]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/evp_extra_test.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
test: add test case for X508_PUBKEY_dup() function
[thirdparty/openssl.git] / test / evp_extra_test.c
1 /*
2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include "testutil.h"
34 #include "internal/nelem.h"
35 #include "internal/sizes.h"
36 #include "crypto/evp.h"
37 #include "../e_os.h" /* strcasecmp */
38
39 static OSSL_LIB_CTX *testctx = NULL;
40 static char *testpropq = NULL;
41
42 static OSSL_PROVIDER *nullprov = NULL;
43 static OSSL_PROVIDER *deflprov = NULL;
44 static OSSL_PROVIDER *lgcyprov = NULL;
45
46 /*
47 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
48 * should never use this key anywhere but in an example.
49 */
50 static const unsigned char kExampleRSAKeyDER[] = {
51 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
52 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
53 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
54 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
55 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
56 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
57 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
58 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
59 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
60 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
61 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
62 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
63 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
64 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
65 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
66 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
67 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
68 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
69 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
70 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
71 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
72 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
73 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
74 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
75 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
76 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
77 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
78 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
79 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
80 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
81 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
82 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
83 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
84 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
85 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
86 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
87 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
88 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
89 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
90 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
91 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
92 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
93 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
94 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
95 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
96 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
97 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
98 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
99 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
100 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
101 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
102 };
103
104 /*
105 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
106 * should never use this key anywhere but in an example.
107 */
108 #ifndef OPENSSL_NO_DSA
109 static const unsigned char kExampleDSAKeyDER[] = {
110 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
111 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
112 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
113 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
114 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
115 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
116 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
117 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
118 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
119 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
120 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
121 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
122 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
123 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
124 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
125 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
126 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
127 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
128 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
129 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
130 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
131 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
132 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
133 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
134 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
135 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
136 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
137 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
138 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
139 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
140 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
141 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
142 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
143 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
144 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
145 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
146 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
147 0x40, 0x48
148 };
149 #endif
150
151 /*
152 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
153 * components are not correct.
154 */
155 static const unsigned char kExampleBadRSAKeyDER[] = {
156 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
157 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
158 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
159 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
160 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
161 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
162 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
163 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
164 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
165 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
166 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
167 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
168 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
169 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
170 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
171 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
172 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
173 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
174 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
175 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
176 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
177 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
178 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
179 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
180 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
181 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
182 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
183 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
184 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
185 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
186 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
187 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
188 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
189 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
190 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
191 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
192 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
193 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
194 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
195 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
196 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
197 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
198 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
199 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
200 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
201 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
202 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
203 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
204 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
205 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
206 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
207 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
208 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
209 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
210 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
211 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
212 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
213 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
214 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
215 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
216 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
217 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
218 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
219 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
220 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
221 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
222 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
223 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
224 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
225 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
226 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
227 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
228 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
229 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
230 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
231 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
232 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
233 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
234 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
235 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
236 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
237 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
238 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
239 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
240 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
241 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
242 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
243 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
244 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
245 };
246
247 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
248
249 static const unsigned char kSignature[] = {
250 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
251 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
252 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
253 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
254 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
255 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
256 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
257 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
258 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
259 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
260 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
261 };
262
263 /*
264 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
265 * PrivateKeyInfo.
266 */
267 static const unsigned char kExampleRSAKeyPKCS8[] = {
268 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
269 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
270 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
271 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
272 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
273 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
274 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
275 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
276 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
277 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
278 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
279 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
280 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
281 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
282 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
283 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
284 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
285 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
286 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
287 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
288 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
289 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
290 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
291 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
292 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
293 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
294 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
295 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
296 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
297 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
298 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
299 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
300 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
301 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
302 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
303 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
304 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
305 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
306 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
307 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
308 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
309 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
310 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
311 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
312 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
313 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
314 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
315 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
316 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
317 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
318 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
319 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
320 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
321 };
322
323 #ifndef OPENSSL_NO_EC
324 /*
325 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
326 * structure.
327 */
328 static const unsigned char kExampleECKeyDER[] = {
329 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
330 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
331 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
332 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
333 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
334 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
335 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
336 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
337 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
338 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
339 0xc1,
340 };
341
342 /*
343 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
344 * structure. The private key is equal to the order and will fail to import
345 */
346 static const unsigned char kExampleBadECKeyDER[] = {
347 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
348 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
349 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
350 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
351 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
352 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
353 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
354 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
355 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
356 };
357
358 /* prime256v1 */
359 static const unsigned char kExampleECPubKeyDER[] = {
360 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
361 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
362 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
363 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
364 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
365 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
366 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
367 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
368 };
369
370 /*
371 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
372 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
373 */
374 static const unsigned char kExampleBadECPubKeyDER[] = {
375 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
376 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
377 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
378 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
379 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
380 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
381 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
382 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
383 };
384
385 static const unsigned char pExampleECParamDER[] = {
386 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
387 };
388
389 static const unsigned char kExampleED25519KeyDER[] = {
390 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
391 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
392 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
393 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
394 };
395
396 static const unsigned char kExampleED25519PubKeyDER[] = {
397 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
398 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
399 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
400 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
401 };
402
403 #endif
404
405 typedef struct APK_DATA_st {
406 const unsigned char *kder;
407 size_t size;
408 const char *keytype;
409 int evptype;
410 int check;
411 int pub_check;
412 int param_check;
413 int type; /* 0 for private, 1 for public, 2 for params */
414 } APK_DATA;
415
416 static APK_DATA keydata[] = {
417 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
418 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
419 #ifndef OPENSSL_NO_EC
420 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
421 #endif
422 };
423
424 static APK_DATA keycheckdata[] = {
425 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
426 0},
427 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
428 0, 1, 1, 0},
429 #ifndef OPENSSL_NO_EC
430 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
431 /* group is also associated in our pub key */
432 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
433 1, 1},
434 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
435 2},
436 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
437 EVP_PKEY_ED25519, 1, 1, 1, 0},
438 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
439 EVP_PKEY_ED25519, 0, 1, 1, 1},
440 #endif
441 };
442
443 static EVP_PKEY *load_example_key(const char *keytype,
444 const unsigned char *data, size_t data_len)
445 {
446 const unsigned char **pdata = &data;
447 EVP_PKEY *pkey = NULL;
448 OSSL_DECODER_CTX *dctx =
449 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
450 testctx, testpropq);
451
452 /* |pkey| will be NULL on error */
453 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
454 OSSL_DECODER_CTX_free(dctx);
455 return pkey;
456 }
457
458 static EVP_PKEY *load_example_rsa_key(void)
459 {
460 return load_example_key("RSA", kExampleRSAKeyDER,
461 sizeof(kExampleRSAKeyDER));
462 }
463
464 #ifndef OPENSSL_NO_DSA
465 static EVP_PKEY *load_example_dsa_key(void)
466 {
467 return load_example_key("DSA", kExampleDSAKeyDER,
468 sizeof(kExampleDSAKeyDER));
469 }
470 #endif
471
472 static EVP_PKEY *load_example_hmac_key(void)
473 {
474 EVP_PKEY *pkey = NULL;
475 unsigned char key[] = {
476 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
477 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
478 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
479 };
480
481 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, key, sizeof(key));
482 if (!TEST_ptr(pkey))
483 return NULL;
484
485 return pkey;
486 }
487
488 static int test_EVP_set_default_properties(void)
489 {
490 OSSL_LIB_CTX *ctx;
491 EVP_MD *md = NULL;
492 int res = 0;
493
494 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
495 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
496 goto err;
497 EVP_MD_free(md);
498 md = NULL;
499
500 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
501 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
502 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
503 goto err;
504 EVP_MD_free(md);
505 md = NULL;
506
507 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
508 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
509 goto err;
510 res = 1;
511 err:
512 EVP_MD_free(md);
513 OSSL_LIB_CTX_free(ctx);
514 return res;
515 }
516
517 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
518 static int test_fromdata(char *keytype, OSSL_PARAM *params)
519 {
520 EVP_PKEY_CTX *pctx = NULL;
521 EVP_PKEY *pkey = NULL;
522 int testresult = 0;
523
524 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
525 goto err;
526 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
527 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
528 params), 0))
529 goto err;
530
531 if (!TEST_ptr(pkey))
532 goto err;
533
534 testresult = 1;
535 err:
536 EVP_PKEY_free(pkey);
537 EVP_PKEY_CTX_free(pctx);
538
539 return testresult;
540 }
541 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
542
543 /*
544 * Test combinations of private, public, missing and private + public key
545 * params to ensure they are all accepted
546 */
547 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
548 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
549 {
550 OSSL_PARAM_BLD *bld = NULL;
551 OSSL_PARAM *params = NULL;
552 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
553 int ret = 0;
554
555 /*
556 * Setup the parameters for our pkey object. For our purposes they don't
557 * have to actually be *valid* parameters. We just need to set something.
