]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/evp_extra_test.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Perl util to do with_libctx renaming
[thirdparty/openssl.git] / test / evp_extra_test.c
CommitLineData
440e5d80 1/*
33388b44 2 * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
71ea6b48 3 *
909f1a2e 4 * Licensed under the Apache License 2.0 (the "License"). You may not use
440e5d80
RS		 5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
71ea6b48
MC		 8 */
9
41bbba53
P		 10/* We need to use some deprecated APIs */
11#define OPENSSL_SUPPRESS_DEPRECATED
12
71ea6b48
MC		 13#include <stdio.h>
14#include <stdlib.h>
bb5f281a 15#include <string.h>
71ea6b48 16#include <openssl/bio.h>
7bb82f92 17#include <openssl/conf.h>
71ea6b48
MC		 18#include <openssl/crypto.h>
19#include <openssl/err.h>
20#include <openssl/evp.h>
21#include <openssl/rsa.h>
22#include <openssl/x509.h>
4803717f 23#include <openssl/pem.h>
10d5b415 24#include <openssl/kdf.h>
847d0f81 25#include <openssl/provider.h>
9c45222d 26#include <openssl/core_names.h>
f54a4101 27#include <openssl/params.h>
9c45222d 28#include <openssl/dsa.h>
e295de1d 29#include <openssl/dh.h>
e5bc0ce2 30#include <openssl/aes.h>
adcd8e37 31#include "testutil.h"
176db6dc 32#include "internal/nelem.h"
00bc1ad9 33#include "internal/sizes.h"
25f2138b 34#include "crypto/evp.h"
f0c62c53 35#include "../e_os.h" /* strcasecmp */
71ea6b48 36
86dc26ba
MC		 37static OPENSSL_CTX *testctx = NULL;
38
71ea6b48
MC		 39/*
40 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
41 * should never use this key anywhere but in an example.
42 */
43static const unsigned char kExampleRSAKeyDER[] = {
44 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
45 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
46 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
47 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
48 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
49 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
50 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
51 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
52 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
53 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
54 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
55 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
56 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
57 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
58 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
59 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
60 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
61 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
62 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
63 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
64 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
65 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
66 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
67 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
68 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
69 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
70 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
71 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
72 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
73 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
74 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
75 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
76 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
77 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
78 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
79 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
80 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
81 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
82 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
83 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
84 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
85 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
86 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
87 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
88 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
89 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
90 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
91 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
92 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
93 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
94 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
95};
96
59d0e6c8
MC		 97/*
98* kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
99 * should never use this key anywhere but in an example.
100 */
f650ab47 101#ifndef OPENSSL_NO_DSA
59d0e6c8
MC		 102static const unsigned char kExampleDSAKeyDER[] = {
103 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
104 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
105 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
106 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
107 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
108 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
109 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
110 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
111 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
112 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
113 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
114 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
115 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
116 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
117 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
118 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
119 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
120 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
121 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
122 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
123 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
124 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
125 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
126 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
127 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
128 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
129 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
130 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
131 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
132 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
133 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
134 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
135 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
136 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
137 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
138 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
139 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
140 0x40, 0x48
141};
f650ab47 142#endif
59d0e6c8 143
2aee35d3
PY		 144/*
145 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
146 * components are not correct.
147 */
148static const unsigned char kExampleBadRSAKeyDER[] = {
149 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
150 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
151 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
152 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
153 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
154 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
155 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
156 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
157 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
158 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
159 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
160 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
161 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
162 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
163 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
164 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
165 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
166 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
167 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
168 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
169 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
170 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
171 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
172 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
173 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
174 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
175 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
176 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
177 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
178 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
179 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
180 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
181 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
182 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
183 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
184 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
185 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
186 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
187 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
188 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
189 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
190 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
191 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
192 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
193 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
194 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
195 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
196 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
197 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
198 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
199 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
200 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
201 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
202 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
203 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
204 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
205 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
206 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
207 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
208 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
209 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
210 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
211 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
212 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
213 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
214 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
215 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
216 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
217 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
218 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
219 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
220 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
221 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
222 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
223 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
224 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
225 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
226 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
227 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
228 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
229 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
230 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
231 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
232 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
233 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
234 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
235 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
236 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
237 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
238};
239
71ea6b48
MC		 240static const unsigned char kMsg[] = { 1, 2, 3, 4 };
241
242static const unsigned char kSignature[] = {
243 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
244 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
245 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
246 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
247 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
248 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
249 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
250 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
251 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
252 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
253 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
254};
255
256/*
257 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
258 * PrivateKeyInfo.
259 */
260static const unsigned char kExampleRSAKeyPKCS8[] = {
261 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
262 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
263 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
264 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
265 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
266 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
267 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
268 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
269 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
270 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
271 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
272 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
273 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
274 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
275 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
276 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
277 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
278 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
279 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
280 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
281 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
282 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
283 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
284 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
285 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
286 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
287 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
288 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
289 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
290 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
291 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
292 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
293 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
294 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
295 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
296 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
297 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
