]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/evp_extra_test.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Implement EVP_PKEY_dup() function
[thirdparty/openssl.git] / test / evp_extra_test.c
1 /*
2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include "testutil.h"
34 #include "internal/nelem.h"
35 #include "internal/sizes.h"
36 #include "crypto/evp.h"
37 #include "../e_os.h" /* strcasecmp */
38
39 static OSSL_LIB_CTX *testctx = NULL;
40 static char *testpropq = NULL;
41
42 static OSSL_PROVIDER *nullprov = NULL;
43 static OSSL_PROVIDER *deflprov = NULL;
44 static OSSL_PROVIDER *lgcyprov = NULL;
45
46 /*
47 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
48 * should never use this key anywhere but in an example.
49 */
50 static const unsigned char kExampleRSAKeyDER[] = {
51 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
52 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
53 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
54 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
55 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
56 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
57 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
58 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
59 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
60 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
61 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
62 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
63 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
64 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
65 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
66 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
67 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
68 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
69 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
70 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
71 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
72 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
73 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
74 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
75 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
76 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
77 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
78 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
79 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
80 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
81 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
82 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
83 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
84 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
85 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
86 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
87 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
88 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
89 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
90 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
91 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
92 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
93 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
94 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
95 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
96 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
97 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
98 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
99 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
100 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
101 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
102 };
103
104 /*
105 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
106 * should never use this key anywhere but in an example.
107 */
108 #ifndef OPENSSL_NO_DSA
109 static const unsigned char kExampleDSAKeyDER[] = {
110 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
111 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
112 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
113 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
114 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
115 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
116 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
117 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
118 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
119 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
120 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
121 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
122 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
123 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
124 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
125 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
126 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
127 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
128 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
129 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
130 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
131 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
132 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
133 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
134 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
135 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
136 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
137 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
138 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
139 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
140 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
141 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
142 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
143 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
144 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
145 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
146 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
147 0x40, 0x48
148 };
149 #endif
150
151 /*
152 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
153 * components are not correct.
154 */
155 static const unsigned char kExampleBadRSAKeyDER[] = {
156 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
157 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
158 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
159 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
160 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
161 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
162 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
163 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
164 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
165 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
166 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
167 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
168 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
169 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
170 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
171 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
172 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
173 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
174 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
175 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
176 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
177 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
178 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
179 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
180 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
181 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
182 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
183 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
184 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
185 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
186 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
187 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
188 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
189 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
190 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
191 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
192 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
193 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
194 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
195 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
196 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
197 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
198 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
199 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
200 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
201 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
202 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
203 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
204 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
205 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
206 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
207 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
208 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
209 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
210 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
211 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
212 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
213 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
214 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
215 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
216 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
217 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
218 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
219 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
220 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
221 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
222 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
223 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
224 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
225 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
226 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
227 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
228 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
229 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
230 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
231 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
232 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
233 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
234 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
235 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
236 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
237 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
238 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
239 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
240 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
241 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
242 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
243 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
244 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
245 };
246
247 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
248
249 static const unsigned char kSignature[] = {
250 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
251 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
252 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
253 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
254 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
255 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
256 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
257 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
258 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
259 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
260 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
261 };
262
263 /*
264 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
265 * PrivateKeyInfo.
266 */
267 static const unsigned char kExampleRSAKeyPKCS8[] = {
268 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
269 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
270 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
271 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
272 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
273 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
274 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
275 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
276 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
277 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
278 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
279 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
280 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
281 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
282 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
283 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
284 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
285 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
286 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
287 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
288 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
289 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
290 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
291 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
292 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
293 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
294 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
295 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
296 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
297 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
298 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
299 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
300 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
301 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
302 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
303 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
304 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
305 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
306 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
307 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
308 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
309 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
310 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
311 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
312 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
313 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
314 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
315 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
316 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
317 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
318 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
319 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
320 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
321 };
322
323 #ifndef OPENSSL_NO_EC
324 /*
325 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
326 * structure.
327 */
328 static const unsigned char kExampleECKeyDER[] = {
329 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
330 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
331 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
332 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
333 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
334 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
335 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
336 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
337 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
338 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
339 0xc1,
340 };
341
342 /*
343 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
344 * structure. The private key is equal to the order and will fail to import
345 */
346 static const unsigned char kExampleBadECKeyDER[] = {
347 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
348 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
349 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
350 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
351 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
352 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
353 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
354 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
355 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
356 };
357
358 /* prime256v1 */
359 static const unsigned char kExampleECPubKeyDER[] = {
360 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
361 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
362 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
363 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
364 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
365 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
366 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
367 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
368 };
369
370 /*
371 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
372 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
373 */
374 static const unsigned char kExampleBadECPubKeyDER[] = {
375 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
376 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
377 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
378 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
379 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
380 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
381 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
382 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
383 };
384
385 static const unsigned char pExampleECParamDER[] = {
386 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
387 };
388
389 static const unsigned char kExampleED25519KeyDER[] = {
390 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
391 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
392 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
393 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
394 };
395
396 static const unsigned char kExampleED25519PubKeyDER[] = {
397 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
398 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
399 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
400 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
401 };
402
403 #endif
404
405 typedef struct APK_DATA_st {
406 const unsigned char *kder;
407 size_t size;
408 const char *keytype;
409 int evptype;
410 int check;
411 int pub_check;
412 int param_check;
413 int type; /* 0 for private, 1 for public, 2 for params */
414 } APK_DATA;
415
416 static APK_DATA keydata[] = {
417 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
418 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
419 #ifndef OPENSSL_NO_EC
420 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
421 #endif
422 };
423
424 static APK_DATA keycheckdata[] = {
425 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
426 0},
427 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
428 0, 1, 1, 0},
429 #ifndef OPENSSL_NO_EC
430 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
431 /* group is also associated in our pub key */
432 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
433 1, 1},
434 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
435 2},
436 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
437 EVP_PKEY_ED25519, 1, 1, 1, 0},
438 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
439 EVP_PKEY_ED25519, 0, 1, 1, 1},
440 #endif
441 };
442
443 static EVP_PKEY *load_example_key(const char *keytype,
444 const unsigned char *data, size_t data_len)
445 {
446 const unsigned char **pdata = &data;
447 EVP_PKEY *pkey = NULL;
448 OSSL_DECODER_CTX *dctx =
449 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
450 testctx, testpropq);
451
452 /* |pkey| will be NULL on error */
453 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
454 OSSL_DECODER_CTX_free(dctx);
455 return pkey;
456 }
457
458 static EVP_PKEY *load_example_rsa_key(void)
459 {
460 return load_example_key("RSA", kExampleRSAKeyDER,
461 sizeof(kExampleRSAKeyDER));
462 }
463
464 #ifndef OPENSSL_NO_DSA
465 static EVP_PKEY *load_example_dsa_key(void)
466 {
467 return load_example_key("DSA", kExampleDSAKeyDER,
468 sizeof(kExampleDSAKeyDER));
469 }
470 #endif
471
472 static EVP_PKEY *load_example_hmac_key(void)
473 {
474 EVP_PKEY *pkey = NULL;
475 unsigned char key[] = {
476 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
477 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
478 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
479 };
480
481 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, key, sizeof(key));
482 if (!TEST_ptr(pkey))
483 return NULL;
484
485 return pkey;
486 }
487
488 static int test_EVP_set_default_properties(void)
489 {
490 OSSL_LIB_CTX *ctx;
491 EVP_MD *md = NULL;
492 int res = 0;
493
494 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
495 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
496 goto err;
497 EVP_MD_free(md);
498 md = NULL;
499
500 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
501 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
502 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
503 goto err;
504 EVP_MD_free(md);
505 md = NULL;
506
507 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
508 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
509 goto err;
510 res = 1;
511 err:
512 EVP_MD_free(md);
513 OSSL_LIB_CTX_free(ctx);
514 return res;
515 }
516
517 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
518 static int test_fromdata(char *keytype, OSSL_PARAM *params)
519 {
520 EVP_PKEY_CTX *pctx = NULL;
521 EVP_PKEY *pkey = NULL;
522 int testresult = 0;
523
524 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
525 goto err;
526 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
527 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
528 params), 0))
529 goto err;
530
531 if (!TEST_ptr(pkey))
532 goto err;
533
534 testresult = 1;
535 err:
536 EVP_PKEY_free(pkey);
537 EVP_PKEY_CTX_free(pctx);
538
539 return testresult;
540 }
541 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
542
543 /*
544 * Test combinations of private, public, missing and private + public key
545 * params to ensure they are all accepted
546 */
547 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
548 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
549 {
550 OSSL_PARAM_BLD *bld = NULL;
551 OSSL_PARAM *params = NULL;
552 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
553 int ret = 0;
554
555 /*
556 * Setup the parameters for our pkey object. For our purposes they don't
557 * have to actually be *valid* parameters. We just need to set something.
