = "It was the best of times, it was the worst of times";
2574 unsigned char ciphertext[80];
2575 unsigned char plaintext[80];
2576 /* We initialise tmp to a non zero value on purpose */
2577 int ctlen, ptlen, tmp = 99;
2578 int ret = 0;
2579 const int enc_offset = 10, dec_offset = 20;
2580
062490db
JS		 2581 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2582 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2583 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
b4be6937
MC		 2584 key, iv))
2585 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2586 enc_offset))
2587 /* Deliberate add a zero length update */
2588 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2589 0))
2590 || !TEST_int_eq(tmp, 0)
2591 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2592 msg + enc_offset,
2593 sizeof(msg) - enc_offset))
2594 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2595 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2596 || !TEST_int_eq(tmp, 0))
2597 goto err;
2598
2599 /* Deliberately initialise tmp to a non zero value */
2600 tmp = 99;
062490db 2601 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
b4be6937
MC		 2602 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2603 dec_offset))
2604 /*
2605 * Deliberately add a zero length update. We also deliberately do
2606 * this at a different offset than for encryption.
2607 */
2608 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2609 0))
2610 || !TEST_int_eq(tmp, 0)
2611 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2612 ciphertext + dec_offset,
2613 ctlen - dec_offset))
2614 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2615 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2616 || !TEST_int_eq(tmp, 0)
2617 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2618 goto err;
2619
2620 ret = 1;
2621 err:
2622 EVP_CIPHER_CTX_free(ctx);
062490db 2623 EVP_CIPHER_free(cipher);
b4be6937
MC		 2624 return ret;
2625}
2626#endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2627
2c04b341
JS		 2628#ifndef OPENSSL_NO_DH
2629/*
8a9394c1 2630 * Test combinations of private, public, missing and private + public key
2c04b341
JS		 2631 * params to ensure they are all accepted
2632 */
2633static int test_DH_priv_pub(void)
2634{
2635 return test_EVP_PKEY_ffc_priv_pub("DH");
2636}
2637
2638# ifndef OPENSSL_NO_DEPRECATED_3_0
e295de1d
MC		 2639static int test_EVP_PKEY_set1_DH(void)
2640{
ca2bf555
SL		 2641 DH *x942dh = NULL, *noqdh = NULL;
2642 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
e295de1d 2643 int ret = 0;
ca2bf555 2644 BIGNUM *p, *g = NULL;
0ec73843
TM		 2645 BIGNUM *pubkey = NULL;
2646 unsigned char pub[2048 / 8];
2647 size_t len = 0;
ca2bf555
SL		 2648
2649 if (!TEST_ptr(p = BN_new())
2650 || !TEST_ptr(g = BN_new())
0ec73843
TM		 2651 || !TEST_ptr(pubkey = BN_new())
2652 || !TEST_true(BN_set_word(p, 9999))
2653 || !TEST_true(BN_set_word(g, 2))
2654 || !TEST_true(BN_set_word(pubkey, 4321))
ca2bf555 2655 || !TEST_ptr(noqdh = DH_new())
0ec73843
TM		 2656 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
2657 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
2658 || !TEST_ptr(pubkey = BN_new())
2659 || !TEST_true(BN_set_word(pubkey, 4321)))
ca2bf555
SL		 2660 goto err;
2661 p = g = NULL;
e295de1d
MC		 2662
2663 x942dh = DH_get_2048_256();
e295de1d
MC		 2664 pkey1 = EVP_PKEY_new();
2665 pkey2 = EVP_PKEY_new();
2666 if (!TEST_ptr(x942dh)
ca2bf555 2667 || !TEST_ptr(noqdh)
e295de1d 2668 || !TEST_ptr(pkey1)
0ec73843
TM		 2669 || !TEST_ptr(pkey2)
2670 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
e295de1d 2671 goto err;
0ec73843 2672 pubkey = NULL;
e295de1d 2673
0ec73843 2674 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
ed576acd 2675 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
e295de1d
MC		 2676 goto err;
2677
0ec73843
TM		 2678 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
2679 &pubkey))
2680 || !TEST_ptr(pubkey))
2681 goto err;
2682
2683 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
ed576acd 2684 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
e295de1d
MC		 2685 goto err;
2686
0ec73843
TM		 2687 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
2688 OSSL_PKEY_PARAM_PUB_KEY,
2689 pub, sizeof(pub), &len))
2690 || !TEST_size_t_ne(len, 0))
2691 goto err;
2692
e295de1d
MC		 2693 ret = 1;
2694 err:
ca2bf555
SL		 2695 BN_free(p);
2696 BN_free(g);
0ec73843 2697 BN_free(pubkey);
e295de1d
MC		 2698 EVP_PKEY_free(pkey1);
2699 EVP_PKEY_free(pkey2);
2700 DH_free(x942dh);
ca2bf555 2701 DH_free(noqdh);
e295de1d
MC		 2702
2703 return ret;
2704}
2c04b341
JS		 2705# endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2706#endif /* !OPENSSL_NO_DH */
e295de1d 2707
8a5cb596
RL		 2708/*
2709 * We test what happens with an empty template. For the sake of this test,
2710 * the template must be ignored, and we know that's the case for RSA keys
2711 * (this might arguably be a misfeature, but that's what we currently do,
2712 * even in provider code, since that's how the legacy RSA implementation
2713 * does things)
2714 */
2715static int test_keygen_with_empty_template(int n)
2716{
2717 EVP_PKEY_CTX *ctx = NULL;
2718 EVP_PKEY *pkey = NULL;
2719 EVP_PKEY *tkey = NULL;
2720 int ret = 0;
2721
062490db
JS		 2722 if (nullprov != NULL)
2723 return TEST_skip("Test does not support a non-default library context");
2724
8a5cb596
RL		 2725 switch (n) {
2726 case 0:
2727 /* We do test with no template at all as well */
2728 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2729 goto err;
2730 break;
2731 case 1:
2732 /* Here we create an empty RSA key that serves as our template */
2733 if (!TEST_ptr(tkey = EVP_PKEY_new())
2734 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2735 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2736 goto err;
2737 break;
2738 }
2739
2740 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2741 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2742 goto err;
2743
2744 ret = 1;
2745 err:
2746 EVP_PKEY_CTX_free(ctx);
2747 EVP_PKEY_free(pkey);
2748 EVP_PKEY_free(tkey);
2749 return ret;
2750}
2751
5ddec6a7
MC		 2752/*
2753 * Test that we fail if we attempt to use an algorithm that is not available
08497fc6
RL		 2754 * in the current library context (unless we are using an algorithm that
2755 * should be made available via legacy codepaths).