298 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
299 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
300 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
301 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
302 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
303 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
304 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
305 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
306 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
307 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
308 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
309 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
310 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
311 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
312 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
313 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
314};
315
a9880362 316#ifndef OPENSSL_NO_EC
71ea6b48
MC		 317/*
318 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
319 * structure.
320 */
321static const unsigned char kExampleECKeyDER[] = {
322 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
323 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
324 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
325 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
326 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
327 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
328 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
329 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
330 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
331 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
332 0xc1,
333};
334
335/*
336 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
337 * structure. The private key is equal to the order and will fail to import
338 */
339static const unsigned char kExampleBadECKeyDER[] = {
340 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
341 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
342 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
343 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
344 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
345 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
346 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
347 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
348 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
349};
b0004708
PY		 350
351/* prime256v1 */
352static const unsigned char kExampleECPubKeyDER[] = {
353 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
354 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
355 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
356 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
357 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
358 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
359 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
360 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
361};
362
5dc40a83 363/*
87762939 364 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
5dc40a83
BE		 365 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
366 */
367static const unsigned char kExampleBadECPubKeyDER[] = {
368 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
369 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
370 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
371 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
372 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
373 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
374 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
375 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
376};
377
b0004708
PY		 378static const unsigned char pExampleECParamDER[] = {
379 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
380};
a9880362 381#endif
71ea6b48 382
adcd8e37
RS		 383typedef struct APK_DATA_st {
384 const unsigned char *kder;
385 size_t size;
386 int evptype;
2aee35d3 387 int check;
b0004708
PY		 388 int pub_check;
389 int param_check;
390 int type; /* 0 for private, 1 for public, 2 for params */
adcd8e37
RS		 391} APK_DATA;
392
393static APK_DATA keydata[] = {
394 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA},
395 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA},
aa24cd1b 396#ifndef OPENSSL_NO_EC
adcd8e37 397 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}
aa24cd1b 398#endif
adcd8e37
RS		 399};
400
2aee35d3 401static APK_DATA keycheckdata[] = {
b0004708
PY		 402 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, -2, -2, 0},
403 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA,
404 0, -2, -2, 0},
2aee35d3 405#ifndef OPENSSL_NO_EC
b0004708
PY		 406 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0},
407 /* group is also associated in our pub key */
408 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1},
409 {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2}
2aee35d3
PY		 410#endif
411};
412
71ea6b48
MC		 413static EVP_PKEY *load_example_rsa_key(void)
414{
415 EVP_PKEY *ret = NULL;
416 const unsigned char *derp = kExampleRSAKeyDER;
417 EVP_PKEY *pkey = NULL;
418 RSA *rsa = NULL;
419
adcd8e37 420 if (!TEST_true(d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))))
71ea6b48 421 return NULL;
71ea6b48 422
adcd8e37
RS		 423 if (!TEST_ptr(pkey = EVP_PKEY_new())
424 || !TEST_true(EVP_PKEY_set1_RSA(pkey, rsa)))
425 goto end;
71ea6b48
MC		 426
427 ret = pkey;
428 pkey = NULL;
429
adcd8e37 430end:
c5ba2d99 431 EVP_PKEY_free(pkey);
d6407083 432 RSA_free(rsa);
71ea6b48
MC		 433
434 return ret;
435}
436
f650ab47 437#ifndef OPENSSL_NO_DSA
59d0e6c8
MC		 438static EVP_PKEY *load_example_dsa_key(void)
439{
440 EVP_PKEY *ret = NULL;
441 const unsigned char *derp = kExampleDSAKeyDER;
442 EVP_PKEY *pkey = NULL;
443 DSA *dsa = NULL;
444
445 if (!TEST_true(d2i_DSAPrivateKey(&dsa, &derp, sizeof(kExampleDSAKeyDER))))
446 return NULL;
447
448 if (!TEST_ptr(pkey = EVP_PKEY_new())
449 || !TEST_true(EVP_PKEY_set1_DSA(pkey, dsa)))
450 goto end;
451
452 ret = pkey;
453 pkey = NULL;
454
455end:
456 EVP_PKEY_free(pkey);
457 DSA_free(dsa);
458
459 return ret;
460}
f650ab47 461#endif
59d0e6c8 462
6d242fa5
MC		 463static EVP_PKEY *load_example_hmac_key(void)
464{
465 EVP_PKEY *pkey = NULL;
466 unsigned char key[] = {
467 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
468 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
469 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
470 };
471
472 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, key, sizeof(key));
473 if (!TEST_ptr(pkey))
474 return NULL;
475
476 return pkey;
477}
478
f9e504e8
P		 479static int test_EVP_set_default_properties(void)
480{
481 OPENSSL_CTX *ctx;
482 EVP_MD *md = NULL;
483 int res = 0;
484
485 if (!TEST_ptr(ctx = OPENSSL_CTX_new())
486 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
487 goto err;
488 EVP_MD_free(md);
489 md = NULL;
490
491 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
492 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
493 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
494 goto err;
495 EVP_MD_free(md);
496 md = NULL;
497
498 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
499 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
500 goto err;
501 res = 1;
502err:
503 EVP_MD_free(md);
504 OPENSSL_CTX_free(ctx);
505 return res;
506}
507
2eb2b4f3
SL		 508static int test_EVP_Enveloped(void)
509{
510 int ret = 0;
511 EVP_CIPHER_CTX *ctx = NULL;
512 EVP_PKEY *keypair = NULL;
513 unsigned char *kek = NULL;
514 unsigned char iv[EVP_MAX_IV_LENGTH];
515 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
516 int len, kek_len, ciphertext_len, plaintext_len;
517 unsigned char ciphertext[32], plaintext[16];
518 const EVP_CIPHER *type = EVP_aes_256_cbc();
519
520 if (!TEST_ptr(keypair = load_example_rsa_key())
521 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
522 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
523 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
524 &keypair, 1))
525 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
526 msg, sizeof(msg)))
527 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
528 &len)))
529 goto err;
530
531 ciphertext_len += len;
532
533 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
534 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
535 ciphertext, ciphertext_len))
536 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
537 goto err;
538
539 plaintext_len += len;
540 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
541 goto err;
542
543 ret = 1;
544err:
545 OPENSSL_free(kek);
546 EVP_PKEY_free(keypair);
547 EVP_CIPHER_CTX_free(ctx);
548 return ret;
549}
550
59d0e6c8 551/*
6d242fa5
MC		 552 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
553 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
554 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
555 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
556 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
557 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
558 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
559 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
560 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
59d0e6c8
MC		 561 */
562static int test_EVP_DigestSignInit(int tst)
71ea6b48
MC		 563{
564 int ret = 0;
565 EVP_PKEY *pkey = NULL;
566 unsigned char *sig = NULL;
567 size_t sig_len = 0;
59d0e6c8
MC		 568 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
569 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
570 BIO *mdbio = NULL, *membio = NULL;
571 size_t written;
6d242fa5
MC		 572 const EVP_MD *md;
573 EVP_MD *mdexp = NULL;
59d0e6c8 574
6d242fa5 575 if (tst >= 6) {
59d0e6c8
MC		 576 membio = BIO_new(BIO_s_mem());
577 mdbio = BIO_new(BIO_f_md());
578 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
579 goto out;
580 BIO_push(mdbio, membio);
581 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
582 goto out;
583 } else {
584 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
585 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
586 goto out;
587 }
71ea6b48 588
6d242fa5 589 if (tst == 0 || tst == 3 || tst == 6) {
59d0e6c8
MC		 590 if (!TEST_ptr(pkey = load_example_rsa_key()))
591 goto out;
6d242fa5 592 } else if (tst == 1 || tst == 4 || tst == 7) {
f650ab47 593#ifndef OPENSSL_NO_DSA
59d0e6c8
MC		 594 if (!TEST_ptr(pkey = load_example_dsa_key()))
595 goto out;
f650ab47
MC		 596#else
597 ret = 1;
598 goto out;
599#endif
6d242fa5
MC		 600 } else {
601 if (!TEST_ptr(pkey = load_example_hmac_key()))
602 goto out;
59d0e6c8 603 }
71ea6b48 604
6d242fa5
MC		 605 if (tst >= 3 && tst <= 5)
606 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
607 else
608 md = EVP_sha256();
609
610 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
71ea6b48 611 goto out;
adcd8e37 612
6d242fa5 613 if (tst >= 6) {
59d0e6c8
MC		 614 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
615 goto out;
616 } else {
617 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
618 goto out;
619 }
620
71ea6b48 621 /* Determine the size of the signature. */
adcd8e37 622 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
0a054d2a 623 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
adcd8e37 624 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
71ea6b48 625 goto out;
71ea6b48 626
6d242fa5 627 if (tst >= 6) {
59d0e6c8
MC		 628 if (!TEST_int_gt(BIO_reset(mdbio), 0)
629 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
630 goto out;
631 }
632
6d242fa5
MC		 633 /*
634 * Ensure that the signature round-trips (Verification isn't supported for
635 * HMAC via EVP_DigestVerify*)
636 */
637 if (tst != 2 && tst != 5 && tst != 8) {
638 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
639 NULL, pkey)))
59d0e6c8 640 goto out;
6d242fa5
MC		 641
642 if (tst >= 6) {
643 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
644 goto out;
645 } else {
646 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
647 sizeof(kMsg))))
648 goto out;
649 }
650 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
59d0e6c8
MC		 651 goto out;
652 }
71ea6b48
MC		 653
654 ret = 1;
655
656 out:
59d0e6c8
MC		 657 BIO_free(membio);
658 BIO_free(mdbio);
659 EVP_MD_CTX_free(a_md_ctx);
660 EVP_MD_CTX_free(a_md_ctx_verify);
c5ba2d99 661 EVP_PKEY_free(pkey);
b548a1f1 662 OPENSSL_free(sig);
6d242fa5 663 EVP_MD_free(mdexp);
71ea6b48
MC		 664
665 return ret;
666}
667
668static int test_EVP_DigestVerifyInit(void)
669{
670 int ret = 0;
671 EVP_PKEY *pkey = NULL;
adcd8e37 672 EVP_MD_CTX *md_ctx = NULL;
71ea6b48 673
adcd8e37
RS		 674 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
675 || !TEST_ptr(pkey = load_example_rsa_key()))
676 goto out;
71ea6b48 677
adcd8e37
RS		 678 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
679 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
680 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
681 sizeof(kSignature))))
71ea6b48 682 goto out;
71ea6b48
MC		 683 ret = 1;
684
685 out:
bfb0641f 686 EVP_MD_CTX_free(md_ctx);
c5ba2d99 687 EVP_PKEY_free(pkey);
71ea6b48
MC		 688 return ret;
689}
690
adcd8e37 691static int test_d2i_AutoPrivateKey(int i)
71ea6b48
MC		 692{
693 int ret = 0;
694 const unsigned char *p;
695 EVP_PKEY *pkey = NULL;
adcd8e37
RS		 696 const APK_DATA *ak = &keydata[i];
697 const unsigned char *input = ak->kder;
698 size_t input_len = ak->size;
699 int expected_id = ak->evptype;
71ea6b48
MC		 700
701 p = input;
adcd8e37
RS		 702 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
703 || !TEST_ptr_eq(p, input + input_len)
704 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
71ea6b48 705 goto done;
71ea6b48
MC		 706
707 ret = 1;
708
709 done:
c5ba2d99 710 EVP_PKEY_free(pkey);
71ea6b48
MC		 711 return ret;
712}
713
a9880362 714#ifndef OPENSSL_NO_EC
cad8347b
SL		 715
716static const unsigned char ec_public_sect163k1_validxy[] = {
717 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
718 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
719 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
720 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
721 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
722 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
723};
724
725static const unsigned char ec_public_sect163k1_badx[] = {
726 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
727 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
728 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
729 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
730 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
731 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
732};
733
734static const unsigned char ec_public_sect163k1_bady[] = {
735 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
736 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
737 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
738 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
739 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
740 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
741};
742
743static struct ec_der_pub_keys_st {
744 const unsigned char *der;
745 size_t len;
746 int valid;
747} ec_der_pub_keys[] = {
748 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
749 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
750 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
751};
752
753/*
754 * Tests the range of the decoded EC char2 public point.