558 */
559 if (!TEST_ptr(p = BN_new())
560 || !TEST_ptr(q = BN_new())
561 || !TEST_ptr(g = BN_new())
562 || !TEST_ptr(pub = BN_new())
563 || !TEST_ptr(priv = BN_new()))
564 goto err;
565
566 /* Test !priv and !pub */
567 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
568 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
569 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
570 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
571 goto err;
572 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
573 goto err;
574
575 if (!test_fromdata(keytype, params))
576 goto err;
577 OSSL_PARAM_BLD_free_params(params);
578 OSSL_PARAM_BLD_free(bld);
579
580 /* Test priv and !pub */
581 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
582 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
583 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
584 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
585 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
586 priv)))
587 goto err;
588 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
589 goto err;
590
591 if (!test_fromdata(keytype, params))
592 goto err;
593 OSSL_PARAM_BLD_free_params(params);
594 OSSL_PARAM_BLD_free(bld);
595
596 /* Test !priv and pub */
597 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
598 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
599 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
600 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
601 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
602 pub)))
603 goto err;
604 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
605 goto err;
606
607 if (!test_fromdata(keytype, params))
608 goto err;
609 OSSL_PARAM_BLD_free_params(params);
610 OSSL_PARAM_BLD_free(bld);
611
612 /* Test priv and pub */
613 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
614 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
615 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
616 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
617 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
618 pub))
619 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
620 priv)))
621 goto err;
622 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
623 goto err;
624
625 if (!test_fromdata(keytype, params))
626 goto err;
627
628 ret = 1;
629 err:
630 OSSL_PARAM_BLD_free_params(params);
631 OSSL_PARAM_BLD_free(bld);
632 BN_free(p);
633 BN_free(q);
634 BN_free(g);
635 BN_free(pub);
636 BN_free(priv);
637
638 return ret;
639 }
640 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
641
642 /*
643 * Test combinations of private, public, missing and private + public key
644 * params to ensure they are all accepted for EC keys
645 */
646 #ifndef OPENSSL_NO_EC
647 static unsigned char ec_priv[] = {
648 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
649 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
650 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
651 };
652 static unsigned char ec_pub[] = {
653 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
654 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
655 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
656 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
657 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
658 0x08, 0x09, 0xb8, 0xdb, 0x03
659 };
660
661 static int test_EC_priv_pub(void)
662 {
663 OSSL_PARAM_BLD *bld = NULL;
664 OSSL_PARAM *params = NULL;
665 BIGNUM *priv = NULL;
666 int ret = 0;
667
668 /*
669 * Setup the parameters for our pkey object. For our purposes they don't
670 * have to actually be *valid* parameters. We just need to set something.
671 */
672 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
673 goto err;
674
675 /* Test !priv and !pub */
676 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
677 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
678 OSSL_PKEY_PARAM_GROUP_NAME,
679 "P-256", 0)))
680 goto err;
681 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
682 goto err;
683
684 if (!test_fromdata("EC", params))
685 goto err;
686 OSSL_PARAM_BLD_free_params(params);
687 OSSL_PARAM_BLD_free(bld);
688
689 /* Test priv and !pub */
690 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
691 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
692 OSSL_PKEY_PARAM_GROUP_NAME,
693 "P-256", 0))
694 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
695 priv)))
696 goto err;
697 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
698 goto err;
699
700 if (!test_fromdata("EC", params))
701 goto err;
702 OSSL_PARAM_BLD_free_params(params);
703 OSSL_PARAM_BLD_free(bld);
704
705 /* Test !priv and pub */
706 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
707 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
708 OSSL_PKEY_PARAM_GROUP_NAME,
709 "P-256", 0))
710 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
711 OSSL_PKEY_PARAM_PUB_KEY,
712 ec_pub, sizeof(ec_pub))))
713 goto err;
714 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
715 goto err;
716
717 if (!test_fromdata("EC", params))
718 goto err;
719 OSSL_PARAM_BLD_free_params(params);
720 OSSL_PARAM_BLD_free(bld);
721
722 /* Test priv and pub */
723 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
724 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
725 OSSL_PKEY_PARAM_GROUP_NAME,
726 "P-256", 0))
727 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
728 OSSL_PKEY_PARAM_PUB_KEY,
729 ec_pub, sizeof(ec_pub)))
730 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
731 priv)))
732 goto err;
733 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
734 goto err;
735
736 if (!test_fromdata("EC", params))
737 goto err;
738
739 ret = 1;
740 err:
741 OSSL_PARAM_BLD_free_params(params);
742 OSSL_PARAM_BLD_free(bld);
743 BN_free(priv);
744
745 return ret;
746 }
747
748 /* Test that using a legacy EC key with only a private key in it works */
749 # ifndef OPENSSL_NO_DEPRECATED_3_0
750 static int test_EC_priv_only_legacy(void)
751 {
752 BIGNUM *priv = NULL;
753 int ret = 0;
754 EC_KEY *eckey = NULL;
755 EVP_PKEY *pkey = NULL;
756 EVP_MD_CTX *ctx = NULL;
757
758 /* Create the low level EC_KEY */
759 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
760 goto err;
761
762 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
763 if (!TEST_ptr(eckey))
764 goto err;
765
766 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
767 goto err;
768
769 pkey = EVP_PKEY_new();
770 if (!TEST_ptr(pkey))
771 goto err;
772
773 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
774 goto err;
775 eckey = NULL;
776
777 ctx = EVP_MD_CTX_new();
778 if (!TEST_ptr(ctx))
779 goto err;
780
781 /*
782 * The EVP_DigestSignInit function should create the key on the provider
783 * side which is sufficient for this test.
784 */
785 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx, testpropq,
786 pkey, NULL)))
787 goto err;
788
789 ret = 1;
790
791 err:
792 EVP_MD_CTX_free(ctx);
793 EVP_PKEY_free(pkey);
794 EC_KEY_free(eckey);
795 BN_free(priv);
796
797 return ret;
798 }
799 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
800 #endif /* OPENSSL_NO_EC */
801
802 static int test_EVP_Enveloped(void)
803 {
804 int ret = 0;
805 EVP_CIPHER_CTX *ctx = NULL;
806 EVP_PKEY *keypair = NULL;
807 unsigned char *kek = NULL;
808 unsigned char iv[EVP_MAX_IV_LENGTH];
809 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
810 int len, kek_len, ciphertext_len, plaintext_len;
811 unsigned char ciphertext[32], plaintext[16];
812 const EVP_CIPHER *type = NULL;
813
814 if (nullprov != NULL)
815 return TEST_skip("Test does not support a non-default library context");
816
817 type = EVP_aes_256_cbc();
818
819 if (!TEST_ptr(keypair = load_example_rsa_key())
820 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
821 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
822 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
823 &keypair, 1))
824 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
825 msg, sizeof(msg)))
826 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
827 &len)))
828 goto err;
829
830 ciphertext_len += len;
831
832 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
833 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
834 ciphertext, ciphertext_len))
835 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
836 goto err;
837
838 plaintext_len += len;
839 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
840 goto err;
841
842 ret = 1;
843 err:
844 OPENSSL_free(kek);
845 EVP_PKEY_free(keypair);
846 EVP_CIPHER_CTX_free(ctx);
847 return ret;
848 }
849
850 /*
851 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
852 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
853 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
854 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
855 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
856 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
857 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
858 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
859 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
860 */
861 static int test_EVP_DigestSignInit(int tst)
862 {
863 int ret = 0;
864 EVP_PKEY *pkey = NULL;
865 unsigned char *sig = NULL;
866 size_t sig_len = 0;