2756 *
2757 * 0: RSA
2758 * 1: SM2
5ddec6a7
MC		 2759 */
2760static int test_pkey_ctx_fail_without_provider(int tst)
2761{
b4250010 2762 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
062490db 2763 OSSL_PROVIDER *tmpnullprov = NULL;
5ddec6a7 2764 EVP_PKEY_CTX *pctx = NULL;
08497fc6
RL		 2765 const char *keytype = NULL;
2766 int expect_null = 0;
5ddec6a7
MC		 2767 int ret = 0;
2768
2769 if (!TEST_ptr(tmpctx))
2770 goto err;
2771
062490db
JS		 2772 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
2773 if (!TEST_ptr(tmpnullprov))
5ddec6a7
MC		 2774 goto err;
2775
5ddec6a7 2776 /*
08497fc6
RL		 2777 * We check for certain algos in the null provider.
2778 * If an algo is expected to have a provider keymgmt, contructing an
2779 * EVP_PKEY_CTX is expected to fail (return NULL).
2780 * Otherwise, if it's expected to have legacy support, contructing an
2781 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
5ddec6a7 2782 */
08497fc6
RL		 2783 switch (tst) {
2784 case 0:
2785 keytype = "RSA";
2786 expect_null = 1;
2787 break;
2788 case 1:
2789 keytype = "SM2";
d0b79f86 2790 expect_null = 1;
08497fc6
RL		 2791#ifdef OPENSSL_NO_EC
2792 TEST_info("EC disable, skipping SM2 check...");
2793 goto end;
2794#endif
2795#ifdef OPENSSL_NO_SM2
2796 TEST_info("SM2 disable, skipping SM2 check...");
2797 goto end;
2798#endif
2799 break;
2800 default:
2801 TEST_error("No test for case %d", tst);
2802 goto err;
2803 }
2804
2805 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2806 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
5ddec6a7
MC		 2807 goto err;
2808
08497fc6
RL		 2809#if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2810 end:
2811#endif
5ddec6a7
MC		 2812 ret = 1;
2813
2814 err:
2815 EVP_PKEY_CTX_free(pctx);
062490db 2816 OSSL_PROVIDER_unload(tmpnullprov);
b4250010 2817 OSSL_LIB_CTX_free(tmpctx);
5ddec6a7
MC		 2818 return ret;
2819}
2820
1c19ff3c
P		 2821static int test_rand_agglomeration(void)
2822{
2823 EVP_RAND *rand;
2824 EVP_RAND_CTX *ctx;
2825 OSSL_PARAM params[3], *p = params;
2826 int res;
2827 unsigned int step = 7;
2828 static unsigned char seed[] = "It does not matter how slowly you go "
2829 "as long as you do not stop.";
2830 unsigned char out[sizeof(seed)];
2831
2832 if (!TEST_int_ne(sizeof(seed) % step, 0)
062490db 2833 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
1c19ff3c
P		 2834 return 0;
2835 ctx = EVP_RAND_CTX_new(rand, NULL);
2836 EVP_RAND_free(rand);
2837 if (!TEST_ptr(ctx))
2838 return 0;
2839
2840 memset(out, 0, sizeof(out));
2841 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2842 seed, sizeof(seed));
0d4460d2 2843 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
1c19ff3c 2844 *p = OSSL_PARAM_construct_end();
e494fac7 2845 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
1c19ff3c
P		 2846 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
2847 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
2848 EVP_RAND_CTX_free(ctx);
2849 return res;
2850}
2851
440b852a
BK		 2852/*
2853 * Test that we correctly return the original or "running" IV after
2854 * an encryption operation.
2855 * Run multiple times for some different relevant algorithms/modes.
2856 */
a4afa6c1 2857static int test_evp_iv_aes(int idx)
440b852a
BK		 2858{
2859 int ret = 0;
2860 EVP_CIPHER_CTX *ctx = NULL;
2861 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2862 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2863 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
2864 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2865 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2866 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2867 9, 10, 11, 12, 13, 14, 15, 16 };
2868 unsigned char ciphertext[32], oiv[16], iv[16];
2869 unsigned char *ref_iv;
2870 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2871 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2872
2873 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2874 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
4ec4b063
TM		 2875 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
2876 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
440b852a
BK		 2877 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2878 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2879 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2880#ifndef OPENSSL_NO_OCB
2881 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2882 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2883#endif
2884 int len = sizeof(ciphertext);
2885 size_t ivlen, ref_len;
2886 const EVP_CIPHER *type = NULL;
4ec4b063 2887 int iv_reset = 0;
440b852a 2888
4ec4b063 2889 if (nullprov != NULL && idx < 6)
062490db
JS		 2890 return TEST_skip("Test does not support a non-default library context");
2891
1287dabd 2892 switch (idx) {
440b852a
BK		 2893 case 0:
2894 type = EVP_aes_128_cbc();
2895 /* FALLTHROUGH */
4ec4b063 2896 case 6:
440b852a 2897 type = (type != NULL) ? type :
062490db 2898 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
440b852a
BK		 2899 ref_iv = cbc_state;
2900 ref_len = sizeof(cbc_state);
4ec4b063 2901 iv_reset = 1;
440b852a
BK		 2902 break;
2903 case 1:
2904 type = EVP_aes_128_ofb();
2905 /* FALLTHROUGH */
4ec4b063 2906 case 7:
440b852a 2907 type = (type != NULL) ? type :
062490db 2908 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
440b852a
BK		 2909 ref_iv = ofb_state;
2910 ref_len = sizeof(ofb_state);
4ec4b063 2911 iv_reset = 1;
440b852a
BK		 2912 break;
2913 case 2:
4ec4b063
TM		 2914 type = EVP_aes_128_cfb();
2915 /* FALLTHROUGH */
2916 case 8:
2917 type = (type != NULL) ? type :
2918 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
2919 ref_iv = cfb_state;
2920 ref_len = sizeof(cfb_state);
2921 iv_reset = 1;
2922 break;
2923 case 3:
440b852a
BK		 2924 type = EVP_aes_128_gcm();
2925 /* FALLTHROUGH */
4ec4b063 2926 case 9:
440b852a 2927 type = (type != NULL) ? type :
062490db 2928 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
440b852a
BK		 2929 ref_iv = gcm_state;
2930 ref_len = sizeof(gcm_state);
2931 break;
4ec4b063 2932 case 4:
440b852a
BK		 2933 type = EVP_aes_128_ccm();
2934 /* FALLTHROUGH */
4ec4b063 2935 case 10:
440b852a 2936 type = (type != NULL) ? type :
062490db 2937 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
440b852a
BK		 2938 ref_iv = ccm_state;
2939 ref_len = sizeof(ccm_state);
2940 break;
2941#ifdef OPENSSL_NO_OCB
4ec4b063
TM		 2942 case 5:
2943 case 11:
440b852a
BK		 2944 return 1;
2945#else
4ec4b063 2946 case 5:
440b852a
BK		 2947 type = EVP_aes_128_ocb();
2948 /* FALLTHROUGH */
4ec4b063 2949 case 11:
440b852a 2950 type = (type != NULL) ? type :
062490db 2951 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
440b852a
BK		 2952 ref_iv = ocb_state;
2953 ref_len = sizeof(ocb_state);
2954 break;
2955#endif
2956 default:
2957 return 0;
2958 }
2959
2960 if (!TEST_ptr(type)
2961 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2962 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2963 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2964 (int)sizeof(msg)))
0d83b7b9
