]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/evp_extra_test.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fix EVP_PKEY_CTX_get_rsa_pss_saltlen() not returning a value
[thirdparty/openssl.git] / test / evp_extra_test.c
1 /*
2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
34 #include "testutil.h"
35 #include "internal/nelem.h"
36 #include "internal/sizes.h"
37 #include "crypto/evp.h"
38 #include "../e_os.h" /* strcasecmp */
39
40 static OSSL_LIB_CTX *testctx = NULL;
41 static char *testpropq = NULL;
42
43 static OSSL_PROVIDER *nullprov = NULL;
44 static OSSL_PROVIDER *deflprov = NULL;
45 static OSSL_PROVIDER *lgcyprov = NULL;
46
47 /*
48 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
49 * should never use this key anywhere but in an example.
50 */
51 static const unsigned char kExampleRSAKeyDER[] = {
52 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
53 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
54 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
55 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
56 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
57 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
58 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
59 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
60 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
61 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
62 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
63 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
64 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
65 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
66 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
67 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
68 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
69 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
70 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
71 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
72 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
73 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
74 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
75 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
76 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
77 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
78 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
79 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
80 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
81 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
82 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
83 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
84 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
85 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
86 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
87 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
88 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
89 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
90 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
91 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
92 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
93 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
94 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
95 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
96 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
97 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
98 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
99 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
100 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
101 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
102 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
103 };
104
105 /*
106 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
107 * should never use this key anywhere but in an example.
108 */
109 #ifndef OPENSSL_NO_DSA
110 static const unsigned char kExampleDSAKeyDER[] = {
111 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
112 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
113 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
114 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
115 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
116 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
117 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
118 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
119 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
120 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
121 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
122 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
123 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
124 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
125 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
126 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
127 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
128 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
129 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
130 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
131 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
132 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
133 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
134 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
135 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
136 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
137 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
138 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
139 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
140 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
141 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
142 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
143 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
144 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
145 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
146 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
147 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
148 0x40, 0x48
149 };
150 #endif
151
152 /*
153 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
154 * components are not correct.
155 */
156 static const unsigned char kExampleBadRSAKeyDER[] = {
157 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
158 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
159 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
160 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
161 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
162 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
163 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
164 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
165 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
166 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
167 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
168 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
169 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
170 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
171 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
172 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
173 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
174 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
175 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
176 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
177 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
178 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
179 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
180 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
181 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
182 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
183 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
184 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
185 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
186 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
187 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
188 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
189 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
190 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
191 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
192 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
193 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
194 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
195 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
196 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
197 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
198 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
199 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
200 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
201 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
202 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
203 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
204 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
205 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
206 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
207 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
208 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
209 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
210 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
211 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
212 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
213 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
214 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
215 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
216 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
217 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
218 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
219 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
220 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
221 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
222 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
223 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
224 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
225 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
226 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
227 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
228 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
229 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
230 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
231 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
232 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
233 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
234 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
235 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
236 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
237 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
238 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
239 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
240 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
241 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
242 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
243 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
244 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
245 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
246 };
247
248 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
249
250 static const unsigned char kSignature[] = {
251 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
252 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
253 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
254 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
255 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
256 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
257 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
258 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
259 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
260 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
261 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
262 };
263
264 /*
265 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
266 * PrivateKeyInfo.
267 */
268 static const unsigned char kExampleRSAKeyPKCS8[] = {
269 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
270 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
271 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
272 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
273 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
274 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
275 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
276 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
277 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
278 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
279 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
280 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
281 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
282 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
283 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
284 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
285 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
286 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
287 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
288 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
289 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
290 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
291 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
292 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
293 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
294 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
295 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
296 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
297 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
298 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
299 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
300 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
301 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
302 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
303 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
304 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
305 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
306 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
307 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
308 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
309 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
310 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
311 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
312 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
313 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
314 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
315 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
316 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
317 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
318 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
319 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
320 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
321 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
322 };
323
324 #ifndef OPENSSL_NO_EC
325 /*
326 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
327 * structure.
328 */
329 static const unsigned char kExampleECKeyDER[] = {
330 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
331 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
332 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
333 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
334 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
335 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
336 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
337 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
338 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
339 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
340 0xc1,
341 };
342
343 /*
344 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
345 * structure. The private key is equal to the order and will fail to import
346 */
347 static const unsigned char kExampleBadECKeyDER[] = {
348 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
349 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
350 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
351 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
352 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
353 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
354 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
355 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
356 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
357 };
358
359 /* prime256v1 */
360 static const unsigned char kExampleECPubKeyDER[] = {
361 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
362 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
363 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
364 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
365 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
366 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
367 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
368 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
369 };
370
371 /*
372 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
373 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
374 */
375 static const unsigned char kExampleBadECPubKeyDER[] = {
376 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
377 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
378 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
379 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
380 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
381 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
382 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
383 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
384 };
385
386 static const unsigned char pExampleECParamDER[] = {
387 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
388 };
389
390 static const unsigned char kExampleED25519KeyDER[] = {
391 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
392 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
393 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
394 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
395 };
396
397 static const unsigned char kExampleED25519PubKeyDER[] = {
398 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
399 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
400 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
401 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
402 };
403
404 # ifndef OPENSSL_NO_DEPRECATED_3_0
405 static const unsigned char kExampleX25519KeyDER[] = {
406 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
407 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
408 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
409 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
410 };
411 # endif
412 #endif
413
414 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
415 #ifndef OPENSSL_NO_DEPRECATED_3_0
416 # ifndef OPENSSL_NO_DH
417 static const unsigned char kExampleDHKeyDER[] = {
418 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
419 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
420 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
421 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
422 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
423 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
424 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
425 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
426 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
427 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
428 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
429 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
430 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
431 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
432 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
433 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
434 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
435 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
436 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
437 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
438 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
439 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
440 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
441 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
442 0x2e, 0x87, 0x2a, 0x0b, 0x7a
443 };
444 # endif
445 #endif
446
447 static const unsigned char kCFBDefaultKey[] = {
448 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
449 0x09, 0xCF, 0x4F, 0x3C
450 };
451
452 static const unsigned char kGCMDefaultKey[32] = { 0 };
453
454 static const unsigned char kGCMResetKey[] = {
455 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
456 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
457 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
458 };
459
460 static const unsigned char iCFBIV[] = {
461 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
462 0x0C, 0x0D, 0x0E, 0x0F
463 };
464
465 static const unsigned char iGCMDefaultIV[12] = { 0 };
466
467 static const unsigned char iGCMResetIV1[] = {
468 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
469 };
470
471 static const unsigned char iGCMResetIV2[] = {
472 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
473 };
474
475 static const unsigned char cfbPlaintext[] = {
476 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
477 0x73, 0x93, 0x17, 0x2A
478 };
479
480 static const unsigned char gcmDefaultPlaintext[16] = { 0 };
481
482 static const unsigned char gcmResetPlaintext[] = {
483 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
484 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
485 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
486 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
487 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
488 };
489
490 static const unsigned char cfbCiphertext[] = {
491 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
492 0xE8, 0x3C, 0xFB, 0x4A
493 };
494
495 static const unsigned char gcmDefaultCiphertext[] = {
496 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
497 0xba, 0xf3, 0x9d, 0x18
498 };
499
500 static const unsigned char gcmResetCiphertext1[] = {
501 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
502 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
503 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
504 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
505 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
506 };
507
508 static const unsigned char gcmResetCiphertext2[] = {
509 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
510 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
511 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
512 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
513 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
514 };
515
516 static const unsigned char gcmAAD[] = {
517 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
518 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
519 };
520
521 static const unsigned char gcmDefaultTag[] = {
522 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
523 0xd4, 0x8a, 0xb9, 0x19
524 };
525
526 static const unsigned char gcmResetTag1[] = {
527 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
528 0xfe, 0x2e, 0xa8, 0xf2
529 };
530
531 static const unsigned char gcmResetTag2[] = {
532 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
533 0xbb, 0x2d, 0x55, 0x1b
534 };
535
536 typedef struct APK_DATA_st {
537 const unsigned char *kder;
538 size_t size;
539 const char *keytype;
540 int evptype;
541 int check;
542 int pub_check;
543 int param_check;
544 int type; /* 0 for private, 1 for public, 2 for params */
545 } APK_DATA;
546
547 static APK_DATA keydata[] = {
548 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
549 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
550 #ifndef OPENSSL_NO_EC
551 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
552 #endif
553 };
554
555 static APK_DATA keycheckdata[] = {
556 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
557 0},
558 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
559 0, 1, 1, 0},
560 #ifndef OPENSSL_NO_EC
561 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
562 /* group is also associated in our pub key */
563 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
564 1, 1},
565 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
566 2},
567 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
568 EVP_PKEY_ED25519, 1, 1, 1, 0},
569 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
570 EVP_PKEY_ED25519, 0, 1, 1, 1},
571 #endif
572 };
573
574 static EVP_PKEY *load_example_key(const char *keytype,
575 const unsigned char *data, size_t data_len)
576 {
577 const unsigned char **pdata = &data;
578 EVP_PKEY *pkey = NULL;
579 OSSL_DECODER_CTX *dctx =
580 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
581 testctx, testpropq);
582
583 /* |pkey| will be NULL on error */
584 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
585 OSSL_DECODER_CTX_free(dctx);
586 return pkey;
587 }
588
589 static EVP_PKEY *load_example_rsa_key(void)
590 {
591 return load_example_key("RSA", kExampleRSAKeyDER,
592 sizeof(kExampleRSAKeyDER));
593 }
594
595 #ifndef OPENSSL_NO_DSA
596 static EVP_PKEY *load_example_dsa_key(void)
597 {
598 return load_example_key("DSA", kExampleDSAKeyDER,
599 sizeof(kExampleDSAKeyDER));
600 }
601 #endif
602
603 #ifndef OPENSSL_NO_EC
604 static EVP_PKEY *load_example_ec_key(void)
605 {
606 return load_example_key("EC", kExampleECKeyDER,
607 sizeof(kExampleECKeyDER));
608 }
609 #endif
610
611 #ifndef OPENSSL_NO_DEPRECATED_3_0
612 # ifndef OPENSSL_NO_DH
613 static EVP_PKEY *load_example_dh_key(void)
614 {
615 return load_example_key("DH", kExampleDHKeyDER,
616 sizeof(kExampleDHKeyDER));
617 }
618 # endif
619
620 # ifndef OPENSSL_NO_EC
621 static EVP_PKEY *load_example_ed25519_key(void)
622 {
623 return load_example_key("ED25519", kExampleED25519KeyDER,
624 sizeof(kExampleED25519KeyDER));
625 }
626
627 static EVP_PKEY *load_example_x25519_key(void)
628 {
629 return load_example_key("X25519", kExampleX25519KeyDER,
630 sizeof(kExampleX25519KeyDER));
631 }
632 # endif
633 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
634
635 static EVP_PKEY *load_example_hmac_key(void)
636 {
637 EVP_PKEY *pkey = NULL;
638 unsigned char key[] = {
639 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
640 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
641 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
642 };
643
644 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
645 NULL, key, sizeof(key));
646 if (!TEST_ptr(pkey))
647 return NULL;
648
649 return pkey;
650 }
651
652 static int test_EVP_set_default_properties(void)
653 {
654 OSSL_LIB_CTX *ctx;
655 EVP_MD *md = NULL;
656 int res = 0;
657
658 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
659 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
660 goto err;
661 EVP_MD_free(md);
662 md = NULL;
663
664 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
665 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
666 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
667 goto err;
668 EVP_MD_free(md);
669 md = NULL;
670
671 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
672 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
673 goto err;
674 res = 1;
675 err:
676 EVP_MD_free(md);
677 OSSL_LIB_CTX_free(ctx);
678 return res;
679 }
680
681 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
682 static int test_fromdata(char *keytype, int selection, OSSL_PARAM *params)
683 {
684 EVP_PKEY_CTX *pctx = NULL;
685 EVP_PKEY *pkey = NULL;
686 int testresult = 0;
687 int ret;
688 BIO *bio = BIO_new(BIO_s_mem());
689
690 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
691 goto err;
692 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
693 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
694 params), 0))
695 goto err;
696
697 if (!TEST_ptr(pkey))
698 goto err;
699
700 /* Check we can use the resulting key */
701 ret = PEM_write_bio_PUBKEY(bio, pkey);
702 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
703 if (!TEST_true(ret))
704 goto err;
705 } else {
706 if (!TEST_false(ret))
707 goto err;
708 }
709 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
710 testctx, NULL);
711 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
712 if (!TEST_true(ret))
713 goto err;
714 } else {
715 if (!TEST_false(ret))
716 goto err;
717 }
718
719 testresult = 1;
720 err:
721 EVP_PKEY_free(pkey);
722 EVP_PKEY_CTX_free(pctx);
723 BIO_free(bio);
724
725 return testresult;
726 }
727 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
728
729 /*
730 * Test combinations of private, public, missing and private + public key
731 * params to ensure they are all accepted
732 */
733 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
734 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
735 {
736 OSSL_PARAM_BLD *bld = NULL;
737 OSSL_PARAM *params = NULL;
738 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
739 int ret = 0;
740
741 /*
742 * Setup the parameters for our pkey object. For our purposes they don't
743 * have to actually be *valid* parameters. We just need to set something.