867 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
868 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
869 BIO *mdbio = NULL, *membio = NULL;
870 size_t written;
871 const EVP_MD *md;
872 EVP_MD *mdexp = NULL;
873
874 if (nullprov != NULL)
875 return TEST_skip("Test does not support a non-default library context");
876
877 if (tst >= 6) {
878 membio = BIO_new(BIO_s_mem());
879 mdbio = BIO_new(BIO_f_md());
880 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
881 goto out;
882 BIO_push(mdbio, membio);
883 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
884 goto out;
885 } else {
886 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
887 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
888 goto out;
889 }
890
891 if (tst == 0 || tst == 3 || tst == 6) {
892 if (!TEST_ptr(pkey = load_example_rsa_key()))
893 goto out;
894 } else if (tst == 1 || tst == 4 || tst == 7) {
895 #ifndef OPENSSL_NO_DSA
896 if (!TEST_ptr(pkey = load_example_dsa_key()))
897 goto out;
898 #else
899 ret = 1;
900 goto out;
901 #endif
902 } else {
903 if (!TEST_ptr(pkey = load_example_hmac_key()))
904 goto out;
905 }
906
907 if (tst >= 3 && tst <= 5)
908 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
909 else
910 md = EVP_sha256();
911
912 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
913 goto out;
914
915 if (tst >= 6) {
916 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
917 goto out;
918 } else {
919 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
920 goto out;
921 }
922
923 /* Determine the size of the signature. */
924 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
925 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
926 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
927 goto out;
928
929 if (tst >= 6) {
930 if (!TEST_int_gt(BIO_reset(mdbio), 0)
931 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
932 goto out;
933 }
934
935 /*
936 * Ensure that the signature round-trips (Verification isn't supported for
937 * HMAC via EVP_DigestVerify*)
938 */
939 if (tst != 2 && tst != 5 && tst != 8) {
940 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
941 NULL, pkey)))
942 goto out;
943
944 if (tst >= 6) {
945 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
946 goto out;
947 } else {
948 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
949 sizeof(kMsg))))
950 goto out;
951 }
952 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
953 goto out;
954 }
955
956 ret = 1;
957
958 out:
959 BIO_free(membio);
960 BIO_free(mdbio);
961 EVP_MD_CTX_free(a_md_ctx);
962 EVP_MD_CTX_free(a_md_ctx_verify);
963 EVP_PKEY_free(pkey);
964 OPENSSL_free(sig);
965 EVP_MD_free(mdexp);
966
967 return ret;
968 }
969
970 static int test_EVP_DigestVerifyInit(void)
971 {
972 int ret = 0;
973 EVP_PKEY *pkey = NULL;
974 EVP_MD_CTX *md_ctx = NULL;
975
976 if (nullprov != NULL)
977 return TEST_skip("Test does not support a non-default library context");
978
979 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
980 || !TEST_ptr(pkey = load_example_rsa_key()))
981 goto out;
982
983 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
984 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
985 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
986 sizeof(kSignature))))
987 goto out;
988 ret = 1;
989
990 out:
991 EVP_MD_CTX_free(md_ctx);
992 EVP_PKEY_free(pkey);
993 return ret;
994 }
995
996 /*
997 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
998 */
999 static int test_EVP_Digest(void)
1000 {
1001 int ret = 0;
1002 EVP_MD_CTX *md_ctx = NULL;
1003 unsigned char md[EVP_MAX_MD_SIZE];
1004 EVP_MD *sha256 = NULL;
1005 EVP_MD *shake256 = NULL;
1006
1007 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1008 goto out;
1009
1010 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1011 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1012 goto out;
1013
1014 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1015 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1016 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1017 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1018 || !TEST_ptr_eq(EVP_MD_CTX_md(md_ctx), NULL))
1019 goto out;
1020
1021 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1022 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1023 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1024 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1025 || !TEST_ptr(EVP_MD_CTX_md(md_ctx))
1026 /*
1027 * EVP_DigestInit_ex with NULL type should work on
1028 * pre-initialized context.
1029 */
1030 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1031 goto out;
1032
1033 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1034 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1035 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1036 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1037 || !TEST_ptr(EVP_MD_CTX_md(md_ctx))
1038 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1039 goto out;
1040 ret = 1;
1041
1042 out:
1043 EVP_MD_CTX_free(md_ctx);
1044 EVP_MD_free(sha256);
1045 EVP_MD_free(shake256);
1046 return ret;
1047 }
1048
1049 static int test_d2i_AutoPrivateKey(int i)
1050 {
1051 int ret = 0;
1052 const unsigned char *p;
1053 EVP_PKEY *pkey = NULL;
1054 const APK_DATA *ak = &keydata[i];
1055 const unsigned char *input = ak->kder;
1056 size_t input_len = ak->size;
1057 int expected_id = ak->evptype;
1058
1059 p = input;
1060 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1061 || !TEST_ptr_eq(p, input + input_len)
1062 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1063 goto done;
1064
1065 ret = 1;
1066
1067 done:
1068 EVP_PKEY_free(pkey);
1069 return ret;
1070 }
1071
1072 #ifndef OPENSSL_NO_EC
1073
1074 static const unsigned char ec_public_sect163k1_validxy[] = {
1075 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1076 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1077 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1078 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1079 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1080 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1081 };
1082
1083 static const unsigned char ec_public_sect163k1_badx[] = {
1084 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1085 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1086 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1087 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1088 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1089 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1090 };
1091
1092 static const unsigned char ec_public_sect163k1_bady[] = {
1093 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1094 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1095 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1096 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1097 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1098 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1099 };
1100
1101 static struct ec_der_pub_keys_st {
1102 const unsigned char *der;
1103 size_t len;
1104 int valid;
1105 } ec_der_pub_keys[] = {
1106 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1107 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1108 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1109 };
1110
1111 /*
1112 * Tests the range of the decoded EC char2 public point.
1113 * See ec_GF2m_simple_oct2point().
1114 */
1115 static int test_invalide_ec_char2_pub_range_decode(int id)
1116 {
1117 int ret = 0;
1118 EVP_PKEY *pkey;
1119
1120 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1121 ec_der_pub_keys[id].len);
1122
1123 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1124 || TEST_ptr_null(pkey);
1125 EVP_PKEY_free(pkey);
1126 return ret;
1127 }
1128
1129 /* Tests loading a bad key in PKCS8 format */
1130 static int test_EVP_PKCS82PKEY(void)
1131 {
1132 int ret = 0;
1133 const unsigned char *derp = kExampleBadECKeyDER;
1134 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1135 EVP_PKEY *pkey = NULL;
1136
1137 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1138 sizeof(kExampleBadECKeyDER))))
1139 goto done;
1140
1141 if (!TEST_ptr_eq(derp,
1142 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1143 goto done;
1144
1145 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1146 goto done;
1147
1148 ret = 1;
1149
1150 done:
1151 PKCS8_PRIV_KEY_INFO_free(p8inf);
1152 EVP_PKEY_free(pkey);
1153
1154 return ret;
1155 }
1156 #endif
1157
1158 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1159 static int test_privatekey_to_pkcs8(void)
1160 {
1161 EVP_PKEY *pkey = NULL;
1162 BIO *membio = NULL;
1163 char *membuf = NULL;
1164 long membuf_len = 0;
1165 int ok = 0;
1166
1167 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1168 || !TEST_ptr(pkey = load_example_rsa_key())
1169 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1170 NULL, 0, NULL, NULL),
1171 0)
1172 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1173 || !TEST_ptr(membuf)
1174 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1175 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1176 /*
1177 * We try to write PEM as well, just to see that it doesn't err, but
1178 * assume that the result is correct.