558 */
559 if (!TEST_ptr(p = BN_new())
560 || !TEST_ptr(q = BN_new())
561 || !TEST_ptr(g = BN_new())
562 || !TEST_ptr(pub = BN_new())
563 || !TEST_ptr(priv = BN_new()))
564 goto err;
565
566 /* Test !priv and !pub */
567 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
568 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
569 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
570 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
571 goto err;
572 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
573 goto err;
574
575 if (!test_fromdata(keytype, params))
576 goto err;
577 OSSL_PARAM_BLD_free_params(params);
578 OSSL_PARAM_BLD_free(bld);
579
580 /* Test priv and !pub */
581 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
582 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
583 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
584 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
585 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
586 priv)))
587 goto err;
588 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
589 goto err;
590
591 if (!test_fromdata(keytype, params))
592 goto err;
593 OSSL_PARAM_BLD_free_params(params);
594 OSSL_PARAM_BLD_free(bld);
595
596 /* Test !priv and pub */
597 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
598 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
599 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
600 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
601 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
602 pub)))
603 goto err;
604 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
605 goto err;
606
607 if (!test_fromdata(keytype, params))
608 goto err;
609 OSSL_PARAM_BLD_free_params(params);
610 OSSL_PARAM_BLD_free(bld);
611
612 /* Test priv and pub */
613 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
614 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
615 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
616 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
617 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
618 pub))
619 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
620 priv)))
621 goto err;
622 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
623 goto err;
624
625 if (!test_fromdata(keytype, params))
626 goto err;
627
628 ret = 1;
629 err:
630 OSSL_PARAM_BLD_free_params(params);
631 OSSL_PARAM_BLD_free(bld);
632 BN_free(p);
633 BN_free(q);
634 BN_free(g);
635 BN_free(pub);
636 BN_free(priv);
637
638 return ret;
639 }
640 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
641
642 /*
643 * Test combinations of private, public, missing and private + public key
644 * params to ensure they are all accepted for EC keys
645 */
646 #ifndef OPENSSL_NO_EC
647 static unsigned char ec_priv[] = {
648 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
649 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
650 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
651 };
652 static unsigned char ec_pub[] = {
653 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
654 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
655 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
656 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
657 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
658 0x08, 0x09, 0xb8, 0xdb, 0x03
659 };
660
661 static int test_EC_priv_pub(void)
662 {
663 OSSL_PARAM_BLD *bld = NULL;
664 OSSL_PARAM *params = NULL;
665 BIGNUM *priv = NULL;
666 int ret = 0;
667
668 /*
669 * Setup the parameters for our pkey object. For our purposes they don't
670 * have to actually be *valid* parameters. We just need to set something.
671 */
672 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
673 goto err;
674
675 /* Test !priv and !pub */
676 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
677 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
678 OSSL_PKEY_PARAM_GROUP_NAME,
679 "P-256", 0)))
680 goto err;
681 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
682 goto err;
683
684 if (!test_fromdata("EC", params))
685 goto err;
686 OSSL_PARAM_BLD_free_params(params);
687 OSSL_PARAM_BLD_free(bld);
688
689 /* Test priv and !pub */
690 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
691 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
692 OSSL_PKEY_PARAM_GROUP_NAME,
693 "P-256", 0))
694 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
695 priv)))
696 goto err;
697 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
698 goto err;
699
700 if (!test_fromdata("EC", params))
701 goto err;
702 OSSL_PARAM_BLD_free_params(params);
703 OSSL_PARAM_BLD_free(bld);
704
705 /* Test !priv and pub */
706 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
707 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
708 OSSL_PKEY_PARAM_GROUP_NAME,
709 "P-256", 0))
710 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
711 OSSL_PKEY_PARAM_PUB_KEY,
712 ec_pub, sizeof(ec_pub))))
713 goto err;
714 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
715 goto err;
716
717 if (!test_fromdata("EC", params))
718 goto err;
719 OSSL_PARAM_BLD_free_params(params);
720 OSSL_PARAM_BLD_free(bld);
721
722 /* Test priv and pub */
723 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
724 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
725 OSSL_PKEY_PARAM_GROUP_NAME,
726 "P-256", 0))
727 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
728 OSSL_PKEY_PARAM_PUB_KEY,
729 ec_pub, sizeof(ec_pub)))
730 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
731 priv)))
732 goto err;
733 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
734 goto err;
735
736 if (!test_fromdata("EC", params))
737 goto err;
738
739 ret = 1;
740 err:
741 OSSL_PARAM_BLD_free_params(params);
742 OSSL_PARAM_BLD_free(bld);
743 BN_free(priv);
744
745 return ret;
746 }
747
748 /* Test that using a legacy EC key with only a private key in it works */
749 # ifndef OPENSSL_NO_DEPRECATED_3_0
750 static int test_EC_priv_only_legacy(void)
751 {
752 BIGNUM *priv = NULL;
753 int ret = 0;
754 EC_KEY *eckey = NULL;
755 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
756 EVP_MD_CTX *ctx = NULL;
757
758 /* Create the low level EC_KEY */
759 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
760 goto err;
761
762 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
763 if (!TEST_ptr(eckey))
764 goto err;
765
766 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
767 goto err;
768
769 pkey = EVP_PKEY_new();
770 if (!TEST_ptr(pkey))
771 goto err;
772
773 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
774 goto err;
775 eckey = NULL;
776
777 while (dup_pk == NULL) {
778 ret = 0;
779 ctx = EVP_MD_CTX_new();
780 if (!TEST_ptr(ctx))
781 goto err;
782
783 /*
784 * The EVP_DigestSignInit function should create the key on the
785 * provider side which is sufficient for this test.
786 */
787 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
788 testpropq, pkey, NULL)))
789 goto err;
790 EVP_MD_CTX_free(ctx);
791 ctx = NULL;
792
793 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
794 goto err;
795 /* EVP_PKEY_eq() returns -2 with missing public keys */
796 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
797 EVP_PKEY_free(pkey);
798 pkey = dup_pk;
799 if (!ret)
800 goto err;
801 }
802
803 err:
804 EVP_MD_CTX_free(ctx);
805 EVP_PKEY_free(pkey);
806 EC_KEY_free(eckey);
807 BN_free(priv);
808
809 return ret;
810 }
811 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
812 #endif /* OPENSSL_NO_EC */
813
814 static int test_EVP_Enveloped(void)
815 {
816 int ret = 0;
817 EVP_CIPHER_CTX *ctx = NULL;
818 EVP_PKEY *keypair = NULL;
819 unsigned char *kek = NULL;
820 unsigned char iv[EVP_MAX_IV_LENGTH];
821 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
822 int len, kek_len, ciphertext_len, plaintext_len;
823 unsigned char ciphertext[32], plaintext[16];
824 const EVP_CIPHER *type = NULL;
825
826 if (nullprov != NULL)
827 return TEST_skip("Test does not support a non-default library context");
828
829 type = EVP_aes_256_cbc();
830
831 if (!TEST_ptr(keypair = load_example_rsa_key())
832 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
833 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
834 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
835 &keypair, 1))
836 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
837 msg, sizeof(msg)))
838 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
839 &len)))
840 goto err;
841
842 ciphertext_len += len;
843
844 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
845 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
846 ciphertext, ciphertext_len))
847 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
848 goto err;
849
850 plaintext_len += len;
851 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
852 goto err;
853
854 ret = 1;
855 err:
856 OPENSSL_free(kek);
857 EVP_PKEY_free(keypair);
858 EVP_CIPHER_CTX_free(ctx);
859 return ret;
860 }
861
862 /*
863 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
864 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
865 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
866 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
867 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
868 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
869 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
870 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