755 * See ec_GF2m_simple_oct2point().
756 */
757static int test_invalide_ec_char2_pub_range_decode(int id)
758{
759 int ret = 0;
760 BIO *bio = NULL;
761 EC_KEY *eckey = NULL;
762
763 if (!TEST_ptr(bio = BIO_new_mem_buf(ec_der_pub_keys[id].der,
764 ec_der_pub_keys[id].len)))
765 goto err;
766 eckey = d2i_EC_PUBKEY_bio(bio, NULL);
767 ret = (ec_der_pub_keys[id].valid && TEST_ptr(eckey))
768 || TEST_ptr_null(eckey);
769err:
770 EC_KEY_free(eckey);
771 BIO_free(bio);
772 return ret;
773}
774
71ea6b48
MC		 775/* Tests loading a bad key in PKCS8 format */
776static int test_EVP_PKCS82PKEY(void)
777{
778 int ret = 0;
779 const unsigned char *derp = kExampleBadECKeyDER;
780 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
781 EVP_PKEY *pkey = NULL;
782
adcd8e37
RS		 783 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
784 sizeof(kExampleBadECKeyDER))))
785 goto done;
71ea6b48 786
adcd8e37
RS		 787 if (!TEST_ptr_eq(derp,
788 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
71ea6b48 789 goto done;
71ea6b48 790
adcd8e37 791 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
71ea6b48 792 goto done;
71ea6b48
MC		 793
794 ret = 1;
795
796 done:
e0e920b1 797 PKCS8_PRIV_KEY_INFO_free(p8inf);
c5ba2d99 798 EVP_PKEY_free(pkey);
71ea6b48
MC		 799
800 return ret;
801}
a9880362 802#endif
71ea6b48 803
29c49b25
RL		 804/* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
805static int test_privatekey_to_pkcs8(void)
806{
807 EVP_PKEY *pkey = NULL;
808 BIO *membio = NULL;
809 char *membuf = NULL;
e2cc68c8 810 long membuf_len = 0;
29c49b25
RL		 811 int ok = 0;
812
813 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
814 || !TEST_ptr(pkey = load_example_rsa_key())
815 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
816 NULL, 0, NULL, NULL),
817 0)
e2cc68c8
SL		 818 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
819 || !TEST_ptr(membuf)
820 || !TEST_mem_eq(membuf, (size_t)membuf_len,
29c49b25
RL		 821 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
822 /*
823 * We try to write PEM as well, just to see that it doesn't err, but
824 * assume that the result is correct.
825 */
826 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
827 NULL, 0, NULL, NULL),
828 0))
829 goto done;
830
831 ok = 1;
832 done:
833 EVP_PKEY_free(pkey);
834 BIO_free_all(membio);
835 return ok;
836}
837
f0c62c53
RL		 838#ifndef OPENSSL_NO_EC
839static const struct {
840 int encoding;
841 const char *encoding_name;
842} ec_encodings[] = {
843 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
844 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
845};
846
847static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
848{
849 const OSSL_PARAM *p;
850 const char *enc_name = NULL;
851 int *enc = arg;
852 size_t i;
853
854 *enc = -1;
855
856 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
857 OSSL_PKEY_PARAM_EC_ENCODING))
858 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
859 return 0;
860
861 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
862 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
863 *enc = ec_encodings[i].encoding;
864 break;
865 }
866 }
867
868 return (*enc != -1);
869}
870
871static int test_EC_keygen_with_enc(int idx)
872{
873 EVP_PKEY *params = NULL, *key = NULL;
874 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
875 int enc;
876 int ret = 0;
877
878 enc = ec_encodings[idx].encoding;
879
880 /* Create key parameters */
881 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
882 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
883 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
884 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
885 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
886 || !TEST_ptr(params))
887 goto done;
888
889 /* Create key */
890 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
891 || !TEST_true(EVP_PKEY_keygen_init(kctx))
892 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
893 || !TEST_ptr(key))
894 goto done;
895
896 /* Check that the encoding got all the way into the key */
897 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
898 ec_export_get_encoding_cb, &enc))
899 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
900 goto done;
901
902 ret = 1;
903 done:
904 EVP_PKEY_free(key);
905 EVP_PKEY_free(params);
906 EVP_PKEY_CTX_free(kctx);
907 EVP_PKEY_CTX_free(pctx);
908 return ret;
909}
910#endif
911
f844f9eb 912#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
ddb634fe 913
a6c4cb84
JL		 914static int test_EVP_SM2_verify(void)
915{
a6c4cb84 916 const char *pubkey =
d0b79f86
PY		 917 "-----BEGIN PUBLIC KEY-----\n"
918 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
919 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
920 "-----END PUBLIC KEY-----\n";
a6c4cb84
JL		 921
922 const char *msg = "message digest";
923 const char *id = "ALICE123@YAHOO.COM";
924
925 const uint8_t signature[] = {
d0b79f86
PY		 926 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
927 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
928 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
929 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
930 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
931 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
932 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
a6c4cb84
JL		 933 };
934
935 int rc = 0;
936 BIO *bio = NULL;
937 EVP_PKEY *pkey = NULL;
938 EVP_MD_CTX *mctx = NULL;
939 EVP_PKEY_CTX *pctx = NULL;
940
941 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
942 if (!TEST_true(bio != NULL))
943 goto done;
944
945 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
946 if (!TEST_true(pkey != NULL))
947 goto done;
948
8a288609 949 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
a6c4cb84
JL		 950 goto done;
951
952 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
953 goto done;
954
955 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)))
956 goto done;
957
a6c4cb84
JL		 958 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
959
960 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey)))
961 goto done;
962
d0b79f86
PY		 963 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
964 goto done;
965
a6c4cb84
JL		 966 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
967 goto done;
968
969 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
970 goto done;
971 rc = 1;
972
973 done:
974 BIO_free(bio);
975 EVP_PKEY_free(pkey);
976 EVP_PKEY_CTX_free(pctx);
977 EVP_MD_CTX_free(mctx);
978 return rc;
979}
980
ddb634fe
JL		 981static int test_EVP_SM2(void)
982{
983 int ret = 0;
984 EVP_PKEY *pkey = NULL;
bfb56a97 985 EVP_PKEY *pkeyparams = NULL;
ddb634fe
JL		 986 EVP_PKEY_CTX *pctx = NULL;
987 EVP_PKEY_CTX *kctx = NULL;
4803717f 988 EVP_PKEY_CTX *sctx = NULL;
ddb634fe
JL		 989 size_t sig_len = 0;
990 unsigned char *sig = NULL;
991 EVP_MD_CTX *md_ctx = NULL;
992 EVP_MD_CTX *md_ctx_verify = NULL;
993 EVP_PKEY_CTX *cctx = NULL;
994
995 uint8_t ciphertext[128];
996 size_t ctext_len = sizeof(ciphertext);
997
998 uint8_t plaintext[8];
999 size_t ptext_len = sizeof(plaintext);
1000
4803717f
PY		 1001 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1002
bfb56a97
MC		 1003 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1004 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1005 int i;
1006 char mdname[20];
1007
d0b79f86 1008 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SM2, NULL);
ddb634fe
JL		 1009 if (!TEST_ptr(pctx))
1010 goto done;
1011
1012 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1013 goto done;
1014
d0b79f86 1015 /* TODO is this even needed? */
ddb634fe
JL		 1016 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1017 goto done;
1018
bfb56a97 1019 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
ddb634fe
JL		 1020 goto done;
1021
bfb56a97 1022 kctx = EVP_PKEY_CTX_new(pkeyparams, NULL);
ddb634fe
JL		 1023 if (!TEST_ptr(kctx))
1024 goto done;
1025
1026 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1027 goto done;