1179 */
1180 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1181 NULL, 0, NULL, NULL),
1182 0))
1183 goto done;
1184
1185 ok = 1;
1186 done:
1187 EVP_PKEY_free(pkey);
1188 BIO_free_all(membio);
1189 return ok;
1190 }
1191
1192 #ifndef OPENSSL_NO_EC
1193 static const struct {
1194 int encoding;
1195 const char *encoding_name;
1196 } ec_encodings[] = {
1197 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1198 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1199 };
1200
1201 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1202 {
1203 const OSSL_PARAM *p;
1204 const char *enc_name = NULL;
1205 int *enc = arg;
1206 size_t i;
1207
1208 *enc = -1;
1209
1210 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1211 OSSL_PKEY_PARAM_EC_ENCODING))
1212 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1213 return 0;
1214
1215 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1216 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1217 *enc = ec_encodings[i].encoding;
1218 break;
1219 }
1220 }
1221
1222 return (*enc != -1);
1223 }
1224
1225 static int test_EC_keygen_with_enc(int idx)
1226 {
1227 EVP_PKEY *params = NULL, *key = NULL;
1228 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1229 int enc;
1230 int ret = 0;
1231
1232 enc = ec_encodings[idx].encoding;
1233
1234 /* Create key parameters */
1235 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1236 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
1237 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
1238 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1239 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
1240 || !TEST_ptr(params))
1241 goto done;
1242
1243 /* Create key */
1244 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1245 || !TEST_true(EVP_PKEY_keygen_init(kctx))
1246 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1247 || !TEST_ptr(key))
1248 goto done;
1249
1250 /* Check that the encoding got all the way into the key */
1251 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1252 ec_export_get_encoding_cb, &enc))
1253 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1254 goto done;
1255
1256 ret = 1;
1257 done:
1258 EVP_PKEY_free(key);
1259 EVP_PKEY_free(params);
1260 EVP_PKEY_CTX_free(kctx);
1261 EVP_PKEY_CTX_free(pctx);
1262 return ret;
1263 }
1264 #endif
1265
1266 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1267
1268 static int test_EVP_SM2_verify(void)
1269 {
1270 const char *pubkey =
1271 "-----BEGIN PUBLIC KEY-----\n"
1272 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1273 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1274 "-----END PUBLIC KEY-----\n";
1275
1276 const char *msg = "message digest";
1277 const char *id = "ALICE123@YAHOO.COM";
1278
1279 const uint8_t signature[] = {
1280 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1281 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1282 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1283 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1284 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1285 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1286 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1287 };
1288
1289 int rc = 0;
1290 BIO *bio = NULL;
1291 EVP_PKEY *pkey = NULL;
1292 EVP_MD_CTX *mctx = NULL;
1293 EVP_PKEY_CTX *pctx = NULL;
1294 EVP_MD *sm3 = NULL;
1295
1296 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1297 if (!TEST_true(bio != NULL))
1298 goto done;
1299
1300 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
1301 if (!TEST_true(pkey != NULL))
1302 goto done;
1303
1304 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1305 goto done;
1306
1307 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1308 goto done;
1309
1310 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1311 goto done;
1312
1313 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1314
1315 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1316 goto done;
1317
1318 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
1319 goto done;
1320
1321 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1322 goto done;
1323
1324 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1325 goto done;
1326
1327 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
1328 goto done;
1329 rc = 1;
1330
1331 done:
1332 BIO_free(bio);
1333 EVP_PKEY_free(pkey);
1334 EVP_PKEY_CTX_free(pctx);
1335 EVP_MD_CTX_free(mctx);
1336 EVP_MD_free(sm3);
1337 return rc;
1338 }
1339
1340 static int test_EVP_SM2(void)
1341 {
1342 int ret = 0;
1343 EVP_PKEY *pkey = NULL;
1344 EVP_PKEY *pkeyparams = NULL;
1345 EVP_PKEY_CTX *pctx = NULL;
1346 EVP_PKEY_CTX *kctx = NULL;
1347 EVP_PKEY_CTX *sctx = NULL;
1348 size_t sig_len = 0;
1349 unsigned char *sig = NULL;
1350 EVP_MD_CTX *md_ctx = NULL;
1351 EVP_MD_CTX *md_ctx_verify = NULL;
1352 EVP_PKEY_CTX *cctx = NULL;
1353 EVP_MD *sm3 = NULL;
1354
1355 uint8_t ciphertext[128];
1356 size_t ctext_len = sizeof(ciphertext);
1357
1358 uint8_t plaintext[8];
1359 size_t ptext_len = sizeof(plaintext);
1360
1361 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1362
1363 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1364 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1365 int i;
1366 char mdname[20];
1367
1368 pctx = EVP_PKEY_CTX_new_from_name(testctx, "SM2", testpropq);
1369 if (!TEST_ptr(pctx))
1370 goto done;
1371
1372 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1373 goto done;
1374
1375 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1376 goto done;
1377
1378 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1379 goto done;
1380
1381 kctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkeyparams, testpropq);
1382 if (!TEST_ptr(kctx))
1383 goto done;
1384
1385 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1386 goto done;
1387
1388 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1389 goto done;
1390
1391 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1392 goto done;
1393
1394 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1395 goto done;
1396
1397 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1398 goto done;
1399
1400 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1401 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1402
1403 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1404 goto done;
1405
1406 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, sm3, NULL, pkey)))
1407 goto done;
1408
1409 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1410 goto done;
1411
1412 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1413 goto done;
1414
1415 /* Determine the size of the signature. */
1416 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1417 goto done;
1418
1419 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1420 goto done;
1421
1422 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1423 goto done;
1424
1425 /* Ensure that the signature round-trips. */
1426
1427 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, sm3, NULL, pkey)))
1428 goto done;
1429
1430 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1431 goto done;
1432
1433 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1434 goto done;
1435
1436 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1437 goto done;
1438
1439 /* now check encryption/decryption */
1440
1441 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1442 mdname, sizeof(mdname));
1443 for (i = 0; i < 2; i++) {
1444 EVP_PKEY_CTX_free(cctx);
1445
1446 sparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1447 i == 0 ? "SM3" : "SHA2-256",
1448 0);
1449
1450 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1451 goto done;
1452
1453 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1454 goto done;
1455
1456 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1457 goto done;
1458
1459 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1460 sizeof(kMsg))))
1461 goto done;
1462
1463 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1464 goto done;
1465
1466 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1467 goto done;
1468
1469 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1470 ctext_len)))
1471 goto done;
1472
1473 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1474 goto done;
1475
1476 /* Test we're still using the digest we think we are */
1477 if (i == 0 && !TEST_int_eq(strcmp(mdname, "SM3"), 0))
1478 goto done;
1479 if (i == 1 && !TEST_int_eq(strcmp(mdname, "SHA2-256"), 0))
1480 goto done;
1481
1482 if (!TEST_true(ptext_len == sizeof(kMsg)))
1483 goto done;
1484
1485 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1486 goto done;
1487 }
1488
1489 ret = 1;
1490 done:
1491 EVP_PKEY_CTX_free(pctx);
1492 EVP_PKEY_CTX_free(kctx);
1493 EVP_PKEY_CTX_free(sctx);
1494 EVP_PKEY_CTX_free(cctx);
1495 EVP_PKEY_free(pkey);
1496 EVP_PKEY_free(pkeyparams);
1497 EVP_MD_CTX_free(md_ctx);
1498 EVP_MD_CTX_free(md_ctx_verify);
1499 EVP_MD_free(sm3);
1500 OPENSSL_free(sig);
1501 return ret;
1502 }
1503
1504 #endif
1505
1506 static struct keys_st {
1507 int type;
1508 char *priv;
1509 char *pub;
1510 } keys[] = {
1511 {
1512 EVP_PKEY_HMAC, "0123456789", NULL
1513 }, {
1514 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1515 }, {
1516 EVP_PKEY_SIPHASH, "0123456789012345", NULL
1517 },
1518 #ifndef OPENSSL_NO_EC
1519 {
1520 EVP_PKEY_X25519, "01234567890123456789012345678901",
1521 "abcdefghijklmnopqrstuvwxyzabcdef"
1522 }, {
1523 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1524 "abcdefghijklmnopqrstuvwxyzabcdef"
1525 }, {
1526 EVP_PKEY_X448,
1527 "01234567890123456789012345678901234567890123456789012345",
1528 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1529 }, {
1530 EVP_PKEY_ED448,
1531 "012345678901234567890123456789012345678901234567890123456",
1532 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1533 }
1534 #endif
1535 };
1536
1537 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
1538 {
1539 int ret = 0;
1540 unsigned char buf[80];
1541 unsigned char *in;
1542 size_t inlen, len = 0;
1543 EVP_PKEY *pkey;
1544
1545 if (nullprov != NULL)
1546 return TEST_skip("Test does not support a non-default library context");
1547
1548 /* Check if this algorithm supports public keys */
1549 if (keys[tst].pub == NULL)
1550 return 1;
1551
1552 memset(buf, 0, sizeof(buf));
1553
1554 if (pub) {
1555 inlen = strlen(keys[tst].pub);
1556 in = (unsigned char *)keys[tst].pub;
1557 if (uselibctx) {
1558 pkey = EVP_PKEY_new_raw_public_key_ex(
1559 testctx,
1560 OBJ_nid2sn(keys[tst].type),
1561 NULL,
1562 in,
1563 inlen);
1564 } else {
1565 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1566 NULL,
1567 in,
1568 inlen);