871 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
872 */
873 static int test_EVP_DigestSignInit(int tst)
874 {
875 int ret = 0;
876 EVP_PKEY *pkey = NULL;
877 unsigned char *sig = NULL;
878 size_t sig_len = 0;
879 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
880 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
881 BIO *mdbio = NULL, *membio = NULL;
882 size_t written;
883 const EVP_MD *md;
884 EVP_MD *mdexp = NULL;
885
886 if (nullprov != NULL)
887 return TEST_skip("Test does not support a non-default library context");
888
889 if (tst >= 6) {
890 membio = BIO_new(BIO_s_mem());
891 mdbio = BIO_new(BIO_f_md());
892 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
893 goto out;
894 BIO_push(mdbio, membio);
895 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
896 goto out;
897 } else {
898 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
899 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
900 goto out;
901 }
902
903 if (tst == 0 || tst == 3 || tst == 6) {
904 if (!TEST_ptr(pkey = load_example_rsa_key()))
905 goto out;
906 } else if (tst == 1 || tst == 4 || tst == 7) {
907 #ifndef OPENSSL_NO_DSA
908 if (!TEST_ptr(pkey = load_example_dsa_key()))
909 goto out;
910 #else
911 ret = 1;
912 goto out;
913 #endif
914 } else {
915 if (!TEST_ptr(pkey = load_example_hmac_key()))
916 goto out;
917 }
918
919 if (tst >= 3 && tst <= 5)
920 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
921 else
922 md = EVP_sha256();
923
924 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
925 goto out;
926
927 if (tst >= 6) {
928 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
929 goto out;
930 } else {
931 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
932 goto out;
933 }
934
935 /* Determine the size of the signature. */
936 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
937 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
938 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
939 goto out;
940
941 if (tst >= 6) {
942 if (!TEST_int_gt(BIO_reset(mdbio), 0)
943 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
944 goto out;
945 }
946
947 /*
948 * Ensure that the signature round-trips (Verification isn't supported for
949 * HMAC via EVP_DigestVerify*)
950 */
951 if (tst != 2 && tst != 5 && tst != 8) {
952 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
953 NULL, pkey)))
954 goto out;
955
956 if (tst >= 6) {
957 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
958 goto out;
959 } else {
960 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
961 sizeof(kMsg))))
962 goto out;
963 }
964 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
965 goto out;
966 }
967
968 ret = 1;
969
970 out:
971 BIO_free(membio);
972 BIO_free(mdbio);
973 EVP_MD_CTX_free(a_md_ctx);
974 EVP_MD_CTX_free(a_md_ctx_verify);
975 EVP_PKEY_free(pkey);
976 OPENSSL_free(sig);
977 EVP_MD_free(mdexp);
978
979 return ret;
980 }
981
982 static int test_EVP_DigestVerifyInit(void)
983 {
984 int ret = 0;
985 EVP_PKEY *pkey = NULL;
986 EVP_MD_CTX *md_ctx = NULL;
987
988 if (nullprov != NULL)
989 return TEST_skip("Test does not support a non-default library context");
990
991 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
992 || !TEST_ptr(pkey = load_example_rsa_key()))
993 goto out;
994
995 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
996 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
997 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
998 sizeof(kSignature))))
999 goto out;
1000 ret = 1;
1001
1002 out:
1003 EVP_MD_CTX_free(md_ctx);
1004 EVP_PKEY_free(pkey);
1005 return ret;
1006 }
1007
1008 /*
1009 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1010 */
1011 static int test_EVP_Digest(void)
1012 {
1013 int ret = 0;
1014 EVP_MD_CTX *md_ctx = NULL;
1015 unsigned char md[EVP_MAX_MD_SIZE];
1016 EVP_MD *sha256 = NULL;
1017 EVP_MD *shake256 = NULL;
1018
1019 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1020 goto out;
1021
1022 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1023 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1024 goto out;
1025
1026 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1027 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1028 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1029 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1030 || !TEST_ptr_eq(EVP_MD_CTX_md(md_ctx), NULL))
1031 goto out;
1032
1033 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1034 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1035 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1036 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1037 || !TEST_ptr(EVP_MD_CTX_md(md_ctx))
1038 /*
1039 * EVP_DigestInit_ex with NULL type should work on
1040 * pre-initialized context.
1041 */
1042 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1043 goto out;
1044
1045 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1046 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1047 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1048 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1049 || !TEST_ptr(EVP_MD_CTX_md(md_ctx))
1050 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1051 goto out;
1052 ret = 1;
1053
1054 out:
1055 EVP_MD_CTX_free(md_ctx);
1056 EVP_MD_free(sha256);
1057 EVP_MD_free(shake256);
1058 return ret;
1059 }
1060
1061 static int test_d2i_AutoPrivateKey(int i)
1062 {
1063 int ret = 0;
1064 const unsigned char *p;
1065 EVP_PKEY *pkey = NULL;
1066 const APK_DATA *ak = &keydata[i];
1067 const unsigned char *input = ak->kder;
1068 size_t input_len = ak->size;
1069 int expected_id = ak->evptype;
1070
1071 p = input;
1072 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1073 || !TEST_ptr_eq(p, input + input_len)
1074 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1075 goto done;
1076
1077 ret = 1;
1078
1079 done:
1080 EVP_PKEY_free(pkey);
1081 return ret;
1082 }
1083
1084 #ifndef OPENSSL_NO_EC
1085
1086 static const unsigned char ec_public_sect163k1_validxy[] = {
1087 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1088 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1089 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1090 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1091 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1092 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1093 };
1094
1095 static const unsigned char ec_public_sect163k1_badx[] = {
1096 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1097 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1098 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1099 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1100 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1101 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1102 };
1103
1104 static const unsigned char ec_public_sect163k1_bady[] = {
1105 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1106 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1107 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1108 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1109 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1110 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1111 };
1112
1113 static struct ec_der_pub_keys_st {
1114 const unsigned char *der;
1115 size_t len;
1116 int valid;
1117 } ec_der_pub_keys[] = {
1118 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1119 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1120 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1121 };
1122
1123 /*
1124 * Tests the range of the decoded EC char2 public point.
1125 * See ec_GF2m_simple_oct2point().
1126 */
1127 static int test_invalide_ec_char2_pub_range_decode(int id)
1128 {
1129 int ret = 0;
1130 EVP_PKEY *pkey;
1131
1132 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1133 ec_der_pub_keys[id].len);
1134
1135 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1136 || TEST_ptr_null(pkey);
1137 EVP_PKEY_free(pkey);
1138 return ret;
1139 }
1140
1141 /* Tests loading a bad key in PKCS8 format */
1142 static int test_EVP_PKCS82PKEY(void)
1143 {
1144 int ret = 0;
1145 const unsigned char *derp = kExampleBadECKeyDER;
1146 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1147 EVP_PKEY *pkey = NULL;
1148
1149 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1150 sizeof(kExampleBadECKeyDER))))
1151 goto done;
1152
1153 if (!TEST_ptr_eq(derp,
1154 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1155 goto done;
1156
1157 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1158 goto done;
1159
1160 ret = 1;
1161
1162 done:
1163 PKCS8_PRIV_KEY_INFO_free(p8inf);
1164 EVP_PKEY_free(pkey);
1165
1166 return ret;
1167 }
1168 #endif
1169
1170 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1171 static int test_privatekey_to_pkcs8(void)
1172 {
1173 EVP_PKEY *pkey = NULL;
1174 BIO *membio = NULL;
1175 char *membuf = NULL;
1176 long membuf_len = 0;
1177 int ok = 0;
1178
1179 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1180 || !TEST_ptr(pkey = load_example_rsa_key())
1181 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1182 NULL, 0, NULL, NULL),
1183 0)
1184 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1185 || !TEST_ptr(membuf)
1186 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1187 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1188 /*
1189 * We try to write PEM as well, just to see that it doesn't err, but
1190 * assume that the result is correct.