1028
1029 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1030 goto done;
1031
ddb634fe
JL		 1032 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1033 goto done;
1034
1035 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1036 goto done;
1037
4803717f
PY		 1038 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL)))
1039 goto done;
1040
1041 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1042 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1043
d0b79f86 1044 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey)))
4803717f
PY		 1045 goto done;
1046
d0b79f86 1047 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
ddb634fe
JL		 1048 goto done;
1049
1050 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1051 goto done;
1052
1053 /* Determine the size of the signature. */
1054 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1055 goto done;
1056
ddb634fe
JL		 1057 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1058 goto done;
1059
1060 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1061 goto done;
1062
1063 /* Ensure that the signature round-trips. */
1064
1065 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey)))
1066 goto done;
1067
d0b79f86
PY		 1068 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1069 goto done;
1070
ddb634fe
JL		 1071 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1072 goto done;
1073
1074 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1075 goto done;
1076
1077 /* now check encryption/decryption */
1078
bfb56a97
MC		 1079 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1080 mdname, sizeof(mdname));
1081 for (i = 0; i < 2; i++) {
1082 EVP_PKEY_CTX_free(cctx);
ddb634fe 1083
bfb56a97
MC		 1084 sparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1085 i == 0 ? "SM3" : "SHA2-256",
1086 0);
ddb634fe 1087
bfb56a97
MC		 1088 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
1089 goto done;
ddb634fe 1090
bfb56a97
MC		 1091 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1092 goto done;
ddb634fe 1093
bfb56a97
MC		 1094 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1095 goto done;
ddb634fe 1096
bfb56a97
MC		 1097 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1098 sizeof(kMsg))))
1099 goto done;
ddb634fe 1100
bfb56a97
MC		 1101 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1102 goto done;
1103
1104 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1105 goto done;
1106
1107 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1108 ctext_len)))
1109 goto done;
1110
1111 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1112 goto done;
1113
1114 /* Test we're still using the digest we think we are */
1115 if (i == 0 && !TEST_int_eq(strcmp(mdname, "SM3"), 0))
1116 goto done;
1117 if (i == 1 && !TEST_int_eq(strcmp(mdname, "SHA2-256"), 0))
1118 goto done;
1119
1120 if (!TEST_true(ptext_len == sizeof(kMsg)))
1121 goto done;
1122
1123 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1124 goto done;
1125 }
ddb634fe
JL		 1126
1127 ret = 1;
1128done:
1129 EVP_PKEY_CTX_free(pctx);
1130 EVP_PKEY_CTX_free(kctx);
4803717f 1131 EVP_PKEY_CTX_free(sctx);
ddb634fe
JL		 1132 EVP_PKEY_CTX_free(cctx);
1133 EVP_PKEY_free(pkey);
bfb56a97 1134 EVP_PKEY_free(pkeyparams);
ddb634fe
JL		 1135 EVP_MD_CTX_free(md_ctx);
1136 EVP_MD_CTX_free(md_ctx_verify);
1137 OPENSSL_free(sig);
1138 return ret;
1139}
1140
1141#endif
1142
bb5f281a
MC		 1143static struct keys_st {
1144 int type;
1145 char *priv;
1146 char *pub;
1147} keys[] = {
1148 {
1149 EVP_PKEY_HMAC, "0123456789", NULL
1150 }, {
1151 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1152 }, {
1153 EVP_PKEY_SIPHASH, "0123456789012345", NULL
896dcb80
MC		 1154 },
1155#ifndef OPENSSL_NO_EC
1156 {
bb5f281a
MC		 1157 EVP_PKEY_X25519, "01234567890123456789012345678901",
1158 "abcdefghijklmnopqrstuvwxyzabcdef"
1159 }, {
1160 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1161 "abcdefghijklmnopqrstuvwxyzabcdef"
1162 }, {
1163 EVP_PKEY_X448,
1164 "01234567890123456789012345678901234567890123456789012345",
1165 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1166 }, {
1167 EVP_PKEY_ED448,
1168 "012345678901234567890123456789012345678901234567890123456",
1169 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1170 }
896dcb80 1171#endif
bb5f281a
MC		 1172};
1173
86dc26ba 1174static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
bb5f281a
MC		 1175{
1176 int ret = 0;
1177 unsigned char buf[80];
1178 unsigned char *in;
1179 size_t inlen, len = 0;
1180 EVP_PKEY *pkey;
1181
1182 /* Check if this algorithm supports public keys */
1183 if (keys[tst].pub == NULL)
1184 return 1;
1185
1186 memset(buf, 0, sizeof(buf));
1187
1188 if (pub) {
1189 inlen = strlen(keys[tst].pub);
1190 in = (unsigned char *)keys[tst].pub;
86dc26ba
MC		 1191 if (uselibctx) {
1192 pkey = EVP_PKEY_new_raw_public_key_with_libctx(
1193 testctx,
1194 OBJ_nid2sn(keys[tst].type),
1195 NULL,
1196 in,
1197 inlen);
1198 } else {
1199 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1200 NULL,
1201 in,
1202 inlen);
1203 }
bb5f281a
MC		 1204 } else {
1205 inlen = strlen(keys[tst].priv);
1206 in = (unsigned char *)keys[tst].priv;
86dc26ba
MC		 1207 if (uselibctx) {
1208 pkey = EVP_PKEY_new_raw_private_key_with_libctx(
1209 testctx, OBJ_nid2sn(keys[tst].type),
1210 NULL,
1211 in,
1212 inlen);
1213 } else {
1214 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1215 NULL,
1216 in,
1217 inlen);
1218 }
bb5f281a
MC		 1219 }
1220
1221 if (!TEST_ptr(pkey)
1222 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1223 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1224 || !TEST_true(len == inlen)
1225 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1226 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1227 || !TEST_mem_eq(in, inlen, buf, len))
1228 goto done;
1229
1230 ret = 1;
1231 done:
1232 EVP_PKEY_free(pkey);
1233 return ret;
1234}
1235
1236static int test_set_get_raw_keys(int tst)
1237{
86dc26ba
MC		 1238 return test_set_get_raw_keys_int(tst, 0, 0)
1239 && test_set_get_raw_keys_int(tst, 0, 1)
1240 && test_set_get_raw_keys_int(tst, 1, 0)
1241 && test_set_get_raw_keys_int(tst, 1, 1);
bb5f281a
MC		 1242}
1243
41bbba53 1244#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3
PY		 1245static int pkey_custom_check(EVP_PKEY *pkey)
1246{
1247 return 0xbeef;
1248}
1249
b0004708
PY		 1250static int pkey_custom_pub_check(EVP_PKEY *pkey)
1251{
1252 return 0xbeef;
1253}
1254
1255static int pkey_custom_param_check(EVP_PKEY *pkey)
1256{
1257 return 0xbeef;
1258}
1259
2aee35d3 1260static EVP_PKEY_METHOD *custom_pmeth;
41bbba53 1261#endif
2aee35d3
PY		 1262
1263static int test_EVP_PKEY_check(int i)
1264{
1265 int ret = 0;
1266 const unsigned char *p;
1267 EVP_PKEY *pkey = NULL;
8a8bc665 1268#ifndef OPENSSL_NO_EC
b0004708 1269 EC_KEY *eckey = NULL;
8a8bc665 1270#endif
2aee35d3 1271 EVP_PKEY_CTX *ctx = NULL;
41bbba53 1272#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3 1273 EVP_PKEY_CTX *ctx2 = NULL;
41bbba53 1274#endif
2aee35d3
PY		 1275 const APK_DATA *ak = &keycheckdata[i];
1276 const unsigned char *input = ak->kder;
1277 size_t input_len = ak->size;
1278 int expected_id = ak->evptype;
1279 int expected_check = ak->check;
b0004708
PY		 1280 int expected_pub_check = ak->pub_check;
1281 int expected_param_check = ak->param_check;
1282 int type = ak->type;
1283 BIO *pubkey = NULL;
2aee35d3
PY		 1284
1285 p = input;
b0004708 1286
35db366c
DMSP		 1287 switch (type) {
1288 case 0:
1289 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1290 || !TEST_ptr_eq(p, input + input_len)
1291 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1292 goto done;
1293 break;
8a8bc665 1294#ifndef OPENSSL_NO_EC
35db366c
DMSP		 1295 case 1:
1296 if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len))
1297 || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL))
1298 || !TEST_ptr(pkey = EVP_PKEY_new())
1299 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1300 goto done;
1301 break;
1302 case 2:
1303 if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len))
1304 || !TEST_ptr_eq(p, input + input_len)
1305 || !TEST_ptr(pkey = EVP_PKEY_new())
1306 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1307 goto done;
1308 break;
8a8bc665 1309#endif
35db366c
DMSP		 1310 default:
1311 return 0;
1312 }
2aee35d3
PY		 1313
1314 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
1315 goto done;
1316
b0004708
PY		 1317 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1318 goto done;
1319
1320 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1321 goto done;
1322
1323 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1324 goto done;
2aee35d3 1325
41bbba53 1326#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3
PY		 1327 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1328 /* assign the pkey directly, as an internal test */
1329 EVP_PKEY_up_ref(pkey);
1330 ctx2->pkey = pkey;
1331
1332 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1333 goto done;
1334
b0004708
PY		 1335 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1336 goto done;
1337
1338 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1339 goto done;
41bbba53 1340#endif
b0004708 1341
2aee35d3
PY		 1342 ret = 1;
1343
1344 done:
1345 EVP_PKEY_CTX_free(ctx);
41bbba53 1346#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3 1347 EVP_PKEY_CTX_free(ctx2);
41bbba53 1348#endif
2aee35d3 1349 EVP_PKEY_free(pkey);
b0004708 1350 BIO_free(pubkey);
2aee35d3
PY		 1351 return ret;
1352}
1353
fab8fde3 1354#ifndef OPENSSL_NO_CMAC
e5bc0ce2
MC		 1355static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
1356{
1357 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
1358 const char msg[] = "Hello World";
1359 size_t maclen;
1360 int ret = 1;
1361
1362 if (!TEST_ptr(mdctx)
1363 || !TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, pkey))
1364 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
1365 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
1366 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
1367 ret = 0;
1368
1369 EVP_MD_CTX_free(mdctx);
1370
1371 return ret;
1372}
a87820e1
RL		 1373static int test_CMAC_keygen(void)
1374{
e5bc0ce2
MC		 1375 static unsigned char key[] = {
1376 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1377 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1378 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1379 };
a87820e1
RL		 1380 /*
1381 * This is a legacy method for CMACs, but should still work.
1382 * This verifies that it works without an ENGINE.
1383 */
1384 EVP_PKEY_CTX *kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
1385 int ret = 0;
e5bc0ce2
MC		 1386 EVP_PKEY *pkey = NULL;
1387 unsigned char mac[AES_BLOCK_SIZE], mac2[AES_BLOCK_SIZE];
1388
1389 /* Test a CMAC key created using the "generated" method */
1390 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1391 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1392 EVP_PKEY_CTRL_CIPHER,
1393 0, (void *)EVP_aes_256_ecb()), 0)
1394 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1395 EVP_PKEY_CTRL_SET_MAC_KEY,
1396 sizeof(key), (void *)key), 0)
1397 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
1398 || !TEST_ptr(pkey)
1399 || !TEST_true(get_cmac_val(pkey, mac)))
1400 goto done;
a87820e1 1401
e5bc0ce2
MC		 1402 EVP_PKEY_free(pkey);
1403
1404 /*
1405 * Test a CMAC key using the direct method, and compare with the mac
1406 * created above.
1407 */
1408 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
1409 if (!TEST_ptr(pkey)
1410 || !TEST_true(get_cmac_val(pkey, mac2))
1411 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
a87820e1 1412 goto done;
e5bc0ce2 1413
a87820e1
RL		 1414 ret = 1;
1415
1416 done:
e5bc0ce2 1417 EVP_PKEY_free(pkey);
a87820e1
RL		 1418 EVP_PKEY_CTX_free(kctx);
1419 return ret;
1420}
fab8fde3 1421#endif
a87820e1 1422
10d5b415
MC		 1423static int test_HKDF(void)
1424{
1425 EVP_PKEY_CTX *pctx;
1426 unsigned char out[20];
1427 size_t outlen;
1428 int i, ret = 0;
1429 unsigned char salt[] = "0123456789";
1430 unsigned char key[] = "012345678901234567890123456789";
1431 unsigned char info[] = "infostring";
1432 const unsigned char expected[] = {
1433 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1434 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1435 };
1436 size_t expectedlen = sizeof(expected);
1437
1438 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1439 goto done;
1440
1441 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1442 for (i = 0; i < 2; i++) {
1443 outlen = sizeof(out);
1444 memset(out, 0, outlen);
1445
1446 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1447 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1448 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1449 sizeof(salt) - 1), 0)
1450 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1451 sizeof(key) - 1), 0)
1452 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1453 sizeof(info) - 1), 0)
1454 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1455 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1456 goto done;
1457 }
1458
1459 ret = 1;
1460
1461 done:
1462 EVP_PKEY_CTX_free(pctx);
1463
1464 return ret;
1465}
1466
2cd3ebc7
BK		 1467static int test_emptyikm_HKDF(void)
1468{
1469 EVP_PKEY_CTX *pctx;
1470 unsigned char out[20];
1471 size_t outlen;
1472 int ret = 0;
1473 unsigned char salt[] = "9876543210";
1474 unsigned char key[] = "";
1475 unsigned char info[] = "stringinfo";
1476 const unsigned char expected[] = {
1477 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
1478 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
1479 };
1480 size_t expectedlen = sizeof(expected);
1481
1482 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1483 goto done;
1484
1485 outlen = sizeof(out);
1486 memset(out, 0, outlen);
1487
1488 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1489 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1490 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1491 sizeof(salt) - 1), 0)
1492 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1493 sizeof(key) - 1), 0)
1494 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1495 sizeof(info) - 1), 0)
1496 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1497 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1498 goto done;
1499
1500 ret = 1;
1501
1502 done:
1503 EVP_PKEY_CTX_free(pctx);
1504
1505 return ret;
1506}
1507
5dc40a83
BE		 1508#ifndef OPENSSL_NO_EC
1509static int test_X509_PUBKEY_inplace(void)
1510{
1511 int ret = 0;
1512 X509_PUBKEY *xp = NULL;
1513 const unsigned char *p = kExampleECPubKeyDER;
1514 size_t input_len = sizeof(kExampleECPubKeyDER);
1515
1516 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1517 goto done;
1518
1519 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1520 goto done;
1521
1522 p = kExampleBadECPubKeyDER;
1523 input_len = sizeof(kExampleBadECPubKeyDER);
1524
1525 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1526 goto done;
1527
1528 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1529 goto done;
1530
1531 ret = 1;
1532
1533done:
1534 X509_PUBKEY_free(xp);
1535 return ret;
1536}
7bb82f92 1537#endif /* OPENSSL_NO_EC */
784883fc 1538
9c45222d 1539/* Test getting and setting parameters on an EVP_PKEY_CTX */
f54a4101 1540static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
9c45222d 1541{
9a071fef 1542 EVP_MD_CTX *mdctx = NULL;
9c45222d 1543 EVP_PKEY_CTX *ctx = NULL;
9c45222d 1544 const OSSL_PARAM *params;
00bc1ad9 1545 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
9c45222d
MC		 1546 int ret = 0;
1547 const EVP_MD *md;
00bc1ad9 1548 char mdname[OSSL_MAX_NAME_SIZE];
9a071fef 1549 char ssl3ms[48];
9c45222d 1550
9c45222d
MC		 1551 /* Initialise a sign operation */
1552 ctx = EVP_PKEY_CTX_new(pkey, NULL);
9c45222d 1553 if (!TEST_ptr(ctx)
c9c4a356 1554 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
9c45222d
MC		 1555 goto err;
1556
1557 /*
f54a4101 1558 * We should be able to query the parameters now.