1569 }
1570 } else {
1571 inlen = strlen(keys[tst].priv);
1572 in = (unsigned char *)keys[tst].priv;
1573 if (uselibctx) {
1574 pkey = EVP_PKEY_new_raw_private_key_ex(
1575 testctx, OBJ_nid2sn(keys[tst].type),
1576 NULL,
1577 in,
1578 inlen);
1579 } else {
1580 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1581 NULL,
1582 in,
1583 inlen);
1584 }
1585 }
1586
1587 if (!TEST_ptr(pkey)
1588 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1589 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1590 || !TEST_true(len == inlen)
1591 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1592 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1593 || !TEST_mem_eq(in, inlen, buf, len))
1594 goto done;
1595
1596 ret = 1;
1597 done:
1598 EVP_PKEY_free(pkey);
1599 return ret;
1600 }
1601
1602 static int test_set_get_raw_keys(int tst)
1603 {
1604 return test_set_get_raw_keys_int(tst, 0, 0)
1605 && test_set_get_raw_keys_int(tst, 0, 1)
1606 && test_set_get_raw_keys_int(tst, 1, 0)
1607 && test_set_get_raw_keys_int(tst, 1, 1);
1608 }
1609
1610 #ifndef OPENSSL_NO_DEPRECATED_3_0
1611 static int pkey_custom_check(EVP_PKEY *pkey)
1612 {
1613 return 0xbeef;
1614 }
1615
1616 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1617 {
1618 return 0xbeef;
1619 }
1620
1621 static int pkey_custom_param_check(EVP_PKEY *pkey)
1622 {
1623 return 0xbeef;
1624 }
1625
1626 static EVP_PKEY_METHOD *custom_pmeth;
1627 #endif
1628
1629 static int test_EVP_PKEY_check(int i)
1630 {
1631 int ret = 0;
1632 EVP_PKEY *pkey = NULL;
1633 EVP_PKEY_CTX *ctx = NULL;
1634 #ifndef OPENSSL_NO_DEPRECATED_3_0
1635 EVP_PKEY_CTX *ctx2 = NULL;
1636 #endif
1637 const APK_DATA *ak = &keycheckdata[i];
1638 const unsigned char *input = ak->kder;
1639 size_t input_len = ak->size;
1640 int expected_id = ak->evptype;
1641 int expected_check = ak->check;
1642 int expected_pub_check = ak->pub_check;
1643 int expected_param_check = ak->param_check;
1644 int type = ak->type;
1645
1646 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
1647 goto done;
1648 if (type == 0
1649 && !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1650 goto done;
1651
1652 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1653 goto done;
1654
1655 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1656 goto done;
1657
1658 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1659 goto done;
1660
1661 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1662 goto done;
1663
1664 #ifndef OPENSSL_NO_DEPRECATED_3_0
1665 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1666 /* assign the pkey directly, as an internal test */
1667 EVP_PKEY_up_ref(pkey);
1668 ctx2->pkey = pkey;
1669
1670 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1671 goto done;
1672
1673 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1674 goto done;
1675
1676 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1677 goto done;
1678 #endif
1679
1680 ret = 1;
1681
1682 done:
1683 EVP_PKEY_CTX_free(ctx);
1684 #ifndef OPENSSL_NO_DEPRECATED_3_0
1685 EVP_PKEY_CTX_free(ctx2);
1686 #endif
1687 EVP_PKEY_free(pkey);
1688 return ret;
1689 }
1690
1691 #ifndef OPENSSL_NO_CMAC
1692 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
1693 {
1694 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
1695 const char msg[] = "Hello World";
1696 size_t maclen;
1697 int ret = 1;
1698
1699 if (!TEST_ptr(mdctx)
1700 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
1701 testpropq, pkey, NULL))
1702 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
1703 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
1704 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
1705 ret = 0;
1706
1707 EVP_MD_CTX_free(mdctx);
1708
1709 return ret;
1710 }
1711 static int test_CMAC_keygen(void)
1712 {
1713 static unsigned char key[] = {
1714 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1715 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1716 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1717 };
1718 EVP_PKEY_CTX *kctx = NULL;
1719 int ret = 0;
1720 EVP_PKEY *pkey = NULL;
1721 unsigned char mac[AES_BLOCK_SIZE];
1722 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1723 unsigned char mac2[AES_BLOCK_SIZE];
1724 # endif
1725
1726 if (nullprov != NULL)
1727 return TEST_skip("Test does not support a non-default library context");
1728
1729 /*
1730 * This is a legacy method for CMACs, but should still work.
1731 * This verifies that it works without an ENGINE.
1732 */
1733 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
1734
1735 /* Test a CMAC key created using the "generated" method */
1736 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1737 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1738 EVP_PKEY_CTRL_CIPHER,
1739 0, (void *)EVP_aes_256_ecb()), 0)
1740 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1741 EVP_PKEY_CTRL_SET_MAC_KEY,
1742 sizeof(key), (void *)key), 0)
1743 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
1744 || !TEST_ptr(pkey)
1745 || !TEST_true(get_cmac_val(pkey, mac)))
1746 goto done;
1747
1748 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1749 EVP_PKEY_free(pkey);
1750
1751 /*
1752 * Test a CMAC key using the direct method, and compare with the mac
1753 * created above.
1754 */
1755 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
1756 if (!TEST_ptr(pkey)
1757 || !TEST_true(get_cmac_val(pkey, mac2))
1758 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
1759 goto done;
1760 # endif
1761
1762 ret = 1;
1763
1764 done:
1765 EVP_PKEY_free(pkey);
1766 EVP_PKEY_CTX_free(kctx);
1767 return ret;
1768 }
1769 #endif
1770
1771 static int test_HKDF(void)
1772 {
1773 EVP_PKEY_CTX *pctx;
1774 unsigned char out[20];
1775 size_t outlen;
1776 int i, ret = 0;
1777 unsigned char salt[] = "0123456789";
1778 unsigned char key[] = "012345678901234567890123456789";
1779 unsigned char info[] = "infostring";
1780 const unsigned char expected[] = {
1781 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1782 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1783 };
1784 size_t expectedlen = sizeof(expected);
1785
1786 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
1787 goto done;
1788
1789 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1790 for (i = 0; i < 2; i++) {
1791 outlen = sizeof(out);
1792 memset(out, 0, outlen);
1793
1794 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1795 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1796 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1797 sizeof(salt) - 1), 0)
1798 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1799 sizeof(key) - 1), 0)
1800 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1801 sizeof(info) - 1), 0)
1802 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1803 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1804 goto done;
1805 }
1806
1807 ret = 1;
1808
1809 done:
1810 EVP_PKEY_CTX_free(pctx);
1811
1812 return ret;
1813 }
1814
1815 static int test_emptyikm_HKDF(void)
1816 {
1817 EVP_PKEY_CTX *pctx;
1818 unsigned char out[20];
1819 size_t outlen;
1820 int ret = 0;
1821 unsigned char salt[] = "9876543210";
1822 unsigned char key[] = "";
1823 unsigned char info[] = "stringinfo";
1824 const unsigned char expected[] = {
1825 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
1826 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
1827 };
1828 size_t expectedlen = sizeof(expected);
1829
1830 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
1831 goto done;
1832
1833 outlen = sizeof(out);
1834 memset(out, 0, outlen);
1835
1836 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1837 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1838 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1839 sizeof(salt) - 1), 0)
1840 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1841 sizeof(key) - 1), 0)
1842 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1843 sizeof(info) - 1), 0)
1844 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1845 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1846 goto done;
1847
1848 ret = 1;
1849
1850 done:
1851 EVP_PKEY_CTX_free(pctx);
1852
1853 return ret;
1854 }
1855
1856 #ifndef OPENSSL_NO_EC
1857 static int test_X509_PUBKEY_inplace(void)
1858 {
1859 int ret = 0;
1860 X509_PUBKEY *xp = NULL;
1861 const unsigned char *p = kExampleECPubKeyDER;
1862 size_t input_len = sizeof(kExampleECPubKeyDER);
1863
1864 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1865 goto done;
1866
1867 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1868 goto done;
1869
1870 p = kExampleBadECPubKeyDER;
1871 input_len = sizeof(kExampleBadECPubKeyDER);
1872
1873 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1874 goto done;
1875
1876 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1877 goto done;
1878
1879 ret = 1;
1880
1881 done:
1882 X509_PUBKEY_free(xp);
1883 return ret;
1884 }
1885
1886 static int test_X509_PUBKEY_dup(void)
1887 {
1888 int ret = 0;
1889 X509_PUBKEY *xp = NULL, *xq = NULL;
1890 const unsigned char *p = kExampleECPubKeyDER;
1891 size_t input_len = sizeof(kExampleECPubKeyDER);
1892
1893 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len))
1894 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
1895 || !TEST_ptr_ne(xp, xq))
1896 goto done;
1897
1898 if (!TEST_ptr(X509_PUBKEY_get0(xq))
1899 || !TEST_ptr(X509_PUBKEY_get0(xp))
1900 || !TEST_ptr_eq(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
1901 goto done;
1902
1903 X509_PUBKEY_free(xq);
1904 xq = NULL;
1905 p = kExampleBadECPubKeyDER;
1906 input_len = sizeof(kExampleBadECPubKeyDER);
1907
1908 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
1909 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
1910 goto done;
1911
1912 X509_PUBKEY_free(xp);
1913 xp = NULL;
1914 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
1915 goto done;
1916
1917 ret = 1;
1918
1919 done:
1920 X509_PUBKEY_free(xp);
1921 X509_PUBKEY_free(xq);
1922 return ret;
1923 }
1924 #endif /* OPENSSL_NO_EC */
1925
1926 /* Test getting and setting parameters on an EVP_PKEY_CTX */
1927 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
1928 {
1929 EVP_MD_CTX *mdctx = NULL;
1930 EVP_PKEY_CTX *ctx = NULL;
1931 const OSSL_PARAM *params;
1932 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
1933 int ret = 0;
1934 const EVP_MD *md;
1935 char mdname[OSSL_MAX_NAME_SIZE];
1936 char ssl3ms[48];
1937
1938 /* Initialise a sign operation */
1939 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
1940 if (!TEST_ptr(ctx)
1941 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
1942 goto err;
1943
1944 /*
1945 * We should be able to query the parameters now.