TM		 2965 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2966 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
440b852a
BK		 2967 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2968 goto err;
ed576acd 2969 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
440b852a
BK		 2970 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2971 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2972 goto err;
2973
4ec4b063
TM		 2974 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
2975 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
2976 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
2977 goto err;
2978 if (iv_reset) {
2979 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
2980 goto err;
2981 } else {
2982 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
2983 goto err;
2984 }
2985
440b852a
BK		 2986 ret = 1;
2987err:
2988 EVP_CIPHER_CTX_free(ctx);
4ec4b063 2989 if (idx >= 6)
440b852a
BK		 2990 EVP_CIPHER_free((EVP_CIPHER *)type);
2991 return ret;
2992}
2993
a4afa6c1
TM		 2994#ifndef OPENSSL_NO_DES
2995static int test_evp_iv_des(int idx)
2996{
2997 int ret = 0;
2998 EVP_CIPHER_CTX *ctx = NULL;
2999 static const unsigned char key[24] = {
3000 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3001 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3002 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3003 };
3004 static const unsigned char init_iv[8] = {
3005 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3006 };
3007 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3008 9, 10, 11, 12, 13, 14, 15, 16 };
3009 unsigned char ciphertext[32], oiv[8], iv[8];
3010 unsigned const char *ref_iv;
3011 static const unsigned char cbc_state_des[8] = {
3012 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3013 };
3014 static const unsigned char cbc_state_3des[8] = {
3015 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3016 };
3017 static const unsigned char ofb_state_des[8] = {
3018 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3019 };
3020 static const unsigned char ofb_state_3des[8] = {
3021 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3022 };
3023 static const unsigned char cfb_state_des[8] = {
3024 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3025 };
3026 static const unsigned char cfb_state_3des[8] = {
3027 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3028 };
3029 int len = sizeof(ciphertext);
3030 size_t ivlen, ref_len;
3031 EVP_CIPHER *type = NULL;
3032
3033 if (lgcyprov == NULL && idx < 3)
3034 return TEST_skip("Test requires legacy provider to be loaded");
3035
1287dabd 3036 switch (idx) {
a4afa6c1
TM		 3037 case 0:
3038 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
3039 ref_iv = cbc_state_des;
3040 ref_len = sizeof(cbc_state_des);
3041 break;
3042 case 1:
3043 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
3044 ref_iv = ofb_state_des;
3045 ref_len = sizeof(ofb_state_des);
3046 break;
3047 case 2:
3048 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
3049 ref_iv = cfb_state_des;
3050 ref_len = sizeof(cfb_state_des);
3051 break;
3052 case 3:
3053 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
3054 ref_iv = cbc_state_3des;
3055 ref_len = sizeof(cbc_state_3des);
3056 break;
3057 case 4:
3058 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
3059 ref_iv = ofb_state_3des;
3060 ref_len = sizeof(ofb_state_3des);
3061 break;
3062 case 5:
3063 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
3064 ref_iv = cfb_state_3des;
3065 ref_len = sizeof(cfb_state_3des);
3066 break;
3067 default:
3068 return 0;
3069 }
3070
3071 if (!TEST_ptr(type)
3072 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3073 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3074 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3075 (int)sizeof(msg)))
3076 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3077 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3078 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3079 goto err;
ed576acd 3080 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
a4afa6c1
TM		 3081 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3082 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3083 goto err;
3084
3085 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3086 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3087 goto err;
3088 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3089 goto err;
3090
3091 ret = 1;
3092err:
3093 EVP_CIPHER_CTX_free(ctx);
3094 EVP_CIPHER_free(type);
3095 return ret;
3096}
3097#endif
3098
c0ff1932 3099#ifndef OPENSSL_NO_EC
da671c41
P		 3100static int ecpub_nids[] = {
3101 NID_brainpoolP256r1, NID_X9_62_prime256v1,
3102 NID_secp384r1, NID_secp521r1,
3103# ifndef OPENSSL_NO_EC2M
3104 NID_sect233k1, NID_sect233r1, NID_sect283r1,
c0ff1932 3105 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
da671c41
P		 3106# endif
3107 NID_brainpoolP384r1, NID_brainpoolP512r1
3108};
c0ff1932
BK		 3109
3110static int test_ecpub(int idx)
3111{
ad7cb0bf 3112 int ret = 0, len, savelen;
c0ff1932
BK		 3113 int nid;
3114 unsigned char buf[1024];
3115 unsigned char *p;
3116 EVP_PKEY *pkey = NULL;
3117 EVP_PKEY_CTX *ctx = NULL;
3d364726
BK		 3118# ifndef OPENSSL_NO_DEPRECATED_3_0
3119 const unsigned char *q;
3120 EVP_PKEY *pkey2 = NULL;
3121 EC_KEY *ec = NULL;
3122# endif
c0ff1932 3123
062490db
JS		 3124 if (nullprov != NULL)
3125 return TEST_skip("Test does not support a non-default library context");
3126
c0ff1932
BK		 3127 nid = ecpub_nids[idx];
3128
3129 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
3130 if (!TEST_ptr(ctx)
3131 || !TEST_true(EVP_PKEY_keygen_init(ctx))
3132 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid))
3133 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
3134 goto done;
3135 len = i2d_PublicKey(pkey, NULL);
ad7cb0bf 3136 savelen = len;
c0ff1932
BK		 3137 if (!TEST_int_ge(len, 1)
3138 || !TEST_int_lt(len, 1024))
3139 goto done;
3140 p = buf;
3141 len = i2d_PublicKey(pkey, &p);
ad7cb0bf
BK		 3142 if (!TEST_int_ge(len, 1)
3143 || !TEST_int_eq(len, savelen))
c0ff1932
BK		 3144 goto done;
3145
3d364726
BK		 3146# ifndef OPENSSL_NO_DEPRECATED_3_0
3147 /* Now try to decode the just-created DER. */
3148 q = buf;
3149 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
3150 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
3151 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
3152 goto done;
3153 /* EC_KEY ownership transferred */
3154 ec = NULL;
3155 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
3156 goto done;
3157 /* The keys should match. */
c85c5e1a 3158 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
3d364726
BK		 3159 goto done;
3160# endif
3161
c0ff1932
BK		 3162 ret = 1;
3163
3164 done:
3165 EVP_PKEY_CTX_free(ctx);
3166 EVP_PKEY_free(pkey);
3d364726
BK		 3167# ifndef OPENSSL_NO_DEPRECATED_3_0
3168 EVP_PKEY_free(pkey2);
3169 EC_KEY_free(ec);
3170# endif
c0ff1932
BK		 3171 return ret;
3172}
3173#endif
3174
e947a064
DB		 3175static int test_EVP_rsa_pss_with_keygen_bits(void)
3176{
062490db
JS		 3177 int ret = 0;
3178 EVP_PKEY_CTX *ctx = NULL;
3179 EVP_PKEY *pkey = NULL;
3180 EVP_MD *md;
e947a064 3181
062490db