1191 */
1192 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1193 NULL, 0, NULL, NULL),
1194 0))
1195 goto done;
1196
1197 ok = 1;
1198 done:
1199 EVP_PKEY_free(pkey);
1200 BIO_free_all(membio);
1201 return ok;
1202 }
1203
1204 #ifndef OPENSSL_NO_EC
1205 static const struct {
1206 int encoding;
1207 const char *encoding_name;
1208 } ec_encodings[] = {
1209 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1210 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1211 };
1212
1213 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1214 {
1215 const OSSL_PARAM *p;
1216 const char *enc_name = NULL;
1217 int *enc = arg;
1218 size_t i;
1219
1220 *enc = -1;
1221
1222 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1223 OSSL_PKEY_PARAM_EC_ENCODING))
1224 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1225 return 0;
1226
1227 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1228 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1229 *enc = ec_encodings[i].encoding;
1230 break;
1231 }
1232 }
1233
1234 return (*enc != -1);
1235 }
1236
1237 static int test_EC_keygen_with_enc(int idx)
1238 {
1239 EVP_PKEY *params = NULL, *key = NULL;
1240 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1241 int enc;
1242 int ret = 0;
1243
1244 enc = ec_encodings[idx].encoding;
1245
1246 /* Create key parameters */
1247 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1248 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
1249 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
1250 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1251 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
1252 || !TEST_ptr(params))
1253 goto done;
1254
1255 /* Create key */
1256 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1257 || !TEST_true(EVP_PKEY_keygen_init(kctx))
1258 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1259 || !TEST_ptr(key))
1260 goto done;
1261
1262 /* Check that the encoding got all the way into the key */
1263 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1264 ec_export_get_encoding_cb, &enc))
1265 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1266 goto done;
1267
1268 ret = 1;
1269 done:
1270 EVP_PKEY_free(key);
1271 EVP_PKEY_free(params);
1272 EVP_PKEY_CTX_free(kctx);
1273 EVP_PKEY_CTX_free(pctx);
1274 return ret;
1275 }
1276 #endif
1277
1278 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1279
1280 static int test_EVP_SM2_verify(void)
1281 {
1282 const char *pubkey =
1283 "-----BEGIN PUBLIC KEY-----\n"
1284 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1285 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1286 "-----END PUBLIC KEY-----\n";
1287
1288 const char *msg = "message digest";
1289 const char *id = "ALICE123@YAHOO.COM";
1290
1291 const uint8_t signature[] = {
1292 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1293 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1294 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1295 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1296 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1297 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1298 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1299 };
1300
1301 int rc = 0;
1302 BIO *bio = NULL;
1303 EVP_PKEY *pkey = NULL;
1304 EVP_MD_CTX *mctx = NULL;
1305 EVP_PKEY_CTX *pctx = NULL;
1306 EVP_MD *sm3 = NULL;
1307
1308 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1309 if (!TEST_true(bio != NULL))
1310 goto done;
1311
1312 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
1313 if (!TEST_true(pkey != NULL))
1314 goto done;
1315
1316 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1317 goto done;
1318
1319 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1320 goto done;
1321
1322 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1323 goto done;
1324
1325 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1326
1327 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1328 goto done;
1329
1330 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
1331 goto done;
1332
1333 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1334 goto done;
1335
1336 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1337 goto done;
1338
1339 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
1340 goto done;
1341 rc = 1;
1342
1343 done:
1344 BIO_free(bio);
1345 EVP_PKEY_free(pkey);
1346 EVP_PKEY_CTX_free(pctx);
1347 EVP_MD_CTX_free(mctx);
1348 EVP_MD_free(sm3);
1349 return rc;
1350 }
1351
1352 static int test_EVP_SM2(void)
1353 {
1354 int ret = 0;
1355 EVP_PKEY *pkey = NULL;
1356 EVP_PKEY *pkeyparams = NULL;
1357 EVP_PKEY_CTX *pctx = NULL;
1358 EVP_PKEY_CTX *kctx = NULL;
1359 EVP_PKEY_CTX *sctx = NULL;
1360 size_t sig_len = 0;
1361 unsigned char *sig = NULL;
1362 EVP_MD_CTX *md_ctx = NULL;
1363 EVP_MD_CTX *md_ctx_verify = NULL;
1364 EVP_PKEY_CTX *cctx = NULL;
1365 EVP_MD *sm3 = NULL;
1366
1367 uint8_t ciphertext[128];
1368 size_t ctext_len = sizeof(ciphertext);
1369
1370 uint8_t plaintext[8];
1371 size_t ptext_len = sizeof(plaintext);
1372
1373 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1374
1375 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1376 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1377 int i;
1378 char mdname[20];
1379
1380 pctx = EVP_PKEY_CTX_new_from_name(testctx, "SM2", testpropq);
1381 if (!TEST_ptr(pctx))
1382 goto done;
1383
1384 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1385 goto done;
1386
1387 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1388 goto done;
1389
1390 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1391 goto done;
1392
1393 kctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkeyparams, testpropq);
1394 if (!TEST_ptr(kctx))
1395 goto done;
1396
1397 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1398 goto done;
1399
1400 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1401 goto done;
1402
1403 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1404 goto done;
1405
1406 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1407 goto done;
1408
1409 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1410 goto done;
1411
1412 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1413 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1414
1415 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1416 goto done;
1417
1418 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, sm3, NULL, pkey)))
1419 goto done;
1420
1421 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1422 goto done;
1423
1424 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1425 goto done;
1426
1427 /* Determine the size of the signature. */
1428 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1429 goto done;
1430
1431 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1432 goto done;
1433
1434 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1435 goto done;
1436
1437 /* Ensure that the signature round-trips. */
1438
1439 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, sm3, NULL, pkey)))
1440 goto done;
1441
1442 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1443 goto done;
1444
1445 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1446 goto done;
1447
1448 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1449 goto done;
1450
1451 /* now check encryption/decryption */
1452
1453 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1454 mdname, sizeof(mdname));
1455 for (i = 0; i < 2; i++) {
1456 EVP_PKEY_CTX_free(cctx);
1457
1458 sparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1459 i == 0 ? "SM3" : "SHA2-256",
1460 0);
1461
1462 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1463 goto done;
1464
1465 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1466 goto done;
1467
1468 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1469 goto done;
1470
1471 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1472 sizeof(kMsg))))
1473 goto done;
1474
1475 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1476 goto done;
1477
1478 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1479 goto done;
1480
1481 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1482 ctext_len)))
1483 goto done;
1484
1485 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1486 goto done;
1487
1488 /* Test we're still using the digest we think we are */
1489 if (i == 0 && !TEST_int_eq(strcmp(mdname, "SM3"), 0))
1490 goto done;
1491 if (i == 1 && !TEST_int_eq(strcmp(mdname, "SHA2-256"), 0))
1492 goto done;
1493
1494 if (!TEST_true(ptext_len == sizeof(kMsg)))
1495 goto done;
1496
1497 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1498 goto done;
1499 }
1500
1501 ret = 1;
1502 done:
1503 EVP_PKEY_CTX_free(pctx);
1504 EVP_PKEY_CTX_free(kctx);
1505 EVP_PKEY_CTX_free(sctx);
1506 EVP_PKEY_CTX_free(cctx);
1507 EVP_PKEY_free(pkey);
1508 EVP_PKEY_free(pkeyparams);
1509 EVP_MD_CTX_free(md_ctx);
1510 EVP_MD_CTX_free(md_ctx_verify);
1511 EVP_MD_free(sm3);
1512 OPENSSL_free(sig);
1513 return ret;
1514 }
1515
1516 #endif
1517
1518 static struct keys_st {
1519 int type;
1520 char *priv;
1521 char *pub;
1522 } keys[] = {
1523 {
1524 EVP_PKEY_HMAC, "0123456789", NULL
1525 }, {
1526 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1527 }, {
1528 EVP_PKEY_SIPHASH, "0123456789012345", NULL
1529 },
1530 #ifndef OPENSSL_NO_EC
1531 {
1532 EVP_PKEY_X25519, "01234567890123456789012345678901",
1533 "abcdefghijklmnopqrstuvwxyzabcdef"
1534 }, {
1535 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1536 "abcdefghijklmnopqrstuvwxyzabcdef"
1537 }, {
1538 EVP_PKEY_X448,
1539 "01234567890123456789012345678901234567890123456789012345",
1540 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1541 }, {
1542 EVP_PKEY_ED448,
1543 "012345678901234567890123456789012345678901234567890123456",
1544 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1545 }
1546 #endif
1547 };
1548
1549 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
1550 {
1551 int ret = 0;
1552 unsigned char buf[80];
1553 unsigned char *in;
1554 size_t inlen, len = 0;
1555 EVP_PKEY *pkey;
1556
1557 if (nullprov != NULL)
1558 return TEST_skip("Test does not support a non-default library context");
1559
1560 /* Check if this algorithm supports public keys */
1561 if (keys[tst].pub == NULL)
1562 return 1;
1563
1564 memset(buf, 0, sizeof(buf));
1565
1566 if (pub) {
1567 inlen = strlen(keys[tst].pub);
1568 in = (unsigned char *)keys[tst].pub;
1569 if (uselibctx) {
1570 pkey = EVP_PKEY_new_raw_public_key_ex(
1571 testctx,
1572 OBJ_nid2sn(keys[tst].type),
1573 NULL,
1574 in,
1575 inlen);
1576 } else {
1577 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1578 NULL,
1579 in,
1580 inlen);