1946 */
1947 params = EVP_PKEY_CTX_settable_params(ctx);
1948 if (!TEST_ptr(params)
1949 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1950 OSSL_SIGNATURE_PARAM_DIGEST)))
1951 goto err;
1952
1953 params = EVP_PKEY_CTX_gettable_params(ctx);
1954 if (!TEST_ptr(params)
1955 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1956 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
1957 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1958 OSSL_SIGNATURE_PARAM_DIGEST)))
1959 goto err;
1960
1961 /*
1962 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1963 * EVP_PKEY_CTX_get_params()
1964 */
1965 strcpy(mdname, "SHA512");
1966 param_md = param;
1967 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1968 mdname, 0);
1969 *param++ = OSSL_PARAM_construct_end();
1970
1971 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
1972 goto err;
1973
1974 mdname[0] = '\0';
1975 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1976 mdname, sizeof(mdname));
1977 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
1978 || !TEST_str_eq(mdname, "SHA512"))
1979 goto err;
1980
1981 /*
1982 * Test the TEST_PKEY_CTX_set_signature_md() and
1983 * TEST_PKEY_CTX_get_signature_md() functions
1984 */
1985 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
1986 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
1987 || !TEST_ptr_eq(md, EVP_sha256()))
1988 goto err;
1989
1990 /*
1991 * Test getting MD parameters via an associated EVP_PKEY_CTX
1992 */
1993 mdctx = EVP_MD_CTX_new();
1994 if (!TEST_ptr(mdctx)
1995 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
1996 pkey, NULL)))
1997 goto err;
1998
1999 /*
2000 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2001 * able to obtain the digest's settable parameters from the provider.
2002 */
2003 params = EVP_MD_CTX_settable_params(mdctx);
2004 if (!TEST_ptr(params)
2005 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2006 /* The final key should be NULL */
2007 || !TEST_ptr_null(params[1].key))
2008 goto err;
2009
2010 param = ourparams;
2011 memset(ssl3ms, 0, sizeof(ssl3ms));
2012 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2013 ssl3ms, sizeof(ssl3ms));
2014 *param++ = OSSL_PARAM_construct_end();
2015
2016 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2017 goto err;
2018
2019 ret = 1;
2020
2021 err:
2022 EVP_MD_CTX_free(mdctx);
2023 EVP_PKEY_CTX_free(ctx);
2024
2025 return ret;
2026 }
2027
2028 #ifndef OPENSSL_NO_DSA
2029 static int test_DSA_get_set_params(void)
2030 {
2031 OSSL_PARAM_BLD *bld = NULL;
2032 OSSL_PARAM *params = NULL;
2033 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2034 EVP_PKEY_CTX *pctx = NULL;
2035 EVP_PKEY *pkey = NULL;
2036 int ret = 0;
2037
2038 /*
2039 * Setup the parameters for our DSA object. For our purposes they don't
2040 * have to actually be *valid* parameters. We just need to set something.
2041 */
2042 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2043 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2044 || !TEST_ptr(p = BN_new())
2045 || !TEST_ptr(q = BN_new())
2046 || !TEST_ptr(g = BN_new())
2047 || !TEST_ptr(pub = BN_new())
2048 || !TEST_ptr(priv = BN_new()))
2049 goto err;
2050 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2051 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2052 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2053 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2054 pub))
2055 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2056 priv)))
2057 goto err;
2058 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2059 goto err;
2060
2061 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2062 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2063 params), 0))
2064 goto err;
2065
2066 if (!TEST_ptr(pkey))
2067 goto err;
2068
2069 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2070
2071 err:
2072 EVP_PKEY_free(pkey);
2073 EVP_PKEY_CTX_free(pctx);
2074 OSSL_PARAM_BLD_free_params(params);
2075 OSSL_PARAM_BLD_free(bld);
2076 BN_free(p);
2077 BN_free(q);
2078 BN_free(g);
2079 BN_free(pub);
2080 BN_free(priv);
2081
2082 return ret;
2083 }
2084
2085 /*
2086 * Test combinations of private, public, missing and private + public key
2087 * params to ensure they are all accepted
2088 */
2089 static int test_DSA_priv_pub(void)
2090 {
2091 return test_EVP_PKEY_ffc_priv_pub("DSA");
2092 }
2093
2094 #endif /* !OPENSSL_NO_DSA */
2095
2096 static int test_RSA_get_set_params(void)
2097 {
2098 OSSL_PARAM_BLD *bld = NULL;
2099 OSSL_PARAM *params = NULL;
2100 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2101 EVP_PKEY_CTX *pctx = NULL;
2102 EVP_PKEY *pkey = NULL;
2103 int ret = 0;
2104
2105 /*
2106 * Setup the parameters for our RSA object. For our purposes they don't
2107 * have to actually be *valid* parameters. We just need to set something.
2108 */
2109 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2110 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2111 || !TEST_ptr(n = BN_new())
2112 || !TEST_ptr(e = BN_new())
2113 || !TEST_ptr(d = BN_new()))
2114 goto err;
2115 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2116 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2117 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2118 goto err;
2119 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2120 goto err;
2121
2122 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2123 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2124 params), 0))
2125 goto err;
2126
2127 if (!TEST_ptr(pkey))
2128 goto err;
2129
2130 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2131
2132 err:
2133 EVP_PKEY_free(pkey);
2134 EVP_PKEY_CTX_free(pctx);
2135 OSSL_PARAM_BLD_free_params(params);
2136 OSSL_PARAM_BLD_free(bld);
2137 BN_free(n);
2138 BN_free(e);
2139 BN_free(d);
2140
2141 return ret;
2142 }
2143
2144 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2145 static int test_decrypt_null_chunks(void)
2146 {
2147 EVP_CIPHER_CTX* ctx = NULL;
2148 EVP_CIPHER *cipher = NULL;
2149 const unsigned char key[32] = {
2150 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2151 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2152 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2153 };
2154 unsigned char iv[12] = {
2155 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2156 };
2157 unsigned char msg[] = "It was the best of times, it was the worst of times";
2158 unsigned char ciphertext[80];
2159 unsigned char plaintext[80];
2160 /* We initialise tmp to a non zero value on purpose */
2161 int ctlen, ptlen, tmp = 99;
2162 int ret = 0;
2163 const int enc_offset = 10, dec_offset = 20;
2164
2165 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2166 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2167 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
2168 key, iv))
2169 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2170 enc_offset))
2171 /* Deliberate add a zero length update */
2172 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2173 0))
2174 || !TEST_int_eq(tmp, 0)
2175 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2176 msg + enc_offset,
2177 sizeof(msg) - enc_offset))
2178 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2179 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2180 || !TEST_int_eq(tmp, 0))
2181 goto err;
2182
2183 /* Deliberately initialise tmp to a non zero value */
2184 tmp = 99;
2185 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
2186 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2187 dec_offset))
2188 /*
2189 * Deliberately add a zero length update. We also deliberately do
2190 * this at a different offset than for encryption.
