]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/evp_extra_test.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add appropriate NULL checks in EVP_CIPHER api
[thirdparty/openssl.git] / test / evp_extra_test.c
1 /*
2 * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
34 #include <openssl/proverr.h>
35 #include "testutil.h"
36 #include "internal/nelem.h"
37 #include "internal/sizes.h"
38 #include "crypto/evp.h"
39 #include "fake_rsaprov.h"
40
41 #ifdef STATIC_LEGACY
42 OSSL_provider_init_fn ossl_legacy_provider_init;
43 #endif
44
45 static OSSL_LIB_CTX *testctx = NULL;
46 static char *testpropq = NULL;
47
48 static OSSL_PROVIDER *nullprov = NULL;
49 static OSSL_PROVIDER *deflprov = NULL;
50 static OSSL_PROVIDER *lgcyprov = NULL;
51
52 /*
53 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
54 * should never use this key anywhere but in an example.
55 */
56 static const unsigned char kExampleRSAKeyDER[] = {
57 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
58 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
59 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
60 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
61 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
62 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
63 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
64 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
65 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
66 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
67 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
68 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
69 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
70 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
71 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
72 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
73 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
74 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
75 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
76 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
77 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
78 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
79 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
80 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
81 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
82 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
83 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
84 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
85 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
86 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
87 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
88 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
89 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
90 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
91 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
92 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
93 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
94 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
95 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
96 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
97 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
98 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
99 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
100 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
101 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
102 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
103 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
104 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
105 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
106 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
107 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
108 };
109
110 /*
111 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
112 * should never use this key anywhere but in an example.
113 */
114 #ifndef OPENSSL_NO_DSA
115 static const unsigned char kExampleDSAKeyDER[] = {
116 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
117 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
118 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
119 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
120 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
121 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
122 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
123 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
124 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
125 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
126 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
127 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
128 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
129 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
130 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
131 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
132 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
133 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
134 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
135 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
136 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
137 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
138 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
139 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
140 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
141 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
142 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
143 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
144 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
145 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
146 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
147 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
148 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
149 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
150 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
151 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
152 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
153 0x40, 0x48
154 };
155 #endif
156
157 /*
158 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
159 * components are not correct.
160 */
161 static const unsigned char kExampleBadRSAKeyDER[] = {
162 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
163 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
164 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
165 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
166 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
167 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
168 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
169 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
170 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
171 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
172 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
173 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
174 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
175 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
176 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
177 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
178 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
179 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
180 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
181 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
182 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
183 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
184 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
185 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
186 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
187 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
188 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
189 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
190 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
191 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
192 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
193 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
194 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
195 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
196 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
197 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
198 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
199 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
200 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
201 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
202 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
203 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
204 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
205 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
206 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
207 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
208 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
209 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
210 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
211 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
212 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
213 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
214 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
215 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
216 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
217 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
218 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
219 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
220 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
221 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
222 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
223 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
224 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
225 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
226 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
227 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
228 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
229 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
230 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
231 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
232 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
233 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
234 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
235 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
236 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
237 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
238 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
239 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
240 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
241 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
242 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
243 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
244 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
245 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
246 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
247 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
248 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
249 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
250 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
251 };
252
253 /*
254 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All
255 * values are 0.
256 */
257 static const unsigned char kExampleBad2RSAKeyDER[] = {
258 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
259 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
260 0x01, 0x00, 0x02, 0x01, 0x00
261 };
262
263 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
264
265 static const unsigned char kSignature[] = {
266 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
267 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
268 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
269 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
270 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
271 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
272 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
273 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
274 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
275 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
276 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
277 };
278
279 /*
280 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
281 * PrivateKeyInfo.
282 */
283 static const unsigned char kExampleRSAKeyPKCS8[] = {
284 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
285 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
286 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
287 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
288 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
289 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
290 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
291 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
292 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
293 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
294 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
295 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
296 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
297 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
298 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
299 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
300 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
301 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
302 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
303 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
304 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
305 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
306 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
307 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
308 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
309 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
310 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
311 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
312 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
313 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
314 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
315 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
316 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
317 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
318 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
319 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
320 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
321 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
322 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
323 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
324 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
325 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
326 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
327 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
328 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
329 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
330 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
331 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
332 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
333 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
334 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
335 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
336 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
337 };
338
339 #ifndef OPENSSL_NO_EC
340 /*
341 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
342 * structure.
343 */
344 static const unsigned char kExampleECKeyDER[] = {
345 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
346 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
347 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
348 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
349 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
350 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
351 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
352 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
353 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
354 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
355 0xc1,
356 };
357
358 /*
359 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
360 * structure. The private key is equal to the order and will fail to import
361 */
362 static const unsigned char kExampleBadECKeyDER[] = {
363 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
364 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
365 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
366 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
367 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
368 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
369 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
370 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
371 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
372 };
373
374 /* prime256v1 */
375 static const unsigned char kExampleECPubKeyDER[] = {
376 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
377 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
378 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
379 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
380 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
381 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
382 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
383 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
384 };
385
386 /*
387 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
388 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
389 */
390 static const unsigned char kExampleBadECPubKeyDER[] = {
391 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
392 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
393 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
394 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
395 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
396 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
397 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
398 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
399 };
400
401 static const unsigned char pExampleECParamDER[] = {
402 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
403 };
404
405 # ifndef OPENSSL_NO_ECX
406 static const unsigned char kExampleED25519KeyDER[] = {
407 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
408 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
409 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
410 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
411 };
412
413 static const unsigned char kExampleED25519PubKeyDER[] = {
414 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
415 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
416 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
417 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
418 };
419
420 # ifndef OPENSSL_NO_DEPRECATED_3_0
421 static const unsigned char kExampleX25519KeyDER[] = {
422 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
423 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
424 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
425 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
426 };
427 # endif
428 # endif
429 #endif
430
431 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
432 #ifndef OPENSSL_NO_DEPRECATED_3_0
433 # ifndef OPENSSL_NO_DH
434 static const unsigned char kExampleDHKeyDER[] = {
435 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
436 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
437 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
438 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
439 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
440 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
441 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
442 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
443 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
444 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
445 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
446 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
447 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
448 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
449 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
450 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
451 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
452 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
453 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
454 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
455 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
456 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
457 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
458 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
459 0x2e, 0x87, 0x2a, 0x0b, 0x7a
460 };
461 # endif
462 #endif
463
464 static const unsigned char kCFBDefaultKey[] = {
465 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
466 0x09, 0xCF, 0x4F, 0x3C
467 };
468
469 static const unsigned char kGCMDefaultKey[32] = { 0 };
470
471 static const unsigned char kGCMResetKey[] = {
472 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
473 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
474 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
475 };
476
477 static const unsigned char iCFBIV[] = {
478 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
479 0x0C, 0x0D, 0x0E, 0x0F
480 };
481
482 static const unsigned char iGCMDefaultIV[12] = { 0 };
483
484 static const unsigned char iGCMResetIV1[] = {
485 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
486 };
487
488 static const unsigned char iGCMResetIV2[] = {
489 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
490 };
491
492 static const unsigned char cfbPlaintext[] = {
493 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
494 0x73, 0x93, 0x17, 0x2A
495 };
496 static const unsigned char cfbPlaintext_partial[] = {
497 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
498 0x73, 0x93, 0x17, 0x2A, 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
499 };
500
501 static const unsigned char gcmDefaultPlaintext[16] = { 0 };
502
503 static const unsigned char gcmResetPlaintext[] = {
504 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
505 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
506 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
507 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
508 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
509 };
510
511 static const unsigned char cfbCiphertext[] = {
512 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
513 0xE8, 0x3C, 0xFB, 0x4A
514 };
515
516 static const unsigned char cfbCiphertext_partial[] = {
517 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
518 0xE8, 0x3C, 0xFB, 0x4A, 0x0D, 0x4A, 0x71, 0x82, 0x90, 0xF0, 0x9A, 0x35
519 };
520
521 static const unsigned char ofbCiphertext_partial[] = {
522 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
523 0xE8, 0x3C, 0xFB, 0x4A, 0xB2, 0x65, 0x64, 0x38, 0x26, 0xD2, 0xBC, 0x09
524 };
525
526 static const unsigned char gcmDefaultCiphertext[] = {
527 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
528 0xba, 0xf3, 0x9d, 0x18
529 };
530
531 static const unsigned char gcmResetCiphertext1[] = {
532 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
533 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
534 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
535 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
536 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
537 };
538
539 static const unsigned char gcmResetCiphertext2[] = {
540 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
541 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
542 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
543 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
544 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
545 };
546
547 static const unsigned char gcmAAD[] = {
548 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
549 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
550 };
551
552 static const unsigned char gcmDefaultTag[] = {
553 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
554 0xd4, 0x8a, 0xb9, 0x19
555 };
556
557 static const unsigned char gcmResetTag1[] = {
558 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
559 0xfe, 0x2e, 0xa8, 0xf2
560 };
561
562 static const unsigned char gcmResetTag2[] = {
563 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
564 0xbb, 0x2d, 0x55, 0x1b
565 };
566
567 typedef struct APK_DATA_st {
568 const unsigned char *kder;
569 size_t size;
570 const char *keytype;
571 int evptype;
572 int check;
573 int pub_check;
574 int param_check;
575 int type; /* 0 for private, 1 for public, 2 for params */
576 } APK_DATA;
577
578 static APK_DATA keydata[] = {
579 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
580 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
581 #ifndef OPENSSL_NO_EC
582 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
583 #endif
584 };
585
586 static APK_DATA keycheckdata[] = {
587 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
588 0},
589 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
590 0, 1, 1, 0},
591 {kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA,
592 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0},
593 #ifndef OPENSSL_NO_EC
594 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
595 /* group is also associated in our pub key */
596 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
597 1, 1},
598 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
599 2},
600 # ifndef OPENSSL_NO_ECX
601 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
602 EVP_PKEY_ED25519, 1, 1, 1, 0},
603 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
604 EVP_PKEY_ED25519, 0, 1, 1, 1},
605 # endif
606 #endif
607 };
608
609 static EVP_PKEY *load_example_key(const char *keytype,
610 const unsigned char *data, size_t data_len)
611 {
612 const unsigned char **pdata = &data;
613 EVP_PKEY *pkey = NULL;
614 OSSL_DECODER_CTX *dctx =
615 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
616 testctx, testpropq);
617
618 /* |pkey| will be NULL on error */
619 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
620 OSSL_DECODER_CTX_free(dctx);
621 return pkey;
622 }
623
624 static EVP_PKEY *load_example_rsa_key(void)
625 {
626 return load_example_key("RSA", kExampleRSAKeyDER,
627 sizeof(kExampleRSAKeyDER));
628 }
629
630 #ifndef OPENSSL_NO_DSA
631 static EVP_PKEY *load_example_dsa_key(void)
632 {
633 return load_example_key("DSA", kExampleDSAKeyDER,
634 sizeof(kExampleDSAKeyDER));
635 }
636 #endif
637
638 #ifndef OPENSSL_NO_EC
639 static EVP_PKEY *load_example_ec_key(void)
640 {
641 return load_example_key("EC", kExampleECKeyDER,
642 sizeof(kExampleECKeyDER));
643 }
644 #endif
645
646 #ifndef OPENSSL_NO_DEPRECATED_3_0
647 # ifndef OPENSSL_NO_DH
648 static EVP_PKEY *load_example_dh_key(void)
649 {
650 return load_example_key("DH", kExampleDHKeyDER,
651 sizeof(kExampleDHKeyDER));
652 }
653 # endif
654
655 # ifndef OPENSSL_NO_ECX
656 static EVP_PKEY *load_example_ed25519_key(void)
657 {
658 return load_example_key("ED25519", kExampleED25519KeyDER,
659 sizeof(kExampleED25519KeyDER));
660 }
661
662 static EVP_PKEY *load_example_x25519_key(void)
663 {
664 return load_example_key("X25519", kExampleX25519KeyDER,
665 sizeof(kExampleX25519KeyDER));
666 }
667 # endif
668 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
669
670 static EVP_PKEY *load_example_hmac_key(void)
671 {
672 EVP_PKEY *pkey = NULL;
673 unsigned char key[] = {
674 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
675 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
676 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
677 };
678
679 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
680 NULL, key, sizeof(key));
681 if (!TEST_ptr(pkey))
682 return NULL;
683
684 return pkey;
685 }
686
687 static int test_EVP_set_default_properties(void)
688 {
689 OSSL_LIB_CTX *ctx;
690 EVP_MD *md = NULL;
691 int res = 0;
692
693 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
694 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
695 goto err;
696 EVP_MD_free(md);
697 md = NULL;
698
699 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
700 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
701 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
702 goto err;
703 EVP_MD_free(md);
704 md = NULL;
705
706 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
707 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
708 goto err;
709 res = 1;
710 err:
711 EVP_MD_free(md);
712 OSSL_LIB_CTX_free(ctx);
713 return res;
714 }
715
716 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
717 static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
718 {
719 EVP_PKEY_CTX *pctx = NULL;
720 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL;
721
722 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
723 goto err;
724 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
725 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
726 params), 0))
727 goto err;
728
729 if (!TEST_ptr(tmp_pkey))
730 goto err;
731
732 pkey = tmp_pkey;
733 tmp_pkey = NULL;
734 err:
735 EVP_PKEY_free(tmp_pkey);
736 EVP_PKEY_CTX_free(pctx);
737 return pkey;
738 }
739
740 static int test_selection(EVP_PKEY *pkey, int selection)
741 {
742 int testresult = 0;
743 int ret;
744 BIO *bio = BIO_new(BIO_s_mem());
745
746 ret = PEM_write_bio_PUBKEY(bio, pkey);
747 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
748 if (!TEST_true(ret))
749 goto err;
750 } else {
751 if (!TEST_false(ret))
752 goto err;
753 }
754 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
755 testctx, NULL);
756 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
757 if (!TEST_true(ret))
758 goto err;
759 } else {
760 if (!TEST_false(ret))
761 goto err;
762 }
763
764 testresult = 1;
765 err:
766 BIO_free(bio);
767
768 return testresult;
769 }
770 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
771
772 /*
773 * Test combinations of private, public, missing and private + public key
774 * params to ensure they are all accepted
775 */
776 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
777 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
778 {
779 OSSL_PARAM_BLD *bld = NULL;
780 OSSL_PARAM *params = NULL;
781 EVP_PKEY *just_params = NULL;
782 EVP_PKEY *params_and_priv = NULL;
783 EVP_PKEY *params_and_pub = NULL;
784 EVP_PKEY *params_and_keypair = NULL;
785 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
786 int ret = 0;
787
788 /*
789 * Setup the parameters for our pkey object. For our purposes they don't
790 * have to actually be *valid* parameters. We just need to set something.
791 */
792 if (!TEST_ptr(p = BN_new())
793 || !TEST_ptr(q = BN_new())
794 || !TEST_ptr(g = BN_new())
795 || !TEST_ptr(pub = BN_new())
796 || !TEST_ptr(priv = BN_new()))
797 goto err;
798
799 /* Test !priv and !pub */
800 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
801 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
802 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
803 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
804 goto err;
805 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
806 || !TEST_ptr(just_params = make_key_fromdata(keytype, params)))
807 goto err;
808
809 OSSL_PARAM_free(params);
810 OSSL_PARAM_BLD_free(bld);
811 params = NULL;
812 bld = NULL;
813
814 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
815 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
816 goto err;
817
818 /* Test priv and !pub */
819 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
820 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
821 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
822 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
823 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
824 priv)))
825 goto err;
826 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
827 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params)))
828 goto err;
829
830 OSSL_PARAM_free(params);
831 OSSL_PARAM_BLD_free(bld);
832 params = NULL;
833 bld = NULL;
834
835 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
836 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
837 goto err;
838
839 /* Test !priv and pub */
840 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
841 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
842 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
843 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
844 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
845 pub)))
846 goto err;
847 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
848 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params)))
849 goto err;
850
851 OSSL_PARAM_free(params);
852 OSSL_PARAM_BLD_free(bld);
853 params = NULL;
854 bld = NULL;
855
856 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
857 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
858 goto err;
859
860 /* Test priv and pub */
861 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
862 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
863 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
864 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
865 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
866 pub))
867 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
868 priv)))
869 goto err;
870 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
871 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params)))
872 goto err;
873
874 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
875 goto err;
876
877 ret = 1;
878 err:
879 OSSL_PARAM_free(params);
880 OSSL_PARAM_BLD_free(bld);
881 EVP_PKEY_free(just_params);
882 EVP_PKEY_free(params_and_priv);
883 EVP_PKEY_free(params_and_pub);
884 EVP_PKEY_free(params_and_keypair);
885 BN_free(p);
886 BN_free(q);
887 BN_free(g);
888 BN_free(pub);
889 BN_free(priv);
890
891 return ret;
892 }
893 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
894
895 /*
896 * Test combinations of private, public, missing and private + public key
897 * params to ensure they are all accepted for EC keys
898 */
899 #ifndef OPENSSL_NO_EC
900 static unsigned char ec_priv[] = {
901 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
902 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
903 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
904 };
905 static unsigned char ec_pub[] = {
906 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
907 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
908 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
909 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
910 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
911 0x08, 0x09, 0xb8, 0xdb, 0x03
912 };
913
914 static int test_EC_priv_pub(void)
915 {
916 OSSL_PARAM_BLD *bld = NULL;
917 OSSL_PARAM *params = NULL;
918 EVP_PKEY *just_params = NULL;
919 EVP_PKEY *params_and_priv = NULL;
920 EVP_PKEY *params_and_pub = NULL;
921 EVP_PKEY *params_and_keypair = NULL;
922 BIGNUM *priv = NULL;
923 int ret = 0;
924 unsigned char *encoded = NULL;
925 size_t len = 0;
926 unsigned char buffer[128];
927
928 /*
929 * Setup the parameters for our pkey object. For our purposes they don't
930 * have to actually be *valid* parameters. We just need to set something.