744 */
745 if (!TEST_ptr(p = BN_new())
746 || !TEST_ptr(q = BN_new())
747 || !TEST_ptr(g = BN_new())
748 || !TEST_ptr(pub = BN_new())
749 || !TEST_ptr(priv = BN_new()))
750 goto err;
751
752 /* Test !priv and !pub */
753 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
754 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
755 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
756 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
757 goto err;
758 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
759 goto err;
760
761 if (!test_fromdata(keytype, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, params))
762 goto err;
763 OSSL_PARAM_free(params);
764 params = NULL;
765 OSSL_PARAM_BLD_free(bld);
766
767 /* Test priv and !pub */
768 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
769 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
770 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
771 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
772 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
773 priv)))
774 goto err;
775 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
776 goto err;
777
778 if (!test_fromdata(keytype, OSSL_KEYMGMT_SELECT_PRIVATE_KEY, params))
779 goto err;
780 OSSL_PARAM_free(params);
781 params = NULL;
782 OSSL_PARAM_BLD_free(bld);
783
784 /* Test !priv and pub */
785 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
786 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
787 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
788 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
789 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
790 pub)))
791 goto err;
792 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
793 goto err;
794
795 if (!test_fromdata(keytype, OSSL_KEYMGMT_SELECT_PUBLIC_KEY, params))
796 goto err;
797 OSSL_PARAM_free(params);
798 params = NULL;
799 OSSL_PARAM_BLD_free(bld);
800
801 /* Test priv and pub */
802 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
803 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
804 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
805 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
806 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
807 pub))
808 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
809 priv)))
810 goto err;
811 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
812 goto err;
813
814 if (!test_fromdata(keytype, EVP_PKEY_KEYPAIR, params))
815 goto err;
816
817 ret = 1;
818 err:
819 OSSL_PARAM_free(params);
820 OSSL_PARAM_BLD_free(bld);
821 BN_free(p);
822 BN_free(q);
823 BN_free(g);
824 BN_free(pub);
825 BN_free(priv);
826
827 return ret;
828 }
829 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
830
831 /*
832 * Test combinations of private, public, missing and private + public key
833 * params to ensure they are all accepted for EC keys
834 */
835 #ifndef OPENSSL_NO_EC
836 static unsigned char ec_priv[] = {
837 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
838 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
839 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
840 };
841 static unsigned char ec_pub[] = {
842 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
843 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
844 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
845 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
846 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
847 0x08, 0x09, 0xb8, 0xdb, 0x03
848 };
849
850 static int test_EC_priv_pub(void)
851 {
852 OSSL_PARAM_BLD *bld = NULL;
853 OSSL_PARAM *params = NULL;
854 BIGNUM *priv = NULL;
855 int ret = 0;
856
857 /*
858 * Setup the parameters for our pkey object. For our purposes they don't
859 * have to actually be *valid* parameters. We just need to set something.
860 */
861 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
862 goto err;
863
864 /* Test !priv and !pub */
865 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
866 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
867 OSSL_PKEY_PARAM_GROUP_NAME,
868 "P-256", 0)))
869 goto err;
870 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
871 goto err;
872
873 if (!test_fromdata("EC", OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, params))
874 goto err;
875 OSSL_PARAM_free(params);
876 params = NULL;
877 OSSL_PARAM_BLD_free(bld);
878
879 /* Test priv and !pub */
880 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
881 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
882 OSSL_PKEY_PARAM_GROUP_NAME,
883 "P-256", 0))
884 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
885 priv)))
886 goto err;
887 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
888 goto err;
889
890 /*
891 * We indicate only parameters here. The "EVP_PKEY_fromdata" call will do
892 * the private key anyway, but the subsequent PEM_write_bio_PrivateKey_ex
893 * call is expected to fail because PEM_write_bio_PrivateKey_ex does not
894 * support exporting a private EC key without a corresponding public key
895 */
896 if (!test_fromdata("EC", OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, params))
897 goto err;
898 OSSL_PARAM_free(params);
899 params = NULL;
900 OSSL_PARAM_BLD_free(bld);
901
902 /* Test !priv and pub */
903 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
904 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
905 OSSL_PKEY_PARAM_GROUP_NAME,
906 "P-256", 0))
907 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
908 OSSL_PKEY_PARAM_PUB_KEY,
909 ec_pub, sizeof(ec_pub))))
910 goto err;
911 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
912 goto err;
913
914 if (!test_fromdata("EC", OSSL_KEYMGMT_SELECT_PUBLIC_KEY, params))
915 goto err;
916 OSSL_PARAM_free(params);
917 params = NULL;
918 OSSL_PARAM_BLD_free(bld);
919
920 /* Test priv and pub */
921 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
922 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
923 OSSL_PKEY_PARAM_GROUP_NAME,
924 "P-256", 0))
925 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
926 OSSL_PKEY_PARAM_PUB_KEY,
927 ec_pub, sizeof(ec_pub)))
928 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
929 priv)))
930 goto err;
931 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
932 goto err;
933
934 if (!test_fromdata("EC", EVP_PKEY_KEYPAIR, params))
935 goto err;
936
937 ret = 1;
938 err:
939 OSSL_PARAM_free(params);
940 OSSL_PARAM_BLD_free(bld);
941 BN_free(priv);
942
943 return ret;
944 }
945
946 /* Test that using a legacy EC key with only a private key in it works */
947 # ifndef OPENSSL_NO_DEPRECATED_3_0
948 static int test_EC_priv_only_legacy(void)
949 {
950 BIGNUM *priv = NULL;
951 int ret = 0;
952 EC_KEY *eckey = NULL;
953 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
954 EVP_MD_CTX *ctx = NULL;
955
956 /* Create the low level EC_KEY */
957 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
958 goto err;
959
960 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
961 if (!TEST_ptr(eckey))
962 goto err;
963
964 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
965 goto err;
966
967 pkey = EVP_PKEY_new();
968 if (!TEST_ptr(pkey))
969 goto err;
970
971 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
972 goto err;
973 eckey = NULL;
974
975 while (dup_pk == NULL) {
976 ret = 0;
977 ctx = EVP_MD_CTX_new();
978 if (!TEST_ptr(ctx))
979 goto err;
980
981 /*
982 * The EVP_DigestSignInit function should create the key on the
983 * provider side which is sufficient for this test.
984 */
985 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
986 testpropq, pkey, NULL)))
987 goto err;
988 EVP_MD_CTX_free(ctx);
989 ctx = NULL;
990
991 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
992 goto err;
993 /* EVP_PKEY_eq() returns -2 with missing public keys */
994 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
995 EVP_PKEY_free(pkey);
996 pkey = dup_pk;
997 if (!ret)
998 goto err;
999 }
1000
1001 err:
1002 EVP_MD_CTX_free(ctx);
1003 EVP_PKEY_free(pkey);
1004 EC_KEY_free(eckey);
1005 BN_free(priv);
1006
1007 return ret;
1008 }
1009 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
1010 #endif /* OPENSSL_NO_EC */
1011
1012 static int test_EVP_PKEY_sign(int tst)
1013 {
1014 int ret = 0;
1015 EVP_PKEY *pkey = NULL;
1016 unsigned char *sig = NULL;
1017 size_t sig_len = 0, shortsig_len = 1;
1018 EVP_PKEY_CTX *ctx = NULL;
1019 unsigned char tbs[] = {
1020 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1021 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1022 };
1023
1024 if (tst == 0) {
1025 if (!TEST_ptr(pkey = load_example_rsa_key()))
1026 goto out;
1027 } else if (tst == 1) {
1028 #ifndef OPENSSL_NO_DSA
1029 if (!TEST_ptr(pkey = load_example_dsa_key()))
1030 goto out;
1031 #else
1032 ret = 1;
1033 goto out;
1034 #endif
1035 } else {
1036 #ifndef OPENSSL_NO_EC
1037 if (!TEST_ptr(pkey = load_example_ec_key()))
1038 goto out;
1039 #else
1040 ret = 1;
1041 goto out;
1042 #endif
1043 }
1044
1045 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1046 if (!TEST_ptr(ctx)
1047 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1048 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1049 sizeof(tbs)), 0))
1050 goto out;
1051 sig = OPENSSL_malloc(sig_len);
1052 if (!TEST_ptr(sig)
1053 /* Test sending a signature buffer that is too short is rejected */
1054 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1055 sizeof(tbs)), 0)
1056 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1057 0)
1058 /* Test the signature round-trips */
1059 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1060 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1061 0))
1062 goto out;
1063
1064 ret = 1;
1065 out:
1066 EVP_PKEY_CTX_free(ctx);
1067 OPENSSL_free(sig);
1068 EVP_PKEY_free(pkey);
1069 return ret;
1070 }
1071
1072 /*
1073 * n = 0 => test using legacy cipher
1074 * n = 1 => test using fetched cipher
1075 */
1076 static int test_EVP_Enveloped(int n)
1077 {
1078 int ret = 0;
1079 EVP_CIPHER_CTX *ctx = NULL;
1080 EVP_PKEY *keypair = NULL;
1081 unsigned char *kek = NULL;
1082 unsigned char iv[EVP_MAX_IV_LENGTH];
1083 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1084 int len, kek_len, ciphertext_len, plaintext_len;
1085 unsigned char ciphertext[32], plaintext[16];
1086 EVP_CIPHER *type = NULL;
1087
1088 if (nullprov != NULL)
1089 return TEST_skip("Test does not support a non-default library context");
1090
1091 if (n == 0)
1092 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1093 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1094 testpropq)))
1095 goto err;
1096
1097 if (!TEST_ptr(keypair = load_example_rsa_key())
1098 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
1099 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1100 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1101 &keypair, 1))
1102 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1103 msg, sizeof(msg)))
1104 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1105 &len)))
1106 goto err;
1107
1108 ciphertext_len += len;
1109
1110 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1111 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1112 ciphertext, ciphertext_len))
1113 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1114 goto err;
1115
1116 plaintext_len += len;
1117 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1118 goto err;
1119
1120 ret = 1;
1121 err:
1122 if (n != 0)
1123 EVP_CIPHER_free(type);
1124 OPENSSL_free(kek);
1125 EVP_PKEY_free(keypair);
1126 EVP_CIPHER_CTX_free(ctx);
1127 return ret;
1128 }
1129
1130 /*
1131 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1132 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1133 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1134 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1135 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1136 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1137 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1138 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1139 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1140 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1141 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1142 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1143 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1144 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1145 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1146 * Test 15-29: Same as above with reinitialization
1147 */
1148 static int test_EVP_DigestSignInit(int tst)
1149 {
1150 int ret = 0;
1151 EVP_PKEY *pkey = NULL;
1152 unsigned char *sig = NULL, *sig2 = NULL;
1153 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
1154 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1155 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1156 BIO *mdbio = NULL, *membio = NULL;
1157 size_t written;
1158 const EVP_MD *md;
1159 EVP_MD *mdexp = NULL;
1160 int reinit = 0;
1161
1162 if (nullprov != NULL)
1163 return TEST_skip("Test does not support a non-default library context");
1164
1165 if (tst >= 15) {
1166 reinit = 1;
1167 tst -= 15;
1168 }
1169
1170 if (tst >= 6 && tst <= 8) {
1171 membio = BIO_new(BIO_s_mem());
1172 mdbio = BIO_new(BIO_f_md());
1173 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1174 goto out;
1175 BIO_push(mdbio, membio);
1176 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1177 goto out;
1178 } else {
1179 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1180 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1181 goto out;
1182 }
1183
1184 if (tst % 3 == 0) {
1185 if (!TEST_ptr(pkey = load_example_rsa_key()))
1186 goto out;
1187 } else if (tst % 3 == 1) {
1188 #ifndef OPENSSL_NO_DSA
1189 if (!TEST_ptr(pkey = load_example_dsa_key()))
1190 goto out;
1191 #else
1192 ret = 1;
1193 goto out;
1194 #endif
1195 } else {
1196 if (!TEST_ptr(pkey = load_example_hmac_key()))
1197 goto out;
1198 }
1199
1200 if (tst >= 3 && tst <= 5)
1201 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1202 else
1203 md = EVP_sha256();
1204
1205 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1206 goto out;
1207
1208 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
1209 goto out;
1210
1211 if (tst >= 6 && tst <= 8) {
1212 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1213 goto out;
1214 } else if (tst < 6) {
1215 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1216 goto out;
1217 }
1218
1219 if (tst >= 9) {
1220 /* Determine the size of the signature. */
1221 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1222 sizeof(kMsg)))
1223 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1224 goto out;
1225 if (tst <= 11) {
1226 /* Test that supply a short sig buffer fails */
1227 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1228 sizeof(kMsg))))
1229 goto out;
1230 /*
1231 * We end here because once EVP_DigestSign() has failed you should
1232 * not call it again without re-initing the ctx
1233 */
1234 ret = 1;
1235 goto out;
1236 }
1237 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1238 sizeof(kMsg))))
1239 goto out;
1240 } else {
1241 /* Determine the size of the signature. */
1242 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1243 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1244 /*
1245 * Trying to create a signature with a deliberately short
1246 * buffer should fail.
1247 */
1248 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1249 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1250 goto out;
1251 }
1252
1253 /*
1254 * Ensure that the signature round-trips (Verification isn't supported for
1255 * HMAC via EVP_DigestVerify*)
1256 */
1257 if (tst % 3 != 2) {
1258 if (tst >= 6 && tst <= 8) {
1259 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1260 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1261 goto out;
1262 }
1263
1264 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1265 NULL, pkey)))
1266 goto out;
1267
1268 if (tst >= 6 && tst <= 8) {
1269 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1270 goto out;
1271 } else {
1272 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1273 sizeof(kMsg))))
1274 goto out;
1275 }
1276 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1277 goto out;
1278
1279 /* Multiple calls to EVP_DigestVerifyFinal should work */
1280 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1281 goto out;
1282 } else {
1283 /*
1284 * For HMAC a doubled call to DigestSignFinal should produce the same
1285 * value as finalization should not happen.