JS		 3182 md = EVP_MD_fetch(testctx, "sha256", testpropq);
3183 ret = TEST_ptr(md)
3184 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", testpropq)))
e947a064
DB		 3185 && TEST_true(EVP_PKEY_keygen_init(ctx))
3186 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
3187 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
3188 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
3189
062490db 3190 EVP_MD_free(md);
e947a064
DB		 3191 EVP_PKEY_free(pkey);
3192 EVP_PKEY_CTX_free(ctx);
e947a064
DB		 3193 return ret;
3194}
3195
5eb73cfb
MC		 3196static int success = 1;
3197static void md_names(const char *name, void *vctx)
3198{
3199 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
3200 /* Force a namemap update */
3201 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
3202
3203 if (!TEST_ptr(aes128))
3204 success = 0;
3205
3206 EVP_CIPHER_free(aes128);
3207}
3208
3209/*
3210 * Test that changing the namemap in a user callback works in a names_do_all
3211 * function.
3212 */
3213static int test_names_do_all(void)
3214{
3215 /* We use a custom libctx so that we know the state of the namemap */
3216 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
3217 EVP_MD *sha256 = NULL;
3218 int testresult = 0;
3219
3220 if (!TEST_ptr(ctx))
3221 goto err;
3222
3223 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
3224 if (!TEST_ptr(sha256))
3225 goto err;
3226
3227 /*
3228 * We loop through all the names for a given digest. This should still work
3229 * even if the namemap changes part way through.
3230 */
3231 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
3232 goto err;
3233
3234 if (!TEST_true(success))
3235 goto err;
3236
3237 testresult = 1;
3238 err:
3239 EVP_MD_free(sha256);
3240 OSSL_LIB_CTX_free(ctx);
3241 return testresult;
3242}
e947a064 3243
063e0197
JC		 3244typedef struct {
3245 const char *cipher;
3246 const unsigned char *key;
3247 const unsigned char *iv;
3248 const unsigned char *input;
3249 const unsigned char *expected;
3250 const unsigned char *tag;
3251 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3252 size_t inlen;
3253 size_t expectedlen;
3254 size_t taglen;
3255 int keyfirst;
3256 int initenc;
3257 int finalenc;
3258} EVP_INIT_TEST_st;
3259
3260static const EVP_INIT_TEST_st evp_init_tests[] = {
3261 {
3262 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3263 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3264 0, 1, 0, 1
3265 },
3266 {
3267 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3268 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3269 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3270 sizeof(gcmDefaultTag), 1, 0, 1
3271 },
3272 {
3273 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3274 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3275 0, 0, 0, 1
3276 },
3277 {
3278 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3279 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3280 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3281 sizeof(gcmDefaultTag), 0, 0, 1
3282 },
3283 {
3284 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3285 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3286 0, 1, 1, 0
3287 },
3288 {
3289 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3290 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3291 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3292 sizeof(gcmDefaultTag), 1, 1, 0
3293 },
3294 {
3295 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3296 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3297 0, 0, 1, 0
3298 },
3299 {
3300 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3301 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3302 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3303 sizeof(gcmDefaultTag), 0, 1, 0
3304 }
3305};
3306
3307static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
3308{
3309 int res = 0;
1287dabd 3310
063e0197
JC		 3311 if (t->ivlen != 0) {
3312 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL)))
3313 goto err;
3314 }
3315 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
3316 goto err;
3317 res = 1;
3318 err:
3319 return res;
3320}
3321
3322/*
3323 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3324 * arguments are given one at a time and a final adjustment to the enc
3325 * parameter sets the correct operation.
3326 */
3327static int test_evp_init_seq(int idx)
3328{
3329 int outlen1, outlen2;
3330 int testresult = 0;
3331 unsigned char outbuf[1024];
3332 unsigned char tag[16];
3333 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
3334 EVP_CIPHER_CTX *ctx = NULL;
3335 EVP_CIPHER *type = NULL;
3336 size_t taglen = sizeof(tag);
3337 char *errmsg = NULL;
3338
3339 ctx = EVP_CIPHER_CTX_new();
3340 if (ctx == NULL) {
3341 errmsg = "CTX_ALLOC";
3342 goto err;
3343 }
3344 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
3345 errmsg = "CIPHER_FETCH";
3346 goto err;
3347 }
3348 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
3349 errmsg = "EMPTY_ENC_INIT";
3350 goto err;
3351 }
3352 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3353 errmsg = "PADDING";
3354 goto err;
3355 }
3356 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3357 errmsg = "KEY_INIT (before iv)";
3358 goto err;
3359 }
3360 if (!evp_init_seq_set_iv(ctx, t)) {
3361 errmsg = "IV_INIT";
3362 goto err;
3363 }
3364 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3365 errmsg = "KEY_INIT (after iv)";
3366 goto err;
3367 }
3368 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
3369 errmsg = "FINAL_ENC_INIT";
3370 goto err;
3371 }
3372 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3373 errmsg = "CIPHER_UPDATE";
3374 goto err;
3375 }
3376 if (t->finalenc == 0 && t->tag != NULL) {
3377 /* Set expected tag */
3378 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
3379 t->taglen, (void *)t->tag))) {
3380 errmsg = "SET_TAG";
3381 goto err;
3382 }
3383 }
3384 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3385 errmsg = "CIPHER_FINAL";
3386 goto err;
3387 }
3388 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3389 errmsg = "WRONG_RESULT";
3390 goto err;
3391 }
3392 if (t->finalenc != 0 && t->tag != NULL) {
3393 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3394 errmsg = "GET_TAG";
3395 goto err;
3396 }
3397 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
3398 errmsg = "TAG_ERROR";
3399 goto err;
3400 }
3401 }
3402 testresult = 1;
3403 err:
3404 if (errmsg != NULL)
3405 TEST_info("evp_init_test %d: %s", idx, errmsg);
3406 EVP_CIPHER_CTX_free(ctx);
3407 EVP_CIPHER_free(type);
3408 return testresult;
3409}
3410
3411typedef struct {
3412 const unsigned char *input;
3413 const unsigned char *expected;
3414 size_t inlen;
3415 size_t expectedlen;
3416 int enc;
3417} EVP_RESET_TEST_st;
3418
3419static const EVP_RESET_TEST_st evp_reset_tests[] = {
3420 {
3421 cfbPlaintext, cfbCiphertext,
3422 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
3423 },
3424 {
3425 cfbCiphertext, cfbPlaintext,
3426 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
3427 }
3428};
3429
3430/*
3431 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3432 * been used.