1581 }
1582 } else {
1583 inlen = strlen(keys[tst].priv);
1584 in = (unsigned char *)keys[tst].priv;
1585 if (uselibctx) {
1586 pkey = EVP_PKEY_new_raw_private_key_ex(
1587 testctx, OBJ_nid2sn(keys[tst].type),
1588 NULL,
1589 in,
1590 inlen);
1591 } else {
1592 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1593 NULL,
1594 in,
1595 inlen);
1596 }
1597 }
1598
1599 if (!TEST_ptr(pkey)
1600 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1601 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1602 || !TEST_true(len == inlen)
1603 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1604 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1605 || !TEST_mem_eq(in, inlen, buf, len))
1606 goto done;
1607
1608 ret = 1;
1609 done:
1610 EVP_PKEY_free(pkey);
1611 return ret;
1612 }
1613
1614 static int test_set_get_raw_keys(int tst)
1615 {
1616 return test_set_get_raw_keys_int(tst, 0, 0)
1617 && test_set_get_raw_keys_int(tst, 0, 1)
1618 && test_set_get_raw_keys_int(tst, 1, 0)
1619 && test_set_get_raw_keys_int(tst, 1, 1);
1620 }
1621
1622 #ifndef OPENSSL_NO_DEPRECATED_3_0
1623 static int pkey_custom_check(EVP_PKEY *pkey)
1624 {
1625 return 0xbeef;
1626 }
1627
1628 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1629 {
1630 return 0xbeef;
1631 }
1632
1633 static int pkey_custom_param_check(EVP_PKEY *pkey)
1634 {
1635 return 0xbeef;
1636 }
1637
1638 static EVP_PKEY_METHOD *custom_pmeth;
1639 #endif
1640
1641 static int test_EVP_PKEY_check(int i)
1642 {
1643 int ret = 0;
1644 EVP_PKEY *pkey = NULL;
1645 EVP_PKEY_CTX *ctx = NULL;
1646 #ifndef OPENSSL_NO_DEPRECATED_3_0
1647 EVP_PKEY_CTX *ctx2 = NULL;
1648 #endif
1649 const APK_DATA *ak = &keycheckdata[i];
1650 const unsigned char *input = ak->kder;
1651 size_t input_len = ak->size;
1652 int expected_id = ak->evptype;
1653 int expected_check = ak->check;
1654 int expected_pub_check = ak->pub_check;
1655 int expected_param_check = ak->param_check;
1656 int type = ak->type;
1657
1658 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
1659 goto done;
1660 if (type == 0
1661 && !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1662 goto done;
1663
1664 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1665 goto done;
1666
1667 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1668 goto done;
1669
1670 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1671 goto done;
1672
1673 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1674 goto done;
1675
1676 #ifndef OPENSSL_NO_DEPRECATED_3_0
1677 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1678 /* assign the pkey directly, as an internal test */
1679 EVP_PKEY_up_ref(pkey);
1680 ctx2->pkey = pkey;
1681
1682 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1683 goto done;
1684
1685 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1686 goto done;
1687
1688 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1689 goto done;
1690 #endif
1691
1692 ret = 1;
1693
1694 done:
1695 EVP_PKEY_CTX_free(ctx);
1696 #ifndef OPENSSL_NO_DEPRECATED_3_0
1697 EVP_PKEY_CTX_free(ctx2);
1698 #endif
1699 EVP_PKEY_free(pkey);
1700 return ret;
1701 }
1702
1703 #ifndef OPENSSL_NO_CMAC
1704 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
1705 {
1706 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
1707 const char msg[] = "Hello World";
1708 size_t maclen;
1709 int ret = 1;
1710
1711 if (!TEST_ptr(mdctx)
1712 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
1713 testpropq, pkey, NULL))
1714 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
1715 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
1716 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
1717 ret = 0;
1718
1719 EVP_MD_CTX_free(mdctx);
1720
1721 return ret;
1722 }
1723 static int test_CMAC_keygen(void)
1724 {
1725 static unsigned char key[] = {
1726 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1727 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1728 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1729 };
1730 EVP_PKEY_CTX *kctx = NULL;
1731 int ret = 0;
1732 EVP_PKEY *pkey = NULL;
1733 unsigned char mac[AES_BLOCK_SIZE];
1734 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1735 unsigned char mac2[AES_BLOCK_SIZE];
1736 # endif
1737
1738 if (nullprov != NULL)
1739 return TEST_skip("Test does not support a non-default library context");
1740
1741 /*
1742 * This is a legacy method for CMACs, but should still work.
1743 * This verifies that it works without an ENGINE.
1744 */
1745 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
1746
1747 /* Test a CMAC key created using the "generated" method */
1748 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1749 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1750 EVP_PKEY_CTRL_CIPHER,
1751 0, (void *)EVP_aes_256_ecb()), 0)
1752 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1753 EVP_PKEY_CTRL_SET_MAC_KEY,
1754 sizeof(key), (void *)key), 0)
1755 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
1756 || !TEST_ptr(pkey)
1757 || !TEST_true(get_cmac_val(pkey, mac)))
1758 goto done;
1759
1760 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1761 EVP_PKEY_free(pkey);
1762
1763 /*
1764 * Test a CMAC key using the direct method, and compare with the mac
1765 * created above.
1766 */
1767 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
1768 if (!TEST_ptr(pkey)
1769 || !TEST_true(get_cmac_val(pkey, mac2))
1770 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
1771 goto done;
1772 # endif
1773
1774 ret = 1;
1775
1776 done:
1777 EVP_PKEY_free(pkey);
1778 EVP_PKEY_CTX_free(kctx);
1779 return ret;
1780 }
1781 #endif
1782
1783 static int test_HKDF(void)
1784 {
1785 EVP_PKEY_CTX *pctx;
1786 unsigned char out[20];
1787 size_t outlen;
1788 int i, ret = 0;
1789 unsigned char salt[] = "0123456789";
1790 unsigned char key[] = "012345678901234567890123456789";
1791 unsigned char info[] = "infostring";
1792 const unsigned char expected[] = {
1793 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1794 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1795 };
1796 size_t expectedlen = sizeof(expected);
1797
1798 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
1799 goto done;
1800
1801 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1802 for (i = 0; i < 2; i++) {
1803 outlen = sizeof(out);
1804 memset(out, 0, outlen);
1805
1806 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1807 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1808 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1809 sizeof(salt) - 1), 0)
1810 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1811 sizeof(key) - 1), 0)
1812 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1813 sizeof(info) - 1), 0)
1814 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1815 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1816 goto done;
1817 }
1818
1819 ret = 1;
1820
1821 done:
1822 EVP_PKEY_CTX_free(pctx);
1823
1824 return ret;
1825 }
1826
1827 static int test_emptyikm_HKDF(void)
1828 {
1829 EVP_PKEY_CTX *pctx;
1830 unsigned char out[20];
1831 size_t outlen;
1832 int ret = 0;
1833 unsigned char salt[] = "9876543210";
1834 unsigned char key[] = "";
1835 unsigned char info[] = "stringinfo";
1836 const unsigned char expected[] = {
1837 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
1838 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
1839 };
1840 size_t expectedlen = sizeof(expected);
1841
1842 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
1843 goto done;
1844
1845 outlen = sizeof(out);
1846 memset(out, 0, outlen);
1847
1848 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1849 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1850 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1851 sizeof(salt) - 1), 0)
1852 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1853 sizeof(key) - 1), 0)
1854 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1855 sizeof(info) - 1), 0)
1856 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1857 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1858 goto done;
1859
1860 ret = 1;
1861
1862 done:
1863 EVP_PKEY_CTX_free(pctx);
1864
1865 return ret;
1866 }
1867
1868 #ifndef OPENSSL_NO_EC
1869 static int test_X509_PUBKEY_inplace(void)
1870 {
1871 int ret = 0;
1872 X509_PUBKEY *xp = NULL;
1873 const unsigned char *p = kExampleECPubKeyDER;
1874 size_t input_len = sizeof(kExampleECPubKeyDER);
1875
1876 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1877 goto done;
1878
1879 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1880 goto done;
1881
1882 p = kExampleBadECPubKeyDER;
1883 input_len = sizeof(kExampleBadECPubKeyDER);
1884
1885 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1886 goto done;
1887
1888 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1889 goto done;
1890
1891 ret = 1;
1892
1893 done:
1894 X509_PUBKEY_free(xp);
1895 return ret;
1896 }
1897
1898 static int test_X509_PUBKEY_dup(void)
1899 {
1900 int ret = 0;
1901 X509_PUBKEY *xp = NULL, *xq = NULL;
1902 const unsigned char *p = kExampleECPubKeyDER;
1903 size_t input_len = sizeof(kExampleECPubKeyDER);
1904
1905 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len))
1906 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
1907 || !TEST_ptr_ne(xp, xq))
1908 goto done;
1909
1910 if (!TEST_ptr(X509_PUBKEY_get0(xq))
1911 || !TEST_ptr(X509_PUBKEY_get0(xp))
1912 || !TEST_ptr_eq(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
1913 goto done;
1914
1915 X509_PUBKEY_free(xq);
1916 xq = NULL;
1917 p = kExampleBadECPubKeyDER;
1918 input_len = sizeof(kExampleBadECPubKeyDER);
1919
1920 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
1921 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
1922 goto done;
1923
1924 X509_PUBKEY_free(xp);
1925 xp = NULL;
1926 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
1927 goto done;
1928
1929 ret = 1;
1930
1931 done:
1932 X509_PUBKEY_free(xp);
1933 X509_PUBKEY_free(xq);
1934 return ret;
1935 }
1936 #endif /* OPENSSL_NO_EC */
1937
1938 /* Test getting and setting parameters on an EVP_PKEY_CTX */
1939 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
1940 {
1941 EVP_MD_CTX *mdctx = NULL;
1942 EVP_PKEY_CTX *ctx = NULL;
1943 const OSSL_PARAM *params;
1944 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
1945 int ret = 0;
1946 const EVP_MD *md;
1947 char mdname[OSSL_MAX_NAME_SIZE];
1948 char ssl3ms[48];
1949
1950 /* Initialise a sign operation */
1951 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
1952 if (!TEST_ptr(ctx)
1953 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
1954 goto err;
1955
1956 /*
1957 * We should be able to query the parameters now.