1286 */
1287 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1288 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1289 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1290 goto out;
1291
1292 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1293 goto out;
1294 }
1295
1296 ret = 1;
1297
1298 out:
1299 BIO_free(membio);
1300 BIO_free(mdbio);
1301 EVP_MD_CTX_free(a_md_ctx);
1302 EVP_MD_CTX_free(a_md_ctx_verify);
1303 EVP_PKEY_free(pkey);
1304 OPENSSL_free(sig);
1305 OPENSSL_free(sig2);
1306 EVP_MD_free(mdexp);
1307
1308 return ret;
1309 }
1310
1311 static int test_EVP_DigestVerifyInit(void)
1312 {
1313 int ret = 0;
1314 EVP_PKEY *pkey = NULL;
1315 EVP_MD_CTX *md_ctx = NULL;
1316
1317 if (nullprov != NULL)
1318 return TEST_skip("Test does not support a non-default library context");
1319
1320 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1321 || !TEST_ptr(pkey = load_example_rsa_key()))
1322 goto out;
1323
1324 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1325 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1326 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1327 sizeof(kSignature)), 0))
1328 goto out;
1329
1330 /* test with reinitialization */
1331 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
1332 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1333 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1334 sizeof(kSignature)), 0))
1335 goto out;
1336 ret = 1;
1337
1338 out:
1339 EVP_MD_CTX_free(md_ctx);
1340 EVP_PKEY_free(pkey);
1341 return ret;
1342 }
1343
1344 #ifndef OPENSSL_NO_SIPHASH
1345 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
1346 static int test_siphash_digestsign(void)
1347 {
1348 unsigned char key[16];
1349 unsigned char buf[8], digest[8];
1350 unsigned char expected[8] = {
1351 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1352 };
1353 EVP_PKEY *pkey = NULL;
1354 EVP_MD_CTX *mdctx = NULL;
1355 EVP_PKEY_CTX *ctx = NULL;
1356 int ret = 0;
1357 size_t len = 8;
1358
1359 if (nullprov != NULL)
1360 return TEST_skip("Test does not support a non-default library context");
1361
1362 memset(buf, 0, 8);
1363 memset(key, 1, 16);
1364 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
1365 key, 16)))
1366 goto out;
1367
1368 if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
1369 goto out;
1370
1371 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
1372 goto out;
1373 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
1374 EVP_PKEY_CTRL_SET_DIGEST_SIZE,
1375 8, NULL), 1))
1376 goto out;
1377 /* reinitialize */
1378 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
1379 goto out;
1380 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
1381 goto out;
1382 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
1383 goto out;
1384 if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
1385 goto out;
1386
1387 ret = 1;
1388 out:
1389 EVP_PKEY_free(pkey);
1390 EVP_MD_CTX_free(mdctx);
1391 return ret;
1392 }
1393 #endif
1394
1395 /*
1396 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1397 */
1398 static int test_EVP_Digest(void)
1399 {
1400 int ret = 0;
1401 EVP_MD_CTX *md_ctx = NULL;
1402 unsigned char md[EVP_MAX_MD_SIZE];
1403 EVP_MD *sha256 = NULL;
1404 EVP_MD *shake256 = NULL;
1405
1406 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1407 goto out;
1408
1409 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1410 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1411 goto out;
1412
1413 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1414 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1415 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1416 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1417 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1418 goto out;
1419
1420 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1421 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1422 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1423 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1424 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1425 /*
1426 * EVP_DigestInit_ex with NULL type should work on
1427 * pre-initialized context.
1428 */
1429 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1430 goto out;
1431
1432 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1433 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1434 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1435 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1436 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1437 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1438 goto out;
1439 ret = 1;
1440
1441 out:
1442 EVP_MD_CTX_free(md_ctx);
1443 EVP_MD_free(sha256);
1444 EVP_MD_free(shake256);
1445 return ret;
1446 }
1447
1448 static int test_EVP_md_null(void)
1449 {
1450 int ret = 0;
1451 EVP_MD_CTX *md_ctx = NULL;
1452 const EVP_MD *md_null = EVP_md_null();
1453 unsigned char md_value[EVP_MAX_MD_SIZE];
1454 unsigned int md_len = sizeof(md_value);
1455
1456 if (nullprov != NULL)
1457 return TEST_skip("Test does not support a non-default library context");
1458
1459 if (!TEST_ptr(md_null)
1460 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1461 goto out;
1462
1463 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
1464 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
1465 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
1466 goto out;
1467
1468 if (!TEST_uint_eq(md_len, 0))
1469 goto out;
1470
1471 ret = 1;
1472 out:
1473 EVP_MD_CTX_free(md_ctx);
1474 return ret;
1475 }
1476
1477 static int test_d2i_AutoPrivateKey(int i)
1478 {
1479 int ret = 0;
1480 const unsigned char *p;
1481 EVP_PKEY *pkey = NULL;
1482 const APK_DATA *ak = &keydata[i];
1483 const unsigned char *input = ak->kder;
1484 size_t input_len = ak->size;
1485 int expected_id = ak->evptype;
1486
1487 p = input;
1488 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1489 || !TEST_ptr_eq(p, input + input_len)
1490 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
1491 goto done;
1492
1493 ret = 1;
1494
1495 done:
1496 EVP_PKEY_free(pkey);
1497 return ret;
1498 }
1499
1500 #ifndef OPENSSL_NO_EC
1501
1502 static const unsigned char ec_public_sect163k1_validxy[] = {
1503 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1504 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1505 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1506 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1507 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1508 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1509 };
1510
1511 static const unsigned char ec_public_sect163k1_badx[] = {
1512 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1513 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1514 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1515 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1516 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1517 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1518 };
1519
1520 static const unsigned char ec_public_sect163k1_bady[] = {
1521 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1522 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1523 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1524 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1525 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1526 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1527 };
1528
1529 static struct ec_der_pub_keys_st {
1530 const unsigned char *der;
1531 size_t len;
1532 int valid;
1533 } ec_der_pub_keys[] = {
1534 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1535 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1536 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1537 };
1538
1539 /*
1540 * Tests the range of the decoded EC char2 public point.
1541 * See ec_GF2m_simple_oct2point().
1542 */
1543 static int test_invalide_ec_char2_pub_range_decode(int id)
1544 {
1545 int ret = 0;
1546 EVP_PKEY *pkey;
1547
1548 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1549 ec_der_pub_keys[id].len);
1550
1551 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1552 || TEST_ptr_null(pkey);
1553 EVP_PKEY_free(pkey);
1554 return ret;
1555 }
1556
1557 /* Tests loading a bad key in PKCS8 format */
1558 static int test_EVP_PKCS82PKEY(void)
1559 {
1560 int ret = 0;
1561 const unsigned char *derp = kExampleBadECKeyDER;
1562 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1563 EVP_PKEY *pkey = NULL;
1564
1565 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1566 sizeof(kExampleBadECKeyDER))))
1567 goto done;
1568
1569 if (!TEST_ptr_eq(derp,
1570 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1571 goto done;
1572
1573 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1574 goto done;
1575
1576 ret = 1;
1577
1578 done:
1579 PKCS8_PRIV_KEY_INFO_free(p8inf);
1580 EVP_PKEY_free(pkey);
1581
1582 return ret;
1583 }
1584
1585 #endif
1586 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1587 {
1588 EVP_PKEY *pkey = NULL;
1589 EVP_PKEY *pkey2 = NULL;
1590 BIO *membio = NULL;
1591 char *membuf = NULL;
1592 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1593 int ok = 0;
1594
1595 if (testctx != NULL)
1596 /* test not supported with non-default context */
1597 return 1;
1598
1599 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1600 || !TEST_ptr(pkey = load_example_rsa_key())
1601 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1602 NULL, 0, NULL, NULL),
1603 0)
1604 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1605 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1606 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
1607 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1608 goto done;
1609 }
1610
1611 ok = 1;
1612 done:
1613 EVP_PKEY_free(pkey);
1614 EVP_PKEY_free(pkey2);
1615 PKCS8_PRIV_KEY_INFO_free(p8inf);
1616 BIO_free_all(membio);
1617 return ok;
1618 }
1619
1620 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1621 static int test_privatekey_to_pkcs8(void)
1622 {
1623 EVP_PKEY *pkey = NULL;
1624 BIO *membio = NULL;
1625 char *membuf = NULL;
1626 long membuf_len = 0;
1627 int ok = 0;
1628
1629 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1630 || !TEST_ptr(pkey = load_example_rsa_key())
1631 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1632 NULL, 0, NULL, NULL),
1633 0)
1634 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1635 || !TEST_ptr(membuf)
1636 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1637 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1638 /*
1639 * We try to write PEM as well, just to see that it doesn't err, but
1640 * assume that the result is correct.
1641 */
1642 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1643 NULL, 0, NULL, NULL),
1644 0))
1645 goto done;
1646
1647 ok = 1;
1648 done:
1649 EVP_PKEY_free(pkey);
1650 BIO_free_all(membio);
1651 return ok;
1652 }
1653
1654 #ifndef OPENSSL_NO_EC
1655 static const struct {
1656 int encoding;
1657 const char *encoding_name;
1658 } ec_encodings[] = {
1659 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1660 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1661 };
1662
1663 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1664 {
1665 const OSSL_PARAM *p;
1666 const char *enc_name = NULL;
1667 int *enc = arg;
1668 size_t i;
1669
1670 *enc = -1;
1671
1672 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1673 OSSL_PKEY_PARAM_EC_ENCODING))
1674 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1675 return 0;
1676
1677 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1678 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1679 *enc = ec_encodings[i].encoding;
1680 break;
1681 }
1682 }
1683
1684 return (*enc != -1);
1685 }
1686
1687 static int test_EC_keygen_with_enc(int idx)
1688 {
1689 EVP_PKEY *params = NULL, *key = NULL;
1690 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1691 int enc;
1692 int ret = 0;
1693
1694 enc = ec_encodings[idx].encoding;
1695
1696 /* Create key parameters */
1697 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1698 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
1699 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
1700 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1701 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
1702 || !TEST_ptr(params))
1703 goto done;
1704
1705 /* Create key */
1706 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1707 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1708 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1709 || !TEST_ptr(key))
1710 goto done;
1711
1712 /* Check that the encoding got all the way into the key */
1713 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1714 ec_export_get_encoding_cb, &enc))
1715 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1716 goto done;
1717
1718 ret = 1;
1719 done:
1720 EVP_PKEY_free(key);
1721 EVP_PKEY_free(params);
1722 EVP_PKEY_CTX_free(kctx);
1723 EVP_PKEY_CTX_free(pctx);
1724 return ret;
1725 }
1726 #endif
1727
1728 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1729
1730 static int test_EVP_SM2_verify(void)
1731 {
1732 const char *pubkey =
1733 "-----BEGIN PUBLIC KEY-----\n"
1734 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1735 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1736 "-----END PUBLIC KEY-----\n";
1737
1738 const char *msg = "message digest";
1739 const char *id = "ALICE123@YAHOO.COM";
1740
1741 const uint8_t signature[] = {
1742 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1743 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1744 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1745 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1746 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1747 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1748 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1749 };
1750
1751 int rc = 0;
1752 BIO *bio = NULL;
1753 EVP_PKEY *pkey = NULL;
1754 EVP_MD_CTX *mctx = NULL;
1755 EVP_PKEY_CTX *pctx = NULL;
1756 EVP_MD *sm3 = NULL;
1757
1758 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1759 if (!TEST_true(bio != NULL))
1760 goto done;
1761
1762 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
1763 if (!TEST_true(pkey != NULL))
1764 goto done;
1765
1766 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1767 goto done;
1768
1769 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1770 goto done;
1771
1772 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1773 goto done;
1774
1775 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1776
1777 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1778 goto done;
1779
1780 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
1781 goto done;
1782
1783 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1784 goto done;
1785
1786 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1787 goto done;
1788
1789 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
1790 goto done;
1791 rc = 1;
1792
1793 done:
1794 BIO_free(bio);
1795 EVP_PKEY_free(pkey);
1796 EVP_PKEY_CTX_free(pctx);
1797 EVP_MD_CTX_free(mctx);
1798 EVP_MD_free(sm3);
1799 return rc;
1800 }
1801
1802 static int test_EVP_SM2(void)
1803 {
1804 int ret = 0;
1805 EVP_PKEY *pkey = NULL;
1806 EVP_PKEY *pkeyparams = NULL;
1807 EVP_PKEY_CTX *pctx = NULL;
1808 EVP_PKEY_CTX *kctx = NULL;
1809 EVP_PKEY_CTX *sctx = NULL;
1810 size_t sig_len = 0;
1811 unsigned char *sig = NULL;
1812 EVP_MD_CTX *md_ctx = NULL;
1813 EVP_MD_CTX *md_ctx_verify = NULL;
1814 EVP_PKEY_CTX *cctx = NULL;
1815 EVP_MD *check_md = NULL;
1816
1817 uint8_t ciphertext[128];
1818 size_t ctext_len = sizeof(ciphertext);
1819
1820 uint8_t plaintext[8];
1821 size_t ptext_len = sizeof(plaintext);
1822
1823 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1824
1825 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1826 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1827 int i;
1828 char mdname[OSSL_MAX_NAME_SIZE];
1829
1830 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
1831 "SM2", testpropq)))
1832 goto done;
1833
1834 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1835 goto done;
1836
1837 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1838 goto done;
1839
1840 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1841 goto done;
1842
1843 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1844 pkeyparams, testpropq)))
1845 goto done;
1846
1847 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0))
1848 goto done;
1849
1850 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1851 goto done;
1852
1853 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1854 goto done;
1855
1856 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1857 goto done;
1858
1859 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1860 goto done;
1861
1862 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1863 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1864
1865 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
1866 goto done;
1867
1868 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
1869 goto done;
1870
1871 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1872 goto done;
1873
1874 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1875 goto done;
1876
1877 /* Determine the size of the signature. */
1878 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1879 goto done;
1880
1881 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1882 goto done;
1883
1884 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1885 goto done;
1886
1887 /* Ensure that the signature round-trips. */
1888
1889 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1890 pkey)))
1891 goto done;
1892
1893 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1894 goto done;
1895
1896 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1897 goto done;
1898
1899 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1900 goto done;
1901
1902 /* now check encryption/decryption */
1903
1904 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1905 mdname, sizeof(mdname));
1906 for (i = 0; i < 2; i++) {
1907 const char *mdnames[] = {
1908 #ifndef OPENSSL_NO_SM3
1909 "SM3",
1910 #else
1911 NULL,
1912 #endif
1913 "SHA2-256" };
1914 EVP_PKEY_CTX_free(cctx);
1915
1916 if (mdnames[i] == NULL)
1917 continue;
1918
1919 sparams[0] =
1920 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1921 (char *)mdnames[i], 0);
1922
1923 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1924 pkey, testpropq)))
1925 goto done;
1926
1927 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1928 goto done;
1929
1930 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1931 goto done;
1932
1933 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1934 sizeof(kMsg))))
1935 goto done;
1936
1937 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1938 goto done;
1939
1940 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1941 goto done;
1942
1943 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1944 ctext_len), 0))
1945 goto done;
1946
1947 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1948 goto done;
1949
1950 /*
1951 * Test we're still using the digest we think we are.