3433 */
3434static int test_evp_reset(int idx)
3435{
3436 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
3437 int outlen1, outlen2;
3438 int testresult = 0;
3439 unsigned char outbuf[1024];
3440 EVP_CIPHER_CTX *ctx = NULL;
3441 EVP_CIPHER *type = NULL;
3442 char *errmsg = NULL;
3443
3444 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3445 errmsg = "CTX_ALLOC";
3446 goto err;
3447 }
3448 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
3449 errmsg = "CIPHER_FETCH";
3450 goto err;
3451 }
3452 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3453 errmsg = "CIPHER_INIT";
3454 goto err;
3455 }
3456 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3457 errmsg = "PADDING";
3458 goto err;
3459 }
3460 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3461 errmsg = "CIPHER_UPDATE";
3462 goto err;
3463 }
3464 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3465 errmsg = "CIPHER_FINAL";
3466 goto err;
3467 }
3468 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3469 errmsg = "WRONG_RESULT";
3470 goto err;
3471 }
3472 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
3473 errmsg = "CIPHER_REINIT";
3474 goto err;
3475 }
3476 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3477 errmsg = "CIPHER_UPDATE (reinit)";
3478 goto err;
3479 }
3480 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3481 errmsg = "CIPHER_FINAL (reinit)";
3482 goto err;
3483 }
3484 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3485 errmsg = "WRONG_RESULT (reinit)";
3486 goto err;
3487 }
3488 testresult = 1;
3489 err:
3490 if (errmsg != NULL)
3491 TEST_info("test_evp_reset %d: %s", idx, errmsg);
3492 EVP_CIPHER_CTX_free(ctx);
3493 EVP_CIPHER_free(type);
3494 return testresult;
3495}
3496
f17e5277
IF		 3497typedef struct {
3498 const char *cipher;
3499 int enc;
3500} EVP_UPDATED_IV_TEST_st;
3501
3502static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
3503 {
3504 "aes-128-cfb", 1
3505 },
3506 {
3507 "aes-128-cfb", 0
3508 },
3509 {
3510 "aes-128-cfb1", 1
3511 },
3512 {
3513 "aes-128-cfb1", 0
3514 },
3515 {
3516 "aes-128-cfb8", 1
3517 },
3518 {
3519 "aes-128-cfb8", 0
3520 },
3521 {
3522 "aes-128-ofb", 1
3523 },
3524 {
3525 "aes-128-ofb", 0
3526 },
3527 {
3528 "aes-128-ctr", 1
3529 },
3530 {
3531 "aes-128-ctr", 0
3532 },
3533 {
3534 "aes-128-cbc", 1
3535 },
3536 {
3537 "aes-128-cbc", 0
3538 }
3539};
3540
3541/*
3542 * Test that the IV in the context is updated during a crypto operation for CFB
3543 * and OFB.
3544 */
3545static int test_evp_updated_iv(int idx)
3546{
3547 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
3548 int outlen1, outlen2;
3549 int testresult = 0;
3550 unsigned char outbuf[1024];
3551 EVP_CIPHER_CTX *ctx = NULL;
3552 EVP_CIPHER *type = NULL;
3553 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
3554 int iv_len;
3555 char *errmsg = NULL;
3556
3557 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3558 errmsg = "CTX_ALLOC";
3559 goto err;
3560 }
3561 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
3562 TEST_info("cipher %s not supported, skipping", t->cipher);
3563 goto ok;
3564 }
3565
3566 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3567 errmsg = "CIPHER_INIT";
3568 goto err;
3569 }
3570 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3571 errmsg = "PADDING";
3572 goto err;
3573 }
3574 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
3575 errmsg = "CIPHER_UPDATE";
3576 goto err;
3577 }
3578 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
3579 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
3580 goto err;
3581 }
3582 if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) {
3583 errmsg = "CIPHER_CTX_GET_IV_LEN";
3584 goto err;
3585 }
3586 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
3587 errmsg = "IV_NOT_UPDATED";
3588 goto err;
3589 }
3590 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3591 errmsg = "CIPHER_FINAL";
3592 goto err;
3593 }
3594 ok:
3595 testresult = 1;
3596 err:
3597 if (errmsg != NULL)
3598 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
3599 EVP_CIPHER_CTX_free(ctx);
3600 EVP_CIPHER_free(type);
3601 return testresult;
3602}
3603
063e0197
JC		 3604typedef struct {
3605 const unsigned char *iv1;
3606 const unsigned char *iv2;
3607 const unsigned char *expected1;
3608 const unsigned char *expected2;
3609 const unsigned char *tag1;
3610 const unsigned char *tag2;
3611 size_t ivlen1;
3612 size_t ivlen2;
3613 size_t expectedlen1;
3614 size_t expectedlen2;
3615} TEST_GCM_IV_REINIT_st;
3616
3617static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
3618 {
3619 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
3620 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
3621 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
3622 },
3623 {
3624 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
3625 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
3626 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
3627 }
3628};
3629
3630static int test_gcm_reinit(int idx)
3631{
3632 int outlen1, outlen2, outlen3;
3633 int testresult = 0;
3634 unsigned char outbuf[1024];
3635 unsigned char tag[16];
3636 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
3637 EVP_CIPHER_CTX *ctx = NULL;
3638 EVP_CIPHER *type = NULL;
3639 size_t taglen = sizeof(tag);
3640 char *errmsg = NULL;
3641
3642 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3643 errmsg = "CTX_ALLOC";
3644 goto err;
3645 }
3646 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
3647 errmsg = "CIPHER_FETCH";
3648 goto err;
3649 }
3650 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
3651 errmsg = "ENC_INIT";
3652 goto err;
3653 }
3654 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL))) {
3655 errmsg = "SET_IVLEN1";
3656 goto err;
3657 }
3658 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
3659 errmsg = "SET_IV1";
3660 goto err;
3661 }
3662 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3663 errmsg = "AAD1";
3664 goto err;
3665 }
3666 EVP_CIPHER_CTX_set_padding(ctx, 0);
3667 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3668 sizeof(gcmResetPlaintext)))) {