1958 */
1959 params = EVP_PKEY_CTX_settable_params(ctx);
1960 if (!TEST_ptr(params)
1961 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1962 OSSL_SIGNATURE_PARAM_DIGEST)))
1963 goto err;
1964
1965 params = EVP_PKEY_CTX_gettable_params(ctx);
1966 if (!TEST_ptr(params)
1967 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1968 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
1969 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1970 OSSL_SIGNATURE_PARAM_DIGEST)))
1971 goto err;
1972
1973 /*
1974 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1975 * EVP_PKEY_CTX_get_params()
1976 */
1977 strcpy(mdname, "SHA512");
1978 param_md = param;
1979 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1980 mdname, 0);
1981 *param++ = OSSL_PARAM_construct_end();
1982
1983 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
1984 goto err;
1985
1986 mdname[0] = '\0';
1987 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1988 mdname, sizeof(mdname));
1989 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
1990 || !TEST_str_eq(mdname, "SHA512"))
1991 goto err;
1992
1993 /*
1994 * Test the TEST_PKEY_CTX_set_signature_md() and
1995 * TEST_PKEY_CTX_get_signature_md() functions
1996 */
1997 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
1998 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
1999 || !TEST_ptr_eq(md, EVP_sha256()))
2000 goto err;
2001
2002 /*
2003 * Test getting MD parameters via an associated EVP_PKEY_CTX
2004 */
2005 mdctx = EVP_MD_CTX_new();
2006 if (!TEST_ptr(mdctx)
2007 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2008 pkey, NULL)))
2009 goto err;
2010
2011 /*
2012 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2013 * able to obtain the digest's settable parameters from the provider.
2014 */
2015 params = EVP_MD_CTX_settable_params(mdctx);
2016 if (!TEST_ptr(params)
2017 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2018 /* The final key should be NULL */
2019 || !TEST_ptr_null(params[1].key))
2020 goto err;
2021
2022 param = ourparams;
2023 memset(ssl3ms, 0, sizeof(ssl3ms));
2024 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2025 ssl3ms, sizeof(ssl3ms));
2026 *param++ = OSSL_PARAM_construct_end();
2027
2028 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2029 goto err;
2030
2031 ret = 1;
2032
2033 err:
2034 EVP_MD_CTX_free(mdctx);
2035 EVP_PKEY_CTX_free(ctx);
2036
2037 return ret;
2038 }
2039
2040 #ifndef OPENSSL_NO_DSA
2041 static int test_DSA_get_set_params(void)
2042 {
2043 OSSL_PARAM_BLD *bld = NULL;
2044 OSSL_PARAM *params = NULL;
2045 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2046 EVP_PKEY_CTX *pctx = NULL;
2047 EVP_PKEY *pkey = NULL;
2048 int ret = 0;
2049
2050 /*
2051 * Setup the parameters for our DSA object. For our purposes they don't
2052 * have to actually be *valid* parameters. We just need to set something.
2053 */
2054 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2055 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2056 || !TEST_ptr(p = BN_new())
2057 || !TEST_ptr(q = BN_new())
2058 || !TEST_ptr(g = BN_new())
2059 || !TEST_ptr(pub = BN_new())
2060 || !TEST_ptr(priv = BN_new()))
2061 goto err;
2062 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2063 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2064 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2065 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2066 pub))
2067 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2068 priv)))
2069 goto err;
2070 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2071 goto err;
2072
2073 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2074 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2075 params), 0))
2076 goto err;
2077
2078 if (!TEST_ptr(pkey))
2079 goto err;
2080
2081 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2082
2083 err:
2084 EVP_PKEY_free(pkey);
2085 EVP_PKEY_CTX_free(pctx);
2086 OSSL_PARAM_BLD_free_params(params);
2087 OSSL_PARAM_BLD_free(bld);
2088 BN_free(p);
2089 BN_free(q);
2090 BN_free(g);
2091 BN_free(pub);
2092 BN_free(priv);
2093
2094 return ret;
2095 }
2096
2097 /*
2098 * Test combinations of private, public, missing and private + public key
2099 * params to ensure they are all accepted
2100 */
2101 static int test_DSA_priv_pub(void)
2102 {
2103 return test_EVP_PKEY_ffc_priv_pub("DSA");
2104 }
2105
2106 #endif /* !OPENSSL_NO_DSA */
2107
2108 static int test_RSA_get_set_params(void)
2109 {
2110 OSSL_PARAM_BLD *bld = NULL;
2111 OSSL_PARAM *params = NULL;
2112 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2113 EVP_PKEY_CTX *pctx = NULL;
2114 EVP_PKEY *pkey = NULL;
2115 int ret = 0;
2116
2117 /*
2118 * Setup the parameters for our RSA object. For our purposes they don't
2119 * have to actually be *valid* parameters. We just need to set something.
2120 */
2121 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2122 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2123 || !TEST_ptr(n = BN_new())
2124 || !TEST_ptr(e = BN_new())
2125 || !TEST_ptr(d = BN_new()))
2126 goto err;
2127 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2128 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2129 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2130 goto err;
2131 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2132 goto err;
2133
2134 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2135 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2136 params), 0))
2137 goto err;
2138
2139 if (!TEST_ptr(pkey))
2140 goto err;
2141
2142 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2143
2144 err:
2145 EVP_PKEY_free(pkey);
2146 EVP_PKEY_CTX_free(pctx);
2147 OSSL_PARAM_BLD_free_params(params);
2148 OSSL_PARAM_BLD_free(bld);
2149 BN_free(n);
2150 BN_free(e);
2151 BN_free(d);
2152
2153 return ret;
2154 }
2155
2156 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2157 static int test_decrypt_null_chunks(void)
2158 {
2159 EVP_CIPHER_CTX* ctx = NULL;
2160 EVP_CIPHER *cipher = NULL;
2161 const unsigned char key[32] = {
2162 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2163 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2164 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2165 };
2166 unsigned char iv[12] = {
2167 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2168 };
2169 unsigned char msg[] = "It was the best of times, it was the worst of times";
2170 unsigned char ciphertext[80];
2171 unsigned char plaintext[80];
2172 /* We initialise tmp to a non zero value on purpose */
2173 int ctlen, ptlen, tmp = 99;
2174 int ret = 0;
2175 const int enc_offset = 10, dec_offset = 20;
2176
2177 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2178 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2179 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
2180 key, iv))
2181 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2182 enc_offset))
2183 /* Deliberate add a zero length update */
2184 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2185 0))
2186 || !TEST_int_eq(tmp, 0)
2187 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2188 msg + enc_offset,
2189 sizeof(msg) - enc_offset))
2190 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2191 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2192 || !TEST_int_eq(tmp, 0))
2193 goto err;
2194
2195 /* Deliberately initialise tmp to a non zero value */
2196 tmp = 99;
2197 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
2198 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2199 dec_offset))
2200 /*
2201 * Deliberately add a zero length update. We also deliberately do
2202 * this at a different offset than for encryption.