1952 * Because of aliases, the easiest is to fetch the digest and
1953 * check the name with EVP_MD_is_a().
1954 */
1955 EVP_MD_free(check_md);
1956 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
1957 goto done;
1958 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
1959 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
1960 goto done;
1961 }
1962
1963 if (!TEST_true(ptext_len == sizeof(kMsg)))
1964 goto done;
1965
1966 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1967 goto done;
1968 }
1969
1970 ret = 1;
1971 done:
1972 EVP_PKEY_CTX_free(pctx);
1973 EVP_PKEY_CTX_free(kctx);
1974 EVP_PKEY_CTX_free(sctx);
1975 EVP_PKEY_CTX_free(cctx);
1976 EVP_PKEY_free(pkey);
1977 EVP_PKEY_free(pkeyparams);
1978 EVP_MD_CTX_free(md_ctx);
1979 EVP_MD_CTX_free(md_ctx_verify);
1980 EVP_MD_free(check_md);
1981 OPENSSL_free(sig);
1982 return ret;
1983 }
1984
1985 #endif
1986
1987 static struct keys_st {
1988 int type;
1989 char *priv;
1990 char *pub;
1991 } keys[] = {
1992 {
1993 EVP_PKEY_HMAC, "0123456789", NULL
1994 },
1995 {
1996 EVP_PKEY_HMAC, "", NULL
1997 #ifndef OPENSSL_NO_POLY1305
1998 }, {
1999 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
2000 #endif
2001 #ifndef OPENSSL_NO_SIPHASH
2002 }, {
2003 EVP_PKEY_SIPHASH, "0123456789012345", NULL
2004 #endif
2005 },
2006 #ifndef OPENSSL_NO_EC
2007 {
2008 EVP_PKEY_X25519, "01234567890123456789012345678901",
2009 "abcdefghijklmnopqrstuvwxyzabcdef"
2010 }, {
2011 EVP_PKEY_ED25519, "01234567890123456789012345678901",
2012 "abcdefghijklmnopqrstuvwxyzabcdef"
2013 }, {
2014 EVP_PKEY_X448,
2015 "01234567890123456789012345678901234567890123456789012345",
2016 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2017 }, {
2018 EVP_PKEY_ED448,
2019 "012345678901234567890123456789012345678901234567890123456",
2020 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2021 }
2022 #endif
2023 };
2024
2025 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
2026 {
2027 int ret = 0;
2028 unsigned char buf[80];
2029 unsigned char *in;
2030 size_t inlen, len = 0, shortlen = 1;
2031 EVP_PKEY *pkey;
2032
2033 /* Check if this algorithm supports public keys */
2034 if (pub && keys[tst].pub == NULL)
2035 return 1;
2036
2037 memset(buf, 0, sizeof(buf));
2038
2039 if (pub) {
2040 #ifndef OPENSSL_NO_EC
2041 inlen = strlen(keys[tst].pub);
2042 in = (unsigned char *)keys[tst].pub;
2043 if (uselibctx) {
2044 pkey = EVP_PKEY_new_raw_public_key_ex(
2045 testctx,
2046 OBJ_nid2sn(keys[tst].type),
2047 NULL,
2048 in,
2049 inlen);
2050 } else {
2051 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
2052 NULL,
2053 in,
2054 inlen);
2055 }
2056 #else
2057 return 1;
2058 #endif
2059 } else {
2060 inlen = strlen(keys[tst].priv);
2061 in = (unsigned char *)keys[tst].priv;
2062 if (uselibctx) {
2063 pkey = EVP_PKEY_new_raw_private_key_ex(
2064 testctx, OBJ_nid2sn(keys[tst].type),
2065 NULL,
2066 in,
2067 inlen);
2068 } else {
2069 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
2070 NULL,
2071 in,
2072 inlen);
2073 }
2074 }
2075
2076 if (!TEST_ptr(pkey)
2077 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
2078 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
2079 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
2080 || !TEST_true(len == inlen))
2081 goto done;
2082 if (tst != 1) {
2083 /*
2084 * Test that supplying a buffer that is too small fails. Doesn't apply
2085 * to HMAC with a zero length key
2086 */
2087 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
2088 &shortlen)))
2089 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
2090 &shortlen))))
2091 goto done;
2092 }
2093 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
2094 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
2095 || !TEST_mem_eq(in, inlen, buf, len))
2096 goto done;
2097
2098 ret = 1;
2099 done:
2100 EVP_PKEY_free(pkey);
2101 return ret;
2102 }
2103
2104 static int test_set_get_raw_keys(int tst)
2105 {
2106 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
2107 && test_set_get_raw_keys_int(tst, 0, 1)
2108 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
2109 && test_set_get_raw_keys_int(tst, 1, 1);
2110 }
2111
2112 #ifndef OPENSSL_NO_DEPRECATED_3_0
2113 static int pkey_custom_check(EVP_PKEY *pkey)
2114 {
2115 return 0xbeef;
2116 }
2117
2118 static int pkey_custom_pub_check(EVP_PKEY *pkey)
2119 {
2120 return 0xbeef;
2121 }
2122
2123 static int pkey_custom_param_check(EVP_PKEY *pkey)
2124 {
2125 return 0xbeef;
2126 }
2127
2128 static EVP_PKEY_METHOD *custom_pmeth;
2129 #endif
2130
2131 static int test_EVP_PKEY_check(int i)
2132 {
2133 int ret = 0;
2134 EVP_PKEY *pkey = NULL;
2135 EVP_PKEY_CTX *ctx = NULL;
2136 #ifndef OPENSSL_NO_DEPRECATED_3_0
2137 EVP_PKEY_CTX *ctx2 = NULL;
2138 #endif
2139 const APK_DATA *ak = &keycheckdata[i];
2140 const unsigned char *input = ak->kder;
2141 size_t input_len = ak->size;
2142 int expected_id = ak->evptype;
2143 int expected_check = ak->check;
2144 int expected_pub_check = ak->pub_check;
2145 int expected_param_check = ak->param_check;
2146 int type = ak->type;
2147
2148 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
2149 goto done;
2150 if (type == 0
2151 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2152 goto done;
2153
2154 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2155 goto done;
2156
2157 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
2158 goto done;
2159
2160 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
2161 goto done;
2162
2163 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
2164 goto done;
2165
2166 #ifndef OPENSSL_NO_DEPRECATED_3_0
2167 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
2168 /* assign the pkey directly, as an internal test */
2169 EVP_PKEY_up_ref(pkey);
2170 ctx2->pkey = pkey;
2171
2172 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
2173 goto done;
2174
2175 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
2176 goto done;
2177
2178 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
2179 goto done;
2180 #endif
2181
2182 ret = 1;
2183
2184 done:
2185 EVP_PKEY_CTX_free(ctx);
2186 #ifndef OPENSSL_NO_DEPRECATED_3_0
2187 EVP_PKEY_CTX_free(ctx2);
2188 #endif
2189 EVP_PKEY_free(pkey);
2190 return ret;
2191 }
2192
2193 #ifndef OPENSSL_NO_CMAC
2194 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
2195 {
2196 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
2197 const char msg[] = "Hello World";
2198 size_t maclen = AES_BLOCK_SIZE;
2199 int ret = 1;
2200
2201 if (!TEST_ptr(mdctx)
2202 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
2203 testpropq, pkey, NULL))
2204 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
2205 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
2206 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
2207 ret = 0;
2208
2209 EVP_MD_CTX_free(mdctx);
2210
2211 return ret;
2212 }
2213 static int test_CMAC_keygen(void)
2214 {
2215 static unsigned char key[] = {
2216 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2217 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2218 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2219 };
2220 EVP_PKEY_CTX *kctx = NULL;
2221 int ret = 0;
2222 EVP_PKEY *pkey = NULL;
2223 unsigned char mac[AES_BLOCK_SIZE];
2224 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2225 unsigned char mac2[AES_BLOCK_SIZE];
2226 # endif
2227
2228 if (nullprov != NULL)
2229 return TEST_skip("Test does not support a non-default library context");
2230
2231 /*
2232 * This is a legacy method for CMACs, but should still work.
2233 * This verifies that it works without an ENGINE.
2234 */
2235 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2236
2237 /* Test a CMAC key created using the "generated" method */
2238 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2239 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2240 EVP_PKEY_CTRL_CIPHER,
2241 0, (void *)EVP_aes_256_ecb()), 0)
2242 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2243 EVP_PKEY_CTRL_SET_MAC_KEY,
2244 sizeof(key), (void *)key), 0)
2245 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2246 || !TEST_ptr(pkey)
2247 || !TEST_true(get_cmac_val(pkey, mac)))
2248 goto done;
2249
2250 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2251 EVP_PKEY_free(pkey);
2252
2253 /*
2254 * Test a CMAC key using the direct method, and compare with the mac
2255 * created above.
2256 */
2257 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
2258 if (!TEST_ptr(pkey)
2259 || !TEST_true(get_cmac_val(pkey, mac2))
2260 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
2261 goto done;
2262 # endif
2263
2264 ret = 1;
2265
2266 done:
2267 EVP_PKEY_free(pkey);
2268 EVP_PKEY_CTX_free(kctx);
2269 return ret;
2270 }
2271 #endif
2272
2273 static int test_HKDF(void)
2274 {
2275 EVP_PKEY_CTX *pctx;
2276 unsigned char out[20];
2277 size_t outlen;
2278 int i, ret = 0;
2279 unsigned char salt[] = "0123456789";
2280 unsigned char key[] = "012345678901234567890123456789";
2281 unsigned char info[] = "infostring";
2282 const unsigned char expected[] = {
2283 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2284 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2285 };
2286 size_t expectedlen = sizeof(expected);
2287
2288 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2289 goto done;
2290
2291 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2292 for (i = 0; i < 2; i++) {
2293 outlen = sizeof(out);
2294 memset(out, 0, outlen);
2295
2296 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2297 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2298 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2299 sizeof(salt) - 1), 0)
2300 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2301 sizeof(key) - 1), 0)
2302 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2303 sizeof(info) - 1), 0)
2304 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2305 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2306 goto done;
2307 }
2308
2309 ret = 1;
2310
2311 done:
2312 EVP_PKEY_CTX_free(pctx);
2313
2314 return ret;
2315 }
2316
2317 static int test_emptyikm_HKDF(void)
2318 {
2319 EVP_PKEY_CTX *pctx;
2320 unsigned char out[20];
2321 size_t outlen;
2322 int ret = 0;
2323 unsigned char salt[] = "9876543210";
2324 unsigned char key[] = "";
2325 unsigned char info[] = "stringinfo";
2326 const unsigned char expected[] = {
2327 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2328 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2329 };
2330 size_t expectedlen = sizeof(expected);
2331
2332 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2333 goto done;
2334
2335 outlen = sizeof(out);
2336 memset(out, 0, outlen);
2337
2338 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2339 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2340 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2341 sizeof(salt) - 1), 0)
2342 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2343 sizeof(key) - 1), 0)
2344 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2345 sizeof(info) - 1), 0)
2346 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2347 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2348 goto done;
2349
2350 ret = 1;
2351
2352 done:
2353 EVP_PKEY_CTX_free(pctx);
2354
2355 return ret;
2356 }
2357
2358 #ifndef OPENSSL_NO_EC
2359 static int test_X509_PUBKEY_inplace(void)
2360 {
2361 int ret = 0;
2362 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
2363 const unsigned char *p = kExampleECPubKeyDER;
2364 size_t input_len = sizeof(kExampleECPubKeyDER);
2365
2366 if (!TEST_ptr(xp))
2367 goto done;
2368 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
2369 goto done;
2370
2371 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2372 goto done;
2373
2374 p = kExampleBadECPubKeyDER;
2375 input_len = sizeof(kExampleBadECPubKeyDER);
2376
2377 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2378 goto done;
2379
2380 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2381 goto done;
2382
2383 ret = 1;
2384
2385 done:
2386 X509_PUBKEY_free(xp);
2387 return ret;
2388 }
2389
2390 static int test_X509_PUBKEY_dup(void)
2391 {
2392 int ret = 0;
2393 X509_PUBKEY *xp = NULL, *xq = NULL;
2394 const unsigned char *p = kExampleECPubKeyDER;
2395 size_t input_len = sizeof(kExampleECPubKeyDER);
2396
2397 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2398 if (!TEST_ptr(xp)
2399 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
2400 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2401 || !TEST_ptr_ne(xp, xq))
2402 goto done;
2403
2404 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2405 || !TEST_ptr(X509_PUBKEY_get0(xp))
2406 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
2407 goto done;
2408
2409 X509_PUBKEY_free(xq);
2410 xq = NULL;
2411 p = kExampleBadECPubKeyDER;
2412 input_len = sizeof(kExampleBadECPubKeyDER);
2413
2414 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2415 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2416 goto done;
2417
2418 X509_PUBKEY_free(xp);
2419 xp = NULL;
2420 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2421 goto done;
2422
2423 ret = 1;
2424
2425 done:
2426 X509_PUBKEY_free(xp);
2427 X509_PUBKEY_free(xq);
2428 return ret;
2429 }
2430 #endif /* OPENSSL_NO_EC */
2431
2432 /* Test getting and setting parameters on an EVP_PKEY_CTX */
2433 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
2434 {
2435 EVP_MD_CTX *mdctx = NULL;
2436 EVP_PKEY_CTX *ctx = NULL;
2437 const OSSL_PARAM *params;
2438 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
2439 int ret = 0;
2440 const EVP_MD *md;
2441 char mdname[OSSL_MAX_NAME_SIZE];
2442 char ssl3ms[48];
2443
2444 /* Initialise a sign operation */
2445 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
2446 if (!TEST_ptr(ctx)
2447 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
2448 goto err;
2449
2450 /*
2451 * We should be able to query the parameters now.