3669 errmsg = "CIPHER_UPDATE1";
3670 goto err;
3671 }
3672 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3673 errmsg = "CIPHER_FINAL1";
3674 goto err;
3675 }
3676 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
3677 errmsg = "WRONG_RESULT1";
3678 goto err;
3679 }
3680 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3681 errmsg = "GET_TAG1";
3682 goto err;
3683 }
3684 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
3685 errmsg = "TAG_ERROR1";
3686 goto err;
3687 }
3688 /* Now reinit */
3689 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL))) {
3690 errmsg = "SET_IVLEN2";
3691 goto err;
3692 }
3693 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
3694 errmsg = "SET_IV2";
3695 goto err;
3696 }
3697 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3698 errmsg = "AAD2";
3699 goto err;
3700 }
3701 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3702 sizeof(gcmResetPlaintext)))) {
3703 errmsg = "CIPHER_UPDATE2";
3704 goto err;
3705 }
3706 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3707 errmsg = "CIPHER_FINAL2";
3708 goto err;
3709 }
3710 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
3711 errmsg = "WRONG_RESULT2";
3712 goto err;
3713 }
3714 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3715 errmsg = "GET_TAG2";
3716 goto err;
3717 }
3718 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
3719 errmsg = "TAG_ERROR2";
3720 goto err;
3721 }
3722 testresult = 1;
3723 err:
3724 if (errmsg != NULL)
3725 TEST_info("evp_init_test %d: %s", idx, errmsg);
3726 EVP_CIPHER_CTX_free(ctx);
3727 EVP_CIPHER_free(type);
3728 return testresult;
3729}
3730
a983764e
MC		 3731#ifndef OPENSSL_NO_DEPRECATED_3_0
3732static EVP_PKEY_METHOD *custom_pmeth = NULL;
3733static const EVP_PKEY_METHOD *orig_pmeth = NULL;
3734
3735# define EVP_PKEY_CTRL_MY_COMMAND 9999
3736
3737static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
3738{
3739 int (*pinit)(EVP_PKEY_CTX *ctx);
3740
3741 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
3742 return pinit(ctx);
3743}
3744
3745static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
3746{
3747 void (*pcleanup)(EVP_PKEY_CTX *ctx);
3748
3749 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
3750 pcleanup(ctx);
3751}
3752
3753static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
3754 size_t *outlen, const unsigned char *in,
3755 size_t inlen)
3756{
3757 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
3758 const unsigned char *tbs, size_t tbslen);
3759
3760 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
3761 return psign(ctx, out, outlen, in, inlen);
3762}
3763
3764static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
3765 size_t *siglen, const unsigned char *tbs,
3766 size_t tbslen)
3767{
3768 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
3769 const unsigned char *tbs, size_t tbslen);
3770
c6fcd88f 3771 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
a983764e
MC		 3772 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
3773}
3774
3775static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
3776 size_t *keylen)
3777{
3778 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
3779
3780 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
3781 return pderive(ctx, key, keylen);
3782}
3783
3784static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
3785{
3786 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
3787
3788 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
3789 return pcopy(dst, src);
3790}
3791
3792static int ctrl_called;
3793
3794static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
3795{
3796 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
3797
3798 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
3799
3800 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
3801 ctrl_called = 1;
3802 return 1;
3803 }
3804
3805 return pctrl(ctx, type, p1, p2);
3806}
3807
3808static int test_custom_pmeth(int idx)
3809{
3810 EVP_PKEY_CTX *pctx = NULL;
3811 EVP_MD_CTX *ctx = NULL;
3812 EVP_PKEY *pkey = NULL;
3813 int id, orig_id, orig_flags;
3814 int testresult = 0;
3815 size_t reslen;
3816 unsigned char *res = NULL;
3817 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
3818 const EVP_MD *md = EVP_sha256();
3819 int doderive = 0;
3820
3821 ctrl_called = 0;
3822
3823 /* We call deprecated APIs so this test doesn't support a custom libctx */
3824 if (testctx != NULL)
3825 return 1;
3826
1287dabd 3827 switch (idx) {
a983764e
MC		 3828 case 0:
3829 case 6:
3830 id = EVP_PKEY_RSA;
3831 pkey = load_example_rsa_key();
3832 break;
3833 case 1:
3834 case 7:
3835# ifndef OPENSSL_NO_DSA
3836 id = EVP_PKEY_DSA;
3837 pkey = load_example_dsa_key();
3838 break;
3839# else
3840 return 1;
3841# endif
3842 case 2:
3843 case 8:
3844# ifndef OPENSSL_NO_EC
3845 id = EVP_PKEY_EC;
3846 pkey = load_example_ec_key();
3847 break;
3848# else
3849 return 1;
3850# endif
3851 case 3:
3852 case 9:
3853# ifndef OPENSSL_NO_EC
3854 id = EVP_PKEY_ED25519;
3855 md = NULL;
3856 pkey = load_example_ed25519_key();
3857 break;
3858# else
3859 return 1;
3860# endif
3861 case 4:
3862 case 10:
3863# ifndef OPENSSL_NO_DH
3864 id = EVP_PKEY_DH;
3865 doderive = 1;
3866 pkey = load_example_dh_key();
3867 break;
3868# else
3869 return 1;
3870# endif
3871 case 5:
3872 case 11:
3873# ifndef OPENSSL_NO_EC
3874 id = EVP_PKEY_X25519;
3875 doderive = 1;
3876 pkey = load_example_x25519_key();
3877 break;
3878# else
3879 return 1;
3880# endif
3881 default:
3882 TEST_error("Should not happen");
3883 goto err;
3884 }
3885
3886 if (!TEST_ptr(pkey))
3887 goto err;
3888
3889 if (idx < 6) {
3890 if (!TEST_true(evp_pkey_is_provided(pkey)))
3891 goto err;
3892 } else {
3893 EVP_PKEY *tmp = pkey;
3894
3895 /* Convert to a legacy key */
3896 pkey = EVP_PKEY_new();
3897 if (!TEST_ptr(pkey)) {
3898 pkey = tmp;
3899 goto err;
3900 }
3901 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
3902 EVP_PKEY_free(tmp);
3903 goto err;
3904 }
3905 EVP_PKEY_free(tmp);
3906 if (!TEST_true(evp_pkey_is_legacy(pkey)))
3907 goto err;
3908 }
3909