931 */
932 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
933 goto err;
934
935 /* Test !priv and !pub */
936 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
937 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
938 OSSL_PKEY_PARAM_GROUP_NAME,
939 "P-256", 0)))
940 goto err;
941 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
942 || !TEST_ptr(just_params = make_key_fromdata("EC", params)))
943 goto err;
944
945 OSSL_PARAM_free(params);
946 OSSL_PARAM_BLD_free(bld);
947 params = NULL;
948 bld = NULL;
949
950 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
951 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
952 goto err;
953
954 /* Test priv and !pub */
955 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
956 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
957 OSSL_PKEY_PARAM_GROUP_NAME,
958 "P-256", 0))
959 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
960 priv)))
961 goto err;
962 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
963 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params)))
964 goto err;
965
966 OSSL_PARAM_free(params);
967 OSSL_PARAM_BLD_free(bld);
968 params = NULL;
969 bld = NULL;
970
971 /*
972 * We indicate only parameters here, in spite of having built a key that
973 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
974 * expected to fail because it does not support exporting a private EC
975 * key without a corresponding public key
976 */
977 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
978 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
979 goto err;
980
981 /* Test !priv and pub */
982 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
983 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
984 OSSL_PKEY_PARAM_GROUP_NAME,
985 "P-256", 0))
986 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
987 OSSL_PKEY_PARAM_PUB_KEY,
988 ec_pub, sizeof(ec_pub))))
989 goto err;
990 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
991 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params)))
992 goto err;
993
994 OSSL_PARAM_free(params);
995 OSSL_PARAM_BLD_free(bld);
996 params = NULL;
997 bld = NULL;
998
999 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
1000 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
1001 goto err;
1002
1003 /* Test priv and pub */
1004 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1005 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1006 OSSL_PKEY_PARAM_GROUP_NAME,
1007 "P-256", 0))
1008 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1009 OSSL_PKEY_PARAM_PUB_KEY,
1010 ec_pub, sizeof(ec_pub)))
1011 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1012 priv)))
1013 goto err;
1014 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1015 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params)))
1016 goto err;
1017
1018 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
1019 goto err;
1020
1021 /* Try key equality */
1022 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0)
1023 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub),
1024 0)
1025 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv),
1026 0)
1027 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair),
1028 0)
1029 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0)
1030 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0)
1031 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0)
1032 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0))
1033 goto err;
1034
1035 /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */
1036 if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0))
1037 goto err;
1038 OPENSSL_free(encoded);
1039 encoded = NULL;
1040 if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) {
1041 OPENSSL_free(encoded);
1042 encoded = NULL;
1043 goto err;
1044 }
1045
1046 /* Positive and negative testcase for EVP_PKEY_get_octet_string_param */
1047 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1048 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1049 buffer, sizeof(buffer), &len), 1)
1050 || !TEST_int_eq(len, 65))
1051 goto err;
1052
1053 len = 0;
1054 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1055 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1056 NULL, 0, &len), 1)
1057 || !TEST_int_eq(len, 65))
1058 goto err;
1059
1060 /* too-short buffer len*/
1061 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1062 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1063 buffer, 10, &len), 0))
1064 goto err;
1065
1066 ret = 1;
1067 err:
1068 OSSL_PARAM_free(params);
1069 OSSL_PARAM_BLD_free(bld);
1070 EVP_PKEY_free(just_params);
1071 EVP_PKEY_free(params_and_priv);
1072 EVP_PKEY_free(params_and_pub);
1073 EVP_PKEY_free(params_and_keypair);
1074 BN_free(priv);
1075
1076 return ret;
1077 }
1078
1079 /* Also test that we can read the EC PUB affine coordinates */
1080 static int test_evp_get_ec_pub(void)
1081 {
1082 OSSL_PARAM_BLD *bld = NULL;
1083 OSSL_PARAM *params = NULL;
1084 unsigned char *pad = NULL;
1085 EVP_PKEY *keypair = NULL;
1086 BIGNUM *priv = NULL;
1087 BIGNUM *x = NULL;
1088 BIGNUM *y = NULL;
1089 int ret = 0;
1090
1091 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1092 goto err;
1093
1094 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1095 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1096 OSSL_PKEY_PARAM_GROUP_NAME,
1097 "P-256", 0))
1098 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1099 OSSL_PKEY_PARAM_PUB_KEY,
1100 ec_pub, sizeof(ec_pub)))
1101 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1102 priv)))
1103 goto err;
1104
1105 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1106 || !TEST_ptr(keypair = make_key_fromdata("EC", params)))
1107 goto err;
1108
1109 if (!test_selection(keypair, EVP_PKEY_KEYPAIR))
1110 goto err;
1111
1112 if (!EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_X, &x)
1113 || !EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_Y, &y))
1114 goto err;
1115
1116 if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub))))
1117 goto err;
1118
1119 pad[0] = ec_pub[0];
1120 BN_bn2bin(x, &pad[1]);
1121 BN_bn2bin(y, &pad[33]);
1122 if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0))
1123 goto err;
1124
1125 ret = 1;
1126
1127 err:
1128 OSSL_PARAM_free(params);
1129 OSSL_PARAM_BLD_free(bld);
1130 EVP_PKEY_free(keypair);
1131 OPENSSL_free(pad);
1132 BN_free(priv);
1133 BN_free(x);
1134 BN_free(y);
1135 return ret;
1136 }
1137
1138 /* Test that using a legacy EC key with only a private key in it works */
1139 # ifndef OPENSSL_NO_DEPRECATED_3_0
1140 static int test_EC_priv_only_legacy(void)
1141 {
1142 BIGNUM *priv = NULL;
1143 int ret = 0;
1144 EC_KEY *eckey = NULL;
1145 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
1146 EVP_MD_CTX *ctx = NULL;
1147
1148 /* Create the low level EC_KEY */
1149 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1150 goto err;
1151
1152 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1153 if (!TEST_ptr(eckey))
1154 goto err;
1155
1156 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1157 goto err;
1158
1159 pkey = EVP_PKEY_new();
1160 if (!TEST_ptr(pkey))
1161 goto err;
1162
1163 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1164 goto err;
1165 eckey = NULL;
1166
1167 while (dup_pk == NULL) {
1168 ret = 0;
1169 ctx = EVP_MD_CTX_new();
1170 if (!TEST_ptr(ctx))
1171 goto err;
1172
1173 /*
1174 * The EVP_DigestSignInit function should create the key on the
1175 * provider side which is sufficient for this test.
1176 */
1177 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
1178 testpropq, pkey, NULL)))
1179 goto err;
1180 EVP_MD_CTX_free(ctx);
1181 ctx = NULL;
1182
1183 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
1184 goto err;
1185 /* EVP_PKEY_eq() returns -2 with missing public keys */
1186 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
1187 EVP_PKEY_free(pkey);
1188 pkey = dup_pk;
1189 if (!ret)
1190 goto err;
1191 }
1192
1193 err:
1194 EVP_MD_CTX_free(ctx);
1195 EVP_PKEY_free(pkey);
1196 EC_KEY_free(eckey);
1197 BN_free(priv);
1198
1199 return ret;
1200 }
1201
1202 static int test_evp_get_ec_pub_legacy(void)
1203 {
1204 OSSL_LIB_CTX *libctx = NULL;
1205 unsigned char *pad = NULL;
1206 EVP_PKEY *pkey = NULL;
1207 EC_KEY *eckey = NULL;
1208 BIGNUM *priv = NULL;
1209 BIGNUM *x = NULL;
1210 BIGNUM *y = NULL;
1211 int ret = 0;
1212
1213 if (!TEST_ptr(libctx = OSSL_LIB_CTX_new()))
1214 goto err;
1215
1216 /* Create the legacy key */
1217 if (!TEST_ptr(eckey = EC_KEY_new_by_curve_name_ex(libctx, NULL,
1218 NID_X9_62_prime256v1)))
1219 goto err;
1220
1221 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1222 goto err;
1223
1224 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1225 goto err;
1226
1227 if (!TEST_ptr(x = BN_bin2bn(&ec_pub[1], 32, NULL)))
1228 goto err;
1229
1230 if (!TEST_ptr(y = BN_bin2bn(&ec_pub[33], 32, NULL)))
1231 goto err;
1232
1233 if (!TEST_true(EC_KEY_set_public_key_affine_coordinates(eckey, x, y)))
1234 goto err;
1235
1236 if (!TEST_ptr(pkey = EVP_PKEY_new()))
1237 goto err;
1238
1239 /* Transfer the legacy key */
1240 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1241 goto err;
1242 eckey = NULL;
1243
1244 if (!TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &x))
1245 || !TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &y)))
1246 goto err;
1247
1248 if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub))))
1249 goto err;
1250
1251 pad[0] = ec_pub[0];
1252 BN_bn2bin(x, &pad[1]);
1253 BN_bn2bin(y, &pad[33]);
1254
1255 if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0))
1256 goto err;
1257
1258 ret = 1;
1259
1260 err:
1261 OSSL_LIB_CTX_free(libctx);
1262 EVP_PKEY_free(pkey);
1263 EC_KEY_free(eckey);
1264 OPENSSL_free(pad);
1265 BN_free(priv);
1266 BN_free(x);
1267 BN_free(y);
1268
1269 return ret;
1270 }
1271 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
1272 #endif /* OPENSSL_NO_EC */
1273
1274 static int test_EVP_PKEY_sign(int tst)
1275 {
1276 int ret = 0;
1277 EVP_PKEY *pkey = NULL;
1278 unsigned char *sig = NULL;
1279 size_t sig_len = 0, shortsig_len = 1;
1280 EVP_PKEY_CTX *ctx = NULL;
1281 unsigned char tbs[] = {
1282 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1283 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1284 };
1285
1286 if (tst == 0) {
1287 if (!TEST_ptr(pkey = load_example_rsa_key()))
1288 goto out;
1289 } else if (tst == 1) {
1290 #ifndef OPENSSL_NO_DSA
1291 if (!TEST_ptr(pkey = load_example_dsa_key()))
1292 goto out;
1293 #else
1294 ret = 1;
1295 goto out;
1296 #endif
1297 } else {
1298 #ifndef OPENSSL_NO_EC
1299 if (!TEST_ptr(pkey = load_example_ec_key()))
1300 goto out;
1301 #else
1302 ret = 1;
1303 goto out;
1304 #endif
1305 }
1306
1307 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1308 if (!TEST_ptr(ctx)
1309 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1310 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1311 sizeof(tbs)), 0))
1312 goto out;
1313 sig = OPENSSL_malloc(sig_len);
1314 if (!TEST_ptr(sig)
1315 /* Test sending a signature buffer that is too short is rejected */
1316 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1317 sizeof(tbs)), 0)
1318 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1319 0)
1320 /* Test the signature round-trips */
1321 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1322 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1323 0))
1324 goto out;
1325
1326 ret = 1;
1327 out:
1328 EVP_PKEY_CTX_free(ctx);
1329 OPENSSL_free(sig);
1330 EVP_PKEY_free(pkey);
1331 return ret;
1332 }
1333
1334 #ifndef OPENSSL_NO_DEPRECATED_3_0
1335 static int test_EVP_PKEY_sign_with_app_method(int tst)
1336 {
1337 int ret = 0;
1338 EVP_PKEY *pkey = NULL;
1339 RSA *rsa = NULL;
1340 RSA_METHOD *rsa_meth = NULL;
1341 #ifndef OPENSSL_NO_DSA
1342 DSA *dsa = NULL;
1343 DSA_METHOD *dsa_meth = NULL;
1344 #endif
1345 unsigned char *sig = NULL;
1346 size_t sig_len = 0, shortsig_len = 1;
1347 EVP_PKEY_CTX *ctx = NULL;
1348 unsigned char tbs[] = {
1349 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1350 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1351 };
1352
1353 if (tst == 0) {
1354 if (!TEST_ptr(pkey = load_example_rsa_key()))
1355 goto out;
1356 if (!TEST_ptr(rsa_meth = RSA_meth_dup(RSA_get_default_method())))
1357 goto out;
1358
1359 if (!TEST_ptr(rsa = EVP_PKEY_get1_RSA(pkey))
1360 || !TEST_int_gt(RSA_set_method(rsa, rsa_meth), 0)
1361 || !TEST_int_gt(EVP_PKEY_assign_RSA(pkey, rsa), 0))
1362 goto out;
1363 rsa = NULL; /* now owned by the pkey */
1364 } else {
1365 #ifndef OPENSSL_NO_DSA
1366 if (!TEST_ptr(pkey = load_example_dsa_key()))
1367 goto out;
1368 if (!TEST_ptr(dsa_meth = DSA_meth_dup(DSA_get_default_method())))
1369 goto out;
1370
1371 if (!TEST_ptr(dsa = EVP_PKEY_get1_DSA(pkey))
1372 || !TEST_int_gt(DSA_set_method(dsa, dsa_meth), 0)
1373 || !TEST_int_gt(EVP_PKEY_assign_DSA(pkey, dsa), 0))
1374 goto out;
1375 dsa = NULL; /* now owned by the pkey */
1376 #else
1377 ret = 1;
1378 goto out;
1379 #endif
1380 }
1381
1382 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1383 if (!TEST_ptr(ctx)
1384 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1385 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1386 sizeof(tbs)), 0))
1387 goto out;
1388 sig = OPENSSL_malloc(sig_len);
1389 if (!TEST_ptr(sig)
1390 /* Test sending a signature buffer that is too short is rejected */
1391 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1392 sizeof(tbs)), 0)
1393 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1394 0)
1395 /* Test the signature round-trips */
1396 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1397 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1398 0))
1399 goto out;
1400
1401 ret = 1;
1402 out:
1403 EVP_PKEY_CTX_free(ctx);
1404 OPENSSL_free(sig);
1405 EVP_PKEY_free(pkey);
1406 RSA_free(rsa);
1407 RSA_meth_free(rsa_meth);
1408 #ifndef OPENSSL_NO_DSA
1409 DSA_free(dsa);
1410 DSA_meth_free(dsa_meth);
1411 #endif
1412 return ret;
1413 }
1414 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */
1415
1416 /*
1417 * n = 0 => test using legacy cipher
1418 * n = 1 => test using fetched cipher
1419 */
1420 static int test_EVP_Enveloped(int n)
1421 {
1422 int ret = 0;
1423 EVP_CIPHER_CTX *ctx = NULL;
1424 EVP_PKEY *keypair = NULL;
1425 unsigned char *kek = NULL;
1426 unsigned char iv[EVP_MAX_IV_LENGTH];
1427 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1428 int len, kek_len, ciphertext_len, plaintext_len;
1429 unsigned char ciphertext[32], plaintext[16];
1430 EVP_CIPHER *type = NULL;
1431
1432 if (nullprov != NULL)
1433 return TEST_skip("Test does not support a non-default library context");
1434
1435 if (n == 0)
1436 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1437 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1438 testpropq)))
1439 goto err;
1440
1441 if (!TEST_ptr(keypair = load_example_rsa_key())
1442 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
1443 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1444 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1445 &keypair, 1))
1446 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1447 msg, sizeof(msg)))
1448 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1449 &len)))
1450 goto err;
1451
1452 ciphertext_len += len;
1453
1454 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1455 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1456 ciphertext, ciphertext_len))
1457 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1458 goto err;
1459
1460 plaintext_len += len;
1461 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1462 goto err;
1463
1464 ret = 1;
1465 err:
1466 if (n != 0)
1467 EVP_CIPHER_free(type);
1468 OPENSSL_free(kek);
1469 EVP_PKEY_free(keypair);
1470 EVP_CIPHER_CTX_free(ctx);
1471 return ret;
1472 }
1473
1474 /*
1475 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1476 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1477 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1478 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1479 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1480 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1481 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1482 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1483 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1484 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1485 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1486 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1487 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1488 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1489 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1490 * Test 15-29: Same as above with reinitialization
1491 */
1492 static int test_EVP_DigestSignInit(int tst)
1493 {
1494 int ret = 0;
1495 EVP_PKEY *pkey = NULL;
1496 unsigned char *sig = NULL, *sig2 = NULL;
1497 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
1498 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1499 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1500 BIO *mdbio = NULL, *membio = NULL;
1501 size_t written;
1502 const EVP_MD *md;
1503 EVP_MD *mdexp = NULL;
1504 int reinit = 0;
1505
1506 if (nullprov != NULL)
1507 return TEST_skip("Test does not support a non-default library context");
1508
1509 if (tst >= 15) {
1510 reinit = 1;
1511 tst -= 15;
1512 }
1513
1514 if (tst >= 6 && tst <= 8) {
1515 membio = BIO_new(BIO_s_mem());
1516 mdbio = BIO_new(BIO_f_md());
1517 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1518 goto out;
1519 BIO_push(mdbio, membio);
1520 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1521 goto out;
1522 } else {
1523 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1524 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1525 goto out;
1526 }
1527
1528 if (tst % 3 == 0) {
1529 if (!TEST_ptr(pkey = load_example_rsa_key()))
1530 goto out;
1531 } else if (tst % 3 == 1) {
1532 #ifndef OPENSSL_NO_DSA
1533 if (!TEST_ptr(pkey = load_example_dsa_key()))
1534 goto out;
1535 #else
1536 ret = 1;
1537 goto out;
1538 #endif
1539 } else {
1540 if (!TEST_ptr(pkey = load_example_hmac_key()))
1541 goto out;
1542 }
1543
1544 if (tst >= 3 && tst <= 5)
1545 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1546 else
1547 md = EVP_sha256();
1548
1549 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1550 goto out;
1551
1552 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
1553 goto out;
1554
1555 if (tst >= 6 && tst <= 8) {
1556 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1557 goto out;
1558 } else if (tst < 6) {
1559 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1560 goto out;
1561 }
1562
1563 if (tst >= 9) {
1564 /* Determine the size of the signature. */
1565 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1566 sizeof(kMsg)))
1567 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1568 goto out;
1569 if (tst <= 11) {
1570 /* Test that supply a short sig buffer fails */
1571 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1572 sizeof(kMsg))))
1573 goto out;
1574 /*
1575 * We end here because once EVP_DigestSign() has failed you should
1576 * not call it again without re-initing the ctx
1577 */
1578 ret = 1;
1579 goto out;
1580 }
1581 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1582 sizeof(kMsg))))
1583 goto out;
1584 } else {
1585 /* Determine the size of the signature. */
1586 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1587 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1588 /*
1589 * Trying to create a signature with a deliberately short
1590 * buffer should fail.
1591 */
1592 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1593 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1594 goto out;
1595 }
1596
1597 /*
1598 * Ensure that the signature round-trips (Verification isn't supported for
1599 * HMAC via EVP_DigestVerify*)
1600 */
1601 if (tst % 3 != 2) {
1602 if (tst >= 6 && tst <= 8) {
1603 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1604 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1605 goto out;
1606 }
1607
1608 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1609 NULL, pkey)))
1610 goto out;
1611
1612 if (tst >= 6 && tst <= 8) {
1613 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1614 goto out;
1615 } else {
1616 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1617 sizeof(kMsg))))
1618 goto out;
1619 }
1620 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1621 goto out;
1622
1623 /* Multiple calls to EVP_DigestVerifyFinal should work */
1624 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1625 goto out;
1626 } else {
1627 /*
1628 * For HMAC a doubled call to DigestSignFinal should produce the same
1629 * value as finalization should not happen.
1630 */
1631 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1632 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1633 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1634 goto out;
1635
1636 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1637 goto out;
1638 }
1639
1640 ret = 1;
1641
1642 out:
1643 BIO_free(membio);
1644 BIO_free(mdbio);
1645 EVP_MD_CTX_free(a_md_ctx);
1646 EVP_MD_CTX_free(a_md_ctx_verify);
1647 EVP_PKEY_free(pkey);
1648 OPENSSL_free(sig);
1649 OPENSSL_free(sig2);
1650 EVP_MD_free(mdexp);
1651
1652 return ret;
1653 }
1654
1655 static int test_EVP_DigestVerifyInit(void)
1656 {
1657 int ret = 0;
1658 EVP_PKEY *pkey = NULL;
1659 EVP_MD_CTX *md_ctx = NULL;
1660
1661 if (nullprov != NULL)
1662 return TEST_skip("Test does not support a non-default library context");
1663
1664 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1665 || !TEST_ptr(pkey = load_example_rsa_key()))
1666 goto out;
1667
1668 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1669 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1670 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1671 sizeof(kSignature)), 0))
1672 goto out;
1673
1674 /* test with reinitialization */
1675 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
1676 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1677 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1678 sizeof(kSignature)), 0))
1679 goto out;
1680 ret = 1;
1681
1682 out:
1683 EVP_MD_CTX_free(md_ctx);
1684 EVP_PKEY_free(pkey);
1685 return ret;
1686 }
1687
1688 #ifndef OPENSSL_NO_SIPHASH
1689 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
1690 static int test_siphash_digestsign(void)
1691 {
1692 unsigned char key[16];
1693 unsigned char buf[8], digest[8];
1694 unsigned char expected[8] = {
1695 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1696 };
1697 EVP_PKEY *pkey = NULL;
1698 EVP_MD_CTX *mdctx = NULL;
1699 EVP_PKEY_CTX *ctx = NULL;
1700 int ret = 0;
1701 size_t len = 8;
1702
1703 if (nullprov != NULL)
1704 return TEST_skip("Test does not support a non-default library context");
1705
1706 memset(buf, 0, 8);
1707 memset(key, 1, 16);
1708 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
1709 key, 16)))
1710 goto out;
1711
1712 if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
1713 goto out;
1714
1715 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
1716 goto out;
1717 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
1718 EVP_PKEY_CTRL_SET_DIGEST_SIZE,
1719 8, NULL), 1))
1720 goto out;
1721 /* reinitialize */
1722 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
1723 goto out;
1724 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
1725 goto out;
1726 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
1727 goto out;
1728 if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
1729 goto out;
1730
1731 ret = 1;
1732 out:
1733 EVP_PKEY_free(pkey);
1734 EVP_MD_CTX_free(mdctx);
1735 return ret;
1736 }
1737 #endif
1738
1739 /*
1740 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1741 */
1742 static int test_EVP_Digest(void)
1743 {
1744 int ret = 0;
1745 EVP_MD_CTX *md_ctx = NULL;
1746 unsigned char md[EVP_MAX_MD_SIZE];
1747 EVP_MD *sha256 = NULL;
1748 EVP_MD *shake256 = NULL;
1749
1750 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1751 goto out;
1752
1753 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1754 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1755 goto out;
1756
1757 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1758 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1759 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1760 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1761 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1762 goto out;
1763
1764 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1765 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1766 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1767 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1768 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1769 /*
1770 * EVP_DigestInit_ex with NULL type should work on
1771 * pre-initialized context.