2452 */
2453 params = EVP_PKEY_CTX_settable_params(ctx);
2454 if (!TEST_ptr(params)
2455 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2456 OSSL_SIGNATURE_PARAM_DIGEST)))
2457 goto err;
2458
2459 params = EVP_PKEY_CTX_gettable_params(ctx);
2460 if (!TEST_ptr(params)
2461 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2462 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
2463 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2464 OSSL_SIGNATURE_PARAM_DIGEST)))
2465 goto err;
2466
2467 /*
2468 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2469 * EVP_PKEY_CTX_get_params()
2470 */
2471 strcpy(mdname, "SHA512");
2472 param_md = param;
2473 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2474 mdname, 0);
2475 *param++ = OSSL_PARAM_construct_end();
2476
2477 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2478 goto err;
2479
2480 mdname[0] = '\0';
2481 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2482 mdname, sizeof(mdname));
2483 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
2484 || !TEST_str_eq(mdname, "SHA512"))
2485 goto err;
2486
2487 /*
2488 * Test the TEST_PKEY_CTX_set_signature_md() and
2489 * TEST_PKEY_CTX_get_signature_md() functions
2490 */
2491 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2492 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2493 || !TEST_ptr_eq(md, EVP_sha256()))
2494 goto err;
2495
2496 /*
2497 * Test getting MD parameters via an associated EVP_PKEY_CTX
2498 */
2499 mdctx = EVP_MD_CTX_new();
2500 if (!TEST_ptr(mdctx)
2501 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2502 pkey, NULL)))
2503 goto err;
2504
2505 /*
2506 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2507 * able to obtain the digest's settable parameters from the provider.
2508 */
2509 params = EVP_MD_CTX_settable_params(mdctx);
2510 if (!TEST_ptr(params)
2511 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2512 /* The final key should be NULL */
2513 || !TEST_ptr_null(params[1].key))
2514 goto err;
2515
2516 param = ourparams;
2517 memset(ssl3ms, 0, sizeof(ssl3ms));
2518 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2519 ssl3ms, sizeof(ssl3ms));
2520 *param++ = OSSL_PARAM_construct_end();
2521
2522 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2523 goto err;
2524
2525 ret = 1;
2526
2527 err:
2528 EVP_MD_CTX_free(mdctx);
2529 EVP_PKEY_CTX_free(ctx);
2530
2531 return ret;
2532 }
2533
2534 #ifndef OPENSSL_NO_DSA
2535 static int test_DSA_get_set_params(void)
2536 {
2537 OSSL_PARAM_BLD *bld = NULL;
2538 OSSL_PARAM *params = NULL;
2539 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2540 EVP_PKEY_CTX *pctx = NULL;
2541 EVP_PKEY *pkey = NULL;
2542 int ret = 0;
2543
2544 /*
2545 * Setup the parameters for our DSA object. For our purposes they don't
2546 * have to actually be *valid* parameters. We just need to set something.
2547 */
2548 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2549 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2550 || !TEST_ptr(p = BN_new())
2551 || !TEST_ptr(q = BN_new())
2552 || !TEST_ptr(g = BN_new())
2553 || !TEST_ptr(pub = BN_new())
2554 || !TEST_ptr(priv = BN_new()))
2555 goto err;
2556 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2557 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2558 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2559 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2560 pub))
2561 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2562 priv)))
2563 goto err;
2564 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2565 goto err;
2566
2567 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2568 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2569 params), 0))
2570 goto err;
2571
2572 if (!TEST_ptr(pkey))
2573 goto err;
2574
2575 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2576
2577 err:
2578 EVP_PKEY_free(pkey);
2579 EVP_PKEY_CTX_free(pctx);
2580 OSSL_PARAM_free(params);
2581 OSSL_PARAM_BLD_free(bld);
2582 BN_free(p);
2583 BN_free(q);
2584 BN_free(g);
2585 BN_free(pub);
2586 BN_free(priv);
2587
2588 return ret;
2589 }
2590
2591 /*
2592 * Test combinations of private, public, missing and private + public key
2593 * params to ensure they are all accepted
2594 */
2595 static int test_DSA_priv_pub(void)
2596 {
2597 return test_EVP_PKEY_ffc_priv_pub("DSA");
2598 }
2599
2600 #endif /* !OPENSSL_NO_DSA */
2601
2602 static int test_RSA_get_set_params(void)
2603 {
2604 OSSL_PARAM_BLD *bld = NULL;
2605 OSSL_PARAM *params = NULL;
2606 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2607 EVP_PKEY_CTX *pctx = NULL;
2608 EVP_PKEY *pkey = NULL;
2609 int ret = 0;
2610
2611 /*
2612 * Setup the parameters for our RSA object. For our purposes they don't
2613 * have to actually be *valid* parameters. We just need to set something.
2614 */
2615 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2616 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2617 || !TEST_ptr(n = BN_new())
2618 || !TEST_ptr(e = BN_new())
2619 || !TEST_ptr(d = BN_new()))
2620 goto err;
2621 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2622 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2623 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2624 goto err;
2625 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2626 goto err;
2627
2628 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2629 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2630 params), 0))
2631 goto err;
2632
2633 if (!TEST_ptr(pkey))
2634 goto err;
2635
2636 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2637
2638 err:
2639 EVP_PKEY_free(pkey);
2640 EVP_PKEY_CTX_free(pctx);
2641 OSSL_PARAM_free(params);
2642 OSSL_PARAM_BLD_free(bld);
2643 BN_free(n);
2644 BN_free(e);
2645 BN_free(d);
2646
2647 return ret;
2648 }
2649
2650 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2651 static int test_decrypt_null_chunks(void)
2652 {
2653 EVP_CIPHER_CTX* ctx = NULL;
2654 EVP_CIPHER *cipher = NULL;
2655 const unsigned char key[32] = {
2656 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2657 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2658 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2659 };
2660 unsigned char iv[12] = {
2661 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2662 };
2663 unsigned char msg[] = "It was the best of times, it was the worst of times";
2664 unsigned char ciphertext[80];
2665 unsigned char plaintext[80];
2666 /* We initialise tmp to a non zero value on purpose */
2667 int ctlen, ptlen, tmp = 99;
2668 int ret = 0;
2669 const int enc_offset = 10, dec_offset = 20;
2670
2671 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2672 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2673 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
2674 key, iv))
2675 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2676 enc_offset))
2677 /* Deliberate add a zero length update */
2678 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2679 0))
2680 || !TEST_int_eq(tmp, 0)
2681 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2682 msg + enc_offset,
2683 sizeof(msg) - enc_offset))
2684 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2685 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2686 || !TEST_int_eq(tmp, 0))
2687 goto err;
2688
2689 /* Deliberately initialise tmp to a non zero value */
2690 tmp = 99;
2691 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
2692 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2693 dec_offset))
2694 /*
2695 * Deliberately add a zero length update. We also deliberately do
2696 * this at a different offset than for encryption.
2697 */
2698 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2699 0))
2700 || !TEST_int_eq(tmp, 0)
2701 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2702 ciphertext + dec_offset,
2703 ctlen - dec_offset))
2704 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2705 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2706 || !TEST_int_eq(tmp, 0)
2707 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2708 goto err;
2709
2710 ret = 1;
2711 err:
2712 EVP_CIPHER_CTX_free(ctx);
2713 EVP_CIPHER_free(cipher);
2714 return ret;
2715 }
2716 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2717
2718 #ifndef OPENSSL_NO_DH
2719 /*
2720 * Test combinations of private, public, missing and private + public key
2721 * params to ensure they are all accepted
2722 */
2723 static int test_DH_priv_pub(void)
2724 {
2725 return test_EVP_PKEY_ffc_priv_pub("DH");
2726 }
2727
2728 # ifndef OPENSSL_NO_DEPRECATED_3_0
2729 static int test_EVP_PKEY_set1_DH(void)
2730 {
2731 DH *x942dh = NULL, *noqdh = NULL;
2732 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
2733 int ret = 0;
2734 BIGNUM *p, *g = NULL;
2735 BIGNUM *pubkey = NULL;
2736 unsigned char pub[2048 / 8];
2737 size_t len = 0;
2738
2739 if (!TEST_ptr(p = BN_new())
2740 || !TEST_ptr(g = BN_new())
2741 || !TEST_ptr(pubkey = BN_new())
2742 || !TEST_true(BN_set_word(p, 9999))
2743 || !TEST_true(BN_set_word(g, 2))
2744 || !TEST_true(BN_set_word(pubkey, 4321))
2745 || !TEST_ptr(noqdh = DH_new())
2746 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
2747 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
2748 || !TEST_ptr(pubkey = BN_new())
2749 || !TEST_true(BN_set_word(pubkey, 4321)))
2750 goto err;
2751 p = g = NULL;
2752
2753 x942dh = DH_get_2048_256();
2754 pkey1 = EVP_PKEY_new();
2755 pkey2 = EVP_PKEY_new();
2756 if (!TEST_ptr(x942dh)
2757 || !TEST_ptr(noqdh)
2758 || !TEST_ptr(pkey1)
2759 || !TEST_ptr(pkey2)
2760 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
2761 goto err;
2762 pubkey = NULL;
2763
2764 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2765 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
2766 goto err;
2767
2768 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
2769 &pubkey))
2770 || !TEST_ptr(pubkey))
2771 goto err;
2772
2773 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
2774 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
2775 goto err;
2776
2777 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
2778 OSSL_PKEY_PARAM_PUB_KEY,
2779 pub, sizeof(pub), &len))
2780 || !TEST_size_t_ne(len, 0))
2781 goto err;
2782
2783 ret = 1;
2784 err:
2785 BN_free(p);
2786 BN_free(g);
2787 BN_free(pubkey);
2788 EVP_PKEY_free(pkey1);
2789 EVP_PKEY_free(pkey2);
2790 DH_free(x942dh);
2791 DH_free(noqdh);
2792
2793 return ret;
2794 }
2795 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2796 #endif /* !OPENSSL_NO_DH */
2797
2798 /*
2799 * We test what happens with an empty template. For the sake of this test,
2800 * the template must be ignored, and we know that's the case for RSA keys
2801 * (this might arguably be a misfeature, but that's what we currently do,
2802 * even in provider code, since that's how the legacy RSA implementation
2803 * does things)
2804 */
2805 static int test_keygen_with_empty_template(int n)
2806 {
2807 EVP_PKEY_CTX *ctx = NULL;
2808 EVP_PKEY *pkey = NULL;
2809 EVP_PKEY *tkey = NULL;
2810 int ret = 0;
2811
2812 if (nullprov != NULL)
2813 return TEST_skip("Test does not support a non-default library context");
2814
2815 switch (n) {
2816 case 0:
2817 /* We do test with no template at all as well */
2818 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2819 goto err;
2820 break;
2821 case 1:
2822 /* Here we create an empty RSA key that serves as our template */
2823 if (!TEST_ptr(tkey = EVP_PKEY_new())
2824 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2825 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2826 goto err;
2827 break;
2828 }
2829
2830 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2831 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2832 goto err;
2833
2834 ret = 1;
2835 err:
2836 EVP_PKEY_CTX_free(ctx);
2837 EVP_PKEY_free(pkey);
2838 EVP_PKEY_free(tkey);
2839 return ret;
2840 }
2841
2842 /*
2843 * Test that we fail if we attempt to use an algorithm that is not available
2844 * in the current library context (unless we are using an algorithm that
2845 * should be made available via legacy codepaths).
2846 *
2847 * 0: RSA
2848 * 1: SM2
2849 */
2850 static int test_pkey_ctx_fail_without_provider(int tst)
2851 {
2852 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
2853 OSSL_PROVIDER *tmpnullprov = NULL;
2854 EVP_PKEY_CTX *pctx = NULL;
2855 const char *keytype = NULL;
2856 int expect_null = 0;
2857 int ret = 0;
2858
2859 if (!TEST_ptr(tmpctx))
2860 goto err;
2861
2862 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
2863 if (!TEST_ptr(tmpnullprov))
2864 goto err;
2865
2866 /*
2867 * We check for certain algos in the null provider.
2868 * If an algo is expected to have a provider keymgmt, contructing an
2869 * EVP_PKEY_CTX is expected to fail (return NULL).