3910 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
3911 || !TEST_ptr(pkey))
3912 goto err;
3913
3914 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
3915 if (!TEST_int_eq(orig_id, id)
3916 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
3917 goto err;
3918
3919 if (id == EVP_PKEY_ED25519) {
3920 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
3921 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
3922 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
3923 } else {
3924 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
3925 }
3926 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
3927 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
3928 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
3929 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
3930 }
3931 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
3932 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
3933 goto err;
3934
3935 if (doderive) {
3936 pctx = EVP_PKEY_CTX_new(pkey, NULL);
3937 if (!TEST_ptr(pctx)
3938 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
3939 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
3940 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
3941 1)
3942 || !TEST_int_eq(ctrl_called, 1)
3943 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
3944 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
3945 || !TEST_ptr(res = OPENSSL_malloc(reslen))
3946 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
3947 goto err;
3948 } else {
3949 ctx = EVP_MD_CTX_new();
3950 reslen = EVP_PKEY_size(pkey);
3951 res = OPENSSL_malloc(reslen);
3952 if (!TEST_ptr(ctx)
3953 || !TEST_ptr(res)
3954 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
3955 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
3956 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
3957 1)
3958 || !TEST_int_eq(ctrl_called, 1))
3959 goto err;
3960
3961 if (id == EVP_PKEY_ED25519) {
3962 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
3963 goto err;
3964 } else {
3965 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
3966 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
3967 goto err;
3968 }
3969 }
3970
3971 testresult = 1;
3972 err:
3973 OPENSSL_free(res);
3974 EVP_MD_CTX_free(ctx);
3975 if (doderive)
3976 EVP_PKEY_CTX_free(pctx);
3977 EVP_PKEY_free(pkey);
3978 EVP_PKEY_meth_remove(custom_pmeth);
3979 EVP_PKEY_meth_free(custom_pmeth);
3980 custom_pmeth = NULL;
3981 return testresult;
3982}
03c2f21b
MC		 3983
3984static int test_evp_md_cipher_meth(void)
3985{
3986 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
3987 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
3988 int testresult = 0;
3989
3990 if (!TEST_ptr(md) || !TEST_ptr(ciph))
3991 goto err;
3992
3993 testresult = 1;
3994
3995 err:
3996 EVP_MD_meth_free(md);
3997 EVP_CIPHER_meth_free(ciph);
3998
3999 return testresult;
4000}
0299094c
MC		 4001
4002# ifndef OPENSSL_NO_DYNAMIC_ENGINE
4003/* Test we can create a signature keys with an associated ENGINE */
4004static int test_signatures_with_engine(int tst)
4005{
4006 ENGINE *e;
4007 const char *engine_id = "dasync";
4008 EVP_PKEY *pkey = NULL;
4009 const unsigned char badcmackey[] = { 0x00, 0x01 };
4010 const unsigned char cmackey[] = {
4011 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4012 0x0c, 0x0d, 0x0e, 0x0f
4013 };
4014 const unsigned char ed25519key[] = {
4015 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4016 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4017 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
4018 };
4019 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4020 int testresult = 0;
4021 EVP_MD_CTX *ctx = NULL;
4022 unsigned char *mac = NULL;
4023 size_t maclen = 0;
4024 int ret;
4025
ef2fb64f
MC		 4026# ifdef OPENSSL_NO_CMAC
4027 /* Skip CMAC tests in a no-cmac build */
4028 if (tst <= 1)
4029 return 1;
4030# endif
4031
0299094c
MC		 4032 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4033 return 0;
4034
4035 if (!TEST_true(ENGINE_init(e))) {
4036 ENGINE_free(e);
4037 return 0;
4038 }
4039
4040 switch (tst) {
4041 case 0:
4042 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
4043 EVP_aes_128_cbc());
4044 break;
4045 case 1:
4046 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
4047 EVP_aes_128_cbc());
4048 break;
4049 case 2:
4050 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
4051 sizeof(ed25519key));
4052 break;
4053 default:
4054 TEST_error("Invalid test case");
4055 goto err;
4056 }
4057 if (!TEST_ptr(pkey))
4058 goto err;
4059
4060 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
4061 goto err;
4062
4063 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
4064 pkey);
4065 if (tst == 0) {
4066 if (!TEST_true(ret))
4067 goto err;
4068
4069 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
4070 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
4071 goto err;
4072
4073 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
4074 goto err;
4075
4076 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
4077 goto err;
4078 } else {
4079 /* We used a bad key. We expect a failure here */
4080 if (!TEST_false(ret))
4081 goto err;
4082 }
4083
4084 testresult = 1;
4085 err:
4086 EVP_MD_CTX_free(ctx);
4087 OPENSSL_free(mac);
4088 EVP_PKEY_free(pkey);
4089 ENGINE_finish(e);
4090 ENGINE_free(e);
4091
4092 return testresult;
4093}
4094
4095static int test_cipher_with_engine(void)
4096{
4097 ENGINE *e;
4098 const char *engine_id = "dasync";
4099 const unsigned char keyiv[] = {
4100 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4101 0x0c, 0x0d, 0x0e, 0x0f
4102 };
4103 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4104 int testresult = 0;
4105 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
4106 unsigned char buf[AES_BLOCK_SIZE];
4107 int len = 0;
4108
4109 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4110 return 0;
4111
4112 if (!TEST_true(ENGINE_init(e))) {
4113 ENGINE_free(e);
4114 return 0;
4115 }
4116
4117 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4118 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