1772 */
1773 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1774 goto out;
1775
1776 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1777 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1778 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1779 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1780 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1781 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1782 goto out;
1783 ret = 1;
1784
1785 out:
1786 EVP_MD_CTX_free(md_ctx);
1787 EVP_MD_free(sha256);
1788 EVP_MD_free(shake256);
1789 return ret;
1790 }
1791
1792 static int test_EVP_md_null(void)
1793 {
1794 int ret = 0;
1795 EVP_MD_CTX *md_ctx = NULL;
1796 const EVP_MD *md_null = EVP_md_null();
1797 unsigned char md_value[EVP_MAX_MD_SIZE];
1798 unsigned int md_len = sizeof(md_value);
1799
1800 if (nullprov != NULL)
1801 return TEST_skip("Test does not support a non-default library context");
1802
1803 if (!TEST_ptr(md_null)
1804 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1805 goto out;
1806
1807 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
1808 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
1809 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
1810 goto out;
1811
1812 if (!TEST_uint_eq(md_len, 0))
1813 goto out;
1814
1815 ret = 1;
1816 out:
1817 EVP_MD_CTX_free(md_ctx);
1818 return ret;
1819 }
1820
1821 static int test_d2i_AutoPrivateKey(int i)
1822 {
1823 int ret = 0;
1824 const unsigned char *p;
1825 EVP_PKEY *pkey = NULL;
1826 const APK_DATA *ak = &keydata[i];
1827 const unsigned char *input = ak->kder;
1828 size_t input_len = ak->size;
1829 int expected_id = ak->evptype;
1830
1831 p = input;
1832 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1833 || !TEST_ptr_eq(p, input + input_len)
1834 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
1835 goto done;
1836
1837 ret = 1;
1838
1839 done:
1840 EVP_PKEY_free(pkey);
1841 return ret;
1842 }
1843
1844 #ifndef OPENSSL_NO_EC
1845
1846 static const unsigned char ec_public_sect163k1_validxy[] = {
1847 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1848 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1849 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1850 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1851 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1852 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1853 };
1854
1855 static const unsigned char ec_public_sect163k1_badx[] = {
1856 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1857 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1858 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1859 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1860 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1861 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1862 };
1863
1864 static const unsigned char ec_public_sect163k1_bady[] = {
1865 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1866 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1867 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1868 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1869 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1870 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1871 };
1872
1873 static struct ec_der_pub_keys_st {
1874 const unsigned char *der;
1875 size_t len;
1876 int valid;
1877 } ec_der_pub_keys[] = {
1878 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1879 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1880 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1881 };
1882
1883 /*
1884 * Tests the range of the decoded EC char2 public point.
1885 * See ec_GF2m_simple_oct2point().
1886 */
1887 static int test_invalide_ec_char2_pub_range_decode(int id)
1888 {
1889 int ret = 0;
1890 EVP_PKEY *pkey;
1891
1892 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1893 ec_der_pub_keys[id].len);
1894
1895 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1896 || TEST_ptr_null(pkey);
1897 EVP_PKEY_free(pkey);
1898 return ret;
1899 }
1900
1901 /* Tests loading a bad key in PKCS8 format */
1902 static int test_EVP_PKCS82PKEY(void)
1903 {
1904 int ret = 0;
1905 const unsigned char *derp = kExampleBadECKeyDER;
1906 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1907 EVP_PKEY *pkey = NULL;
1908
1909 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1910 sizeof(kExampleBadECKeyDER))))
1911 goto done;
1912
1913 if (!TEST_ptr_eq(derp,
1914 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1915 goto done;
1916
1917 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1918 goto done;
1919
1920 ret = 1;
1921
1922 done:
1923 PKCS8_PRIV_KEY_INFO_free(p8inf);
1924 EVP_PKEY_free(pkey);
1925
1926 return ret;
1927 }
1928
1929 #endif
1930 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1931 {
1932 EVP_PKEY *pkey = NULL;
1933 EVP_PKEY *pkey2 = NULL;
1934 BIO *membio = NULL;
1935 char *membuf = NULL;
1936 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1937 int ok = 0;
1938
1939 if (testctx != NULL)
1940 /* test not supported with non-default context */
1941 return 1;
1942
1943 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1944 || !TEST_ptr(pkey = load_example_rsa_key())
1945 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1946 NULL, 0, NULL, NULL),
1947 0)
1948 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1949 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1950 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
1951 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1952 goto done;
1953 }
1954
1955 ok = 1;
1956 done:
1957 EVP_PKEY_free(pkey);
1958 EVP_PKEY_free(pkey2);
1959 PKCS8_PRIV_KEY_INFO_free(p8inf);
1960 BIO_free_all(membio);
1961 return ok;
1962 }
1963
1964 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1965 static int test_privatekey_to_pkcs8(void)
1966 {
1967 EVP_PKEY *pkey = NULL;
1968 BIO *membio = NULL;
1969 char *membuf = NULL;
1970 long membuf_len = 0;
1971 int ok = 0;
1972
1973 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1974 || !TEST_ptr(pkey = load_example_rsa_key())
1975 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1976 NULL, 0, NULL, NULL),
1977 0)
1978 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1979 || !TEST_ptr(membuf)
1980 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1981 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1982 /*
1983 * We try to write PEM as well, just to see that it doesn't err, but
1984 * assume that the result is correct.
1985 */
1986 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1987 NULL, 0, NULL, NULL),
1988 0))
1989 goto done;
1990
1991 ok = 1;
1992 done:
1993 EVP_PKEY_free(pkey);
1994 BIO_free_all(membio);
1995 return ok;
1996 }
1997
1998 #ifndef OPENSSL_NO_EC
1999 static const struct {
2000 int encoding;
2001 const char *encoding_name;
2002 } ec_encodings[] = {
2003 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
2004 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
2005 };
2006
2007 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
2008 {
2009 const OSSL_PARAM *p;
2010 const char *enc_name = NULL;
2011 int *enc = arg;
2012 size_t i;
2013
2014 *enc = -1;
2015
2016 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
2017 OSSL_PKEY_PARAM_EC_ENCODING))
2018 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
2019 return 0;
2020
2021 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
2022 if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
2023 *enc = ec_encodings[i].encoding;
2024 break;
2025 }
2026 }
2027
2028 return (*enc != -1);
2029 }
2030
2031 static int test_EC_keygen_with_enc(int idx)
2032 {
2033 EVP_PKEY *params = NULL, *key = NULL;
2034 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
2035 int enc;
2036 int ret = 0;
2037
2038 enc = ec_encodings[idx].encoding;
2039
2040 /* Create key parameters */
2041 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
2042 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
2043 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0)
2044 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0)
2045 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
2046 || !TEST_ptr(params))
2047 goto done;
2048
2049 /* Create key */
2050 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
2051 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2052 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
2053 || !TEST_ptr(key))
2054 goto done;
2055
2056 /* Check that the encoding got all the way into the key */
2057 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
2058 ec_export_get_encoding_cb, &enc))
2059 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
2060 goto done;
2061
2062 ret = 1;
2063 done:
2064 EVP_PKEY_free(key);
2065 EVP_PKEY_free(params);
2066 EVP_PKEY_CTX_free(kctx);
2067 EVP_PKEY_CTX_free(pctx);
2068 return ret;
2069 }
2070 #endif
2071
2072 #if !defined(OPENSSL_NO_SM2)
2073
2074 static int test_EVP_SM2_verify(void)
2075 {
2076 const char *pubkey =
2077 "-----BEGIN PUBLIC KEY-----\n"
2078 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
2079 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
2080 "-----END PUBLIC KEY-----\n";
2081
2082 const char *msg = "message digest";
2083 const char *id = "ALICE123@YAHOO.COM";
2084
2085 const uint8_t signature[] = {
2086 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
2087 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
2088 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
2089 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
2090 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
2091 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
2092 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
2093 };
2094
2095 int rc = 0;
2096 BIO *bio = NULL;
2097 EVP_PKEY *pkey = NULL;
2098 EVP_MD_CTX *mctx = NULL;
2099 EVP_PKEY_CTX *pctx = NULL;
2100 EVP_MD *sm3 = NULL;
2101
2102 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
2103 if (!TEST_true(bio != NULL))
2104 goto done;
2105
2106 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
2107 if (!TEST_true(pkey != NULL))
2108 goto done;
2109
2110 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
2111 goto done;
2112
2113 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
2114 goto done;
2115
2116 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2117 goto done;
2118
2119 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
2120
2121 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
2122 goto done;
2123
2124 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
2125 goto done;
2126
2127 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
2128 goto done;
2129
2130 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
2131 goto done;
2132
2133 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
2134 goto done;
2135 rc = 1;
2136
2137 done:
2138 BIO_free(bio);
2139 EVP_PKEY_free(pkey);
2140 EVP_PKEY_CTX_free(pctx);
2141 EVP_MD_CTX_free(mctx);
2142 EVP_MD_free(sm3);
2143 return rc;
2144 }
2145
2146 static int test_EVP_SM2(void)
2147 {
2148 int ret = 0;
2149 EVP_PKEY *pkey = NULL;
2150 EVP_PKEY *pkeyparams = NULL;
2151 EVP_PKEY_CTX *pctx = NULL;
2152 EVP_PKEY_CTX *kctx = NULL;
2153 EVP_PKEY_CTX *sctx = NULL;
2154 size_t sig_len = 0;
2155 unsigned char *sig = NULL;
2156 EVP_MD_CTX *md_ctx = NULL;
2157 EVP_MD_CTX *md_ctx_verify = NULL;
2158 EVP_PKEY_CTX *cctx = NULL;
2159 EVP_MD *check_md = NULL;
2160
2161 uint8_t ciphertext[128];
2162 size_t ctext_len = sizeof(ciphertext);
2163
2164 uint8_t plaintext[8];
2165 size_t ptext_len = sizeof(plaintext);
2166
2167 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
2168
2169 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
2170 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
2171 int i;
2172 char mdname[OSSL_MAX_NAME_SIZE];
2173
2174 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
2175 "SM2", testpropq)))
2176 goto done;
2177
2178 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
2179 goto done;
2180
2181 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0))
2182 goto done;
2183
2184 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
2185 goto done;
2186
2187 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2188 pkeyparams, testpropq)))
2189 goto done;
2190
2191 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0))
2192 goto done;
2193
2194 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
2195 goto done;
2196
2197 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
2198 goto done;
2199
2200 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
2201 goto done;
2202
2203 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2204 goto done;
2205
2206 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
2207 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
2208
2209 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
2210 goto done;
2211
2212 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
2213 goto done;
2214
2215 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
2216 goto done;
2217
2218 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
2219 goto done;
2220
2221 /* Determine the size of the signature. */
2222 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
2223 goto done;
2224
2225 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
2226 goto done;
2227
2228 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
2229 goto done;
2230
2231 /* Ensure that the signature round-trips. */
2232
2233 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
2234 pkey)))
2235 goto done;
2236
2237 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
2238 goto done;
2239
2240 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2241 goto done;
2242
2243 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2244 goto done;
2245
2246 /*
2247 * Try verify again with non-matching 0 length id but ensure that it can
2248 * be set on the context and overrides the previous value.
2249 */
2250
2251 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
2252 pkey)))
2253 goto done;
2254
2255 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0))
2256 goto done;
2257
2258 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2259 goto done;
2260
2261 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2262 goto done;
2263
2264 /* now check encryption/decryption */
2265
2266 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2267 mdname, sizeof(mdname));
2268 for (i = 0; i < 2; i++) {
2269 const char *mdnames[] = {
2270 #ifndef OPENSSL_NO_SM3
2271 "SM3",
2272 #else
2273 NULL,
2274 #endif
2275 "SHA2-256" };
2276 EVP_PKEY_CTX_free(cctx);
2277
2278 if (mdnames[i] == NULL)
2279 continue;
2280
2281 sparams[0] =
2282 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2283 (char *)mdnames[i], 0);
2284
2285 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2286 pkey, testpropq)))
2287 goto done;
2288
2289 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
2290 goto done;
2291
2292 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2293 goto done;
2294
2295 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
2296 sizeof(kMsg))))
2297 goto done;
2298
2299 if (!TEST_int_gt(EVP_PKEY_decrypt_init(cctx), 0))
2300 goto done;
2301
2302 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2303 goto done;
2304
2305 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
2306 ctext_len), 0))
2307 goto done;
2308
2309 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
2310 goto done;
2311
2312 /*
2313 * Test we're still using the digest we think we are.
2314 * Because of aliases, the easiest is to fetch the digest and
2315 * check the name with EVP_MD_is_a().
2316 */
2317 EVP_MD_free(check_md);
2318 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
2319 goto done;
2320 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
2321 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
2322 goto done;
2323 }
2324
2325 if (!TEST_true(ptext_len == sizeof(kMsg)))
2326 goto done;
2327
2328 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
2329 goto done;
2330 }
2331
2332 ret = 1;
2333 done:
2334 EVP_PKEY_CTX_free(pctx);
2335 EVP_PKEY_CTX_free(kctx);
2336 EVP_PKEY_CTX_free(sctx);
2337 EVP_PKEY_CTX_free(cctx);
2338 EVP_PKEY_free(pkey);
2339 EVP_PKEY_free(pkeyparams);
2340 EVP_MD_CTX_free(md_ctx);
2341 EVP_MD_CTX_free(md_ctx_verify);
2342 EVP_MD_free(check_md);
2343 OPENSSL_free(sig);
2344 return ret;
2345 }
2346
2347 #endif
2348
2349 static struct keys_st {
2350 int type;
2351 char *priv;
2352 char *pub;
2353 } keys[] = {
2354 {
2355 EVP_PKEY_HMAC, "0123456789", NULL
2356 },
2357 {
2358 EVP_PKEY_HMAC, "", NULL
2359 #ifndef OPENSSL_NO_POLY1305
2360 }, {
2361 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
2362 #endif
2363 #ifndef OPENSSL_NO_SIPHASH
2364 }, {
2365 EVP_PKEY_SIPHASH, "0123456789012345", NULL
2366 #endif
2367 },
2368 #ifndef OPENSSL_NO_ECX
2369 {
2370 EVP_PKEY_X25519, "01234567890123456789012345678901",
2371 "abcdefghijklmnopqrstuvwxyzabcdef"
2372 }, {
2373 EVP_PKEY_ED25519, "01234567890123456789012345678901",
2374 "abcdefghijklmnopqrstuvwxyzabcdef"
2375 }, {
2376 EVP_PKEY_X448,
2377 "01234567890123456789012345678901234567890123456789012345",
2378 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2379 }, {
2380 EVP_PKEY_ED448,
2381 "012345678901234567890123456789012345678901234567890123456",
2382 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2383 }
2384 #endif
2385 };
2386
2387 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
2388 {
2389 int ret = 0;
2390 unsigned char buf[80];
2391 unsigned char *in;
2392 size_t inlen, len = 0, shortlen = 1;
2393 EVP_PKEY *pkey;
2394
2395 /* Check if this algorithm supports public keys */
2396 if (pub && keys[tst].pub == NULL)
2397 return 1;
2398
2399 memset(buf, 0, sizeof(buf));
2400
2401 if (pub) {
2402 #ifndef OPENSSL_NO_EC
2403 inlen = strlen(keys[tst].pub);
2404 in = (unsigned char *)keys[tst].pub;
2405 if (uselibctx) {
2406 pkey = EVP_PKEY_new_raw_public_key_ex(
2407 testctx,
2408 OBJ_nid2sn(keys[tst].type),
2409 NULL,
2410 in,
2411 inlen);
2412 } else {
2413 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
2414 NULL,
2415 in,
2416 inlen);
2417 }
2418 #else
2419 return 1;
2420 #endif
2421 } else {
2422 inlen = strlen(keys[tst].priv);
2423 in = (unsigned char *)keys[tst].priv;
2424 if (uselibctx) {
2425 pkey = EVP_PKEY_new_raw_private_key_ex(
2426 testctx, OBJ_nid2sn(keys[tst].type),
2427 NULL,
2428 in,
2429 inlen);
2430 } else {
2431 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
2432 NULL,
2433 in,
2434 inlen);
2435 }
2436 }
2437
2438 if (!TEST_ptr(pkey)
2439 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
2440 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
2441 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
2442 || !TEST_true(len == inlen))
2443 goto done;
2444 if (tst != 1) {
2445 /*
2446 * Test that supplying a buffer that is too small fails. Doesn't apply
2447 * to HMAC with a zero length key
2448 */
2449 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
2450 &shortlen)))
2451 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
2452 &shortlen))))
2453 goto done;
2454 }
2455 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
2456 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
2457 || !TEST_mem_eq(in, inlen, buf, len))
2458 goto done;
2459
2460 ret = 1;
2461 done:
2462 EVP_PKEY_free(pkey);
2463 return ret;
2464 }
2465
2466 static int test_set_get_raw_keys(int tst)
2467 {
2468 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
2469 && test_set_get_raw_keys_int(tst, 0, 1)
2470 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
2471 && test_set_get_raw_keys_int(tst, 1, 1);
2472 }
2473
2474 #ifndef OPENSSL_NO_DEPRECATED_3_0
2475 static int pkey_custom_check(EVP_PKEY *pkey)
2476 {
2477 return 0xbeef;
2478 }
2479
2480 static int pkey_custom_pub_check(EVP_PKEY *pkey)
2481 {
2482 return 0xbeef;
2483 }
2484
2485 static int pkey_custom_param_check(EVP_PKEY *pkey)
2486 {
2487 return 0xbeef;
2488 }
2489
2490 static EVP_PKEY_METHOD *custom_pmeth;
2491 #endif
2492
2493 static int test_EVP_PKEY_check(int i)
2494 {
2495 int ret = 0;
2496 EVP_PKEY *pkey = NULL;
2497 EVP_PKEY_CTX *ctx = NULL;
2498 #ifndef OPENSSL_NO_DEPRECATED_3_0
2499 EVP_PKEY_CTX *ctx2 = NULL;
2500 #endif
2501 const APK_DATA *ak = &keycheckdata[i];
2502 const unsigned char *input = ak->kder;
2503 size_t input_len = ak->size;
2504 int expected_id = ak->evptype;
2505 int expected_check = ak->check;
2506 int expected_pub_check = ak->pub_check;
2507 int expected_param_check = ak->param_check;
2508 int type = ak->type;
2509
2510 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
2511 goto done;
2512 if (type == 0
2513 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2514 goto done;
2515
2516 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2517 goto done;
2518
2519 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
2520 goto done;
2521
2522 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
2523 goto done;
2524
2525 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
2526 goto done;
2527
2528 #ifndef OPENSSL_NO_DEPRECATED_3_0
2529 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
2530 /* assign the pkey directly, as an internal test */
2531 EVP_PKEY_up_ref(pkey);
2532 ctx2->pkey = pkey;
2533
2534 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
2535 goto done;
2536
2537 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
2538 goto done;
2539
2540 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
2541 goto done;
2542 #endif
2543
2544 ret = 1;
2545
2546 done:
2547 EVP_PKEY_CTX_free(ctx);
2548 #ifndef OPENSSL_NO_DEPRECATED_3_0
2549 EVP_PKEY_CTX_free(ctx2);
2550 #endif
2551 EVP_PKEY_free(pkey);
2552 return ret;
2553 }
2554
2555 #ifndef OPENSSL_NO_CMAC
2556 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
2557 {
2558 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
2559 const char msg[] = "Hello World";
2560 size_t maclen = AES_BLOCK_SIZE;
2561 int ret = 1;
2562
2563 if (!TEST_ptr(mdctx)
2564 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
2565 testpropq, pkey, NULL))
2566 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
2567 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
2568 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
2569 ret = 0;
2570
2571 EVP_MD_CTX_free(mdctx);
2572
2573 return ret;
2574 }
2575 static int test_CMAC_keygen(void)
2576 {
2577 static unsigned char key[] = {
2578 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2579 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2580 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2581 };
2582 EVP_PKEY_CTX *kctx = NULL;
2583 int ret = 0;
2584 EVP_PKEY *pkey = NULL;
2585 unsigned char mac[AES_BLOCK_SIZE];
2586 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2587 unsigned char mac2[AES_BLOCK_SIZE];
2588 # endif
2589
2590 if (nullprov != NULL)
2591 return TEST_skip("Test does not support a non-default library context");
2592
2593 /*
2594 * This is a legacy method for CMACs, but should still work.