2870 * Otherwise, if it's expected to have legacy support, contructing an
2871 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2872 */
2873 switch (tst) {
2874 case 0:
2875 keytype = "RSA";
2876 expect_null = 1;
2877 break;
2878 case 1:
2879 keytype = "SM2";
2880 expect_null = 1;
2881 #ifdef OPENSSL_NO_EC
2882 TEST_info("EC disable, skipping SM2 check...");
2883 goto end;
2884 #endif
2885 #ifdef OPENSSL_NO_SM2
2886 TEST_info("SM2 disable, skipping SM2 check...");
2887 goto end;
2888 #endif
2889 break;
2890 default:
2891 TEST_error("No test for case %d", tst);
2892 goto err;
2893 }
2894
2895 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2896 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
2897 goto err;
2898
2899 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2900 end:
2901 #endif
2902 ret = 1;
2903
2904 err:
2905 EVP_PKEY_CTX_free(pctx);
2906 OSSL_PROVIDER_unload(tmpnullprov);
2907 OSSL_LIB_CTX_free(tmpctx);
2908 return ret;
2909 }
2910
2911 static int test_rand_agglomeration(void)
2912 {
2913 EVP_RAND *rand;
2914 EVP_RAND_CTX *ctx;
2915 OSSL_PARAM params[3], *p = params;
2916 int res;
2917 unsigned int step = 7;
2918 static unsigned char seed[] = "It does not matter how slowly you go "
2919 "as long as you do not stop.";
2920 unsigned char out[sizeof(seed)];
2921
2922 if (!TEST_int_ne(sizeof(seed) % step, 0)
2923 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
2924 return 0;
2925 ctx = EVP_RAND_CTX_new(rand, NULL);
2926 EVP_RAND_free(rand);
2927 if (!TEST_ptr(ctx))
2928 return 0;
2929
2930 memset(out, 0, sizeof(out));
2931 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2932 seed, sizeof(seed));
2933 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
2934 *p = OSSL_PARAM_construct_end();
2935 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
2936 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
2937 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
2938 EVP_RAND_CTX_free(ctx);
2939 return res;
2940 }
2941
2942 /*
2943 * Test that we correctly return the original or "running" IV after
2944 * an encryption operation.
2945 * Run multiple times for some different relevant algorithms/modes.
2946 */
2947 static int test_evp_iv_aes(int idx)
2948 {
2949 int ret = 0;
2950 EVP_CIPHER_CTX *ctx = NULL;
2951 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2952 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2953 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
2954 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2955 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2956 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2957 9, 10, 11, 12, 13, 14, 15, 16 };
2958 unsigned char ciphertext[32], oiv[16], iv[16];
2959 unsigned char *ref_iv;
2960 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2961 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2962
2963 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2964 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2965 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
2966 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
2967 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2968 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2969 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2970 #ifndef OPENSSL_NO_OCB
2971 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2972 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2973 #endif
2974 int len = sizeof(ciphertext);
2975 size_t ivlen, ref_len;
2976 const EVP_CIPHER *type = NULL;
2977 int iv_reset = 0;
2978
2979 if (nullprov != NULL && idx < 6)
2980 return TEST_skip("Test does not support a non-default library context");
2981
2982 switch (idx) {
2983 case 0:
2984 type = EVP_aes_128_cbc();
2985 /* FALLTHROUGH */
2986 case 6:
2987 type = (type != NULL) ? type :
2988 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
2989 ref_iv = cbc_state;
2990 ref_len = sizeof(cbc_state);
2991 iv_reset = 1;
2992 break;
2993 case 1:
2994 type = EVP_aes_128_ofb();
2995 /* FALLTHROUGH */
2996 case 7:
2997 type = (type != NULL) ? type :
2998 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
2999 ref_iv = ofb_state;
3000 ref_len = sizeof(ofb_state);
3001 iv_reset = 1;
3002 break;
3003 case 2:
3004 type = EVP_aes_128_cfb();
3005 /* FALLTHROUGH */
3006 case 8:
3007 type = (type != NULL) ? type :
3008 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
3009 ref_iv = cfb_state;
3010 ref_len = sizeof(cfb_state);
3011 iv_reset = 1;
3012 break;
3013 case 3:
3014 type = EVP_aes_128_gcm();
3015 /* FALLTHROUGH */
3016 case 9:
3017 type = (type != NULL) ? type :
3018 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
3019 ref_iv = gcm_state;
3020 ref_len = sizeof(gcm_state);
3021 break;
3022 case 4:
3023 type = EVP_aes_128_ccm();
3024 /* FALLTHROUGH */
3025 case 10:
3026 type = (type != NULL) ? type :
3027 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
3028 ref_iv = ccm_state;
3029 ref_len = sizeof(ccm_state);
3030 break;
3031 #ifdef OPENSSL_NO_OCB
3032 case 5:
3033 case 11:
3034 return 1;
3035 #else
3036 case 5:
3037 type = EVP_aes_128_ocb();
3038 /* FALLTHROUGH */
3039 case 11:
3040 type = (type != NULL) ? type :
3041 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
3042 ref_iv = ocb_state;
3043 ref_len = sizeof(ocb_state);
3044 break;
3045 #endif
3046 default:
3047 return 0;
3048 }
3049
3050 if (!TEST_ptr(type)
3051 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3052 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3053 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3054 (int)sizeof(msg)))
3055 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3056 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3057 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3058 goto err;
3059 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3060 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3061 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3062 goto err;
3063
3064 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3065 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3066 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3067 goto err;
3068 if (iv_reset) {
3069 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3070 goto err;
3071 } else {
3072 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
3073 goto err;
3074 }
3075
3076 ret = 1;
3077 err:
3078 EVP_CIPHER_CTX_free(ctx);
3079 if (idx >= 6)
3080 EVP_CIPHER_free((EVP_CIPHER *)type);
3081 return ret;
3082 }
3083
3084 #ifndef OPENSSL_NO_DES
3085 static int test_evp_iv_des(int idx)
3086 {
3087 int ret = 0;
3088 EVP_CIPHER_CTX *ctx = NULL;
3089 static const unsigned char key[24] = {
3090 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3091 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3092 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3093 };
3094 static const unsigned char init_iv[8] = {
3095 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3096 };
3097 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3098 9, 10, 11, 12, 13, 14, 15, 16 };
3099 unsigned char ciphertext[32], oiv[8], iv[8];
3100 unsigned const char *ref_iv;
3101 static const unsigned char cbc_state_des[8] = {
3102 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3103 };
3104 static const unsigned char cbc_state_3des[8] = {
3105 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3106 };
3107 static const unsigned char ofb_state_des[8] = {
3108 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3109 };
3110 static const unsigned char ofb_state_3des[8] = {
3111 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3112 };
3113 static const unsigned char cfb_state_des[8] = {
3114 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3115 };
3116 static const unsigned char cfb_state_3des[8] = {
3117 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3118 };
3119 int len = sizeof(ciphertext);
3120 size_t ivlen, ref_len;
3121 EVP_CIPHER *type = NULL;
3122
3123 if (lgcyprov == NULL && idx < 3)
3124 return TEST_skip("Test requires legacy provider to be loaded");
3125
3126 switch (idx) {
3127 case 0:
3128 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
3129 ref_iv = cbc_state_des;
3130 ref_len = sizeof(cbc_state_des);
3131 break;
3132 case 1:
3133 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
3134 ref_iv = ofb_state_des;
3135 ref_len = sizeof(ofb_state_des);
3136 break;
3137 case 2:
3138 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
3139 ref_iv = cfb_state_des;
3140 ref_len = sizeof(cfb_state_des);
3141 break;
3142 case 3:
3143 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
3144 ref_iv = cbc_state_3des;
3145 ref_len = sizeof(cbc_state_3des);
3146 break;
3147 case 4:
3148 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
3149 ref_iv = ofb_state_3des;
3150 ref_len = sizeof(ofb_state_3des);
3151 break;
3152 case 5:
3153 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
3154 ref_iv = cfb_state_3des;
3155 ref_len = sizeof(cfb_state_3des);
3156 break;
3157 default:
3158 return 0;
3159 }
3160
3161 if (!TEST_ptr(type)
3162 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3163 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3164 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3165 (int)sizeof(msg)))
3166 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3167 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3168 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3169 goto err;
3170 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3171 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3172 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3173 goto err;
3174
3175 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3176 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3177 goto err;
3178 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3179 goto err;
3180
3181 ret = 1;
3182 err:
3183 EVP_CIPHER_CTX_free(ctx);
3184 EVP_CIPHER_free(type);
3185 return ret;
3186 }
3187 #endif
3188
3189 #ifndef OPENSSL_NO_EC
3190 static int ecpub_nids[] = {
3191 NID_brainpoolP256r1, NID_X9_62_prime256v1,
3192 NID_secp384r1, NID_secp521r1,
3193 # ifndef OPENSSL_NO_EC2M
3194 NID_sect233k1, NID_sect233r1, NID_sect283r1,
3195 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
3196 # endif
3197 NID_brainpoolP384r1, NID_brainpoolP512r1
3198 };
3199
3200 static int test_ecpub(int idx)
3201 {
3202 int ret = 0, len, savelen;
3203 int nid;
3204 unsigned char buf[1024];
3205 unsigned char *p;
3206 EVP_PKEY *pkey = NULL;
3207 EVP_PKEY_CTX *ctx = NULL;
3208 # ifndef OPENSSL_NO_DEPRECATED_3_0
3209 const unsigned char *q;
3210 EVP_PKEY *pkey2 = NULL;
3211 EC_KEY *ec = NULL;
3212 # endif
3213
3214 if (nullprov != NULL)
3215 return TEST_skip("Test does not support a non-default library context");
3216
3217 nid = ecpub_nids[idx];
3218
3219 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
3220 if (!TEST_ptr(ctx)
3221 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3222 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid))
3223 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
3224 goto done;
3225 len = i2d_PublicKey(pkey, NULL);
3226 savelen = len;
3227 if (!TEST_int_ge(len, 1)
3228 || !TEST_int_lt(len, 1024))
3229 goto done;
3230 p = buf;
3231 len = i2d_PublicKey(pkey, &p);
3232 if (!TEST_int_ge(len, 1)
3233 || !TEST_int_eq(len, savelen))
3234 goto done;
3235
3236 # ifndef OPENSSL_NO_DEPRECATED_3_0
3237 /* Now try to decode the just-created DER. */
3238 q = buf;
3239 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
3240 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
3241 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
3242 goto done;
3243 /* EC_KEY ownership transferred */
3244 ec = NULL;
3245 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
3246 goto done;
3247 /* The keys should match. */
3248 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
3249 goto done;
3250 # endif
3251
3252 ret = 1;
3253
3254 done:
3255 EVP_PKEY_CTX_free(ctx);
3256 EVP_PKEY_free(pkey);
3257 # ifndef OPENSSL_NO_DEPRECATED_3_0
3258 EVP_PKEY_free(pkey2);
3259 EC_KEY_free(ec);
3260 # endif
3261 return ret;
3262 }
3263 #endif
3264
3265 static int test_EVP_rsa_pss_with_keygen_bits(void)
3266 {
3267 int ret = 0;
3268 EVP_PKEY_CTX *ctx = NULL;
3269 EVP_PKEY *pkey = NULL;
3270 EVP_MD *md;
3271
3272 md = EVP_MD_fetch(testctx, "sha256", testpropq);
3273 ret = TEST_ptr(md)
3274 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", testpropq)))
3275 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3276 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
3277 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
3278 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
3279
3280 EVP_MD_free(md);
3281 EVP_PKEY_free(pkey);
3282 EVP_PKEY_CTX_free(ctx);
3283 return ret;
3284 }
3285
3286 static int test_EVP_rsa_pss_set_saltlen(void)
3287 {
3288 int ret = 0;
3289 EVP_PKEY *pkey = NULL;
3290 EVP_PKEY_CTX *pkey_ctx = NULL;
3291 EVP_MD *sha256 = NULL;
3292 EVP_MD_CTX *sha256_ctx = NULL;
3293 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
3294 const int test_value = 32;
3295
3296 ret = TEST_ptr(pkey = load_example_rsa_key())
3297 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
3298 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
3299 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
3300 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
3301 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value))
3302 && TEST_true(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen))
3303 && TEST_int_eq(saltlen, test_value);
3304
3305 EVP_MD_CTX_free(sha256_ctx);
3306 EVP_PKEY_free(pkey);
3307 EVP_MD_free(sha256);
3308
3309 return ret;
3310 }
3311
3312 static int success = 1;
3313 static void md_names(const char *name, void *vctx)
3314 {
3315 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
3316 /* Force a namemap update */
3317 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
3318
3319 if (!TEST_ptr(aes128))
3320 success = 0;
3321
3322 EVP_CIPHER_free(aes128);
3323 }
3324
3325 /*
3326 * Test that changing the namemap in a user callback works in a names_do_all
3327 * function.
3328 */
3329 static int test_names_do_all(void)
3330 {
3331 /* We use a custom libctx so that we know the state of the namemap */
3332 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
3333 EVP_MD *sha256 = NULL;
3334 int testresult = 0;
3335
3336 if (!TEST_ptr(ctx))
3337 goto err;
3338
3339 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
3340 if (!TEST_ptr(sha256))
3341 goto err;
3342
3343 /*
3344 * We loop through all the names for a given digest. This should still work
3345 * even if the namemap changes part way through.
3346 */
3347 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
3348 goto err;
3349
3350 if (!TEST_true(success))
3351 goto err;
3352
3353 testresult = 1;
3354 err:
3355 EVP_MD_free(sha256);
3356 OSSL_LIB_CTX_free(ctx);
3357 return testresult;
3358 }
3359
3360 typedef struct {
3361 const char *cipher;
3362 const unsigned char *key;
3363 const unsigned char *iv;
3364 const unsigned char *input;
3365 const unsigned char *expected;
3366 const unsigned char *tag;
3367 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3368 size_t inlen;
3369 size_t expectedlen;
3370 size_t taglen;
3371 int keyfirst;
3372 int initenc;
3373 int finalenc;
3374 } EVP_INIT_TEST_st;
3375
3376 static const EVP_INIT_TEST_st evp_init_tests[] = {
3377 {
3378 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3379 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3380 0, 1, 0, 1
3381 },
3382 {
3383 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3384 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3385 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3386 sizeof(gcmDefaultTag), 1, 0, 1
3387 },
3388 {
3389 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3390 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3391 0, 0, 0, 1
3392 },
3393 {
3394 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3395 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3396 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3397 sizeof(gcmDefaultTag), 0, 0, 1
3398 },
3399 {
3400 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3401 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3402 0, 1, 1, 0
3403 },
3404 {
3405 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3406 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3407 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3408 sizeof(gcmDefaultTag), 1, 1, 0
3409 },
3410 {
3411 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3412 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3413 0, 0, 1, 0
3414 },
3415 {
3416 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3417 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3418 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3419 sizeof(gcmDefaultTag), 0, 1, 0
3420 }
3421 };
3422
3423 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
3424 {
3425 int res = 0;
3426
3427 if (t->ivlen != 0) {
3428 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL)))
3429 goto err;
3430 }
3431 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
3432 goto err;
3433 res = 1;
3434 err:
3435 return res;
3436 }
3437
3438 /*
3439 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3440 * arguments are given one at a time and a final adjustment to the enc
3441 * parameter sets the correct operation.