9c45222d
MC		 1559 */
1560 params = EVP_PKEY_CTX_settable_params(ctx);
1561 if (!TEST_ptr(params)
0cb3f4f9
RL		 1562 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1563 OSSL_SIGNATURE_PARAM_DIGEST)))
9c45222d
MC		 1564 goto err;
1565
9c45222d
MC		 1566 params = EVP_PKEY_CTX_gettable_params(ctx);
1567 if (!TEST_ptr(params)
0cb3f4f9
RL		 1568 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1569 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
0cb3f4f9
RL		 1570 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1571 OSSL_SIGNATURE_PARAM_DIGEST)))
9c45222d
MC		 1572 goto err;
1573
1574 /*
1575 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1576 * EVP_PKEY_CTX_get_params()
1577 */
00bc1ad9
RL		 1578 strcpy(mdname, "SHA512");
1579 param_md = param;
1580 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1581 mdname, 0);
9c45222d
MC		 1582 *param++ = OSSL_PARAM_construct_end();
1583
1584 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
1585 goto err;
1586
00bc1ad9
RL		 1587 mdname[0] = '\0';
1588 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1589 mdname, sizeof(mdname));
9c45222d 1590 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
00bc1ad9 1591 || !TEST_str_eq(mdname, "SHA512"))
9c45222d
MC		 1592 goto err;
1593
1594 /*
1595 * Test the TEST_PKEY_CTX_set_signature_md() and
1596 * TEST_PKEY_CTX_get_signature_md() functions
1597 */
1598 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
1599 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
1600 || !TEST_ptr_eq(md, EVP_sha256()))
1601 goto err;
1602
9a071fef
MC		 1603 /*
1604 * Test getting MD parameters via an associated EVP_PKEY_CTX
1605 */
1606 mdctx = EVP_MD_CTX_new();
1607 if (!TEST_ptr(mdctx)
0ab18e79
SL		 1608 || !TEST_true(EVP_DigestSignInit_with_libctx(mdctx, NULL,
1609 "SHA1", NULL, NULL,
1610 pkey)))
9a071fef
MC		 1611 goto err;
1612
1613 /*
1614 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
1615 * able to obtain the digest's settable parameters from the provider.
1616 */
1617 params = EVP_MD_CTX_settable_params(mdctx);
1618 if (!TEST_ptr(params)
1619 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
1620 /* The final key should be NULL */
1621 || !TEST_ptr_null(params[1].key))
1622 goto err;
1623
1624 param = ourparams;
1625 memset(ssl3ms, 0, sizeof(ssl3ms));
1626 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
1627 ssl3ms, sizeof(ssl3ms));
1628 *param++ = OSSL_PARAM_construct_end();
1629
1630 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
1631 goto err;
1632
9c45222d
MC		 1633 ret = 1;
1634
1635 err:
9a071fef 1636 EVP_MD_CTX_free(mdctx);
9c45222d 1637 EVP_PKEY_CTX_free(ctx);
f54a4101
RL		 1638
1639 return ret;
1640}
1641
1642#ifndef OPENSSL_NO_DSA
1643static int test_DSA_get_set_params(void)
1644{
1645 DSA *dsa = NULL;
1646 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
1647 EVP_PKEY *pkey = NULL;
1648 int ret = 0;
1649
1650 /*
1651 * Setup the parameters for our DSA object. For our purposes they don't
1652 * have to actually be *valid* parameters. We just need to set something.
1653 */
1654 dsa = DSA_new();
1655 p = BN_new();
1656 q = BN_new();
1657 g = BN_new();
1658 pub = BN_new();
1659 priv = BN_new();
1660 if (!TEST_ptr(dsa)
1661 || !TEST_ptr(p)
1662 || !TEST_ptr(q)
1663 || !TEST_ptr(g)
1664 || !TEST_ptr(pub)
1665 || !DSA_set0_pqg(dsa, p, q, g)
1666 || !DSA_set0_key(dsa, pub, priv))
1667 goto err;
1668 p = q = g = pub = priv = NULL;
1669
1670 pkey = EVP_PKEY_new();
1671 if (!TEST_ptr(pkey)
1672 || !TEST_true(EVP_PKEY_assign_DSA(pkey, dsa)))
1673 goto err;
1674
1675 dsa = NULL;
1676
1677 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1678
1679 err:
9c45222d
MC		 1680 EVP_PKEY_free(pkey);
1681 DSA_free(dsa);
1682 BN_free(p);
1683 BN_free(q);
1684 BN_free(g);
cd32a0f5
RL		 1685 BN_free(pub);
1686 BN_free(priv);
9c45222d
MC		 1687
1688 return ret;
1689}
8d0f8c81 1690#endif
9c45222d 1691
f54a4101
RL		 1692static int test_RSA_get_set_params(void)
1693{
1694 RSA *rsa = NULL;
1695 BIGNUM *n = NULL, *e = NULL, *d = NULL;
1696 EVP_PKEY *pkey = NULL;
1697 int ret = 0;
1698
1699 /*
1700 * Setup the parameters for our RSA object. For our purposes they don't
1701 * have to actually be *valid* parameters. We just need to set something.