2595 * This verifies that it works without an ENGINE.
2596 */
2597 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2598
2599 /* Test a CMAC key created using the "generated" method */
2600 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2601 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2602 EVP_PKEY_CTRL_CIPHER,
2603 0, (void *)EVP_aes_256_cbc()), 0)
2604 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2605 EVP_PKEY_CTRL_SET_MAC_KEY,
2606 sizeof(key), (void *)key), 0)
2607 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2608 || !TEST_ptr(pkey)
2609 || !TEST_true(get_cmac_val(pkey, mac)))
2610 goto done;
2611
2612 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2613 EVP_PKEY_free(pkey);
2614
2615 /*
2616 * Test a CMAC key using the direct method, and compare with the mac
2617 * created above.
2618 */
2619 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_cbc());
2620 if (!TEST_ptr(pkey)
2621 || !TEST_true(get_cmac_val(pkey, mac2))
2622 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
2623 goto done;
2624 # endif
2625
2626 ret = 1;
2627
2628 done:
2629 EVP_PKEY_free(pkey);
2630 EVP_PKEY_CTX_free(kctx);
2631 return ret;
2632 }
2633 #endif
2634
2635 static int test_HKDF(void)
2636 {
2637 EVP_PKEY_CTX *pctx;
2638 unsigned char out[20];
2639 size_t outlen;
2640 int i, ret = 0;
2641 unsigned char salt[] = "0123456789";
2642 unsigned char key[] = "012345678901234567890123456789";
2643 unsigned char info[] = "infostring";
2644 const unsigned char expected[] = {
2645 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2646 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2647 };
2648 size_t expectedlen = sizeof(expected);
2649
2650 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2651 goto done;
2652
2653 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2654 for (i = 0; i < 2; i++) {
2655 outlen = sizeof(out);
2656 memset(out, 0, outlen);
2657
2658 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2659 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2660 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2661 sizeof(salt) - 1), 0)
2662 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2663 sizeof(key) - 1), 0)
2664 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2665 sizeof(info) - 1), 0)
2666 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2667 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2668 goto done;
2669 }
2670
2671 ret = 1;
2672
2673 done:
2674 EVP_PKEY_CTX_free(pctx);
2675
2676 return ret;
2677 }
2678
2679 static int test_emptyikm_HKDF(void)
2680 {
2681 EVP_PKEY_CTX *pctx;
2682 unsigned char out[20];
2683 size_t outlen;
2684 int ret = 0;
2685 unsigned char salt[] = "9876543210";
2686 unsigned char key[] = "";
2687 unsigned char info[] = "stringinfo";
2688 const unsigned char expected[] = {
2689 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2690 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2691 };
2692 size_t expectedlen = sizeof(expected);
2693
2694 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2695 goto done;
2696
2697 outlen = sizeof(out);
2698 memset(out, 0, outlen);
2699
2700 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2701 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2702 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2703 sizeof(salt) - 1), 0)
2704 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2705 sizeof(key) - 1), 0)
2706 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2707 sizeof(info) - 1), 0)
2708 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2709 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2710 goto done;
2711
2712 ret = 1;
2713
2714 done:
2715 EVP_PKEY_CTX_free(pctx);
2716
2717 return ret;
2718 }
2719
2720 #ifndef OPENSSL_NO_EC
2721 static int test_X509_PUBKEY_inplace(void)
2722 {
2723 int ret = 0;
2724 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
2725 const unsigned char *p = kExampleECPubKeyDER;
2726 size_t input_len = sizeof(kExampleECPubKeyDER);
2727
2728 if (!TEST_ptr(xp))
2729 goto done;
2730 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
2731 goto done;
2732
2733 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2734 goto done;
2735
2736 p = kExampleBadECPubKeyDER;
2737 input_len = sizeof(kExampleBadECPubKeyDER);
2738
2739 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2740 goto done;
2741
2742 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2743 goto done;
2744
2745 ret = 1;
2746
2747 done:
2748 X509_PUBKEY_free(xp);
2749 return ret;
2750 }
2751
2752 static int test_X509_PUBKEY_dup(void)
2753 {
2754 int ret = 0;
2755 X509_PUBKEY *xp = NULL, *xq = NULL;
2756 const unsigned char *p = kExampleECPubKeyDER;
2757 size_t input_len = sizeof(kExampleECPubKeyDER);
2758
2759 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2760 if (!TEST_ptr(xp)
2761 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
2762 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2763 || !TEST_ptr_ne(xp, xq))
2764 goto done;
2765
2766 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2767 || !TEST_ptr(X509_PUBKEY_get0(xp))
2768 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
2769 goto done;
2770
2771 X509_PUBKEY_free(xq);
2772 xq = NULL;
2773 p = kExampleBadECPubKeyDER;
2774 input_len = sizeof(kExampleBadECPubKeyDER);
2775
2776 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2777 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2778 goto done;
2779
2780 X509_PUBKEY_free(xp);
2781 xp = NULL;
2782 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2783 goto done;
2784
2785 ret = 1;
2786
2787 done:
2788 X509_PUBKEY_free(xp);
2789 X509_PUBKEY_free(xq);
2790 return ret;
2791 }
2792 #endif /* OPENSSL_NO_EC */
2793
2794 /* Test getting and setting parameters on an EVP_PKEY_CTX */
2795 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
2796 {
2797 EVP_MD_CTX *mdctx = NULL;
2798 EVP_PKEY_CTX *ctx = NULL;
2799 const OSSL_PARAM *params;
2800 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
2801 int ret = 0;
2802 const EVP_MD *md;
2803 char mdname[OSSL_MAX_NAME_SIZE];
2804 char ssl3ms[48];
2805
2806 /* Initialise a sign operation */
2807 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
2808 if (!TEST_ptr(ctx)
2809 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
2810 goto err;
2811
2812 /*
2813 * We should be able to query the parameters now.
2814 */
2815 params = EVP_PKEY_CTX_settable_params(ctx);
2816 if (!TEST_ptr(params)
2817 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2818 OSSL_SIGNATURE_PARAM_DIGEST)))
2819 goto err;
2820
2821 params = EVP_PKEY_CTX_gettable_params(ctx);
2822 if (!TEST_ptr(params)
2823 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2824 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
2825 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2826 OSSL_SIGNATURE_PARAM_DIGEST)))
2827 goto err;
2828
2829 /*
2830 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2831 * EVP_PKEY_CTX_get_params()
2832 */
2833 strcpy(mdname, "SHA512");
2834 param_md = param;
2835 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2836 mdname, 0);
2837 *param++ = OSSL_PARAM_construct_end();
2838
2839 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2840 goto err;
2841
2842 mdname[0] = '\0';
2843 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2844 mdname, sizeof(mdname));
2845 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
2846 || !TEST_str_eq(mdname, "SHA512"))
2847 goto err;
2848
2849 /*
2850 * Test the TEST_PKEY_CTX_set_signature_md() and
2851 * TEST_PKEY_CTX_get_signature_md() functions
2852 */
2853 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2854 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2855 || !TEST_ptr_eq(md, EVP_sha256()))
2856 goto err;
2857
2858 /*
2859 * Test getting MD parameters via an associated EVP_PKEY_CTX
2860 */
2861 mdctx = EVP_MD_CTX_new();
2862 if (!TEST_ptr(mdctx)
2863 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2864 pkey, NULL)))
2865 goto err;
2866
2867 /*
2868 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2869 * able to obtain the digest's settable parameters from the provider.
2870 */
2871 params = EVP_MD_CTX_settable_params(mdctx);
2872 if (!TEST_ptr(params)
2873 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2874 /* The final key should be NULL */
2875 || !TEST_ptr_null(params[1].key))
2876 goto err;
2877
2878 param = ourparams;
2879 memset(ssl3ms, 0, sizeof(ssl3ms));
2880 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2881 ssl3ms, sizeof(ssl3ms));
2882 *param++ = OSSL_PARAM_construct_end();
2883
2884 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2885 goto err;
2886
2887 ret = 1;
2888
2889 err:
2890 EVP_MD_CTX_free(mdctx);
2891 EVP_PKEY_CTX_free(ctx);
2892
2893 return ret;
2894 }
2895
2896 #ifndef OPENSSL_NO_DSA
2897 static int test_DSA_get_set_params(void)
2898 {
2899 OSSL_PARAM_BLD *bld = NULL;
2900 OSSL_PARAM *params = NULL;
2901 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2902 EVP_PKEY_CTX *pctx = NULL;
2903 EVP_PKEY *pkey = NULL;
2904 int ret = 0;
2905
2906 /*
2907 * Setup the parameters for our DSA object. For our purposes they don't
2908 * have to actually be *valid* parameters. We just need to set something.
2909 */
2910 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2911 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2912 || !TEST_ptr(p = BN_new())
2913 || !TEST_ptr(q = BN_new())
2914 || !TEST_ptr(g = BN_new())
2915 || !TEST_ptr(pub = BN_new())
2916 || !TEST_ptr(priv = BN_new()))
2917 goto err;
2918 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2919 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2920 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2921 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2922 pub))
2923 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2924 priv)))
2925 goto err;
2926 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2927 goto err;
2928
2929 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2930 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2931 params), 0))
2932 goto err;
2933
2934 if (!TEST_ptr(pkey))
2935 goto err;
2936
2937 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2938
2939 err:
2940 EVP_PKEY_free(pkey);
2941 EVP_PKEY_CTX_free(pctx);
2942 OSSL_PARAM_free(params);
2943 OSSL_PARAM_BLD_free(bld);
2944 BN_free(p);
2945 BN_free(q);
2946 BN_free(g);
2947 BN_free(pub);
2948 BN_free(priv);
2949
2950 return ret;
2951 }
2952
2953 /*
2954 * Test combinations of private, public, missing and private + public key
2955 * params to ensure they are all accepted
2956 */
2957 static int test_DSA_priv_pub(void)
2958 {
2959 return test_EVP_PKEY_ffc_priv_pub("DSA");
2960 }
2961
2962 #endif /* !OPENSSL_NO_DSA */
2963
2964 static int test_RSA_get_set_params(void)
2965 {
2966 OSSL_PARAM_BLD *bld = NULL;
2967 OSSL_PARAM *params = NULL;
2968 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2969 EVP_PKEY_CTX *pctx = NULL;
2970 EVP_PKEY *pkey = NULL;
2971 int ret = 0;
2972
2973 /*
2974 * Setup the parameters for our RSA object. For our purposes they don't
2975 * have to actually be *valid* parameters. We just need to set something.
2976 */
2977 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2978 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2979 || !TEST_ptr(n = BN_new())
2980 || !TEST_ptr(e = BN_new())
2981 || !TEST_ptr(d = BN_new()))
2982 goto err;
2983 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2984 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2985 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2986 goto err;
2987 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2988 goto err;
2989
2990 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2991 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2992 params), 0))
2993 goto err;
2994
2995 if (!TEST_ptr(pkey))
2996 goto err;
2997
2998 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2999
3000 err:
3001 EVP_PKEY_free(pkey);
3002 EVP_PKEY_CTX_free(pctx);
3003 OSSL_PARAM_free(params);
3004 OSSL_PARAM_BLD_free(bld);
3005 BN_free(n);
3006 BN_free(e);
3007 BN_free(d);
3008
3009 return ret;
3010 }
3011
3012 static int test_RSA_OAEP_set_get_params(void)
3013 {
3014 int ret = 0;
3015 EVP_PKEY *key = NULL;
3016 EVP_PKEY_CTX *key_ctx = NULL;
3017
3018 if (nullprov != NULL)
3019 return TEST_skip("Test does not support a non-default library context");
3020
3021 if (!TEST_ptr(key = load_example_rsa_key())
3022 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(0, key, 0)))
3023 goto err;
3024
3025 {
3026 int padding = RSA_PKCS1_OAEP_PADDING;
3027 OSSL_PARAM params[4];
3028
3029 params[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE, &padding);
3030 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
3031 OSSL_DIGEST_NAME_SHA2_256, 0);
3032 params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
3033 OSSL_DIGEST_NAME_SHA1, 0);
3034 params[3] = OSSL_PARAM_construct_end();
3035
3036 if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params),0))
3037 goto err;
3038 }
3039 {
3040 OSSL_PARAM params[3];
3041 char oaepmd[30] = { '\0' };
3042 char mgf1md[30] = { '\0' };
3043
3044 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
3045 oaepmd, sizeof(oaepmd));
3046 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
3047 mgf1md, sizeof(mgf1md));
3048 params[2] = OSSL_PARAM_construct_end();
3049
3050 if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx, params)))
3051 goto err;
3052
3053 if (!TEST_str_eq(oaepmd, OSSL_DIGEST_NAME_SHA2_256)
3054 || !TEST_str_eq(mgf1md, OSSL_DIGEST_NAME_SHA1))
3055 goto err;
3056 }
3057
3058 ret = 1;
3059
3060 err:
3061 EVP_PKEY_free(key);
3062 EVP_PKEY_CTX_free(key_ctx);
3063
3064 return ret;
3065 }
3066
3067 /* https://github.com/openssl/openssl/issues/21288 */
3068 static int test_RSA_OAEP_set_null_label(void)
3069 {
3070 int ret = 0;
3071 EVP_PKEY *key = NULL;
3072 EVP_PKEY_CTX *key_ctx = NULL;
3073
3074 if (!TEST_ptr(key = load_example_rsa_key())
3075 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(testctx, key, NULL))
3076 || !TEST_true(EVP_PKEY_encrypt_init(key_ctx)))
3077 goto err;
3078
3079 if (!TEST_true(EVP_PKEY_CTX_set_rsa_padding(key_ctx, RSA_PKCS1_OAEP_PADDING)))
3080 goto err;
3081
3082 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, OPENSSL_strdup("foo"), 0)))
3083 goto err;
3084
3085 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, NULL, 0)))
3086 goto err;
3087
3088 ret = 1;
3089
3090 err:
3091 EVP_PKEY_free(key);
3092 EVP_PKEY_CTX_free(key_ctx);
3093
3094 return ret;
3095 }
3096
3097 #ifndef OPENSSL_NO_DEPRECATED_3_0
3098 static int test_RSA_legacy(void)
3099 {
3100 int ret = 0;
3101 BIGNUM *p = NULL;
3102 BIGNUM *q = NULL;
3103 BIGNUM *n = NULL;
3104 BIGNUM *e = NULL;
3105 BIGNUM *d = NULL;
3106 const EVP_MD *md = EVP_sha256();
3107 EVP_MD_CTX *ctx = NULL;
3108 EVP_PKEY *pkey = NULL;
3109 RSA *rsa = NULL;
3110
3111 if (nullprov != NULL)
3112 return TEST_skip("Test does not support a non-default library context");
3113
3114 if (!TEST_ptr(p = BN_dup(BN_value_one()))
3115 || !TEST_ptr(q = BN_dup(BN_value_one()))
3116 || !TEST_ptr(n = BN_dup(BN_value_one()))
3117 || !TEST_ptr(e = BN_dup(BN_value_one()))
3118 || !TEST_ptr(d = BN_dup(BN_value_one())))
3119 goto err;
3120
3121 if (!TEST_ptr(rsa = RSA_new())
3122 || !TEST_ptr(pkey = EVP_PKEY_new())
3123 || !TEST_ptr(ctx = EVP_MD_CTX_new()))
3124 goto err;
3125
3126 if (!TEST_true(RSA_set0_factors(rsa, p, q)))
3127 goto err;
3128 p = NULL;
3129 q = NULL;
3130
3131 if (!TEST_true(RSA_set0_key(rsa, n, e, d)))
3132 goto err;
3133 n = NULL;
3134 e = NULL;
3135 d = NULL;
3136
3137 if (!TEST_true(EVP_PKEY_assign_RSA(pkey, rsa)))
3138 goto err;
3139
3140 rsa = NULL;
3141
3142 if (!TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey)))
3143 goto err;
3144
3145 ret = 1;
3146
3147 err:
3148 RSA_free(rsa);
3149 EVP_MD_CTX_free(ctx);
3150 EVP_PKEY_free(pkey);
3151 BN_free(p);
3152 BN_free(q);
3153 BN_free(n);
3154 BN_free(e);
3155 BN_free(d);
3156
3157 return ret;
3158 }
3159 #endif
3160
3161 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
3162 static int test_decrypt_null_chunks(void)
3163 {
3164 EVP_CIPHER_CTX* ctx = NULL;
3165 EVP_CIPHER *cipher = NULL;
3166 const unsigned char key[32] = {
3167 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
3168 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
3169 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
3170 };
3171 unsigned char iv[12] = {
3172 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
3173 };
3174 unsigned char msg[] = "It was the best of times, it was the worst of times";
3175 unsigned char ciphertext[80];
3176 unsigned char plaintext[80];
3177 /* We initialise tmp to a non zero value on purpose */
3178 int ctlen, ptlen, tmp = 99;
3179 int ret = 0;
3180 const int enc_offset = 10, dec_offset = 20;
3181
3182 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
3183 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
3184 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
3185 key, iv))
3186 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
3187 enc_offset))
3188 /* Deliberate add a zero length update */
3189 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
3190 0))
3191 || !TEST_int_eq(tmp, 0)
3192 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
3193 msg + enc_offset,
3194 sizeof(msg) - enc_offset))
3195 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
3196 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
3197 || !TEST_int_eq(tmp, 0))
3198 goto err;
3199
3200 /* Deliberately initialise tmp to a non zero value */
3201 tmp = 99;
3202 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
3203 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
3204 dec_offset))
3205 /*
3206 * Deliberately add a zero length update. We also deliberately do
3207 * this at a different offset than for encryption.