2203 */
2204 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2205 0))
2206 || !TEST_int_eq(tmp, 0)
2207 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2208 ciphertext + dec_offset,
2209 ctlen - dec_offset))
2210 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2211 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2212 || !TEST_int_eq(tmp, 0)
2213 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2214 goto err;
2215
2216 ret = 1;
2217 err:
2218 EVP_CIPHER_CTX_free(ctx);
2219 EVP_CIPHER_free(cipher);
2220 return ret;
2221 }
2222 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2223
2224 #ifndef OPENSSL_NO_DH
2225 /*
2226 * Test combinations of private, public, missing and private + public key
2227 * params to ensure they are all accepted
2228 */
2229 static int test_DH_priv_pub(void)
2230 {
2231 return test_EVP_PKEY_ffc_priv_pub("DH");
2232 }
2233
2234 # ifndef OPENSSL_NO_DEPRECATED_3_0
2235 static int test_EVP_PKEY_set1_DH(void)
2236 {
2237 DH *x942dh = NULL, *noqdh = NULL;
2238 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
2239 int ret = 0;
2240 BIGNUM *p, *g = NULL;
2241
2242 if (!TEST_ptr(p = BN_new())
2243 || !TEST_ptr(g = BN_new())
2244 || !BN_set_word(p, 9999)
2245 || !BN_set_word(g, 2)
2246 || !TEST_ptr(noqdh = DH_new())
2247 || !DH_set0_pqg(noqdh, p, NULL, g))
2248 goto err;
2249 p = g = NULL;
2250
2251 x942dh = DH_get_2048_256();
2252 pkey1 = EVP_PKEY_new();
2253 pkey2 = EVP_PKEY_new();
2254 if (!TEST_ptr(x942dh)
2255 || !TEST_ptr(noqdh)
2256 || !TEST_ptr(pkey1)
2257 || !TEST_ptr(pkey2))
2258 goto err;
2259
2260 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2261 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
2262 goto err;
2263
2264 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
2265 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
2266 goto err;
2267
2268 ret = 1;
2269 err:
2270 BN_free(p);
2271 BN_free(g);
2272 EVP_PKEY_free(pkey1);
2273 EVP_PKEY_free(pkey2);
2274 DH_free(x942dh);
2275 DH_free(noqdh);
2276
2277 return ret;
2278 }
2279 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2280 #endif /* !OPENSSL_NO_DH */
2281
2282 /*
2283 * We test what happens with an empty template. For the sake of this test,
2284 * the template must be ignored, and we know that's the case for RSA keys
2285 * (this might arguably be a misfeature, but that's what we currently do,
2286 * even in provider code, since that's how the legacy RSA implementation
2287 * does things)
2288 */
2289 static int test_keygen_with_empty_template(int n)
2290 {
2291 EVP_PKEY_CTX *ctx = NULL;
2292 EVP_PKEY *pkey = NULL;
2293 EVP_PKEY *tkey = NULL;
2294 int ret = 0;
2295
2296 if (nullprov != NULL)
2297 return TEST_skip("Test does not support a non-default library context");
2298
2299 switch (n) {
2300 case 0:
2301 /* We do test with no template at all as well */
2302 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2303 goto err;
2304 break;
2305 case 1:
2306 /* Here we create an empty RSA key that serves as our template */
2307 if (!TEST_ptr(tkey = EVP_PKEY_new())
2308 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2309 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2310 goto err;
2311 break;
2312 }
2313
2314 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2315 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2316 goto err;
2317
2318 ret = 1;
2319 err:
2320 EVP_PKEY_CTX_free(ctx);
2321 EVP_PKEY_free(pkey);
2322 EVP_PKEY_free(tkey);
2323 return ret;
2324 }
2325
2326 /*
2327 * Test that we fail if we attempt to use an algorithm that is not available
2328 * in the current library context (unless we are using an algorithm that
2329 * should be made available via legacy codepaths).
2330 *
2331 * 0: RSA
2332 * 1: SM2
2333 */
2334 static int test_pkey_ctx_fail_without_provider(int tst)
2335 {
2336 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
2337 OSSL_PROVIDER *tmpnullprov = NULL;
2338 EVP_PKEY_CTX *pctx = NULL;
2339 const char *keytype = NULL;
2340 int expect_null = 0;
2341 int ret = 0;
2342
2343 if (!TEST_ptr(tmpctx))
2344 goto err;
2345
2346 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
2347 if (!TEST_ptr(tmpnullprov))
2348 goto err;
2349
2350 /*
2351 * We check for certain algos in the null provider.
2352 * If an algo is expected to have a provider keymgmt, contructing an
2353 * EVP_PKEY_CTX is expected to fail (return NULL).
2354 * Otherwise, if it's expected to have legacy support, contructing an
2355 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2356 */
2357 switch (tst) {
2358 case 0:
2359 keytype = "RSA";
2360 expect_null = 1;
2361 break;
2362 case 1:
2363 keytype = "SM2";
2364 expect_null = 1;
2365 #ifdef OPENSSL_NO_EC
2366 TEST_info("EC disable, skipping SM2 check...");
2367 goto end;
2368 #endif
2369 #ifdef OPENSSL_NO_SM2
2370 TEST_info("SM2 disable, skipping SM2 check...");
2371 goto end;
2372 #endif
2373 break;
2374 default:
2375 TEST_error("No test for case %d", tst);
2376 goto err;
2377 }
2378
2379 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2380 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
2381 goto err;
2382
2383 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2384 end:
2385 #endif
2386 ret = 1;
2387
2388 err:
2389 EVP_PKEY_CTX_free(pctx);
2390 OSSL_PROVIDER_unload(tmpnullprov);
2391 OSSL_LIB_CTX_free(tmpctx);
2392 return ret;
2393 }
2394
2395 static int test_rand_agglomeration(void)
2396 {
2397 EVP_RAND *rand;
2398 EVP_RAND_CTX *ctx;
2399 OSSL_PARAM params[3], *p = params;
2400 int res;
2401 unsigned int step = 7;
2402 static unsigned char seed[] = "It does not matter how slowly you go "
2403 "as long as you do not stop.";
2404 unsigned char out[sizeof(seed)];
2405
2406 if (!TEST_int_ne(sizeof(seed) % step, 0)
2407 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
2408 return 0;
2409 ctx = EVP_RAND_CTX_new(rand, NULL);
2410 EVP_RAND_free(rand);
2411 if (!TEST_ptr(ctx))
2412 return 0;
2413
2414 memset(out, 0, sizeof(out));
2415 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2416 seed, sizeof(seed));
2417 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
2418 *p = OSSL_PARAM_construct_end();
2419 res = TEST_true(EVP_RAND_set_ctx_params(ctx, params))
2420 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
2421 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
2422 EVP_RAND_CTX_free(ctx);
2423 return res;
2424 }
2425
2426 /*
2427 * Test that we correctly return the original or "running" IV after
2428 * an encryption operation.
2429 * Run multiple times for some different relevant algorithms/modes.
2430 */
2431 static int test_evp_iv(int idx)
2432 {
2433 int ret = 0;
2434 EVP_CIPHER_CTX *ctx = NULL;
2435 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2436 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2437 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
2438 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2439 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2440 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2441 9, 10, 11, 12, 13, 14, 15, 16 };
2442 unsigned char ciphertext[32], oiv[16], iv[16];
2443 unsigned char *ref_iv;
2444 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2445 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2446
2447 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2448 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2449 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2450 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2451 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2452 #ifndef OPENSSL_NO_OCB
2453 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2454 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2455 #endif
2456 int len = sizeof(ciphertext);
2457 size_t ivlen, ref_len;
2458 const EVP_CIPHER *type = NULL;
2459
2460 if (nullprov != NULL && idx < 5)
2461 return TEST_skip("Test does not support a non-default library context");
2462
2463 switch(idx) {
2464 case 0:
2465 type = EVP_aes_128_cbc();
2466 /* FALLTHROUGH */
2467 case 5:
2468 type = (type != NULL) ? type :
2469 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
2470 ref_iv = cbc_state;
2471 ref_len = sizeof(cbc_state);
2472 break;
2473 case 1:
2474 type = EVP_aes_128_ofb();
2475 /* FALLTHROUGH */
2476 case 6:
2477 type = (type != NULL) ? type :
2478 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
2479 ref_iv = ofb_state;
2480 ref_len = sizeof(ofb_state);
2481 break;
2482 case 2:
2483 type = EVP_aes_128_gcm();
2484 /* FALLTHROUGH */
2485 case 7:
2486 type = (type != NULL) ? type :
2487 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
2488 ref_iv = gcm_state;
2489 ref_len = sizeof(gcm_state);
2490 break;
2491 case 3:
2492 type = EVP_aes_128_ccm();
2493 /* FALLTHROUGH */
2494 case 8:
2495 type = (type != NULL) ? type :
2496 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
2497 ref_iv = ccm_state;