1702 */
1703 rsa = RSA_new();
1704 n = BN_new();
1705 e = BN_new();
1706 d = BN_new();
1707 if (!TEST_ptr(rsa)
1708 || !TEST_ptr(n)
1709 || !TEST_ptr(e)
1710 || !TEST_ptr(d)
1711 || !RSA_set0_key(rsa, n, e, d))
1712 goto err;
1713 n = e = d = NULL;
1714
1715 pkey = EVP_PKEY_new();
1716 if (!TEST_ptr(pkey)
1717 || !TEST_true(EVP_PKEY_assign_RSA(pkey, rsa)))
1718 goto err;
1719
1720 rsa = NULL;
1721
1722 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1723
1724 err:
1725 EVP_PKEY_free(pkey);
1726 RSA_free(rsa);
1727 BN_free(n);
1728 BN_free(e);
1729 BN_free(d);
1730
1731 return ret;
1732}
1733
b4be6937
MC		 1734#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1735static int test_decrypt_null_chunks(void)
1736{
1737 EVP_CIPHER_CTX* ctx = NULL;
1738 const unsigned char key[32] = {
1739 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1740 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1741 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
1742 };
1743 unsigned char iv[12] = {
1744 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
1745 };
1746 unsigned char msg[] = "It was the best of times, it was the worst of times";
1747 unsigned char ciphertext[80];
1748 unsigned char plaintext[80];
1749 /* We initialise tmp to a non zero value on purpose */
1750 int ctlen, ptlen, tmp = 99;
1751 int ret = 0;
1752 const int enc_offset = 10, dec_offset = 20;
1753
1754 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1755 || !TEST_true(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL,
1756 key, iv))
1757 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
1758 enc_offset))
1759 /* Deliberate add a zero length update */
1760 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
1761 0))
1762 || !TEST_int_eq(tmp, 0)
1763 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
1764 msg + enc_offset,
1765 sizeof(msg) - enc_offset))
1766 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
1767 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
1768 || !TEST_int_eq(tmp, 0))
1769 goto err;
1770
1771 /* Deliberately initialise tmp to a non zero value */
1772 tmp = 99;
1773 if (!TEST_true(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, key,
1774 iv))
1775 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
1776 dec_offset))
1777 /*
1778 * Deliberately add a zero length update. We also deliberately do
1779 * this at a different offset than for encryption.
1780 */
1781 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
1782 0))
1783 || !TEST_int_eq(tmp, 0)
1784 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
1785 ciphertext + dec_offset,
1786 ctlen - dec_offset))
1787 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
1788 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
1789 || !TEST_int_eq(tmp, 0)
1790 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
1791 goto err;
1792
1793 ret = 1;
1794 err:
1795 EVP_CIPHER_CTX_free(ctx);
1796 return ret;
1797}
1798#endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
1799
501fcfb8 1800#ifndef OPENSSL_NO_DH
e295de1d
MC		 1801static int test_EVP_PKEY_set1_DH(void)
1802{
ca2bf555
SL		 1803 DH *x942dh = NULL, *noqdh = NULL;
1804 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
e295de1d 1805 int ret = 0;
ca2bf555
SL		 1806 BIGNUM *p, *g = NULL;
1807
1808 if (!TEST_ptr(p = BN_new())
1809 || !TEST_ptr(g = BN_new())
1810 || !BN_set_word(p, 9999)
1811 || !BN_set_word(g, 2)
1812 || !TEST_ptr(noqdh = DH_new())
1813 || !DH_set0_pqg(noqdh, p, NULL, g))
1814 goto err;
1815 p = g = NULL;
e295de1d
MC		 1816
1817 x942dh = DH_get_2048_256();
e295de1d
MC		 1818 pkey1 = EVP_PKEY_new();
1819 pkey2 = EVP_PKEY_new();
1820 if (!TEST_ptr(x942dh)
ca2bf555 1821 || !TEST_ptr(noqdh)
e295de1d
MC		 1822 || !TEST_ptr(pkey1)
1823 || !TEST_ptr(pkey2))
1824 goto err;
1825
1826 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
1827 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
1828 goto err;
1829
ca2bf555 1830 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
e295de1d
MC		 1831 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
1832 goto err;
1833
1834 ret = 1;
1835 err:
ca2bf555
SL		 1836 BN_free(p);
1837 BN_free(g);
e295de1d
MC		 1838 EVP_PKEY_free(pkey1);
1839 EVP_PKEY_free(pkey2);
1840 DH_free(x942dh);
ca2bf555 1841 DH_free(noqdh);
e295de1d
MC		 1842
1843 return ret;
1844}
501fcfb8 1845#endif
e295de1d 1846
8a5cb596
RL		 1847/*
1848 * We test what happens with an empty template. For the sake of this test,
1849 * the template must be ignored, and we know that's the case for RSA keys
1850 * (this might arguably be a misfeature, but that's what we currently do,
1851 * even in provider code, since that's how the legacy RSA implementation
1852 * does things)
1853 */
1854static int test_keygen_with_empty_template(int n)
1855{
1856 EVP_PKEY_CTX *ctx = NULL;
1857 EVP_PKEY *pkey = NULL;
1858 EVP_PKEY *tkey = NULL;
1859 int ret = 0;
1860
1861 switch (n) {
1862 case 0:
1863 /* We do test with no template at all as well */
1864 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
1865 goto err;
1866 break;
1867 case 1:
1868 /* Here we create an empty RSA key that serves as our template */
1869 if (!TEST_ptr(tkey = EVP_PKEY_new())
1870 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
1871 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
1872 goto err;
1873 break;
1874 }
1875
1876 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1877 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
1878 goto err;
1879
1880 ret = 1;
1881 err:
1882 EVP_PKEY_CTX_free(ctx);
1883 EVP_PKEY_free(pkey);
1884 EVP_PKEY_free(tkey);
1885 return ret;
1886}
1887
5ddec6a7
MC		 1888/*
1889 * Test that we fail if we attempt to use an algorithm that is not available
08497fc6
RL		 1890 * in the current library context (unless we are using an algorithm that
1891 * should be made available via legacy codepaths).
1892 *
1893 * 0: RSA
1894 * 1: SM2
5ddec6a7
MC		 1895 */
1896static int test_pkey_ctx_fail_without_provider(int tst)
1897{
1898 OPENSSL_CTX *tmpctx = OPENSSL_CTX_new();
1899 OSSL_PROVIDER *nullprov = NULL;
1900 EVP_PKEY_CTX *pctx = NULL;
08497fc6
RL		 1901 const char *keytype = NULL;
1902 int expect_null = 0;
5ddec6a7
MC		 1903 int ret = 0;
1904
1905 if (!TEST_ptr(tmpctx))
1906 goto err;
1907
1908 nullprov = OSSL_PROVIDER_load(tmpctx, "null");
1909 if (!TEST_ptr(nullprov))
1910 goto err;
1911
5ddec6a7 1912 /*
08497fc6
RL		 1913 * We check for certain algos in the null provider.
1914 * If an algo is expected to have a provider keymgmt, contructing an
1915 * EVP_PKEY_CTX is expected to fail (return NULL).
1916 * Otherwise, if it's expected to have legacy support, contructing an
1917 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
5ddec6a7 1918 */
08497fc6
RL		 1919 switch (tst) {
1920 case 0:
1921 keytype = "RSA";
1922 expect_null = 1;
1923 break;
1924 case 1:
1925 keytype = "SM2";
d0b79f86 1926 expect_null = 1;
08497fc6
RL		 1927#ifdef OPENSSL_NO_EC
1928 TEST_info("EC disable, skipping SM2 check...");
1929 goto end;
1930#endif
1931#ifdef OPENSSL_NO_SM2
1932 TEST_info("SM2 disable, skipping SM2 check...");
1933 goto end;
1934#endif
1935 break;
1936 default:
1937 TEST_error("No test for case %d", tst);
1938 goto err;
1939 }
1940
1941 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
1942 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
5ddec6a7
MC		 1943 goto err;
1944
08497fc6
RL		 1945#if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
1946 end:
1947#endif
5ddec6a7
MC		 1948 ret = 1;
1949
1950 err:
1951 EVP_PKEY_CTX_free(pctx);
1952 OSSL_PROVIDER_unload(nullprov);
1953 OPENSSL_CTX_free(tmpctx);
1954 return ret;
1955}
1956
1c19ff3c
P		 1957static int test_rand_agglomeration(void)
1958{
1959 EVP_RAND *rand;
1960 EVP_RAND_CTX *ctx;
1961 OSSL_PARAM params[3], *p = params;
1962 int res;
1963 unsigned int step = 7;
1964 static unsigned char seed[] = "It does not matter how slowly you go "
1965 "as long as you do not stop.";
1966 unsigned char out[sizeof(seed)];
1967
1968 if (!TEST_int_ne(sizeof(seed) % step, 0)
1969 || !TEST_ptr(rand = EVP_RAND_fetch(NULL, "TEST-RAND", NULL)))
1970 return 0;
1971 ctx = EVP_RAND_CTX_new(rand, NULL);
1972 EVP_RAND_free(rand);
1973 if (!TEST_ptr(ctx))
1974 return 0;
1975
1976 memset(out, 0, sizeof(out));
1977 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
1978 seed, sizeof(seed));
1979 *p++ = OSSL_PARAM_construct_uint(OSSL_DRBG_PARAM_MAX_REQUEST, &step);
1980 *p = OSSL_PARAM_construct_end();
1981 res = TEST_true(EVP_RAND_set_ctx_params(ctx, params))
1982 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
1983 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
1984 EVP_RAND_CTX_free(ctx);
1985 return res;
1986}
1987
440b852a
BK		 1988/*
1989 * Test that we correctly return the original or "running" IV after
1990 * an encryption operation.