3208 */
3209 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
3210 0))
3211 || !TEST_int_eq(tmp, 0)
3212 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
3213 ciphertext + dec_offset,
3214 ctlen - dec_offset))
3215 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
3216 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
3217 || !TEST_int_eq(tmp, 0)
3218 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
3219 goto err;
3220
3221 ret = 1;
3222 err:
3223 EVP_CIPHER_CTX_free(ctx);
3224 EVP_CIPHER_free(cipher);
3225 return ret;
3226 }
3227 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
3228
3229 #ifndef OPENSSL_NO_DH
3230 /*
3231 * Test combinations of private, public, missing and private + public key
3232 * params to ensure they are all accepted
3233 */
3234 static int test_DH_priv_pub(void)
3235 {
3236 return test_EVP_PKEY_ffc_priv_pub("DH");
3237 }
3238
3239 # ifndef OPENSSL_NO_DEPRECATED_3_0
3240 static int test_EVP_PKEY_set1_DH(void)
3241 {
3242 DH *x942dh = NULL, *noqdh = NULL;
3243 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
3244 int ret = 0;
3245 BIGNUM *p, *g = NULL;
3246 BIGNUM *pubkey = NULL;
3247 unsigned char pub[2048 / 8];
3248 size_t len = 0;
3249
3250 if (!TEST_ptr(p = BN_new())
3251 || !TEST_ptr(g = BN_new())
3252 || !TEST_ptr(pubkey = BN_new())
3253 || !TEST_true(BN_set_word(p, 9999))
3254 || !TEST_true(BN_set_word(g, 2))
3255 || !TEST_true(BN_set_word(pubkey, 4321))
3256 || !TEST_ptr(noqdh = DH_new())
3257 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
3258 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
3259 || !TEST_ptr(pubkey = BN_new())
3260 || !TEST_true(BN_set_word(pubkey, 4321)))
3261 goto err;
3262 p = g = NULL;
3263
3264 x942dh = DH_get_2048_256();
3265 pkey1 = EVP_PKEY_new();
3266 pkey2 = EVP_PKEY_new();
3267 if (!TEST_ptr(x942dh)
3268 || !TEST_ptr(noqdh)
3269 || !TEST_ptr(pkey1)
3270 || !TEST_ptr(pkey2)
3271 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
3272 goto err;
3273 pubkey = NULL;
3274
3275 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
3276 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
3277 goto err;
3278
3279 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
3280 &pubkey))
3281 || !TEST_ptr(pubkey))
3282 goto err;
3283
3284 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
3285 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
3286 goto err;
3287
3288 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
3289 OSSL_PKEY_PARAM_PUB_KEY,
3290 pub, sizeof(pub), &len))
3291 || !TEST_size_t_ne(len, 0))
3292 goto err;
3293
3294 ret = 1;
3295 err:
3296 BN_free(p);
3297 BN_free(g);
3298 BN_free(pubkey);
3299 EVP_PKEY_free(pkey1);
3300 EVP_PKEY_free(pkey2);
3301 DH_free(x942dh);
3302 DH_free(noqdh);
3303
3304 return ret;
3305 }
3306 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
3307 #endif /* !OPENSSL_NO_DH */
3308
3309 /*
3310 * We test what happens with an empty template. For the sake of this test,
3311 * the template must be ignored, and we know that's the case for RSA keys
3312 * (this might arguably be a misfeature, but that's what we currently do,
3313 * even in provider code, since that's how the legacy RSA implementation
3314 * does things)
3315 */
3316 static int test_keygen_with_empty_template(int n)
3317 {
3318 EVP_PKEY_CTX *ctx = NULL;
3319 EVP_PKEY *pkey = NULL;
3320 EVP_PKEY *tkey = NULL;
3321 int ret = 0;
3322
3323 if (nullprov != NULL)
3324 return TEST_skip("Test does not support a non-default library context");
3325
3326 switch (n) {
3327 case 0:
3328 /* We do test with no template at all as well */
3329 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
3330 goto err;
3331 break;
3332 case 1:
3333 /* Here we create an empty RSA key that serves as our template */
3334 if (!TEST_ptr(tkey = EVP_PKEY_new())
3335 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
3336 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
3337 goto err;
3338 break;
3339 }
3340
3341 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3342 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
3343 goto err;
3344
3345 ret = 1;
3346 err:
3347 EVP_PKEY_CTX_free(ctx);
3348 EVP_PKEY_free(pkey);
3349 EVP_PKEY_free(tkey);
3350 return ret;
3351 }
3352
3353 /*
3354 * Test that we fail if we attempt to use an algorithm that is not available
3355 * in the current library context (unless we are using an algorithm that
3356 * should be made available via legacy codepaths).
3357 *
3358 * 0: RSA
3359 * 1: SM2
3360 */
3361 static int test_pkey_ctx_fail_without_provider(int tst)
3362 {
3363 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
3364 OSSL_PROVIDER *tmpnullprov = NULL;
3365 EVP_PKEY_CTX *pctx = NULL;
3366 const char *keytype = NULL;
3367 int expect_null = 0;
3368 int ret = 0;
3369
3370 if (!TEST_ptr(tmpctx))
3371 goto err;
3372
3373 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
3374 if (!TEST_ptr(tmpnullprov))
3375 goto err;
3376
3377 /*
3378 * We check for certain algos in the null provider.
3379 * If an algo is expected to have a provider keymgmt, constructing an
3380 * EVP_PKEY_CTX is expected to fail (return NULL).
3381 * Otherwise, if it's expected to have legacy support, constructing an
3382 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
3383 */
3384 switch (tst) {
3385 case 0:
3386 keytype = "RSA";
3387 expect_null = 1;
3388 break;
3389 case 1:
3390 keytype = "SM2";
3391 expect_null = 1;
3392 #ifdef OPENSSL_NO_EC
3393 TEST_info("EC disable, skipping SM2 check...");
3394 goto end;
3395 #endif
3396 #ifdef OPENSSL_NO_SM2
3397 TEST_info("SM2 disable, skipping SM2 check...");
3398 goto end;
3399 #endif
3400 break;
3401 default:
3402 TEST_error("No test for case %d", tst);
3403 goto err;
3404 }
3405
3406 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
3407 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
3408 goto err;
3409
3410 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
3411 end:
3412 #endif
3413 ret = 1;
3414
3415 err:
3416 EVP_PKEY_CTX_free(pctx);
3417 OSSL_PROVIDER_unload(tmpnullprov);
3418 OSSL_LIB_CTX_free(tmpctx);
3419 return ret;
3420 }
3421
3422 static int test_rand_agglomeration(void)
3423 {
3424 EVP_RAND *rand;
3425 EVP_RAND_CTX *ctx;
3426 OSSL_PARAM params[3], *p = params;
3427 int res;
3428 unsigned int step = 7;
3429 static unsigned char seed[] = "It does not matter how slowly you go "
3430 "as long as you do not stop.";
3431 unsigned char out[sizeof(seed)];
3432
3433 if (!TEST_int_ne(sizeof(seed) % step, 0)
3434 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
3435 return 0;
3436 ctx = EVP_RAND_CTX_new(rand, NULL);
3437 EVP_RAND_free(rand);
3438 if (!TEST_ptr(ctx))
3439 return 0;
3440
3441 memset(out, 0, sizeof(out));
3442 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
3443 seed, sizeof(seed));
3444 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
3445 *p = OSSL_PARAM_construct_end();
3446 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
3447 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
3448 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
3449 EVP_RAND_CTX_free(ctx);
3450 return res;
3451 }
3452
3453 /*
3454 * Test that we correctly return the original or "running" IV after
3455 * an encryption operation.
3456 * Run multiple times for some different relevant algorithms/modes.
3457 */
3458 static int test_evp_iv_aes(int idx)
3459 {
3460 int ret = 0;
3461 EVP_CIPHER_CTX *ctx = NULL;
3462 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
3463 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
3464 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
3465 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
3466 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
3467 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3468 9, 10, 11, 12, 13, 14, 15, 16 };
3469 unsigned char ciphertext[32], oiv[16], iv[16];
3470 unsigned char *ref_iv;
3471 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
3472 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
3473
3474 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
3475 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
3476 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
3477 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
3478 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3479 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3480 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
3481 #ifndef OPENSSL_NO_OCB
3482 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3483 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3484 #endif
3485 int len = sizeof(ciphertext);
3486 size_t ivlen, ref_len;
3487 const EVP_CIPHER *type = NULL;
3488 int iv_reset = 0;
3489
3490 if (nullprov != NULL && idx < 6)
3491 return TEST_skip("Test does not support a non-default library context");
3492
3493 switch (idx) {
3494 case 0:
3495 type = EVP_aes_128_cbc();
3496 /* FALLTHROUGH */
3497 case 6:
3498 type = (type != NULL) ? type :
3499 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
3500 ref_iv = cbc_state;
3501 ref_len = sizeof(cbc_state);
3502 iv_reset = 1;
3503 break;
3504 case 1:
3505 type = EVP_aes_128_ofb();
3506 /* FALLTHROUGH */
3507 case 7:
3508 type = (type != NULL) ? type :
3509 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
3510 ref_iv = ofb_state;
3511 ref_len = sizeof(ofb_state);
3512 iv_reset = 1;
3513 break;
3514 case 2:
3515 type = EVP_aes_128_cfb();
3516 /* FALLTHROUGH */
3517 case 8:
3518 type = (type != NULL) ? type :
3519 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
3520 ref_iv = cfb_state;
3521 ref_len = sizeof(cfb_state);
3522 iv_reset = 1;
3523 break;
3524 case 3:
3525 type = EVP_aes_128_gcm();
3526 /* FALLTHROUGH */
3527 case 9:
3528 type = (type != NULL) ? type :
3529 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
3530 ref_iv = gcm_state;
3531 ref_len = sizeof(gcm_state);
3532 break;
3533 case 4:
3534 type = EVP_aes_128_ccm();
3535 /* FALLTHROUGH */
3536 case 10:
3537 type = (type != NULL) ? type :
3538 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
3539 ref_iv = ccm_state;
3540 ref_len = sizeof(ccm_state);
3541 break;
3542 #ifdef OPENSSL_NO_OCB
3543 case 5:
3544 case 11:
3545 return 1;
3546 #else
3547 case 5:
3548 type = EVP_aes_128_ocb();
3549 /* FALLTHROUGH */
3550 case 11:
3551 type = (type != NULL) ? type :
3552 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
3553 ref_iv = ocb_state;
3554 ref_len = sizeof(ocb_state);
3555 break;
3556 #endif
3557 default:
3558 return 0;
3559 }
3560
3561 if (!TEST_ptr(type)
3562 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3563 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3564 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3565 (int)sizeof(msg)))
3566 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3567 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3568 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3569 goto err;
3570 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3571
3572 if (!TEST_int_gt(ivlen, 0))
3573 goto err;
3574
3575 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3576 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3577 goto err;
3578
3579 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3580 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3581 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3582 goto err;
3583 if (iv_reset) {
3584 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3585 goto err;
3586 } else {
3587 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
3588 goto err;
3589 }
3590
3591 ret = 1;
3592 err:
3593 EVP_CIPHER_CTX_free(ctx);
3594 if (idx >= 6)
3595 EVP_CIPHER_free((EVP_CIPHER *)type);
3596 return ret;
3597 }
3598
3599 #ifndef OPENSSL_NO_DES
3600 static int test_evp_iv_des(int idx)
3601 {
3602 int ret = 0;
3603 EVP_CIPHER_CTX *ctx = NULL;
3604 static const unsigned char key[24] = {
3605 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3606 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3607 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3608 };
3609 static const unsigned char init_iv[8] = {
3610 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3611 };
3612 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3613 9, 10, 11, 12, 13, 14, 15, 16 };
3614 unsigned char ciphertext[32], oiv[8], iv[8];
3615 unsigned const char *ref_iv;
3616 static const unsigned char cbc_state_des[8] = {
3617 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3618 };
3619 static const unsigned char cbc_state_3des[8] = {
3620 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3621 };
3622 static const unsigned char ofb_state_des[8] = {
3623 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3624 };
3625 static const unsigned char ofb_state_3des[8] = {
3626 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3627 };
3628 static const unsigned char cfb_state_des[8] = {
3629 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3630 };
3631 static const unsigned char cfb_state_3des[8] = {
3632 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3633 };
3634 int len = sizeof(ciphertext);
3635 size_t ivlen, ref_len;
3636 EVP_CIPHER *type = NULL;
3637
3638 if (lgcyprov == NULL && idx < 3)
3639 return TEST_skip("Test requires legacy provider to be loaded");
3640
3641 switch (idx) {
3642 case 0:
3643 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
3644 ref_iv = cbc_state_des;
3645 ref_len = sizeof(cbc_state_des);
3646 break;
3647 case 1:
3648 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
3649 ref_iv = ofb_state_des;
3650 ref_len = sizeof(ofb_state_des);
3651 break;
3652 case 2:
3653 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
3654 ref_iv = cfb_state_des;
3655 ref_len = sizeof(cfb_state_des);
3656 break;
3657 case 3:
3658 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
3659 ref_iv = cbc_state_3des;
3660 ref_len = sizeof(cbc_state_3des);
3661 break;
3662 case 4:
3663 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
3664 ref_iv = ofb_state_3des;
3665 ref_len = sizeof(ofb_state_3des);
3666 break;
3667 case 5:
3668 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
3669 ref_iv = cfb_state_3des;
3670 ref_len = sizeof(cfb_state_3des);
3671 break;
3672 default:
3673 return 0;
3674 }
3675
3676 if (!TEST_ptr(type)
3677 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3678 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3679 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3680 (int)sizeof(msg)))
3681 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3682 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3683 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3684 goto err;
3685 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3686
3687 if (!TEST_int_gt(ivlen, 0))
3688 goto err;
3689
3690 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3691 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3692 goto err;
3693
3694 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3695 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3696 goto err;
3697 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3698 goto err;
3699
3700 ret = 1;
3701 err:
3702 EVP_CIPHER_CTX_free(ctx);
3703 EVP_CIPHER_free(type);
3704 return ret;
3705 }
3706 #endif
3707
3708 #ifndef OPENSSL_NO_BF
3709 static int test_evp_bf_default_keylen(int idx)
3710 {
3711 int ret = 0;
3712 static const char *algos[4] = {
3713 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb"
3714 };
3715 int ivlen[4] = { 0, 8, 8, 8 };
3716 EVP_CIPHER *cipher = NULL;
3717
3718 if (lgcyprov == NULL)
3719 return TEST_skip("Test requires legacy provider to be loaded");
3720
3721 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq))
3722 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16)
3723 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx]))
3724 goto err;
3725
3726 ret = 1;
3727 err:
3728 EVP_CIPHER_free(cipher);
3729 return ret;
3730 }
3731 #endif
3732
3733 #ifndef OPENSSL_NO_EC
3734 static int ecpub_nids[] = {
3735 NID_brainpoolP256r1, NID_X9_62_prime256v1,
3736 NID_secp384r1, NID_secp521r1,
3737 # ifndef OPENSSL_NO_EC2M
3738 NID_sect233k1, NID_sect233r1, NID_sect283r1,
3739 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
3740 # endif
3741 NID_brainpoolP384r1, NID_brainpoolP512r1
3742 };
3743
3744 static int test_ecpub(int idx)
3745 {
3746 int ret = 0, len, savelen;
3747 int nid;
3748 unsigned char buf[1024];
3749 unsigned char *p;
3750 EVP_PKEY *pkey = NULL;
3751 EVP_PKEY_CTX *ctx = NULL;
3752 # ifndef OPENSSL_NO_DEPRECATED_3_0
3753 const unsigned char *q;
3754 EVP_PKEY *pkey2 = NULL;
3755 EC_KEY *ec = NULL;
3756 # endif
3757
3758 if (nullprov != NULL)
3759 return TEST_skip("Test does not support a non-default library context");
3760
3761 nid = ecpub_nids[idx];
3762
3763 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
3764 if (!TEST_ptr(ctx)
3765 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3766 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0)
3767 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
3768 goto done;
3769 len = i2d_PublicKey(pkey, NULL);
3770 savelen = len;
3771 if (!TEST_int_ge(len, 1)
3772 || !TEST_int_lt(len, 1024))
3773 goto done;
3774 p = buf;
3775 len = i2d_PublicKey(pkey, &p);
3776 if (!TEST_int_ge(len, 1)
3777 || !TEST_int_eq(len, savelen))
3778 goto done;
3779
3780 # ifndef OPENSSL_NO_DEPRECATED_3_0
3781 /* Now try to decode the just-created DER. */
3782 q = buf;
3783 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
3784 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
3785 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
3786 goto done;
3787 /* EC_KEY ownership transferred */
3788 ec = NULL;
3789 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
3790 goto done;
3791 /* The keys should match. */
3792 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
3793 goto done;
3794 # endif
3795
3796 ret = 1;
3797
3798 done:
3799 EVP_PKEY_CTX_free(ctx);
3800 EVP_PKEY_free(pkey);
3801 # ifndef OPENSSL_NO_DEPRECATED_3_0
3802 EVP_PKEY_free(pkey2);
3803 EC_KEY_free(ec);
3804 # endif
3805 return ret;
3806 }
3807 #endif
3808
3809 static int test_EVP_rsa_pss_with_keygen_bits(void)
3810 {
3811 int ret = 0;
3812 EVP_PKEY_CTX *ctx = NULL;
3813 EVP_PKEY *pkey = NULL;
3814 EVP_MD *md;
3815
3816 md = EVP_MD_fetch(testctx, "sha256", testpropq);
3817 ret = TEST_ptr(md)
3818 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq)))
3819 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3820 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
3821 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0)
3822 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
3823
3824 EVP_MD_free(md);
3825 EVP_PKEY_free(pkey);
3826 EVP_PKEY_CTX_free(ctx);
3827 return ret;
3828 }
3829
3830 static int test_EVP_rsa_pss_set_saltlen(void)
3831 {
3832 int ret = 0;
3833 EVP_PKEY *pkey = NULL;
3834 EVP_PKEY_CTX *pkey_ctx = NULL;
3835 EVP_MD *sha256 = NULL;
3836 EVP_MD_CTX *sha256_ctx = NULL;
3837 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
3838 const int test_value = 32;
3839
3840 ret = TEST_ptr(pkey = load_example_rsa_key())
3841 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
3842 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
3843 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
3844 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
3845 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0)
3846 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0)
3847 && TEST_int_eq(saltlen, test_value);
3848
3849 EVP_MD_CTX_free(sha256_ctx);
3850 EVP_PKEY_free(pkey);
3851 EVP_MD_free(sha256);
3852
3853 return ret;
3854 }
3855
3856 static int success = 1;
3857 static void md_names(const char *name, void *vctx)
3858 {
3859 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
3860 /* Force a namemap update */
3861 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
3862
3863 if (!TEST_ptr(aes128))
3864 success = 0;
3865
3866 EVP_CIPHER_free(aes128);
3867 }
3868
3869 /*
3870 * Test that changing the namemap in a user callback works in a names_do_all
3871 * function.