2191 */
2192 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2193 0))
2194 || !TEST_int_eq(tmp, 0)
2195 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2196 ciphertext + dec_offset,
2197 ctlen - dec_offset))
2198 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2199 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2200 || !TEST_int_eq(tmp, 0)
2201 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2202 goto err;
2203
2204 ret = 1;
2205 err:
2206 EVP_CIPHER_CTX_free(ctx);
2207 EVP_CIPHER_free(cipher);
2208 return ret;
2209 }
2210 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2211
2212 #ifndef OPENSSL_NO_DH
2213 /*
2214 * Test combinations of private, public, missing and private + public key
2215 * params to ensure they are all accepted
2216 */
2217 static int test_DH_priv_pub(void)
2218 {
2219 return test_EVP_PKEY_ffc_priv_pub("DH");
2220 }
2221
2222 # ifndef OPENSSL_NO_DEPRECATED_3_0
2223 static int test_EVP_PKEY_set1_DH(void)
2224 {
2225 DH *x942dh = NULL, *noqdh = NULL;
2226 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
2227 int ret = 0;
2228 BIGNUM *p, *g = NULL;
2229
2230 if (!TEST_ptr(p = BN_new())
2231 || !TEST_ptr(g = BN_new())
2232 || !BN_set_word(p, 9999)
2233 || !BN_set_word(g, 2)
2234 || !TEST_ptr(noqdh = DH_new())
2235 || !DH_set0_pqg(noqdh, p, NULL, g))
2236 goto err;
2237 p = g = NULL;
2238
2239 x942dh = DH_get_2048_256();
2240 pkey1 = EVP_PKEY_new();
2241 pkey2 = EVP_PKEY_new();
2242 if (!TEST_ptr(x942dh)
2243 || !TEST_ptr(noqdh)
2244 || !TEST_ptr(pkey1)
2245 || !TEST_ptr(pkey2))
2246 goto err;
2247
2248 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2249 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
2250 goto err;
2251
2252 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
2253 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
2254 goto err;
2255
2256 ret = 1;
2257 err:
2258 BN_free(p);
2259 BN_free(g);
2260 EVP_PKEY_free(pkey1);
2261 EVP_PKEY_free(pkey2);
2262 DH_free(x942dh);
2263 DH_free(noqdh);
2264
2265 return ret;
2266 }
2267 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2268 #endif /* !OPENSSL_NO_DH */
2269
2270 /*
2271 * We test what happens with an empty template. For the sake of this test,
2272 * the template must be ignored, and we know that's the case for RSA keys
2273 * (this might arguably be a misfeature, but that's what we currently do,
2274 * even in provider code, since that's how the legacy RSA implementation
2275 * does things)
2276 */
2277 static int test_keygen_with_empty_template(int n)
2278 {
2279 EVP_PKEY_CTX *ctx = NULL;
2280 EVP_PKEY *pkey = NULL;
2281 EVP_PKEY *tkey = NULL;
2282 int ret = 0;
2283
2284 if (nullprov != NULL)
2285 return TEST_skip("Test does not support a non-default library context");
2286
2287 switch (n) {
2288 case 0:
2289 /* We do test with no template at all as well */
2290 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2291 goto err;
2292 break;
2293 case 1:
2294 /* Here we create an empty RSA key that serves as our template */
2295 if (!TEST_ptr(tkey = EVP_PKEY_new())
2296 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2297 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2298 goto err;
2299 break;
2300 }
2301
2302 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2303 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2304 goto err;
2305
2306 ret = 1;
2307 err:
2308 EVP_PKEY_CTX_free(ctx);
2309 EVP_PKEY_free(pkey);
2310 EVP_PKEY_free(tkey);
2311 return ret;
2312 }
2313
2314 /*
2315 * Test that we fail if we attempt to use an algorithm that is not available
2316 * in the current library context (unless we are using an algorithm that
2317 * should be made available via legacy codepaths).
2318 *
2319 * 0: RSA
2320 * 1: SM2
2321 */
2322 static int test_pkey_ctx_fail_without_provider(int tst)
2323 {
2324 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
2325 OSSL_PROVIDER *tmpnullprov = NULL;
2326 EVP_PKEY_CTX *pctx = NULL;
2327 const char *keytype = NULL;
2328 int expect_null = 0;
2329 int ret = 0;
2330
2331 if (!TEST_ptr(tmpctx))
2332 goto err;
2333
2334 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
2335 if (!TEST_ptr(tmpnullprov))
2336 goto err;
2337
2338 /*
2339 * We check for certain algos in the null provider.
2340 * If an algo is expected to have a provider keymgmt, contructing an
2341 * EVP_PKEY_CTX is expected to fail (return NULL).
2342 * Otherwise, if it's expected to have legacy support, contructing an
2343 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2344 */
2345 switch (tst) {
2346 case 0:
2347 keytype = "RSA";
2348 expect_null = 1;
2349 break;
2350 case 1:
2351 keytype = "SM2";
2352 expect_null = 1;
2353 #ifdef OPENSSL_NO_EC
2354 TEST_info("EC disable, skipping SM2 check...");
2355 goto end;
2356 #endif
2357 #ifdef OPENSSL_NO_SM2
2358 TEST_info("SM2 disable, skipping SM2 check...");
2359 goto end;
2360 #endif
2361 break;
2362 default:
2363 TEST_error("No test for case %d", tst);
2364 goto err;
2365 }
2366
2367 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2368 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
2369 goto err;
2370
2371 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2372 end:
2373 #endif
2374 ret = 1;
2375
2376 err:
2377 EVP_PKEY_CTX_free(pctx);
2378 OSSL_PROVIDER_unload(tmpnullprov);
2379 OSSL_LIB_CTX_free(tmpctx);
2380 return ret;
2381 }
2382
2383 static int test_rand_agglomeration(void)
2384 {
2385 EVP_RAND *rand;
2386 EVP_RAND_CTX *ctx;
2387 OSSL_PARAM params[3], *p = params;
2388 int res;
2389 unsigned int step = 7;
2390 static unsigned char seed[] = "It does not matter how slowly you go "
2391 "as long as you do not stop.";
2392 unsigned char out[sizeof(seed)];
2393
2394 if (!TEST_int_ne(sizeof(seed) % step, 0)
2395 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
2396 return 0;
2397 ctx = EVP_RAND_CTX_new(rand, NULL);
2398 EVP_RAND_free(rand);
2399 if (!TEST_ptr(ctx))
2400 return 0;
2401
2402 memset(out, 0, sizeof(out));
2403 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2404 seed, sizeof(seed));
2405 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
2406 *p = OSSL_PARAM_construct_end();
2407 res = TEST_true(EVP_RAND_set_ctx_params(ctx, params))
2408 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
2409 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
2410 EVP_RAND_CTX_free(ctx);
2411 return res;
2412 }
2413
2414 /*
2415 * Test that we correctly return the original or "running" IV after
2416 * an encryption operation.
2417 * Run multiple times for some different relevant algorithms/modes.
2418 */
2419 static int test_evp_iv(int idx)
2420 {
2421 int ret = 0;
2422 EVP_CIPHER_CTX *ctx = NULL;
2423 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2424 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2425 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
2426 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2427 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2428 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2429 9, 10, 11, 12, 13, 14, 15, 16 };
2430 unsigned char ciphertext[32], oiv[16], iv[16];
2431 unsigned char *ref_iv;
2432 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2433 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2434
2435 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2436 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2437 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2438 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2439 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2440 #ifndef OPENSSL_NO_OCB
2441 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2442 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2443 #endif
2444 int len = sizeof(ciphertext);
2445 size_t ivlen, ref_len;
2446 const EVP_CIPHER *type = NULL;
2447
2448 if (nullprov != NULL && idx < 5)
2449 return TEST_skip("Test does not support a non-default library context");
2450
2451 switch(idx) {
2452 case 0:
2453 type = EVP_aes_128_cbc();
2454 /* FALLTHROUGH */
2455 case 5:
2456 type = (type != NULL) ? type :
2457 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
2458 ref_iv = cbc_state;
2459 ref_len = sizeof(cbc_state);
2460 break;
2461 case 1:
2462 type = EVP_aes_128_ofb();
2463 /* FALLTHROUGH */
2464 case 6:
2465 type = (type != NULL) ? type :
2466 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
2467 ref_iv = ofb_state;
2468 ref_len = sizeof(ofb_state);
2469 break;
2470 case 2:
2471 type = EVP_aes_128_gcm();
2472 /* FALLTHROUGH */
2473 case 7:
2474 type = (type != NULL) ? type :
2475 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
2476 ref_iv = gcm_state;
2477 ref_len = sizeof(gcm_state);
2478 break;
2479 case 3:
2480 type = EVP_aes_128_ccm();
2481 /* FALLTHROUGH */
2482 case 8:
2483 type = (type != NULL) ? type :
2484 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
2485 ref_iv = ccm_state;