1991 * Run multiple times for some different relevant algorithms/modes.
1992 */
1993static int test_evp_iv(int idx)
1994{
1995 int ret = 0;
1996 EVP_CIPHER_CTX *ctx = NULL;
1997 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
1998 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
1999 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
2000 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2001 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2002 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2003 9, 10, 11, 12, 13, 14, 15, 16 };
2004 unsigned char ciphertext[32], oiv[16], iv[16];
2005 unsigned char *ref_iv;
2006 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2007 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2008
2009 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2010 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2011 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2012 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2013 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2014#ifndef OPENSSL_NO_OCB
2015 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2016 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2017#endif
2018 int len = sizeof(ciphertext);
2019 size_t ivlen, ref_len;
2020 const EVP_CIPHER *type = NULL;
2021
2022 switch(idx) {
2023 case 0:
2024 type = EVP_aes_128_cbc();
2025 /* FALLTHROUGH */
2026 case 5:
2027 type = (type != NULL) ? type :
2028 EVP_CIPHER_fetch(testctx, "aes-128-cbc", NULL);
2029 ref_iv = cbc_state;
2030 ref_len = sizeof(cbc_state);
2031 break;
2032 case 1:
2033 type = EVP_aes_128_ofb();
2034 /* FALLTHROUGH */
2035 case 6:
2036 type = (type != NULL) ? type :
2037 EVP_CIPHER_fetch(testctx, "aes-128-ofb", NULL);
2038 ref_iv = ofb_state;
2039 ref_len = sizeof(ofb_state);
2040 break;
2041 case 2:
2042 type = EVP_aes_128_gcm();
2043 /* FALLTHROUGH */
2044 case 7:
2045 type = (type != NULL) ? type :
2046 EVP_CIPHER_fetch(testctx, "aes-128-gcm", NULL);
2047 ref_iv = gcm_state;
2048 ref_len = sizeof(gcm_state);
2049 break;
2050 case 3:
2051 type = EVP_aes_128_ccm();
2052 /* FALLTHROUGH */
2053 case 8:
2054 type = (type != NULL) ? type :
2055 EVP_CIPHER_fetch(testctx, "aes-128-ccm", NULL);
2056 ref_iv = ccm_state;
2057 ref_len = sizeof(ccm_state);
2058 break;
2059#ifdef OPENSSL_NO_OCB
2060 case 4:
2061 case 9:
2062 return 1;
2063#else
2064 case 4:
2065 type = EVP_aes_128_ocb();
2066 /* FALLTHROUGH */
2067 case 9:
2068 type = (type != NULL) ? type :
2069 EVP_CIPHER_fetch(testctx, "aes-128-ocb", NULL);
2070 ref_iv = ocb_state;
2071 ref_len = sizeof(ocb_state);
2072 break;
2073#endif
2074 default:
2075 return 0;
2076 }
2077
2078 if (!TEST_ptr(type)
2079 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2080 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2081 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2082 (int)sizeof(msg)))
2083 || !TEST_true(EVP_CIPHER_CTX_get_iv(ctx, oiv, sizeof(oiv)))
2084 || !TEST_true(EVP_CIPHER_CTX_get_iv_state(ctx, iv, sizeof(iv)))
2085 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2086 goto err;
2087 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
2088 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2089 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2090 goto err;
2091
2092 ret = 1;
2093err:
2094 EVP_CIPHER_CTX_free(ctx);
2095 if (idx >= 5)
2096 EVP_CIPHER_free((EVP_CIPHER *)type);
2097 return ret;
2098}
2099
ad887416 2100int setup_tests(void)
71ea6b48 2101{
86dc26ba
MC		 2102 testctx = OPENSSL_CTX_new();
2103
2104 if (!TEST_ptr(testctx))
2105 return 0;
2106
f9e504e8 2107 ADD_TEST(test_EVP_set_default_properties);
6d242fa5 2108 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
adcd8e37 2109 ADD_TEST(test_EVP_DigestVerifyInit);
2eb2b4f3 2110 ADD_TEST(test_EVP_Enveloped);
ad887416 2111 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
29c49b25 2112 ADD_TEST(test_privatekey_to_pkcs8);
a9880362 2113#ifndef OPENSSL_NO_EC
adcd8e37 2114 ADD_TEST(test_EVP_PKCS82PKEY);
ddb634fe 2115#endif
f0c62c53
RL		 2116#ifndef OPENSSL_NO_EC
2117 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
2118#endif
f844f9eb 2119#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
ddb634fe 2120 ADD_TEST(test_EVP_SM2);
a6c4cb84 2121 ADD_TEST(test_EVP_SM2_verify);
a9880362 2122#endif
bb5f281a 2123 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
41bbba53 2124#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3
PY		 2125 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
2126 if (!TEST_ptr(custom_pmeth))
2127 return 0;
2128 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
b0004708
PY		 2129 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
2130 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
2aee35d3
PY		 2131 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
2132 return 0;
41bbba53 2133#endif
2aee35d3 2134 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
fab8fde3 2135#ifndef OPENSSL_NO_CMAC
a87820e1 2136 ADD_TEST(test_CMAC_keygen);
fab8fde3 2137#endif
10d5b415 2138 ADD_TEST(test_HKDF);
2cd3ebc7 2139 ADD_TEST(test_emptyikm_HKDF);
5dc40a83
BE		 2140#ifndef OPENSSL_NO_EC
2141 ADD_TEST(test_X509_PUBKEY_inplace);
cad8347b
SL		 2142 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
2143 OSSL_NELEM(ec_der_pub_keys));
5dc40a83 2144#endif
8d0f8c81 2145#ifndef OPENSSL_NO_DSA
f54a4101 2146 ADD_TEST(test_DSA_get_set_params);
b4be6937 2147#endif
f54a4101 2148 ADD_TEST(test_RSA_get_set_params);
b4be6937
MC		 2149#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2150 ADD_TEST(test_decrypt_null_chunks);
8d0f8c81 2151#endif
501fcfb8 2152#ifndef OPENSSL_NO_DH
e295de1d 2153 ADD_TEST(test_EVP_PKEY_set1_DH);
501fcfb8 2154#endif
8a5cb596 2155 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
5ddec6a7 2156 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
e295de1d 2157
1c19ff3c 2158 ADD_TEST(test_rand_agglomeration);
440b852a 2159 ADD_ALL_TESTS(test_evp_iv, 10);
1c19ff3c 2160
ad887416 2161 return 1;
71ea6b48 2162}
86dc26ba
MC		 2163
2164void cleanup_tests(void)
2165{
2166 OPENSSL_CTX_free(testctx);
2167}
A mirror of the official openssl repository