3872 */
3873 static int test_names_do_all(void)
3874 {
3875 /* We use a custom libctx so that we know the state of the namemap */
3876 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
3877 EVP_MD *sha256 = NULL;
3878 int testresult = 0;
3879
3880 if (!TEST_ptr(ctx))
3881 goto err;
3882
3883 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
3884 if (!TEST_ptr(sha256))
3885 goto err;
3886
3887 /*
3888 * We loop through all the names for a given digest. This should still work
3889 * even if the namemap changes part way through.
3890 */
3891 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
3892 goto err;
3893
3894 if (!TEST_true(success))
3895 goto err;
3896
3897 testresult = 1;
3898 err:
3899 EVP_MD_free(sha256);
3900 OSSL_LIB_CTX_free(ctx);
3901 return testresult;
3902 }
3903
3904 typedef struct {
3905 const char *cipher;
3906 const unsigned char *key;
3907 const unsigned char *iv;
3908 const unsigned char *input;
3909 const unsigned char *expected;
3910 const unsigned char *tag;
3911 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3912 size_t inlen;
3913 size_t expectedlen;
3914 size_t taglen;
3915 int keyfirst;
3916 int initenc;
3917 int finalenc;
3918 } EVP_INIT_TEST_st;
3919
3920 static const EVP_INIT_TEST_st evp_init_tests[] = {
3921 {
3922 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3923 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3924 0, 1, 0, 1
3925 },
3926 {
3927 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3928 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3929 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3930 sizeof(gcmDefaultTag), 1, 0, 1
3931 },
3932 {
3933 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3934 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3935 0, 0, 0, 1
3936 },
3937 {
3938 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3939 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3940 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3941 sizeof(gcmDefaultTag), 0, 0, 1
3942 },
3943 {
3944 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3945 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3946 0, 1, 1, 0
3947 },
3948 {
3949 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3950 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3951 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3952 sizeof(gcmDefaultTag), 1, 1, 0
3953 },
3954 {
3955 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3956 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3957 0, 0, 1, 0
3958 },
3959 {
3960 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3961 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3962 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3963 sizeof(gcmDefaultTag), 0, 1, 0
3964 }
3965 };
3966
3967 /* use same key, iv and plaintext for cfb and ofb */
3968 static const EVP_INIT_TEST_st evp_reinit_tests[] = {
3969 {
3970 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial,
3971 cfbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial),
3972 sizeof(cfbCiphertext_partial), 0, 0, 1, 0
3973 },
3974 {
3975 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext_partial,
3976 cfbPlaintext_partial, NULL, 0, sizeof(cfbCiphertext_partial),
3977 sizeof(cfbPlaintext_partial), 0, 0, 0, 0
3978 },
3979 {
3980 "aes-128-ofb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial,
3981 ofbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial),
3982 sizeof(ofbCiphertext_partial), 0, 0, 1, 0
3983 },
3984 {
3985 "aes-128-ofb", kCFBDefaultKey, iCFBIV, ofbCiphertext_partial,
3986 cfbPlaintext_partial, NULL, 0, sizeof(ofbCiphertext_partial),
3987 sizeof(cfbPlaintext_partial), 0, 0, 0, 0
3988 },
3989 };
3990
3991 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
3992 {
3993 int res = 0;
3994
3995 if (t->ivlen != 0) {
3996 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0))
3997 goto err;
3998 }
3999 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
4000 goto err;
4001 res = 1;
4002 err:
4003 return res;
4004 }
4005
4006 /*
4007 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
4008 * arguments are given one at a time and a final adjustment to the enc
4009 * parameter sets the correct operation.
4010 */
4011 static int test_evp_init_seq(int idx)
4012 {
4013 int outlen1, outlen2;
4014 int testresult = 0;
4015 unsigned char outbuf[1024];
4016 unsigned char tag[16];
4017 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
4018 EVP_CIPHER_CTX *ctx = NULL;
4019 EVP_CIPHER *type = NULL;
4020 size_t taglen = sizeof(tag);
4021 char *errmsg = NULL;
4022
4023 ctx = EVP_CIPHER_CTX_new();
4024 if (ctx == NULL) {
4025 errmsg = "CTX_ALLOC";
4026 goto err;
4027 }
4028 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
4029 errmsg = "CIPHER_FETCH";
4030 goto err;
4031 }
4032 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
4033 errmsg = "EMPTY_ENC_INIT";
4034 goto err;
4035 }
4036 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
4037 errmsg = "PADDING";
4038 goto err;
4039 }
4040 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
4041 errmsg = "KEY_INIT (before iv)";
4042 goto err;
4043 }
4044 if (!evp_init_seq_set_iv(ctx, t)) {
4045 errmsg = "IV_INIT";
4046 goto err;
4047 }
4048 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
4049 errmsg = "KEY_INIT (after iv)";
4050 goto err;
4051 }
4052 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
4053 errmsg = "FINAL_ENC_INIT";
4054 goto err;
4055 }
4056 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
4057 errmsg = "CIPHER_UPDATE";
4058 goto err;
4059 }
4060 if (t->finalenc == 0 && t->tag != NULL) {
4061 /* Set expected tag */
4062 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
4063 t->taglen, (void *)t->tag), 0)) {
4064 errmsg = "SET_TAG";
4065 goto err;
4066 }
4067 }
4068 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4069 errmsg = "CIPHER_FINAL";
4070 goto err;
4071 }
4072 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
4073 errmsg = "WRONG_RESULT";
4074 goto err;
4075 }
4076 if (t->finalenc != 0 && t->tag != NULL) {
4077 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4078 errmsg = "GET_TAG";
4079 goto err;
4080 }
4081 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
4082 errmsg = "TAG_ERROR";
4083 goto err;
4084 }
4085 }
4086 testresult = 1;
4087 err:
4088 if (errmsg != NULL)
4089 TEST_info("evp_init_test %d: %s", idx, errmsg);
4090 EVP_CIPHER_CTX_free(ctx);
4091 EVP_CIPHER_free(type);
4092 return testresult;
4093 }
4094
4095 /*
4096 * Test re-initialization of cipher context without changing key or iv.
4097 * The result of both iteration should be the same.
4098 */
4099 static int test_evp_reinit_seq(int idx)
4100 {
4101 int outlen1, outlen2, outlen_final;
4102 int testresult = 0;
4103 unsigned char outbuf1[1024];
4104 unsigned char outbuf2[1024];
4105 const EVP_INIT_TEST_st *t = &evp_reinit_tests[idx];
4106 EVP_CIPHER_CTX *ctx = NULL;
4107 EVP_CIPHER *type = NULL;
4108
4109 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4110 || !TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))
4111 /* setup cipher context */
4112 || !TEST_true(EVP_CipherInit_ex2(ctx, type, t->key, t->iv, t->initenc, NULL))
4113 /* first iteration */
4114 || !TEST_true(EVP_CipherUpdate(ctx, outbuf1, &outlen1, t->input, t->inlen))
4115 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf1, &outlen_final))
4116 /* check test results iteration 1 */
4117 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf1, outlen1 + outlen_final)
4118 /* now re-init the context (same cipher, key and iv) */
4119 || !TEST_true(EVP_CipherInit_ex2(ctx, NULL, NULL, NULL, -1, NULL))
4120 /* second iteration */
4121 || !TEST_true(EVP_CipherUpdate(ctx, outbuf2, &outlen2, t->input, t->inlen))
4122 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf2, &outlen_final))
4123 /* check test results iteration 2 */
4124 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf2, outlen2 + outlen_final))
4125 goto err;
4126 testresult = 1;
4127 err:
4128 EVP_CIPHER_CTX_free(ctx);
4129 EVP_CIPHER_free(type);
4130 return testresult;
4131 }
4132
4133 typedef struct {
4134 const unsigned char *input;
4135 const unsigned char *expected;
4136 size_t inlen;
4137 size_t expectedlen;
4138 int enc;
4139 } EVP_RESET_TEST_st;
4140
4141 static const EVP_RESET_TEST_st evp_reset_tests[] = {
4142 {
4143 cfbPlaintext, cfbCiphertext,
4144 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
4145 },
4146 {
4147 cfbCiphertext, cfbPlaintext,
4148 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
4149 }
4150 };
4151
4152 /*
4153 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
4154 * been used.
4155 */
4156 static int test_evp_reset(int idx)
4157 {
4158 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
4159 int outlen1, outlen2;
4160 int testresult = 0;
4161 unsigned char outbuf[1024];
4162 EVP_CIPHER_CTX *ctx = NULL;
4163 EVP_CIPHER *type = NULL;
4164 char *errmsg = NULL;
4165
4166 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
4167 errmsg = "CTX_ALLOC";
4168 goto err;
4169 }
4170 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
4171 errmsg = "CIPHER_FETCH";
4172 goto err;
4173 }
4174 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
4175 errmsg = "CIPHER_INIT";
4176 goto err;
4177 }
4178 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
4179 errmsg = "PADDING";
4180 goto err;
4181 }
4182 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
4183 errmsg = "CIPHER_UPDATE";
4184 goto err;
4185 }
4186 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4187 errmsg = "CIPHER_FINAL";
4188 goto err;
4189 }
4190 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
4191 errmsg = "WRONG_RESULT";
4192 goto err;
4193 }
4194 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
4195 errmsg = "CIPHER_REINIT";
4196 goto err;
4197 }
4198 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
4199 errmsg = "CIPHER_UPDATE (reinit)";
4200 goto err;
4201 }
4202 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4203 errmsg = "CIPHER_FINAL (reinit)";
4204 goto err;
4205 }
4206 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
4207 errmsg = "WRONG_RESULT (reinit)";
4208 goto err;
4209 }
4210 testresult = 1;
4211 err:
4212 if (errmsg != NULL)
4213 TEST_info("test_evp_reset %d: %s", idx, errmsg);
4214 EVP_CIPHER_CTX_free(ctx);
4215 EVP_CIPHER_free(type);
4216 return testresult;
4217 }
4218
4219 typedef struct {
4220 const char *cipher;
4221 int enc;
4222 } EVP_UPDATED_IV_TEST_st;
4223
4224 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
4225 {
4226 "aes-128-cfb", 1
4227 },
4228 {
4229 "aes-128-cfb", 0
4230 },
4231 {
4232 "aes-128-cfb1", 1
4233 },
4234 {
4235 "aes-128-cfb1", 0
4236 },
4237 {
4238 "aes-128-cfb8", 1
4239 },
4240 {
4241 "aes-128-cfb8", 0
4242 },
4243 {
4244 "aes-128-ofb", 1
4245 },
4246 {
4247 "aes-128-ofb", 0
4248 },
4249 {
4250 "aes-128-ctr", 1
4251 },
4252 {
4253 "aes-128-ctr", 0
4254 },
4255 {
4256 "aes-128-cbc", 1
4257 },
4258 {
4259 "aes-128-cbc", 0
4260 }
4261 };
4262
4263 /*
4264 * Test that the IV in the context is updated during a crypto operation for CFB
4265 * and OFB.
4266 */
4267 static int test_evp_updated_iv(int idx)
4268 {
4269 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
4270 int outlen1, outlen2;
4271 int testresult = 0;
4272 unsigned char outbuf[1024];
4273 EVP_CIPHER_CTX *ctx = NULL;
4274 EVP_CIPHER *type = NULL;
4275 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
4276 int iv_len;
4277 char *errmsg = NULL;
4278
4279 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
4280 errmsg = "CTX_ALLOC";
4281 goto err;
4282 }
4283 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
4284 TEST_info("cipher %s not supported, skipping", t->cipher);
4285 goto ok;
4286 }
4287
4288 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
4289 errmsg = "CIPHER_INIT";
4290 goto err;
4291 }
4292 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
4293 errmsg = "PADDING";
4294 goto err;
4295 }
4296 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
4297 errmsg = "CIPHER_UPDATE";
4298 goto err;
4299 }
4300 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
4301 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
4302 goto err;
4303 }
4304 iv_len = EVP_CIPHER_CTX_get_iv_length(ctx);
4305 if (!TEST_int_ge(iv_len,0)) {
4306 errmsg = "CIPHER_CTX_GET_IV_LEN";
4307 goto err;
4308 }
4309 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
4310 errmsg = "IV_NOT_UPDATED";
4311 goto err;
4312 }
4313 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4314 errmsg = "CIPHER_FINAL";
4315 goto err;
4316 }
4317 ok:
4318 testresult = 1;
4319 err:
4320 if (errmsg != NULL)
4321 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
4322 EVP_CIPHER_CTX_free(ctx);
4323 EVP_CIPHER_free(type);
4324 return testresult;
4325 }
4326
4327 typedef struct {
4328 const unsigned char *iv1;
4329 const unsigned char *iv2;
4330 const unsigned char *expected1;
4331 const unsigned char *expected2;
4332 const unsigned char *tag1;
4333 const unsigned char *tag2;
4334 size_t ivlen1;
4335 size_t ivlen2;
4336 size_t expectedlen1;
4337 size_t expectedlen2;
4338 } TEST_GCM_IV_REINIT_st;
4339
4340 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
4341 {
4342 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
4343 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
4344 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
4345 },
4346 {
4347 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
4348 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
4349 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
4350 }
4351 };
4352
4353 static int test_gcm_reinit(int idx)
4354 {
4355 int outlen1, outlen2, outlen3;
4356 int testresult = 0;
4357 unsigned char outbuf[1024];
4358 unsigned char tag[16];
4359 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
4360 EVP_CIPHER_CTX *ctx = NULL;
4361 EVP_CIPHER *type = NULL;
4362 size_t taglen = sizeof(tag);
4363 char *errmsg = NULL;
4364
4365 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
4366 errmsg = "CTX_ALLOC";
4367 goto err;
4368 }
4369 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
4370 errmsg = "CIPHER_FETCH";
4371 goto err;
4372 }
4373 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
4374 errmsg = "ENC_INIT";
4375 goto err;
4376 }
4377 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) {
4378 errmsg = "SET_IVLEN1";
4379 goto err;
4380 }
4381 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
4382 errmsg = "SET_IV1";
4383 goto err;
4384 }
4385 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
4386 errmsg = "AAD1";
4387 goto err;
4388 }
4389 EVP_CIPHER_CTX_set_padding(ctx, 0);
4390 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
4391 sizeof(gcmResetPlaintext)))) {
4392 errmsg = "CIPHER_UPDATE1";
4393 goto err;
4394 }
4395 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4396 errmsg = "CIPHER_FINAL1";
4397 goto err;
4398 }
4399 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
4400 errmsg = "WRONG_RESULT1";
4401 goto err;
4402 }
4403 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4404 errmsg = "GET_TAG1";
4405 goto err;
4406 }
4407 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
4408 errmsg = "TAG_ERROR1";
4409 goto err;
4410 }
4411 /* Now reinit */
4412 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) {
4413 errmsg = "SET_IVLEN2";
4414 goto err;
4415 }
4416 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
4417 errmsg = "SET_IV2";
4418 goto err;
4419 }
4420 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
4421 errmsg = "AAD2";
4422 goto err;
4423 }
4424 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
4425 sizeof(gcmResetPlaintext)))) {
4426 errmsg = "CIPHER_UPDATE2";
4427 goto err;
4428 }
4429 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4430 errmsg = "CIPHER_FINAL2";
4431 goto err;
4432 }
4433 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
4434 errmsg = "WRONG_RESULT2";
4435 goto err;
4436 }
4437 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4438 errmsg = "GET_TAG2";
4439 goto err;
4440 }
4441 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
4442 errmsg = "TAG_ERROR2";
4443 goto err;
4444 }
4445 testresult = 1;
4446 err:
4447 if (errmsg != NULL)
4448 TEST_info("evp_init_test %d: %s", idx, errmsg);
4449 EVP_CIPHER_CTX_free(ctx);
4450 EVP_CIPHER_free(type);
4451 return testresult;
4452 }
4453
4454 static const char *ivlen_change_ciphers[] = {
4455 "AES-256-GCM",
4456 #ifndef OPENSSL_NO_OCB
4457 "AES-256-OCB",
4458 #endif
4459 "AES-256-CCM"
4460 };
4461
4462 /* Negative test for ivlen change after iv being set */
4463 static int test_ivlen_change(int idx)
4464 {
4465 int outlen;
4466 int res = 0;
4467 unsigned char outbuf[1024];
4468 static const unsigned char iv[] = {
4469 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
4470 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
4471 };
4472 EVP_CIPHER_CTX *ctx = NULL;
4473 EVP_CIPHER *ciph = NULL;
4474 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
4475 size_t ivlen = 13; /* non-default IV length */
4476
4477 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
4478 goto err;
4479
4480 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, ivlen_change_ciphers[idx],
4481 testpropq)))
4482 goto err;
4483
4484 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, kGCMDefaultKey, iv, 1)))
4485 goto err;
4486
4487 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4488 sizeof(gcmDefaultPlaintext))))
4489 goto err;
4490
4491 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
4492 &ivlen);
4493 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)))
4494 goto err;
4495
4496 ERR_set_mark();
4497 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4498 sizeof(gcmDefaultPlaintext)))) {
4499 ERR_clear_last_mark();
4500 goto err;
4501 }
4502 ERR_pop_to_mark();
4503
4504 res = 1;
4505 err:
4506 EVP_CIPHER_CTX_free(ctx);
4507 EVP_CIPHER_free(ciph);
4508 return res;
4509 }
4510
4511 static const char *keylen_change_ciphers[] = {
4512 #ifndef OPENSSL_NO_BF
4513 "BF-ECB",
4514 #endif
4515 #ifndef OPENSSL_NO_CAST
4516 "CAST5-ECB",
4517 #endif
4518 #ifndef OPENSSL_NO_RC2
4519 "RC2-ECB",
4520 #endif
4521 #ifndef OPENSSL_NO_RC4
4522 "RC4",
4523 #endif
4524 #ifndef OPENSSL_NO_RC5
4525 "RC5-ECB",
4526 #endif
4527 NULL
4528 };
4529
4530 /* Negative test for keylen change after key was set */
4531 static int test_keylen_change(int idx)
4532 {
4533 int outlen;
4534 int res = 0;
4535 unsigned char outbuf[1024];
4536 static const unsigned char key[] = {
4537 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
4538 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
4539 };
4540 EVP_CIPHER_CTX *ctx = NULL;
4541 EVP_CIPHER *ciph = NULL;
4542 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
4543 size_t keylen = 12; /* non-default key length */
4544
4545 if (lgcyprov == NULL)
4546 return TEST_skip("Test requires legacy provider to be loaded");
4547
4548 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
4549 goto err;
4550
4551 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, keylen_change_ciphers[idx],
4552 testpropq)))
4553 goto err;
4554