3442 */
3443 static int test_evp_init_seq(int idx)
3444 {
3445 int outlen1, outlen2;
3446 int testresult = 0;
3447 unsigned char outbuf[1024];
3448 unsigned char tag[16];
3449 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
3450 EVP_CIPHER_CTX *ctx = NULL;
3451 EVP_CIPHER *type = NULL;
3452 size_t taglen = sizeof(tag);
3453 char *errmsg = NULL;
3454
3455 ctx = EVP_CIPHER_CTX_new();
3456 if (ctx == NULL) {
3457 errmsg = "CTX_ALLOC";
3458 goto err;
3459 }
3460 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
3461 errmsg = "CIPHER_FETCH";
3462 goto err;
3463 }
3464 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
3465 errmsg = "EMPTY_ENC_INIT";
3466 goto err;
3467 }
3468 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3469 errmsg = "PADDING";
3470 goto err;
3471 }
3472 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3473 errmsg = "KEY_INIT (before iv)";
3474 goto err;
3475 }
3476 if (!evp_init_seq_set_iv(ctx, t)) {
3477 errmsg = "IV_INIT";
3478 goto err;
3479 }
3480 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3481 errmsg = "KEY_INIT (after iv)";
3482 goto err;
3483 }
3484 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
3485 errmsg = "FINAL_ENC_INIT";
3486 goto err;
3487 }
3488 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3489 errmsg = "CIPHER_UPDATE";
3490 goto err;
3491 }
3492 if (t->finalenc == 0 && t->tag != NULL) {
3493 /* Set expected tag */
3494 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
3495 t->taglen, (void *)t->tag))) {
3496 errmsg = "SET_TAG";
3497 goto err;
3498 }
3499 }
3500 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3501 errmsg = "CIPHER_FINAL";
3502 goto err;
3503 }
3504 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3505 errmsg = "WRONG_RESULT";
3506 goto err;
3507 }
3508 if (t->finalenc != 0 && t->tag != NULL) {
3509 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3510 errmsg = "GET_TAG";
3511 goto err;
3512 }
3513 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
3514 errmsg = "TAG_ERROR";
3515 goto err;
3516 }
3517 }
3518 testresult = 1;
3519 err:
3520 if (errmsg != NULL)
3521 TEST_info("evp_init_test %d: %s", idx, errmsg);
3522 EVP_CIPHER_CTX_free(ctx);
3523 EVP_CIPHER_free(type);
3524 return testresult;
3525 }
3526
3527 typedef struct {
3528 const unsigned char *input;
3529 const unsigned char *expected;
3530 size_t inlen;
3531 size_t expectedlen;
3532 int enc;
3533 } EVP_RESET_TEST_st;
3534
3535 static const EVP_RESET_TEST_st evp_reset_tests[] = {
3536 {
3537 cfbPlaintext, cfbCiphertext,
3538 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
3539 },
3540 {
3541 cfbCiphertext, cfbPlaintext,
3542 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
3543 }
3544 };
3545
3546 /*
3547 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3548 * been used.
3549 */
3550 static int test_evp_reset(int idx)
3551 {
3552 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
3553 int outlen1, outlen2;
3554 int testresult = 0;
3555 unsigned char outbuf[1024];
3556 EVP_CIPHER_CTX *ctx = NULL;
3557 EVP_CIPHER *type = NULL;
3558 char *errmsg = NULL;
3559
3560 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3561 errmsg = "CTX_ALLOC";
3562 goto err;
3563 }
3564 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
3565 errmsg = "CIPHER_FETCH";
3566 goto err;
3567 }
3568 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3569 errmsg = "CIPHER_INIT";
3570 goto err;
3571 }
3572 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3573 errmsg = "PADDING";
3574 goto err;
3575 }
3576 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3577 errmsg = "CIPHER_UPDATE";
3578 goto err;
3579 }
3580 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3581 errmsg = "CIPHER_FINAL";
3582 goto err;
3583 }
3584 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3585 errmsg = "WRONG_RESULT";
3586 goto err;
3587 }
3588 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
3589 errmsg = "CIPHER_REINIT";
3590 goto err;
3591 }
3592 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3593 errmsg = "CIPHER_UPDATE (reinit)";
3594 goto err;
3595 }
3596 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3597 errmsg = "CIPHER_FINAL (reinit)";
3598 goto err;
3599 }
3600 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3601 errmsg = "WRONG_RESULT (reinit)";
3602 goto err;
3603 }
3604 testresult = 1;
3605 err:
3606 if (errmsg != NULL)
3607 TEST_info("test_evp_reset %d: %s", idx, errmsg);
3608 EVP_CIPHER_CTX_free(ctx);
3609 EVP_CIPHER_free(type);
3610 return testresult;
3611 }
3612
3613 typedef struct {
3614 const char *cipher;
3615 int enc;
3616 } EVP_UPDATED_IV_TEST_st;
3617
3618 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
3619 {
3620 "aes-128-cfb", 1
3621 },
3622 {
3623 "aes-128-cfb", 0
3624 },
3625 {
3626 "aes-128-cfb1", 1
3627 },
3628 {
3629 "aes-128-cfb1", 0
3630 },
3631 {
3632 "aes-128-cfb8", 1
3633 },
3634 {
3635 "aes-128-cfb8", 0
3636 },
3637 {
3638 "aes-128-ofb", 1
3639 },
3640 {
3641 "aes-128-ofb", 0
3642 },
3643 {
3644 "aes-128-ctr", 1
3645 },
3646 {
3647 "aes-128-ctr", 0
3648 },
3649 {
3650 "aes-128-cbc", 1
3651 },
3652 {
3653 "aes-128-cbc", 0
3654 }
3655 };
3656
3657 /*
3658 * Test that the IV in the context is updated during a crypto operation for CFB
3659 * and OFB.
3660 */
3661 static int test_evp_updated_iv(int idx)
3662 {
3663 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
3664 int outlen1, outlen2;
3665 int testresult = 0;
3666 unsigned char outbuf[1024];
3667 EVP_CIPHER_CTX *ctx = NULL;
3668 EVP_CIPHER *type = NULL;
3669 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
3670 int iv_len;
3671 char *errmsg = NULL;
3672
3673 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3674 errmsg = "CTX_ALLOC";
3675 goto err;
3676 }
3677 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
3678 TEST_info("cipher %s not supported, skipping", t->cipher);
3679 goto ok;
3680 }
3681
3682 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3683 errmsg = "CIPHER_INIT";
3684 goto err;
3685 }
3686 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3687 errmsg = "PADDING";
3688 goto err;
3689 }
3690 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
3691 errmsg = "CIPHER_UPDATE";
3692 goto err;
3693 }
3694 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
3695 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
3696 goto err;
3697 }
3698 if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) {
3699 errmsg = "CIPHER_CTX_GET_IV_LEN";
3700 goto err;
3701 }
3702 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
3703 errmsg = "IV_NOT_UPDATED";
3704 goto err;
3705 }
3706 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3707 errmsg = "CIPHER_FINAL";
3708 goto err;
3709 }
3710 ok:
3711 testresult = 1;
3712 err:
3713 if (errmsg != NULL)
3714 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
3715 EVP_CIPHER_CTX_free(ctx);
3716 EVP_CIPHER_free(type);
3717 return testresult;
3718 }
3719
3720 typedef struct {
3721 const unsigned char *iv1;
3722 const unsigned char *iv2;
3723 const unsigned char *expected1;
3724 const unsigned char *expected2;
3725 const unsigned char *tag1;
3726 const unsigned char *tag2;
3727 size_t ivlen1;
3728 size_t ivlen2;
3729 size_t expectedlen1;
3730 size_t expectedlen2;
3731 } TEST_GCM_IV_REINIT_st;
3732
3733 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
3734 {
3735 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
3736 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
3737 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
3738 },
3739 {
3740 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
3741 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
3742 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
3743 }
3744 };
3745
3746 static int test_gcm_reinit(int idx)
3747 {
3748 int outlen1, outlen2, outlen3;
3749 int testresult = 0;
3750 unsigned char outbuf[1024];
3751 unsigned char tag[16];
3752 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
3753 EVP_CIPHER_CTX *ctx = NULL;
3754 EVP_CIPHER *type = NULL;
3755 size_t taglen = sizeof(tag);
3756 char *errmsg = NULL;
3757
3758 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3759 errmsg = "CTX_ALLOC";
3760 goto err;
3761 }
3762 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
3763 errmsg = "CIPHER_FETCH";
3764 goto err;
3765 }
3766 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
3767 errmsg = "ENC_INIT";
3768 goto err;
3769 }
3770 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL))) {
3771 errmsg = "SET_IVLEN1";
3772 goto err;
3773 }
3774 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
3775 errmsg = "SET_IV1";
3776 goto err;
3777 }
3778 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3779 errmsg = "AAD1";
3780 goto err;
3781 }
3782 EVP_CIPHER_CTX_set_padding(ctx, 0);
3783 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3784 sizeof(gcmResetPlaintext)))) {
3785 errmsg = "CIPHER_UPDATE1";
3786 goto err;
3787 }
3788 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3789 errmsg = "CIPHER_FINAL1";
3790 goto err;
3791 }
3792 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
3793 errmsg = "WRONG_RESULT1";
3794 goto err;
3795 }
3796 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3797 errmsg = "GET_TAG1";
3798 goto err;
3799 }
3800 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
3801 errmsg = "TAG_ERROR1";
3802 goto err;
3803 }
3804 /* Now reinit */
3805 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL))) {
3806 errmsg = "SET_IVLEN2";
3807 goto err;
3808 }
3809 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
3810 errmsg = "SET_IV2";
3811 goto err;
3812 }
3813 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3814 errmsg = "AAD2";
3815 goto err;
3816 }
3817 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3818 sizeof(gcmResetPlaintext)))) {
3819 errmsg = "CIPHER_UPDATE2";
3820 goto err;
3821 }
3822 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3823 errmsg = "CIPHER_FINAL2";
3824 goto err;
3825 }
3826 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
3827 errmsg = "WRONG_RESULT2";
3828 goto err;
3829 }
3830 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3831 errmsg = "GET_TAG2";
3832 goto err;
3833 }
3834 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
3835 errmsg = "TAG_ERROR2";
3836 goto err;
3837 }
3838 testresult = 1;
3839 err:
3840 if (errmsg != NULL)
3841 TEST_info("evp_init_test %d: %s", idx, errmsg);
3842 EVP_CIPHER_CTX_free(ctx);
3843 EVP_CIPHER_free(type);
3844 return testresult;
3845 }
3846
3847 #ifndef OPENSSL_NO_DEPRECATED_3_0
3848 static EVP_PKEY_METHOD *custom_pmeth = NULL;
3849 static const EVP_PKEY_METHOD *orig_pmeth = NULL;
3850
3851 # define EVP_PKEY_CTRL_MY_COMMAND 9999
3852
3853 static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
3854 {
3855 int (*pinit)(EVP_PKEY_CTX *ctx);
3856
3857 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
3858 return pinit(ctx);
3859 }
3860
3861 static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
3862 {
3863 void (*pcleanup)(EVP_PKEY_CTX *ctx);
3864
3865 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
3866 pcleanup(ctx);
3867 }
3868
3869 static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
3870 size_t *outlen, const unsigned char *in,
3871 size_t inlen)
3872 {
3873 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
3874 const unsigned char *tbs, size_t tbslen);
3875
3876 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
3877 return psign(ctx, out, outlen, in, inlen);
3878 }
3879
3880 static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
3881 size_t *siglen, const unsigned char *tbs,
3882 size_t tbslen)
3883 {
3884 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
3885 const unsigned char *tbs, size_t tbslen);
3886
3887 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
3888 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
3889 }
3890
3891 static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
3892 size_t *keylen)
3893 {
3894 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
3895
3896 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
3897 return pderive(ctx, key, keylen);
3898 }
3899
3900 static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
3901 {
3902 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
3903
3904 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
3905 return pcopy(dst, src);
3906 }
3907
3908 static int ctrl_called;
3909
3910 static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
3911 {
3912 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
3913
3914 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
3915
3916 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
3917 ctrl_called = 1;
3918 return 1;
3919 }
3920
3921 return pctrl(ctx, type, p1, p2);
3922 }
3923
3924 static int test_custom_pmeth(int idx)
3925 {
3926 EVP_PKEY_CTX *pctx = NULL;
3927 EVP_MD_CTX *ctx = NULL;
3928 EVP_PKEY *pkey = NULL;
3929 int id, orig_id, orig_flags;
3930 int testresult = 0;
3931 size_t reslen;
3932 unsigned char *res = NULL;
3933 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
3934 const EVP_MD *md = EVP_sha256();
3935 int doderive = 0;
3936
3937 ctrl_called = 0;
3938
3939 /* We call deprecated APIs so this test doesn't support a custom libctx */
3940 if (testctx != NULL)
3941 return 1;
3942
3943 switch (idx) {
3944 case 0:
3945 case 6:
3946 id = EVP_PKEY_RSA;
3947 pkey = load_example_rsa_key();
3948 break;
3949 case 1:
3950 case 7:
3951 # ifndef OPENSSL_NO_DSA
3952 id = EVP_PKEY_DSA;
3953 pkey = load_example_dsa_key();