2486 ref_len = sizeof(ccm_state);
2487 break;
2488 #ifdef OPENSSL_NO_OCB
2489 case 4:
2490 case 9:
2491 return 1;
2492 #else
2493 case 4:
2494 type = EVP_aes_128_ocb();
2495 /* FALLTHROUGH */
2496 case 9:
2497 type = (type != NULL) ? type :
2498 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
2499 ref_iv = ocb_state;
2500 ref_len = sizeof(ocb_state);
2501 break;
2502 #endif
2503 default:
2504 return 0;
2505 }
2506
2507 if (!TEST_ptr(type)
2508 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2509 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2510 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2511 (int)sizeof(msg)))
2512 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2513 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
2514 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2515 goto err;
2516 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
2517 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2518 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2519 goto err;
2520
2521 ret = 1;
2522 err:
2523 EVP_CIPHER_CTX_free(ctx);
2524 if (idx >= 5)
2525 EVP_CIPHER_free((EVP_CIPHER *)type);
2526 return ret;
2527 }
2528
2529 #ifndef OPENSSL_NO_EC
2530 static int ecpub_nids[] = { NID_brainpoolP256r1, NID_X9_62_prime256v1,
2531 NID_secp384r1, NID_secp521r1, NID_sect233k1, NID_sect233r1, NID_sect283r1,
2532 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
2533 NID_brainpoolP384r1, NID_brainpoolP512r1};
2534
2535 static int test_ecpub(int idx)
2536 {
2537 int ret = 0, len, savelen;
2538 int nid;
2539 unsigned char buf[1024];
2540 unsigned char *p;
2541 EVP_PKEY *pkey = NULL;
2542 EVP_PKEY_CTX *ctx = NULL;
2543 # ifndef OPENSSL_NO_DEPRECATED_3_0
2544 const unsigned char *q;
2545 EVP_PKEY *pkey2 = NULL;
2546 EC_KEY *ec = NULL;
2547 # endif
2548
2549 if (nullprov != NULL)
2550 return TEST_skip("Test does not support a non-default library context");
2551
2552 nid = ecpub_nids[idx];
2553
2554 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
2555 if (!TEST_ptr(ctx)
2556 || !TEST_true(EVP_PKEY_keygen_init(ctx))
2557 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid))
2558 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
2559 goto done;
2560 len = i2d_PublicKey(pkey, NULL);
2561 savelen = len;
2562 if (!TEST_int_ge(len, 1)
2563 || !TEST_int_lt(len, 1024))
2564 goto done;
2565 p = buf;
2566 len = i2d_PublicKey(pkey, &p);
2567 if (!TEST_int_ge(len, 1)
2568 || !TEST_int_eq(len, savelen))
2569 goto done;
2570
2571 # ifndef OPENSSL_NO_DEPRECATED_3_0
2572 /* Now try to decode the just-created DER. */
2573 q = buf;
2574 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
2575 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
2576 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
2577 goto done;
2578 /* EC_KEY ownership transferred */
2579 ec = NULL;
2580 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
2581 goto done;
2582 /* The keys should match. */
2583 if (!TEST_int_eq(EVP_PKEY_cmp(pkey, pkey2), 1))
2584 goto done;
2585 # endif
2586
2587 ret = 1;
2588
2589 done:
2590 EVP_PKEY_CTX_free(ctx);
2591 EVP_PKEY_free(pkey);
2592 # ifndef OPENSSL_NO_DEPRECATED_3_0
2593 EVP_PKEY_free(pkey2);
2594 EC_KEY_free(ec);
2595 # endif
2596 return ret;
2597 }
2598 #endif
2599
2600 static int test_EVP_rsa_pss_with_keygen_bits(void)
2601 {
2602 int ret = 0;
2603 EVP_PKEY_CTX *ctx = NULL;
2604 EVP_PKEY *pkey = NULL;
2605 EVP_MD *md;
2606
2607 md = EVP_MD_fetch(testctx, "sha256", testpropq);
2608 ret = TEST_ptr(md)
2609 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", testpropq)))
2610 && TEST_true(EVP_PKEY_keygen_init(ctx))
2611 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
2612 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
2613 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
2614
2615 EVP_MD_free(md);
2616 EVP_PKEY_free(pkey);
2617 EVP_PKEY_CTX_free(ctx);
2618 return ret;
2619 }
2620
2621 static int success = 1;
2622 static void md_names(const char *name, void *vctx)
2623 {
2624 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
2625 /* Force a namemap update */
2626 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
2627
2628 if (!TEST_ptr(aes128))
2629 success = 0;
2630
2631 EVP_CIPHER_free(aes128);
2632 }
2633
2634 /*
2635 * Test that changing the namemap in a user callback works in a names_do_all
2636 * function.
2637 */
2638 static int test_names_do_all(void)
2639 {
2640 /* We use a custom libctx so that we know the state of the namemap */
2641 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
2642 EVP_MD *sha256 = NULL;
2643 int testresult = 0;
2644
2645 if (!TEST_ptr(ctx))
2646 goto err;
2647
2648 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
2649 if (!TEST_ptr(sha256))
2650 goto err;
2651
2652 /*
2653 * We loop through all the names for a given digest. This should still work
2654 * even if the namemap changes part way through.
2655 */
2656 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
2657 goto err;
2658
2659 if (!TEST_true(success))
2660 goto err;
2661
2662 testresult = 1;
2663 err:
2664 EVP_MD_free(sha256);
2665 OSSL_LIB_CTX_free(ctx);
2666 return testresult;
2667 }
2668
2669 typedef enum OPTION_choice {
2670 OPT_ERR = -1,
2671 OPT_EOF = 0,
2672 OPT_CONTEXT,
2673 OPT_TEST_ENUM
2674 } OPTION_CHOICE;
2675
2676 const OPTIONS *test_get_options(void)
2677 {
2678 static const OPTIONS options[] = {
2679 OPT_TEST_OPTIONS_DEFAULT_USAGE,
2680 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
2681 { NULL }
2682 };
2683 return options;
2684 }
2685
2686 int setup_tests(void)
2687 {
2688 OPTION_CHOICE o;
2689
2690 while ((o = opt_next()) != OPT_EOF) {
2691 switch (o) {
2692 case OPT_CONTEXT:
2693 /* Set up an alternate library context */
2694 testctx = OSSL_LIB_CTX_new();
2695 if (!TEST_ptr(testctx))
2696 return 0;
2697 /* Swap the libctx to test non-default context only */
2698 nullprov = OSSL_PROVIDER_load(NULL, "null");
2699 deflprov = OSSL_PROVIDER_load(testctx, "default");
2700 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
2701 break;
2702 case OPT_TEST_CASES:
2703 break;
2704 default:
2705 return 0;
2706 }
2707 }
2708
2709 ADD_TEST(test_EVP_set_default_properties);
2710 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
2711 ADD_TEST(test_EVP_DigestVerifyInit);
2712 ADD_TEST(test_EVP_Digest);
2713 ADD_TEST(test_EVP_Enveloped);
2714 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
2715 ADD_TEST(test_privatekey_to_pkcs8);
2716 #ifndef OPENSSL_NO_EC
2717 ADD_TEST(test_EVP_PKCS82PKEY);
2718 #endif
2719 #ifndef OPENSSL_NO_EC
2720 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
2721 #endif
2722 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
2723 ADD_TEST(test_EVP_SM2);
2724 ADD_TEST(test_EVP_SM2_verify);
2725 #endif
2726 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
2727 #ifndef OPENSSL_NO_DEPRECATED_3_0
2728 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
2729 if (!TEST_ptr(custom_pmeth))
2730 return 0;
2731 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
2732 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
2733 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
2734 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
2735 return 0;
2736 #endif
2737 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
2738 #ifndef OPENSSL_NO_CMAC
2739 ADD_TEST(test_CMAC_keygen);
2740 #endif
2741 ADD_TEST(test_HKDF);
2742 ADD_TEST(test_emptyikm_HKDF);
2743 #ifndef OPENSSL_NO_EC
2744 ADD_TEST(test_X509_PUBKEY_inplace);
2745 ADD_TEST(test_X509_PUBKEY_dup);
2746 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
2747 OSSL_NELEM(ec_der_pub_keys));
2748 #endif
2749 #ifndef OPENSSL_NO_DSA
2750 ADD_TEST(test_DSA_get_set_params);
2751 ADD_TEST(test_DSA_priv_pub);
2752 #endif
2753 ADD_TEST(test_RSA_get_set_params);
2754 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2755 ADD_TEST(test_decrypt_null_chunks);
2756 #endif
2757 #ifndef OPENSSL_NO_DH
2758 ADD_TEST(test_DH_priv_pub);
2759 # ifndef OPENSSL_NO_DEPRECATED_3_0
2760 ADD_TEST(test_EVP_PKEY_set1_DH);
2761 # endif
2762 #endif
2763 #ifndef OPENSSL_NO_EC
2764 ADD_TEST(test_EC_priv_pub);
2765 # ifndef OPENSSL_NO_DEPRECATED_3_0
2766 ADD_TEST(test_EC_priv_only_legacy);
2767 # endif
2768 #endif
2769 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
2770 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
2771
2772 ADD_TEST(test_rand_agglomeration);
2773 ADD_ALL_TESTS(test_evp_iv, 10);
2774 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
2775 #ifndef OPENSSL_NO_EC
2776 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
2777 #endif
2778
2779 ADD_TEST(test_names_do_all);
2780
2781 return 1;
2782 }
2783
2784 void cleanup_tests(void)
2785 {
2786 OSSL_PROVIDER_unload(nullprov);
2787 OSSL_PROVIDER_unload(deflprov);
2788 OSSL_PROVIDER_unload(lgcyprov);
2789 OSSL_LIB_CTX_free(testctx);
2790 }
A mirror of the official openssl repository