4555 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, key, NULL, 1)))
4556 goto err;
4557
4558 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4559 sizeof(gcmDefaultPlaintext))))
4560 goto err;
4561
4562 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
4563 &keylen);
4564 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)))
4565 goto err;
4566
4567 ERR_set_mark();
4568 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4569 sizeof(gcmDefaultPlaintext)))) {
4570 ERR_clear_last_mark();
4571 goto err;
4572 }
4573 ERR_pop_to_mark();
4574
4575 res = 1;
4576 err:
4577 EVP_CIPHER_CTX_free(ctx);
4578 EVP_CIPHER_free(ciph);
4579 return res;
4580 }
4581
4582 #ifndef OPENSSL_NO_DEPRECATED_3_0
4583 static EVP_PKEY_METHOD *custom_pmeth = NULL;
4584 static const EVP_PKEY_METHOD *orig_pmeth = NULL;
4585
4586 # define EVP_PKEY_CTRL_MY_COMMAND 9999
4587
4588 static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
4589 {
4590 int (*pinit)(EVP_PKEY_CTX *ctx);
4591
4592 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
4593 return pinit(ctx);
4594 }
4595
4596 static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
4597 {
4598 void (*pcleanup)(EVP_PKEY_CTX *ctx);
4599
4600 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
4601 pcleanup(ctx);
4602 }
4603
4604 static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
4605 size_t *outlen, const unsigned char *in,
4606 size_t inlen)
4607 {
4608 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
4609 const unsigned char *tbs, size_t tbslen);
4610
4611 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
4612 return psign(ctx, out, outlen, in, inlen);
4613 }
4614
4615 static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
4616 size_t *siglen, const unsigned char *tbs,
4617 size_t tbslen)
4618 {
4619 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
4620 const unsigned char *tbs, size_t tbslen);
4621
4622 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
4623 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
4624 }
4625
4626 static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
4627 size_t *keylen)
4628 {
4629 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
4630
4631 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
4632 return pderive(ctx, key, keylen);
4633 }
4634
4635 static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
4636 {
4637 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
4638
4639 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
4640 return pcopy(dst, src);
4641 }
4642
4643 static int ctrl_called;
4644
4645 static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
4646 {
4647 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
4648
4649 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
4650
4651 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
4652 ctrl_called = 1;
4653 return 1;
4654 }
4655
4656 return pctrl(ctx, type, p1, p2);
4657 }
4658
4659 static int test_custom_pmeth(int idx)
4660 {
4661 EVP_PKEY_CTX *pctx = NULL;
4662 EVP_MD_CTX *ctx = NULL;
4663 EVP_PKEY *pkey = NULL;
4664 int id, orig_id, orig_flags;
4665 int testresult = 0;
4666 size_t reslen;
4667 unsigned char *res = NULL;
4668 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
4669 const EVP_MD *md = EVP_sha256();
4670 int doderive = 0;
4671
4672 ctrl_called = 0;
4673
4674 /* We call deprecated APIs so this test doesn't support a custom libctx */
4675 if (testctx != NULL)
4676 return 1;
4677
4678 switch (idx) {
4679 case 0:
4680 case 6:
4681 id = EVP_PKEY_RSA;
4682 pkey = load_example_rsa_key();
4683 break;
4684 case 1:
4685 case 7:
4686 # ifndef OPENSSL_NO_DSA
4687 id = EVP_PKEY_DSA;
4688 pkey = load_example_dsa_key();
4689 break;
4690 # else
4691 return 1;
4692 # endif
4693 case 2:
4694 case 8:
4695 # ifndef OPENSSL_NO_EC
4696 id = EVP_PKEY_EC;
4697 pkey = load_example_ec_key();
4698 break;
4699 # else
4700 return 1;
4701 # endif
4702 case 3:
4703 case 9:
4704 # ifndef OPENSSL_NO_ECX
4705 id = EVP_PKEY_ED25519;
4706 md = NULL;
4707 pkey = load_example_ed25519_key();
4708 break;
4709 # else
4710 return 1;
4711 # endif
4712 case 4:
4713 case 10:
4714 # ifndef OPENSSL_NO_DH
4715 id = EVP_PKEY_DH;
4716 doderive = 1;
4717 pkey = load_example_dh_key();
4718 break;
4719 # else
4720 return 1;
4721 # endif
4722 case 5:
4723 case 11:
4724 # ifndef OPENSSL_NO_ECX
4725 id = EVP_PKEY_X25519;
4726 doderive = 1;
4727 pkey = load_example_x25519_key();
4728 break;
4729 # else
4730 return 1;
4731 # endif
4732 default:
4733 TEST_error("Should not happen");
4734 goto err;
4735 }
4736
4737 if (!TEST_ptr(pkey))
4738 goto err;
4739
4740 if (idx < 6) {
4741 if (!TEST_true(evp_pkey_is_provided(pkey)))
4742 goto err;
4743 } else {
4744 EVP_PKEY *tmp = pkey;
4745
4746 /* Convert to a legacy key */
4747 pkey = EVP_PKEY_new();
4748 if (!TEST_ptr(pkey)) {
4749 pkey = tmp;
4750 goto err;
4751 }
4752 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
4753 EVP_PKEY_free(tmp);
4754 goto err;
4755 }
4756 EVP_PKEY_free(tmp);
4757 if (!TEST_true(evp_pkey_is_legacy(pkey)))
4758 goto err;
4759 }
4760
4761 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
4762 || !TEST_ptr(pkey))
4763 goto err;
4764
4765 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
4766 if (!TEST_int_eq(orig_id, id)
4767 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
4768 goto err;
4769
4770 if (id == EVP_PKEY_ED25519) {
4771 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
4772 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
4773 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
4774 } else {
4775 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
4776 }
4777 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
4778 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
4779 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
4780 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
4781 }
4782 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
4783 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
4784 goto err;
4785
4786 if (doderive) {
4787 pctx = EVP_PKEY_CTX_new(pkey, NULL);
4788 if (!TEST_ptr(pctx)
4789 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
4790 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4791 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4792 1)
4793 || !TEST_int_eq(ctrl_called, 1)
4794 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
4795 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
4796 || !TEST_ptr(res = OPENSSL_malloc(reslen))
4797 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
4798 goto err;
4799 } else {
4800 ctx = EVP_MD_CTX_new();
4801 reslen = EVP_PKEY_size(pkey);
4802 res = OPENSSL_malloc(reslen);
4803 if (!TEST_ptr(ctx)
4804 || !TEST_ptr(res)
4805 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
4806 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4807 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4808 1)
4809 || !TEST_int_eq(ctrl_called, 1))
4810 goto err;
4811
4812 if (id == EVP_PKEY_ED25519) {
4813 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
4814 goto err;
4815 } else {
4816 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
4817 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
4818 goto err;
4819 }
4820 }
4821
4822 testresult = 1;
4823 err:
4824 OPENSSL_free(res);
4825 EVP_MD_CTX_free(ctx);
4826 if (doderive)
4827 EVP_PKEY_CTX_free(pctx);
4828 EVP_PKEY_free(pkey);
4829 EVP_PKEY_meth_remove(custom_pmeth);
4830 EVP_PKEY_meth_free(custom_pmeth);
4831 custom_pmeth = NULL;
4832 return testresult;
4833 }
4834
4835 static int test_evp_md_cipher_meth(void)
4836 {
4837 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
4838 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
4839 int testresult = 0;
4840
4841 if (!TEST_ptr(md) || !TEST_ptr(ciph))
4842 goto err;
4843
4844 testresult = 1;
4845
4846 err:
4847 EVP_MD_meth_free(md);
4848 EVP_CIPHER_meth_free(ciph);
4849
4850 return testresult;
4851 }
4852
4853 typedef struct {
4854 int data;
4855 } custom_dgst_ctx;
4856
4857 static int custom_md_init_called = 0;
4858 static int custom_md_cleanup_called = 0;
4859
4860 static int custom_md_init(EVP_MD_CTX *ctx)
4861 {
4862 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4863
4864 if (p == NULL)
4865 return 0;
4866
4867 custom_md_init_called++;
4868 return 1;
4869 }
4870
4871 static int custom_md_cleanup(EVP_MD_CTX *ctx)
4872 {
4873 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4874
4875 if (p == NULL)
4876 /* Nothing to do */
4877 return 1;
4878
4879 custom_md_cleanup_called++;
4880 return 1;
4881 }
4882
4883 static int test_custom_md_meth(void)
4884 {
4885 EVP_MD_CTX *mdctx = NULL;
4886 EVP_MD *tmp = NULL;
4887 char mess[] = "Test Message\n";
4888 unsigned char md_value[EVP_MAX_MD_SIZE];
4889 unsigned int md_len;
4890 int testresult = 0;
4891 int nid;
4892
4893 /*
4894 * We are testing deprecated functions. We don't support a non-default
4895 * library context in this test.
4896 */
4897 if (testctx != NULL)
4898 return TEST_skip("Non-default libctx");
4899
4900 custom_md_init_called = custom_md_cleanup_called = 0;
4901
4902 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
4903 if (!TEST_int_ne(nid, NID_undef))
4904 goto err;
4905 tmp = EVP_MD_meth_new(nid, NID_undef);
4906 if (!TEST_ptr(tmp))
4907 goto err;
4908
4909 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init))
4910 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup))
4911 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp,
4912 sizeof(custom_dgst_ctx))))
4913 goto err;
4914
4915 mdctx = EVP_MD_CTX_new();
4916 if (!TEST_ptr(mdctx)
4917 /*
4918 * Initing our custom md and then initing another md should
4919 * result in the init and cleanup functions of the custom md
4920 * being called.
4921 */
4922 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL))
4923 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
4924 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess)))
4925 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len))
4926 || !TEST_int_eq(custom_md_init_called, 1)
4927 || !TEST_int_eq(custom_md_cleanup_called, 1))
4928 goto err;
4929
4930 testresult = 1;
4931 err:
4932 EVP_MD_CTX_free(mdctx);
4933 EVP_MD_meth_free(tmp);
4934 return testresult;
4935 }
4936
4937 typedef struct {
4938 int data;
4939 } custom_ciph_ctx;
4940
4941 static int custom_ciph_init_called = 0;
4942 static int custom_ciph_cleanup_called = 0;
4943
4944 static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
4945 const unsigned char *iv, int enc)
4946 {
4947 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
4948
4949 if (p == NULL)
4950 return 0;
4951
4952 custom_ciph_init_called++;
4953 return 1;
4954 }
4955
4956 static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx)
4957 {
4958 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
4959
4960 if (p == NULL)
4961 /* Nothing to do */
4962 return 1;
4963
4964 custom_ciph_cleanup_called++;
4965 return 1;
4966 }
4967
4968 static int test_custom_ciph_meth(void)
4969 {
4970 EVP_CIPHER_CTX *ciphctx = NULL;
4971 EVP_CIPHER *tmp = NULL;
4972 int testresult = 0;
4973 int nid;
4974
4975 /*
4976 * We are testing deprecated functions. We don't support a non-default
4977 * library context in this test.
4978 */
4979 if (testctx != NULL)
4980 return TEST_skip("Non-default libctx");
4981
4982 custom_ciph_init_called = custom_ciph_cleanup_called = 0;
4983
4984 nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph");
4985 if (!TEST_int_ne(nid, NID_undef))
4986 goto err;
4987 tmp = EVP_CIPHER_meth_new(nid, 16, 16);
4988 if (!TEST_ptr(tmp))
4989 goto err;
4990
4991 if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init))
4992 || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT))
4993 || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup))
4994 || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp,
4995 sizeof(custom_ciph_ctx))))
4996 goto err;
4997
4998 ciphctx = EVP_CIPHER_CTX_new();
4999 if (!TEST_ptr(ciphctx)
5000 /*
5001 * Initing our custom cipher and then initing another cipher
5002 * should result in the init and cleanup functions of the custom
5003 * cipher being called.
5004 */
5005 || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1))
5006 || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL,
5007 NULL, NULL, 1))
5008 || !TEST_int_eq(custom_ciph_init_called, 1)
5009 || !TEST_int_eq(custom_ciph_cleanup_called, 1))
5010 goto err;
5011
5012 testresult = 1;
5013 err:
5014 EVP_CIPHER_CTX_free(ciphctx);
5015 EVP_CIPHER_meth_free(tmp);
5016 return testresult;
5017 }
5018
5019 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
5020 /* Test we can create a signature keys with an associated ENGINE */
5021 static int test_signatures_with_engine(int tst)
5022 {
5023 ENGINE *e;
5024 const char *engine_id = "dasync";
5025 EVP_PKEY *pkey = NULL;
5026 const unsigned char badcmackey[] = { 0x00, 0x01 };
5027 const unsigned char cmackey[] = {
5028 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
5029 0x0c, 0x0d, 0x0e, 0x0f
5030 };
5031 const unsigned char ed25519key[] = {
5032 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
5033 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
5034 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
5035 };
5036 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
5037 int testresult = 0;
5038 EVP_MD_CTX *ctx = NULL;
5039 unsigned char *mac = NULL;
5040 size_t maclen = 0;
5041 int ret;
5042
5043 # ifdef OPENSSL_NO_CMAC
5044 /* Skip CMAC tests in a no-cmac build */
5045 if (tst <= 1)
5046 return 1;
5047 # endif
5048 # ifdef OPENSSL_NO_ECX
5049 /* Skip ECX tests in a no-ecx build */
5050 if (tst == 2)
5051 return 1;
5052 # endif
5053
5054 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
5055 return 0;
5056
5057 if (!TEST_true(ENGINE_init(e))) {
5058 ENGINE_free(e);
5059 return 0;
5060 }
5061
5062 switch (tst) {
5063 case 0:
5064 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
5065 EVP_aes_128_cbc());
5066 break;
5067 case 1:
5068 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
5069 EVP_aes_128_cbc());
5070 break;
5071 case 2:
5072 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
5073 sizeof(ed25519key));
5074 break;
5075 default:
5076 TEST_error("Invalid test case");
5077 goto err;
5078 }
5079 if (!TEST_ptr(pkey))
5080 goto err;
5081
5082 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
5083 goto err;
5084
5085 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
5086 pkey);
5087 if (tst == 0) {
5088 if (!TEST_true(ret))
5089 goto err;
5090
5091 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
5092 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
5093 goto err;
5094
5095 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
5096 goto err;
5097
5098 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
5099 goto err;
5100 } else {
5101 /* We used a bad key. We expect a failure here */
5102 if (!TEST_false(ret))
5103 goto err;
5104 }
5105
5106 testresult = 1;
5107 err:
5108 EVP_MD_CTX_free(ctx);
5109 OPENSSL_free(mac);
5110 EVP_PKEY_free(pkey);
5111 ENGINE_finish(e);
5112 ENGINE_free(e);
5113
5114 return testresult;
5115 }
5116
5117 static int test_cipher_with_engine(void)
5118 {
5119 ENGINE *e;
5120 const char *engine_id = "dasync";
5121 const unsigned char keyiv[] = {
5122 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
5123 0x0c, 0x0d, 0x0e, 0x0f
5124 };
5125 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
5126 int testresult = 0;
5127 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
5128 unsigned char buf[AES_BLOCK_SIZE];
5129 int len = 0;
5130
5131 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
5132 return 0;
5133
5134 if (!TEST_true(ENGINE_init(e))) {
5135 ENGINE_free(e);
5136 return 0;
5137 }
5138
5139 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
5140 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
5141 goto err;
5142
5143 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
5144 goto err;
5145
5146 /* Copy the ctx, and complete the operation with the new ctx */
5147 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
5148 goto err;
5149
5150 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
5151 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
5152 goto err;
5153
5154 testresult = 1;
5155 err:
5156 EVP_CIPHER_CTX_free(ctx);
5157 EVP_CIPHER_CTX_free(ctx2);
5158 ENGINE_finish(e);
5159 ENGINE_free(e);
5160
5161 return testresult;
5162 }
5163 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
5164 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
5165
5166 #ifndef OPENSSL_NO_ECX
5167 static int ecxnids[] = {
5168 NID_X25519,
5169 NID_X448,
5170 NID_ED25519,
5171 NID_ED448
5172 };
5173
5174 /* Test that creating ECX keys with a short private key fails as expected */
5175 static int test_ecx_short_keys(int tst)
5176 {
5177 unsigned char ecxkeydata = 1;
5178 EVP_PKEY *pkey;
5179
5180
5181 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, OBJ_nid2sn(ecxnids[tst]),
5182 NULL, &ecxkeydata, 1);
5183 if (!TEST_ptr_null(pkey)) {
5184 EVP_PKEY_free(pkey);
5185 return 0;
5186 }
5187
5188 return 1;
5189 }
5190 #endif
5191
5192 typedef enum OPTION_choice {
5193 OPT_ERR = -1,
5194 OPT_EOF = 0,
5195 OPT_CONTEXT,
5196 OPT_TEST_ENUM
5197 } OPTION_CHOICE;
5198
5199 const OPTIONS *test_get_options(void)
5200 {
5201 static const OPTIONS options[] = {
5202 OPT_TEST_OPTIONS_DEFAULT_USAGE,
5203 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
5204 { NULL }
5205 };
5206 return options;
5207 }
5208
5209 #ifndef OPENSSL_NO_ECX
5210 /* Test that trying to sign with a public key errors out gracefully */
5211 static int test_ecx_not_private_key(int tst)
5212 {
5213 EVP_PKEY *pkey = NULL;
5214
5215 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
5216 int testresult = 0;
5217 EVP_MD_CTX *ctx = NULL;
5218 unsigned char *mac = NULL;
5219 size_t maclen = 0;
5220 unsigned char *pubkey;
5221 size_t pubkeylen;
5222
5223 switch (keys[tst].type) {
5224 case NID_X25519:
5225 case NID_X448:
5226 return TEST_skip("signing not supported for X25519/X448");
5227 }
5228
5229 /* Check if this algorithm supports public keys */
5230 if (keys[tst].pub == NULL)
5231 return TEST_skip("no public key present");
5232
5233 pubkey = (unsigned char *)keys[tst].pub;
5234 pubkeylen = strlen(keys[tst].pub);
5235
5236 pkey = EVP_PKEY_new_raw_public_key_ex(testctx, OBJ_nid2sn(keys[tst].type),
5237 NULL, pubkey, pubkeylen);
5238 if (!TEST_ptr(pkey))
5239 goto err;
5240
5241 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
5242 goto err;
5243
5244 if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey) != 1)
5245 goto check_err;
5246
5247 if (EVP_DigestSign(ctx, NULL, &maclen, msg, sizeof(msg)) != 1)
5248 goto check_err;
5249
5250 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
5251 goto err;
5252
5253 if (!TEST_int_eq(EVP_DigestSign(ctx, mac, &maclen, msg, sizeof(msg)), 0))
5254 goto err;
5255
5256 check_err:
5257 /*
5258 * Currently only EVP_DigestSign will throw PROV_R_NOT_A_PRIVATE_KEY,
5259 * but we relax the check to allow error also thrown by
5260 * EVP_DigestSignInit and EVP_DigestSign.