3954 break;
3955 # else
3956 return 1;
3957 # endif
3958 case 2:
3959 case 8:
3960 # ifndef OPENSSL_NO_EC
3961 id = EVP_PKEY_EC;
3962 pkey = load_example_ec_key();
3963 break;
3964 # else
3965 return 1;
3966 # endif
3967 case 3:
3968 case 9:
3969 # ifndef OPENSSL_NO_EC
3970 id = EVP_PKEY_ED25519;
3971 md = NULL;
3972 pkey = load_example_ed25519_key();
3973 break;
3974 # else
3975 return 1;
3976 # endif
3977 case 4:
3978 case 10:
3979 # ifndef OPENSSL_NO_DH
3980 id = EVP_PKEY_DH;
3981 doderive = 1;
3982 pkey = load_example_dh_key();
3983 break;
3984 # else
3985 return 1;
3986 # endif
3987 case 5:
3988 case 11:
3989 # ifndef OPENSSL_NO_EC
3990 id = EVP_PKEY_X25519;
3991 doderive = 1;
3992 pkey = load_example_x25519_key();
3993 break;
3994 # else
3995 return 1;
3996 # endif
3997 default:
3998 TEST_error("Should not happen");
3999 goto err;
4000 }
4001
4002 if (!TEST_ptr(pkey))
4003 goto err;
4004
4005 if (idx < 6) {
4006 if (!TEST_true(evp_pkey_is_provided(pkey)))
4007 goto err;
4008 } else {
4009 EVP_PKEY *tmp = pkey;
4010
4011 /* Convert to a legacy key */
4012 pkey = EVP_PKEY_new();
4013 if (!TEST_ptr(pkey)) {
4014 pkey = tmp;
4015 goto err;
4016 }
4017 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
4018 EVP_PKEY_free(tmp);
4019 goto err;
4020 }
4021 EVP_PKEY_free(tmp);
4022 if (!TEST_true(evp_pkey_is_legacy(pkey)))
4023 goto err;
4024 }
4025
4026 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
4027 || !TEST_ptr(pkey))
4028 goto err;
4029
4030 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
4031 if (!TEST_int_eq(orig_id, id)
4032 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
4033 goto err;
4034
4035 if (id == EVP_PKEY_ED25519) {
4036 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
4037 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
4038 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
4039 } else {
4040 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
4041 }
4042 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
4043 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
4044 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
4045 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
4046 }
4047 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
4048 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
4049 goto err;
4050
4051 if (doderive) {
4052 pctx = EVP_PKEY_CTX_new(pkey, NULL);
4053 if (!TEST_ptr(pctx)
4054 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
4055 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4056 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4057 1)
4058 || !TEST_int_eq(ctrl_called, 1)
4059 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
4060 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
4061 || !TEST_ptr(res = OPENSSL_malloc(reslen))
4062 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
4063 goto err;
4064 } else {
4065 ctx = EVP_MD_CTX_new();
4066 reslen = EVP_PKEY_size(pkey);
4067 res = OPENSSL_malloc(reslen);
4068 if (!TEST_ptr(ctx)
4069 || !TEST_ptr(res)
4070 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
4071 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4072 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4073 1)
4074 || !TEST_int_eq(ctrl_called, 1))
4075 goto err;
4076
4077 if (id == EVP_PKEY_ED25519) {
4078 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
4079 goto err;
4080 } else {
4081 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
4082 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
4083 goto err;
4084 }
4085 }
4086
4087 testresult = 1;
4088 err:
4089 OPENSSL_free(res);
4090 EVP_MD_CTX_free(ctx);
4091 if (doderive)
4092 EVP_PKEY_CTX_free(pctx);
4093 EVP_PKEY_free(pkey);
4094 EVP_PKEY_meth_remove(custom_pmeth);
4095 EVP_PKEY_meth_free(custom_pmeth);
4096 custom_pmeth = NULL;
4097 return testresult;
4098 }
4099
4100 static int test_evp_md_cipher_meth(void)
4101 {
4102 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
4103 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
4104 int testresult = 0;
4105
4106 if (!TEST_ptr(md) || !TEST_ptr(ciph))
4107 goto err;
4108
4109 testresult = 1;
4110
4111 err:
4112 EVP_MD_meth_free(md);
4113 EVP_CIPHER_meth_free(ciph);
4114
4115 return testresult;
4116 }
4117
4118 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4119 /* Test we can create a signature keys with an associated ENGINE */
4120 static int test_signatures_with_engine(int tst)
4121 {
4122 ENGINE *e;
4123 const char *engine_id = "dasync";
4124 EVP_PKEY *pkey = NULL;
4125 const unsigned char badcmackey[] = { 0x00, 0x01 };
4126 const unsigned char cmackey[] = {
4127 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4128 0x0c, 0x0d, 0x0e, 0x0f
4129 };
4130 const unsigned char ed25519key[] = {
4131 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4132 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4133 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
4134 };
4135 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4136 int testresult = 0;
4137 EVP_MD_CTX *ctx = NULL;
4138 unsigned char *mac = NULL;
4139 size_t maclen = 0;
4140 int ret;
4141
4142 # ifdef OPENSSL_NO_CMAC
4143 /* Skip CMAC tests in a no-cmac build */
4144 if (tst <= 1)
4145 return 1;
4146 # endif
4147
4148 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4149 return 0;
4150
4151 if (!TEST_true(ENGINE_init(e))) {
4152 ENGINE_free(e);
4153 return 0;
4154 }
4155
4156 switch (tst) {
4157 case 0:
4158 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
4159 EVP_aes_128_cbc());
4160 break;
4161 case 1:
4162 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
4163 EVP_aes_128_cbc());
4164 break;
4165 case 2:
4166 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
4167 sizeof(ed25519key));
4168 break;
4169 default:
4170 TEST_error("Invalid test case");
4171 goto err;
4172 }
4173 if (!TEST_ptr(pkey))
4174 goto err;
4175
4176 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
4177 goto err;
4178
4179 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
4180 pkey);
4181 if (tst == 0) {
4182 if (!TEST_true(ret))
4183 goto err;
4184
4185 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
4186 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
4187 goto err;
4188
4189 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
4190 goto err;
4191
4192 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
4193 goto err;
4194 } else {
4195 /* We used a bad key. We expect a failure here */
4196 if (!TEST_false(ret))
4197 goto err;
4198 }
4199
4200 testresult = 1;
4201 err:
4202 EVP_MD_CTX_free(ctx);
4203 OPENSSL_free(mac);
4204 EVP_PKEY_free(pkey);
4205 ENGINE_finish(e);
4206 ENGINE_free(e);
4207
4208 return testresult;
4209 }
4210
4211 static int test_cipher_with_engine(void)
4212 {
4213 ENGINE *e;
4214 const char *engine_id = "dasync";
4215 const unsigned char keyiv[] = {
4216 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4217 0x0c, 0x0d, 0x0e, 0x0f
4218 };
4219 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4220 int testresult = 0;
4221 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
4222 unsigned char buf[AES_BLOCK_SIZE];
4223 int len = 0;
4224
4225 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4226 return 0;
4227
4228 if (!TEST_true(ENGINE_init(e))) {
4229 ENGINE_free(e);
4230 return 0;
4231 }
4232
4233 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4234 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
4235 goto err;
4236
4237 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
4238 goto err;
4239
4240 /* Copy the ctx, and complete the operation with the new ctx */
4241 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
4242 goto err;
4243
4244 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
4245 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
4246 goto err;
4247
4248 testresult = 1;
4249 err:
4250 EVP_CIPHER_CTX_free(ctx);
4251 EVP_CIPHER_CTX_free(ctx2);
4252 ENGINE_finish(e);
4253 ENGINE_free(e);
4254
4255 return testresult;
4256 }
4257 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
4258 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
4259
4260 static int ecxnids[] = {
4261 NID_X25519,
4262 NID_X448,
4263 NID_ED25519,
4264 NID_ED448
4265 };
4266
4267 /* Test that creating ECX keys with a short private key fails as expected */
4268 static int test_ecx_short_keys(int tst)
4269 {
4270 unsigned char ecxkeydata = 1;
4271 EVP_PKEY *pkey;
4272
4273
4274 pkey = EVP_PKEY_new_raw_private_key(ecxnids[tst], NULL, &ecxkeydata, 1);
4275 if (!TEST_ptr_null(pkey)) {
4276 EVP_PKEY_free(pkey);
4277 return 0;
4278 }
4279 return 1;
4280 }
4281
4282 typedef enum OPTION_choice {
4283 OPT_ERR = -1,
4284 OPT_EOF = 0,
4285 OPT_CONTEXT,
4286 OPT_TEST_ENUM
4287 } OPTION_CHOICE;
4288
4289 const OPTIONS *test_get_options(void)
4290 {
4291 static const OPTIONS options[] = {
4292 OPT_TEST_OPTIONS_DEFAULT_USAGE,
4293 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
4294 { NULL }
4295 };
4296 return options;
4297 }
4298
4299 int setup_tests(void)
4300 {
4301 OPTION_CHOICE o;
4302
4303 while ((o = opt_next()) != OPT_EOF) {
4304 switch (o) {
4305 case OPT_CONTEXT:
4306 /* Set up an alternate library context */
4307 testctx = OSSL_LIB_CTX_new();
4308 if (!TEST_ptr(testctx))
4309 return 0;
4310 /* Swap the libctx to test non-default context only */
4311 nullprov = OSSL_PROVIDER_load(NULL, "null");
4312 deflprov = OSSL_PROVIDER_load(testctx, "default");
4313 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
4314 break;
4315 case OPT_TEST_CASES:
4316 break;
4317 default:
4318 return 0;
4319 }
4320 }
4321
4322 ADD_TEST(test_EVP_set_default_properties);
4323 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
4324 ADD_TEST(test_EVP_DigestVerifyInit);
4325 #ifndef OPENSSL_NO_SIPHASH
4326 ADD_TEST(test_siphash_digestsign);
4327 #endif
4328 ADD_TEST(test_EVP_Digest);
4329 ADD_TEST(test_EVP_md_null);
4330 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
4331 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
4332 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
4333 ADD_TEST(test_privatekey_to_pkcs8);
4334 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
4335 #ifndef OPENSSL_NO_EC
4336 ADD_TEST(test_EVP_PKCS82PKEY);
4337 #endif
4338 #ifndef OPENSSL_NO_EC
4339 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
4340 #endif
4341 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
4342 ADD_TEST(test_EVP_SM2);
4343 ADD_TEST(test_EVP_SM2_verify);
4344 #endif
4345 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
4346 #ifndef OPENSSL_NO_DEPRECATED_3_0
4347 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
4348 if (!TEST_ptr(custom_pmeth))
4349 return 0;
4350 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
4351 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
4352 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
4353 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
4354 return 0;
4355 #endif
4356 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
4357 #ifndef OPENSSL_NO_CMAC
4358 ADD_TEST(test_CMAC_keygen);
4359 #endif
4360 ADD_TEST(test_HKDF);
4361 ADD_TEST(test_emptyikm_HKDF);
4362 #ifndef OPENSSL_NO_EC
4363 ADD_TEST(test_X509_PUBKEY_inplace);
4364 ADD_TEST(test_X509_PUBKEY_dup);
4365 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
4366 OSSL_NELEM(ec_der_pub_keys));
4367 #endif
4368 #ifndef OPENSSL_NO_DSA
4369 ADD_TEST(test_DSA_get_set_params);
4370 ADD_TEST(test_DSA_priv_pub);
4371 #endif
4372 ADD_TEST(test_RSA_get_set_params);
4373 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
4374 ADD_TEST(test_decrypt_null_chunks);
4375 #endif
4376 #ifndef OPENSSL_NO_DH
4377 ADD_TEST(test_DH_priv_pub);
4378 # ifndef OPENSSL_NO_DEPRECATED_3_0
4379 ADD_TEST(test_EVP_PKEY_set1_DH);
4380 # endif
4381 #endif
4382 #ifndef OPENSSL_NO_EC
4383 ADD_TEST(test_EC_priv_pub);
4384 # ifndef OPENSSL_NO_DEPRECATED_3_0
4385 ADD_TEST(test_EC_priv_only_legacy);
4386 # endif
4387 #endif
4388 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
4389 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
4390
4391 ADD_TEST(test_rand_agglomeration);
4392 ADD_ALL_TESTS(test_evp_iv_aes, 12);
4393 #ifndef OPENSSL_NO_DES
4394 ADD_ALL_TESTS(test_evp_iv_des, 6);
4395 #endif
4396 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
4397 ADD_TEST(test_EVP_rsa_pss_set_saltlen);
4398 #ifndef OPENSSL_NO_EC
4399 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
4400 #endif
4401
4402 ADD_TEST(test_names_do_all);
4403
4404 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
4405 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
4406 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
4407 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
4408
4409 #ifndef OPENSSL_NO_DEPRECATED_3_0
4410 ADD_ALL_TESTS(test_custom_pmeth, 12);
4411 ADD_TEST(test_evp_md_cipher_meth);
4412
4413 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4414 /* Tests only support the default libctx */
4415 if (testctx == NULL) {
4416 # ifndef OPENSSL_NO_EC
4417 ADD_ALL_TESTS(test_signatures_with_engine, 3);
4418 # else
4419 ADD_ALL_TESTS(test_signatures_with_engine, 2);
4420 # endif
4421 ADD_TEST(test_cipher_with_engine);
4422 }
4423 # endif
4424 #endif
4425
4426 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
4427
4428 return 1;
4429 }
4430
4431 void cleanup_tests(void)
4432 {
4433 OSSL_PROVIDER_unload(nullprov);
4434 OSSL_PROVIDER_unload(deflprov);
4435 OSSL_PROVIDER_unload(lgcyprov);
4436 OSSL_LIB_CTX_free(testctx);
4437 }
A mirror of the official openssl repository