4119 goto err;
4120
4121 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
4122 goto err;
4123
4124 /* Copy the ctx, and complete the operation with the new ctx */
4125 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
4126 goto err;
4127
4128 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
4129 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
4130 goto err;
4131
4132 testresult = 1;
4133 err:
4134 EVP_CIPHER_CTX_free(ctx);
4135 EVP_CIPHER_CTX_free(ctx2);
4136 ENGINE_finish(e);
4137 ENGINE_free(e);
4138
4139 return testresult;
4140}
4141# endif /* OPENSSL_NO_DYNAMIC_ENGINE */
03c2f21b 4142#endif /* OPENSSL_NO_DEPRECATED_3_0 */
063e0197 4143
062490db
JS		 4144typedef enum OPTION_choice {
4145 OPT_ERR = -1,
4146 OPT_EOF = 0,
4147 OPT_CONTEXT,
4148 OPT_TEST_ENUM
4149} OPTION_CHOICE;
4150
4151const OPTIONS *test_get_options(void)
71ea6b48 4152{
062490db
JS		 4153 static const OPTIONS options[] = {
4154 OPT_TEST_OPTIONS_DEFAULT_USAGE,
4155 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
4156 { NULL }
4157 };
4158 return options;
4159}
86dc26ba 4160
062490db
JS		 4161int setup_tests(void)
4162{
4163 OPTION_CHOICE o;
4164
4165 while ((o = opt_next()) != OPT_EOF) {
4166 switch (o) {
4167 case OPT_CONTEXT:
4168 /* Set up an alternate library context */
4169 testctx = OSSL_LIB_CTX_new();
4170 if (!TEST_ptr(testctx))
4171 return 0;
4172 /* Swap the libctx to test non-default context only */
4173 nullprov = OSSL_PROVIDER_load(NULL, "null");
4174 deflprov = OSSL_PROVIDER_load(testctx, "default");
4175 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
4176 break;
4177 case OPT_TEST_CASES:
4178 break;
4179 default:
4180 return 0;
4181 }
4182 }
86dc26ba 4183
f9e504e8 4184 ADD_TEST(test_EVP_set_default_properties);
15ff7d7c 4185 ADD_ALL_TESTS(test_EVP_DigestSignInit, 15);
adcd8e37 4186 ADD_TEST(test_EVP_DigestVerifyInit);
8d8dd09b 4187 ADD_TEST(test_EVP_Digest);
15ff7d7c 4188 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
4547a719 4189 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
ad887416 4190 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
29c49b25 4191 ADD_TEST(test_privatekey_to_pkcs8);
8be513ae 4192 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
a9880362 4193#ifndef OPENSSL_NO_EC
adcd8e37 4194 ADD_TEST(test_EVP_PKCS82PKEY);
ddb634fe 4195#endif
f0c62c53
RL		 4196#ifndef OPENSSL_NO_EC
4197 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
4198#endif
f844f9eb 4199#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
ddb634fe 4200 ADD_TEST(test_EVP_SM2);
a6c4cb84 4201 ADD_TEST(test_EVP_SM2_verify);
a9880362 4202#endif
bb5f281a 4203 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
41bbba53 4204#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3
PY		 4205 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
4206 if (!TEST_ptr(custom_pmeth))
4207 return 0;
4208 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
b0004708
PY		 4209 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
4210 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
2aee35d3
PY		 4211 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
4212 return 0;
41bbba53 4213#endif
2aee35d3 4214 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
fab8fde3 4215#ifndef OPENSSL_NO_CMAC
a87820e1 4216 ADD_TEST(test_CMAC_keygen);
fab8fde3 4217#endif
10d5b415 4218 ADD_TEST(test_HKDF);
2cd3ebc7 4219 ADD_TEST(test_emptyikm_HKDF);
5dc40a83
BE		 4220#ifndef OPENSSL_NO_EC
4221 ADD_TEST(test_X509_PUBKEY_inplace);
808c63c5 4222 ADD_TEST(test_X509_PUBKEY_dup);
cad8347b
SL		 4223 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
4224 OSSL_NELEM(ec_der_pub_keys));
5dc40a83 4225#endif
8d0f8c81 4226#ifndef OPENSSL_NO_DSA
f54a4101 4227 ADD_TEST(test_DSA_get_set_params);
2c04b341 4228 ADD_TEST(test_DSA_priv_pub);
b4be6937 4229#endif
f54a4101 4230 ADD_TEST(test_RSA_get_set_params);
b4be6937
MC		 4231#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
4232 ADD_TEST(test_decrypt_null_chunks);
8d0f8c81 4233#endif
2c04b341
JS		 4234#ifndef OPENSSL_NO_DH
4235 ADD_TEST(test_DH_priv_pub);
4236# ifndef OPENSSL_NO_DEPRECATED_3_0
e295de1d 4237 ADD_TEST(test_EVP_PKEY_set1_DH);
2c04b341 4238# endif
b8a1272d
MC		 4239#endif
4240#ifndef OPENSSL_NO_EC
4241 ADD_TEST(test_EC_priv_pub);
4242# ifndef OPENSSL_NO_DEPRECATED_3_0
4243 ADD_TEST(test_EC_priv_only_legacy);
4244# endif
501fcfb8 4245#endif
8a5cb596 4246 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
5ddec6a7 4247 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
e295de1d 4248
1c19ff3c 4249 ADD_TEST(test_rand_agglomeration);
a4afa6c1
TM		 4250 ADD_ALL_TESTS(test_evp_iv_aes, 12);
4251#ifndef OPENSSL_NO_DES
4252 ADD_ALL_TESTS(test_evp_iv_des, 6);
4253#endif
e947a064 4254 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
c0ff1932
BK		 4255#ifndef OPENSSL_NO_EC
4256 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
4257#endif
1c19ff3c 4258
5eb73cfb
MC		 4259 ADD_TEST(test_names_do_all);
4260
063e0197
JC		 4261 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
4262 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
4263 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
f17e5277 4264 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
063e0197 4265
a983764e
MC		 4266#ifndef OPENSSL_NO_DEPRECATED_3_0
4267 ADD_ALL_TESTS(test_custom_pmeth, 12);
03c2f21b 4268 ADD_TEST(test_evp_md_cipher_meth);
0299094c
MC		 4269
4270# ifndef OPENSSL_NO_DYNAMIC_ENGINE
4271 /* Tests only support the default libctx */
4272 if (testctx == NULL) {
4273# ifndef OPENSSL_NO_EC
4274 ADD_ALL_TESTS(test_signatures_with_engine, 3);
4275# else
4276 ADD_ALL_TESTS(test_signatures_with_engine, 2);
4277# endif
4278 ADD_TEST(test_cipher_with_engine);
4279 }
4280# endif
a983764e
MC		 4281#endif
4282
ad887416 4283 return 1;
71ea6b48 4284}
86dc26ba
MC		 4285
4286void cleanup_tests(void)
4287{
062490db
JS		 4288 OSSL_PROVIDER_unload(nullprov);
4289 OSSL_PROVIDER_unload(deflprov);
4290 OSSL_PROVIDER_unload(lgcyprov);
b4250010 4291 OSSL_LIB_CTX_free(testctx);
86dc26ba 4292}
A mirror of the official openssl repository