5261 */
5262 if (ERR_GET_REASON(ERR_peek_error()) == PROV_R_NOT_A_PRIVATE_KEY) {
5263 testresult = 1;
5264 ERR_clear_error();
5265 }
5266
5267 err:
5268 EVP_MD_CTX_free(ctx);
5269 OPENSSL_free(mac);
5270 EVP_PKEY_free(pkey);
5271
5272 return testresult;
5273 }
5274 #endif /* OPENSSL_NO_ECX */
5275
5276 static int test_sign_continuation(void)
5277 {
5278 OSSL_PROVIDER *fake_rsa = NULL;
5279 int testresult = 0;
5280 EVP_PKEY *pkey = NULL;
5281 EVP_PKEY_CTX *pctx = NULL;
5282 EVP_MD_CTX *mctx = NULL;
5283 const char sigbuf[] = "To Be Signed";
5284 unsigned char signature[256];
5285 size_t siglen = 256;
5286 static int nodupnum = 1;
5287 static const OSSL_PARAM nodup_params[] = {
5288 OSSL_PARAM_int("NO_DUP", &nodupnum),
5289 OSSL_PARAM_END
5290 };
5291
5292 if (!TEST_ptr(fake_rsa = fake_rsa_start(testctx)))
5293 return 0;
5294
5295 /* Construct a pkey using precise propq to use our provider */
5296 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA",
5297 "provider=fake-rsa"))
5298 || !TEST_true(EVP_PKEY_fromdata_init(pctx))
5299 || !TEST_true(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, NULL))
5300 || !TEST_ptr(pkey))
5301 goto end;
5302
5303 /* First test it continues (classic behavior) */
5304 if (!TEST_ptr(mctx = EVP_MD_CTX_new())
5305 || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx,
5306 NULL, pkey, NULL))
5307 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
5308 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen))
5309 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
5310 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen)))
5311 goto end;
5312
5313 EVP_MD_CTX_free(mctx);
5314
5315 /* try again but failing the continuation */
5316 if (!TEST_ptr(mctx = EVP_MD_CTX_new())
5317 || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx,
5318 NULL, pkey, nodup_params))
5319 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
5320 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen))
5321 || !TEST_false(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
5322 || !TEST_false(EVP_DigestSignFinal(mctx, signature, &siglen)))
5323 goto end;
5324
5325 testresult = 1;
5326
5327 end:
5328 EVP_MD_CTX_free(mctx);
5329 EVP_PKEY_free(pkey);
5330 EVP_PKEY_CTX_free(pctx);
5331 fake_rsa_finish(fake_rsa);
5332 return testresult;
5333 }
5334
5335 static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s,
5336 const unsigned char *gcm_iv, size_t gcm_ivlen,
5337 const unsigned char *gcm_pt, size_t gcm_pt_s,
5338 const unsigned char *gcm_aad, size_t gcm_aad_s,
5339 const unsigned char *gcm_ct, size_t gcm_ct_s,
5340 const unsigned char *gcm_tag, size_t gcm_tag_s)
5341 {
5342 int ret = 0;
5343 EVP_CIPHER_CTX *ctx;
5344 EVP_CIPHER *cipher = NULL;
5345 int outlen, tmplen;
5346 unsigned char outbuf[1024];
5347 unsigned char outtag[16];
5348 OSSL_PARAM params[2] = {
5349 OSSL_PARAM_END, OSSL_PARAM_END
5350 };
5351
5352 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
5353 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")))
5354 goto err;
5355
5356 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
5357 &gcm_ivlen);
5358
5359 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
5360 || (gcm_aad != NULL
5361 && !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen,
5362 gcm_aad, gcm_aad_s)))
5363 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen,
5364 gcm_pt, gcm_pt_s))
5365 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)))
5366 goto err;
5367
5368 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
5369 outtag, sizeof(outtag));
5370
5371 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params))
5372 || !TEST_mem_eq(outbuf, outlen, gcm_ct, gcm_ct_s)
5373 || !TEST_mem_eq(outtag, gcm_tag_s, gcm_tag, gcm_tag_s))
5374 goto err;
5375
5376 ret = 1;
5377 err:
5378 EVP_CIPHER_free(cipher);
5379 EVP_CIPHER_CTX_free(ctx);
5380
5381 return ret;
5382 }
5383
5384 static int aes_gcm_decrypt(const unsigned char *gcm_key, size_t gcm_key_s,
5385 const unsigned char *gcm_iv, size_t gcm_ivlen,
5386 const unsigned char *gcm_pt, size_t gcm_pt_s,
5387 const unsigned char *gcm_aad, size_t gcm_aad_s,
5388 const unsigned char *gcm_ct, size_t gcm_ct_s,
5389 const unsigned char *gcm_tag, size_t gcm_tag_s)
5390 {
5391 int ret = 0;
5392 EVP_CIPHER_CTX *ctx;
5393 EVP_CIPHER *cipher = NULL;
5394 int outlen;
5395 unsigned char outbuf[1024];
5396 OSSL_PARAM params[2] = {
5397 OSSL_PARAM_END, OSSL_PARAM_END
5398 };
5399
5400 if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
5401 goto err;
5402
5403 if ((cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")) == NULL)
5404 goto err;
5405
5406 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
5407 &gcm_ivlen);
5408
5409 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
5410 || (gcm_aad != NULL
5411 && !TEST_true(EVP_DecryptUpdate(ctx, NULL, &outlen,
5412 gcm_aad, gcm_aad_s)))
5413 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen,
5414 gcm_ct, gcm_ct_s))
5415 || !TEST_mem_eq(outbuf, outlen, gcm_pt, gcm_pt_s))
5416 goto err;
5417
5418 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
5419 (void*)gcm_tag, gcm_tag_s);
5420
5421 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))
5422 ||!TEST_true(EVP_DecryptFinal_ex(ctx, outbuf, &outlen)))
5423 goto err;
5424
5425 ret = 1;
5426 err:
5427 EVP_CIPHER_free(cipher);
5428 EVP_CIPHER_CTX_free(ctx);
5429
5430 return ret;
5431 }
5432
5433 static int test_aes_gcm_ivlen_change_cve_2023_5363(void)
5434 {
5435 /* AES-GCM test data obtained from NIST public test vectors */
5436 static const unsigned char gcm_key[] = {
5437 0xd0, 0xc2, 0x67, 0xc1, 0x9f, 0x30, 0xd8, 0x0b, 0x89, 0x14, 0xbb, 0xbf,
5438 0xb7, 0x2f, 0x73, 0xb8, 0xd3, 0xcd, 0x5f, 0x6a, 0x78, 0x70, 0x15, 0x84,
5439 0x8a, 0x7b, 0x30, 0xe3, 0x8f, 0x16, 0xf1, 0x8b,
5440 };
5441 static const unsigned char gcm_iv[] = {
5442 0xb6, 0xdc, 0xda, 0x95, 0xac, 0x99, 0x77, 0x76, 0x25, 0xae, 0x87, 0xf8,
5443 0xa3, 0xa9, 0xdd, 0x64, 0xd7, 0x9b, 0xbd, 0x5f, 0x4a, 0x0e, 0x54, 0xca,
5444 0x1a, 0x9f, 0xa2, 0xe3, 0xf4, 0x5f, 0x5f, 0xc2, 0xce, 0xa7, 0xb6, 0x14,
5445 0x12, 0x6f, 0xf0, 0xaf, 0xfd, 0x3e, 0x17, 0x35, 0x6e, 0xa0, 0x16, 0x09,
5446 0xdd, 0xa1, 0x3f, 0xd8, 0xdd, 0xf3, 0xdf, 0x4f, 0xcb, 0x18, 0x49, 0xb8,
5447 0xb3, 0x69, 0x2c, 0x5d, 0x4f, 0xad, 0x30, 0x91, 0x08, 0xbc, 0xbe, 0x24,
5448 0x01, 0x0f, 0xbe, 0x9c, 0xfb, 0x4f, 0x5d, 0x19, 0x7f, 0x4c, 0x53, 0xb0,
5449 0x95, 0x90, 0xac, 0x7b, 0x1f, 0x7b, 0xa0, 0x99, 0xe1, 0xf3, 0x48, 0x54,
5450 0xd0, 0xfc, 0xa9, 0xcc, 0x91, 0xf8, 0x1f, 0x9b, 0x6c, 0x9a, 0xe0, 0xdc,
5451 0x63, 0xea, 0x7d, 0x2a, 0x4a, 0x7d, 0xa5, 0xed, 0x68, 0x57, 0x27, 0x6b,
5452 0x68, 0xe0, 0xf2, 0xb8, 0x51, 0x50, 0x8d, 0x3d,
5453 };
5454 static const unsigned char gcm_pt[] = {
5455 0xb8, 0xb6, 0x88, 0x36, 0x44, 0xe2, 0x34, 0xdf, 0x24, 0x32, 0x91, 0x07,
5456 0x4f, 0xe3, 0x6f, 0x81,
5457 };
5458 static const unsigned char gcm_ct[] = {
5459 0xff, 0x4f, 0xb3, 0xf3, 0xf9, 0xa2, 0x51, 0xd4, 0x82, 0xc2, 0xbe, 0xf3,
5460 0xe2, 0xd0, 0xec, 0xed,
5461 };
5462 static const unsigned char gcm_tag[] = {
5463 0xbd, 0x06, 0x38, 0x09, 0xf7, 0xe1, 0xc4, 0x72, 0x0e, 0xf2, 0xea, 0x63,
5464 0xdb, 0x99, 0x6c, 0x21,
5465 };
5466
5467 return aes_gcm_encrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv),
5468 gcm_pt, sizeof(gcm_pt), NULL, 0,
5469 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag))
5470 && aes_gcm_decrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv),
5471 gcm_pt, sizeof(gcm_pt), NULL, 0,
5472 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag));
5473 }
5474
5475 #ifndef OPENSSL_NO_RC4
5476 static int rc4_encrypt(const unsigned char *rc4_key, size_t rc4_key_s,
5477 const unsigned char *rc4_pt, size_t rc4_pt_s,
5478 const unsigned char *rc4_ct, size_t rc4_ct_s)
5479 {
5480 int ret = 0;
5481 EVP_CIPHER_CTX *ctx;
5482 EVP_CIPHER *cipher = NULL;
5483 int outlen, tmplen;
5484 unsigned char outbuf[1024];
5485 OSSL_PARAM params[2] = {
5486 OSSL_PARAM_END, OSSL_PARAM_END
5487 };
5488
5489 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
5490 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "RC4", "")))
5491 goto err;
5492
5493 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
5494 &rc4_key_s);
5495
5496 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, rc4_key, NULL, params))
5497 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen,
5498 rc4_pt, rc4_pt_s))
5499 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)))
5500 goto err;
5501
5502 if (!TEST_mem_eq(outbuf, outlen, rc4_ct, rc4_ct_s))
5503 goto err;
5504
5505 ret = 1;
5506 err:
5507 EVP_CIPHER_free(cipher);
5508 EVP_CIPHER_CTX_free(ctx);
5509
5510 return ret;
5511 }
5512
5513 static int rc4_decrypt(const unsigned char *rc4_key, size_t rc4_key_s,
5514 const unsigned char *rc4_pt, size_t rc4_pt_s,
5515 const unsigned char *rc4_ct, size_t rc4_ct_s)
5516 {
5517 int ret = 0;
5518 EVP_CIPHER_CTX *ctx;
5519 EVP_CIPHER *cipher = NULL;
5520 int outlen;
5521 unsigned char outbuf[1024];
5522 OSSL_PARAM params[2] = {
5523 OSSL_PARAM_END, OSSL_PARAM_END
5524 };
5525
5526 if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
5527 goto err;
5528
5529 if ((cipher = EVP_CIPHER_fetch(testctx, "RC4", "")) == NULL)
5530 goto err;
5531
5532 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
5533 &rc4_key_s);
5534
5535 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, rc4_key, NULL, params))
5536 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen,
5537 rc4_ct, rc4_ct_s))
5538 || !TEST_mem_eq(outbuf, outlen, rc4_pt, rc4_pt_s))
5539 goto err;
5540
5541 ret = 1;
5542 err:
5543 EVP_CIPHER_free(cipher);
5544 EVP_CIPHER_CTX_free(ctx);
5545
5546 return ret;
5547 }
5548
5549 static int test_aes_rc4_keylen_change_cve_2023_5363(void)
5550 {
5551 /* RC4 test data obtained from RFC 6229 */
5552 static const struct {
5553 unsigned char key[5];
5554 unsigned char padding[11];
5555 } rc4_key = {
5556 { /* Five bytes of key material */
5557 0x83, 0x32, 0x22, 0x77, 0x2a,
5558 },
5559 { /* Random padding to 16 bytes */
5560 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 0xaa, 0x32, 0x91
5561 }
5562 };
5563 static const unsigned char rc4_pt[] = {
5564 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5565 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
5566 };
5567 static const unsigned char rc4_ct[] = {
5568 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a,
5569 0x2e, 0x87, 0x9e, 0x92, 0xa4, 0x97, 0xef, 0xda
5570 };
5571
5572 if (lgcyprov == NULL)
5573 return TEST_skip("Test requires legacy provider to be loaded");
5574
5575 return rc4_encrypt(rc4_key.key, sizeof(rc4_key.key),
5576 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct))
5577 && rc4_decrypt(rc4_key.key, sizeof(rc4_key.key),
5578 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct));
5579 }
5580 #endif
5581
5582 int setup_tests(void)
5583 {
5584 OPTION_CHOICE o;
5585
5586 while ((o = opt_next()) != OPT_EOF) {
5587 switch (o) {
5588 case OPT_CONTEXT:
5589 /* Set up an alternate library context */
5590 testctx = OSSL_LIB_CTX_new();
5591 if (!TEST_ptr(testctx))
5592 return 0;
5593 #ifdef STATIC_LEGACY
5594 /*
5595 * This test is always statically linked against libcrypto. We must not
5596 * attempt to load legacy.so that might be dynamically linked against
5597 * libcrypto. Instead we use a built-in version of the legacy provider.
5598 */
5599 if (!OSSL_PROVIDER_add_builtin(testctx, "legacy", ossl_legacy_provider_init))
5600 return 0;
5601 #endif
5602 /* Swap the libctx to test non-default context only */
5603 nullprov = OSSL_PROVIDER_load(NULL, "null");
5604 deflprov = OSSL_PROVIDER_load(testctx, "default");
5605 #ifndef OPENSSL_SYS_TANDEM
5606 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
5607 #endif
5608 break;
5609 case OPT_TEST_CASES:
5610 break;
5611 default:
5612 return 0;
5613 }
5614 }
5615
5616 ADD_TEST(test_EVP_set_default_properties);
5617 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
5618 ADD_TEST(test_EVP_DigestVerifyInit);
5619 #ifndef OPENSSL_NO_SIPHASH
5620 ADD_TEST(test_siphash_digestsign);
5621 #endif
5622 ADD_TEST(test_EVP_Digest);
5623 ADD_TEST(test_EVP_md_null);
5624 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
5625 #ifndef OPENSSL_NO_DEPRECATED_3_0
5626 ADD_ALL_TESTS(test_EVP_PKEY_sign_with_app_method, 2);
5627 #endif
5628 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
5629 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
5630 ADD_TEST(test_privatekey_to_pkcs8);
5631 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
5632 #ifndef OPENSSL_NO_EC
5633 ADD_TEST(test_EVP_PKCS82PKEY);
5634 #endif
5635 #ifndef OPENSSL_NO_EC
5636 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
5637 #endif
5638 #if !defined(OPENSSL_NO_SM2)
5639 ADD_TEST(test_EVP_SM2);
5640 ADD_TEST(test_EVP_SM2_verify);
5641 #endif
5642 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
5643 #ifndef OPENSSL_NO_DEPRECATED_3_0
5644 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
5645 if (!TEST_ptr(custom_pmeth))
5646 return 0;
5647 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
5648 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
5649 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
5650 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
5651 return 0;
5652 #endif
5653 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
5654 #ifndef OPENSSL_NO_CMAC
5655 ADD_TEST(test_CMAC_keygen);
5656 #endif
5657 ADD_TEST(test_HKDF);
5658 ADD_TEST(test_emptyikm_HKDF);
5659 #ifndef OPENSSL_NO_EC
5660 ADD_TEST(test_X509_PUBKEY_inplace);
5661 ADD_TEST(test_X509_PUBKEY_dup);
5662 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
5663 OSSL_NELEM(ec_der_pub_keys));
5664 #endif
5665 #ifndef OPENSSL_NO_DSA
5666 ADD_TEST(test_DSA_get_set_params);
5667 ADD_TEST(test_DSA_priv_pub);
5668 #endif
5669 ADD_TEST(test_RSA_get_set_params);
5670 ADD_TEST(test_RSA_OAEP_set_get_params);
5671 ADD_TEST(test_RSA_OAEP_set_null_label);
5672 #ifndef OPENSSL_NO_DEPRECATED_3_0
5673 ADD_TEST(test_RSA_legacy);
5674 #endif
5675 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
5676 ADD_TEST(test_decrypt_null_chunks);
5677 #endif
5678 #ifndef OPENSSL_NO_DH
5679 ADD_TEST(test_DH_priv_pub);
5680 # ifndef OPENSSL_NO_DEPRECATED_3_0
5681 ADD_TEST(test_EVP_PKEY_set1_DH);
5682 # endif
5683 #endif
5684 #ifndef OPENSSL_NO_EC
5685 ADD_TEST(test_EC_priv_pub);
5686 ADD_TEST(test_evp_get_ec_pub);
5687 # ifndef OPENSSL_NO_DEPRECATED_3_0
5688 ADD_TEST(test_EC_priv_only_legacy);
5689 ADD_TEST(test_evp_get_ec_pub_legacy);
5690 # endif
5691 #endif
5692 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
5693 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
5694
5695 ADD_TEST(test_rand_agglomeration);
5696 ADD_ALL_TESTS(test_evp_iv_aes, 12);
5697 #ifndef OPENSSL_NO_DES
5698 ADD_ALL_TESTS(test_evp_iv_des, 6);
5699 #endif
5700 #ifndef OPENSSL_NO_BF
5701 ADD_ALL_TESTS(test_evp_bf_default_keylen, 4);
5702 #endif
5703 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
5704 ADD_TEST(test_EVP_rsa_pss_set_saltlen);
5705 #ifndef OPENSSL_NO_EC
5706 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
5707 #endif
5708
5709 ADD_TEST(test_names_do_all);
5710
5711 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
5712 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
5713 ADD_ALL_TESTS(test_evp_reinit_seq, OSSL_NELEM(evp_reinit_tests));
5714 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
5715 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
5716 ADD_ALL_TESTS(test_ivlen_change, OSSL_NELEM(ivlen_change_ciphers));
5717 if (OSSL_NELEM(keylen_change_ciphers) - 1 > 0)
5718 ADD_ALL_TESTS(test_keylen_change, OSSL_NELEM(keylen_change_ciphers) - 1);
5719
5720 #ifndef OPENSSL_NO_DEPRECATED_3_0
5721 ADD_ALL_TESTS(test_custom_pmeth, 12);
5722 ADD_TEST(test_evp_md_cipher_meth);
5723 ADD_TEST(test_custom_md_meth);
5724 ADD_TEST(test_custom_ciph_meth);
5725
5726 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
5727 /* Tests only support the default libctx */
5728 if (testctx == NULL) {
5729 # ifndef OPENSSL_NO_EC
5730 ADD_ALL_TESTS(test_signatures_with_engine, 3);
5731 # else
5732 ADD_ALL_TESTS(test_signatures_with_engine, 2);
5733 # endif
5734 ADD_TEST(test_cipher_with_engine);
5735 }
5736 # endif
5737 #endif
5738
5739 #ifndef OPENSSL_NO_ECX
5740 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
5741 ADD_ALL_TESTS(test_ecx_not_private_key, OSSL_NELEM(keys));
5742 #endif
5743
5744 ADD_TEST(test_sign_continuation);
5745
5746 /* Test cases for CVE-2023-5363 */
5747 ADD_TEST(test_aes_gcm_ivlen_change_cve_2023_5363);
5748 #ifndef OPENSSL_NO_RC4
5749 ADD_TEST(test_aes_rc4_keylen_change_cve_2023_5363);
5750 #endif
5751
5752 return 1;
5753 }
5754
5755 void cleanup_tests(void)
5756 {
5757 OSSL_PROVIDER_unload(nullprov);
5758 OSSL_PROVIDER_unload(deflprov);
5759 #ifndef OPENSSL_SYS_TANDEM
5760 OSSL_PROVIDER_unload(lgcyprov);
5761 #endif
5762 OSSL_LIB_CTX_free(testctx);
5763 }
A mirror of the official openssl repository