2498 ref_len = sizeof(ccm_state);
2499 break;
2500 #ifdef OPENSSL_NO_OCB
2501 case 4:
2502 case 9:
2503 return 1;
2504 #else
2505 case 4:
2506 type = EVP_aes_128_ocb();
2507 /* FALLTHROUGH */
2508 case 9:
2509 type = (type != NULL) ? type :
2510 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
2511 ref_iv = ocb_state;
2512 ref_len = sizeof(ocb_state);
2513 break;
2514 #endif
2515 default:
2516 return 0;
2517 }
2518
2519 if (!TEST_ptr(type)
2520 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2521 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2522 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2523 (int)sizeof(msg)))
2524 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2525 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
2526 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2527 goto err;
2528 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
2529 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2530 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2531 goto err;
2532
2533 ret = 1;
2534 err:
2535 EVP_CIPHER_CTX_free(ctx);
2536 if (idx >= 5)
2537 EVP_CIPHER_free((EVP_CIPHER *)type);
2538 return ret;
2539 }
2540
2541 #ifndef OPENSSL_NO_EC
2542 static int ecpub_nids[] = { NID_brainpoolP256r1, NID_X9_62_prime256v1,
2543 NID_secp384r1, NID_secp521r1, NID_sect233k1, NID_sect233r1, NID_sect283r1,
2544 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
2545 NID_brainpoolP384r1, NID_brainpoolP512r1};
2546
2547 static int test_ecpub(int idx)
2548 {
2549 int ret = 0, len, savelen;
2550 int nid;
2551 unsigned char buf[1024];
2552 unsigned char *p;
2553 EVP_PKEY *pkey = NULL;
2554 EVP_PKEY_CTX *ctx = NULL;
2555 # ifndef OPENSSL_NO_DEPRECATED_3_0
2556 const unsigned char *q;
2557 EVP_PKEY *pkey2 = NULL;
2558 EC_KEY *ec = NULL;
2559 # endif
2560
2561 if (nullprov != NULL)
2562 return TEST_skip("Test does not support a non-default library context");
2563
2564 nid = ecpub_nids[idx];
2565
2566 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
2567 if (!TEST_ptr(ctx)
2568 || !TEST_true(EVP_PKEY_keygen_init(ctx))
2569 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid))
2570 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
2571 goto done;
2572 len = i2d_PublicKey(pkey, NULL);
2573 savelen = len;
2574 if (!TEST_int_ge(len, 1)
2575 || !TEST_int_lt(len, 1024))
2576 goto done;
2577 p = buf;
2578 len = i2d_PublicKey(pkey, &p);
2579 if (!TEST_int_ge(len, 1)
2580 || !TEST_int_eq(len, savelen))
2581 goto done;
2582
2583 # ifndef OPENSSL_NO_DEPRECATED_3_0
2584 /* Now try to decode the just-created DER. */
2585 q = buf;
2586 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
2587 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
2588 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
2589 goto done;
2590 /* EC_KEY ownership transferred */
2591 ec = NULL;
2592 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
2593 goto done;
2594 /* The keys should match. */
2595 if (!TEST_int_eq(EVP_PKEY_cmp(pkey, pkey2), 1))
2596 goto done;
2597 # endif
2598
2599 ret = 1;
2600
2601 done:
2602 EVP_PKEY_CTX_free(ctx);
2603 EVP_PKEY_free(pkey);
2604 # ifndef OPENSSL_NO_DEPRECATED_3_0
2605 EVP_PKEY_free(pkey2);
2606 EC_KEY_free(ec);
2607 # endif
2608 return ret;
2609 }
2610 #endif
2611
2612 static int test_EVP_rsa_pss_with_keygen_bits(void)
2613 {
2614 int ret = 0;
2615 EVP_PKEY_CTX *ctx = NULL;
2616 EVP_PKEY *pkey = NULL;
2617 EVP_MD *md;
2618
2619 md = EVP_MD_fetch(testctx, "sha256", testpropq);
2620 ret = TEST_ptr(md)
2621 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", testpropq)))
2622 && TEST_true(EVP_PKEY_keygen_init(ctx))
2623 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
2624 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
2625 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
2626
2627 EVP_MD_free(md);
2628 EVP_PKEY_free(pkey);
2629 EVP_PKEY_CTX_free(ctx);
2630 return ret;
2631 }
2632
2633 static int success = 1;
2634 static void md_names(const char *name, void *vctx)
2635 {
2636 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
2637 /* Force a namemap update */
2638 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
2639
2640 if (!TEST_ptr(aes128))
2641 success = 0;
2642
2643 EVP_CIPHER_free(aes128);
2644 }
2645
2646 /*
2647 * Test that changing the namemap in a user callback works in a names_do_all
2648 * function.
2649 */
2650 static int test_names_do_all(void)
2651 {
2652 /* We use a custom libctx so that we know the state of the namemap */
2653 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
2654 EVP_MD *sha256 = NULL;
2655 int testresult = 0;
2656
2657 if (!TEST_ptr(ctx))
2658 goto err;
2659
2660 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
2661 if (!TEST_ptr(sha256))
2662 goto err;
2663
2664 /*
2665 * We loop through all the names for a given digest. This should still work
2666 * even if the namemap changes part way through.
2667 */
2668 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
2669 goto err;
2670
2671 if (!TEST_true(success))
2672 goto err;
2673
2674 testresult = 1;
2675 err:
2676 EVP_MD_free(sha256);
2677 OSSL_LIB_CTX_free(ctx);
2678 return testresult;
2679 }
2680
2681 typedef enum OPTION_choice {
2682 OPT_ERR = -1,
2683 OPT_EOF = 0,
2684 OPT_CONTEXT,
2685 OPT_TEST_ENUM
2686 } OPTION_CHOICE;
2687
2688 const OPTIONS *test_get_options(void)
2689 {
2690 static const OPTIONS options[] = {
2691 OPT_TEST_OPTIONS_DEFAULT_USAGE,
2692 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
2693 { NULL }
2694 };
2695 return options;
2696 }
2697
2698 int setup_tests(void)
2699 {
2700 OPTION_CHOICE o;
2701
2702 while ((o = opt_next()) != OPT_EOF) {
2703 switch (o) {
2704 case OPT_CONTEXT:
2705 /* Set up an alternate library context */
2706 testctx = OSSL_LIB_CTX_new();
2707 if (!TEST_ptr(testctx))
2708 return 0;
2709 /* Swap the libctx to test non-default context only */
2710 nullprov = OSSL_PROVIDER_load(NULL, "null");
2711 deflprov = OSSL_PROVIDER_load(testctx, "default");
2712 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
2713 break;
2714 case OPT_TEST_CASES:
2715 break;
2716 default:
2717 return 0;
2718 }
2719 }
2720
2721 ADD_TEST(test_EVP_set_default_properties);
2722 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
2723 ADD_TEST(test_EVP_DigestVerifyInit);
2724 ADD_TEST(test_EVP_Digest);
2725 ADD_TEST(test_EVP_Enveloped);
2726 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
2727 ADD_TEST(test_privatekey_to_pkcs8);
2728 #ifndef OPENSSL_NO_EC
2729 ADD_TEST(test_EVP_PKCS82PKEY);
2730 #endif
2731 #ifndef OPENSSL_NO_EC
2732 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
2733 #endif
2734 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
2735 ADD_TEST(test_EVP_SM2);
2736 ADD_TEST(test_EVP_SM2_verify);
2737 #endif
2738 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
2739 #ifndef OPENSSL_NO_DEPRECATED_3_0
2740 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
2741 if (!TEST_ptr(custom_pmeth))
2742 return 0;
2743 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
2744 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
2745 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
2746 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
2747 return 0;
2748 #endif
2749 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
2750 #ifndef OPENSSL_NO_CMAC
2751 ADD_TEST(test_CMAC_keygen);
2752 #endif
2753 ADD_TEST(test_HKDF);
2754 ADD_TEST(test_emptyikm_HKDF);
2755 #ifndef OPENSSL_NO_EC
2756 ADD_TEST(test_X509_PUBKEY_inplace);
2757 ADD_TEST(test_X509_PUBKEY_dup);
2758 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
2759 OSSL_NELEM(ec_der_pub_keys));
2760 #endif
2761 #ifndef OPENSSL_NO_DSA
2762 ADD_TEST(test_DSA_get_set_params);
2763 ADD_TEST(test_DSA_priv_pub);
2764 #endif
2765 ADD_TEST(test_RSA_get_set_params);
2766 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2767 ADD_TEST(test_decrypt_null_chunks);
2768 #endif
2769 #ifndef OPENSSL_NO_DH
2770 ADD_TEST(test_DH_priv_pub);
2771 # ifndef OPENSSL_NO_DEPRECATED_3_0
2772 ADD_TEST(test_EVP_PKEY_set1_DH);
2773 # endif
2774 #endif
2775 #ifndef OPENSSL_NO_EC
2776 ADD_TEST(test_EC_priv_pub);
2777 # ifndef OPENSSL_NO_DEPRECATED_3_0
2778 ADD_TEST(test_EC_priv_only_legacy);
2779 # endif
2780 #endif
2781 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
2782 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
2783
2784 ADD_TEST(test_rand_agglomeration);
2785 ADD_ALL_TESTS(test_evp_iv, 10);
2786 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
2787 #ifndef OPENSSL_NO_EC
2788 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
2789 #endif
2790
2791 ADD_TEST(test_names_do_all);
2792
2793 return 1;
2794 }
2795
2796 void cleanup_tests(void)
2797 {
2798 OSSL_PROVIDER_unload(nullprov);
2799 OSSL_PROVIDER_unload(deflprov);
2800 OSSL_PROVIDER_unload(lgcyprov);
2801 OSSL_LIB_CTX_free(testctx);
2802 }
A mirror of the official openssl repository