]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/evp_extra_test.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add test for no reset after DigestFinal_ex and DigestFinalXOF
[thirdparty/openssl.git] / test / evp_extra_test.c
1 /*
2 * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include "testutil.h"
33 #include "internal/nelem.h"
34 #include "internal/sizes.h"
35 #include "crypto/evp.h"
36 #include "../e_os.h" /* strcasecmp */
37
38 static OSSL_LIB_CTX *testctx = NULL;
39
40 /*
41 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
42 * should never use this key anywhere but in an example.
43 */
44 static const unsigned char kExampleRSAKeyDER[] = {
45 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
46 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
47 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
48 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
49 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
50 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
51 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
52 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
53 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
54 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
55 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
56 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
57 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
58 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
59 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
60 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
61 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
62 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
63 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
64 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
65 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
66 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
67 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
68 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
69 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
70 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
71 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
72 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
73 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
74 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
75 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
76 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
77 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
78 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
79 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
80 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
81 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
82 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
83 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
84 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
85 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
86 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
87 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
88 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
89 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
90 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
91 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
92 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
93 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
94 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
95 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
96 };
97
98 /*
99 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
100 * should never use this key anywhere but in an example.
101 */
102 #ifndef OPENSSL_NO_DSA
103 static const unsigned char kExampleDSAKeyDER[] = {
104 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
105 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
106 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
107 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
108 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
109 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
110 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
111 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
112 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
113 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
114 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
115 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
116 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
117 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
118 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
119 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
120 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
121 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
122 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
123 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
124 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
125 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
126 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
127 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
128 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
129 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
130 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
131 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
132 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
133 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
134 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
135 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
136 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
137 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
138 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
139 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
140 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
141 0x40, 0x48
142 };
143 #endif
144
145 /*
146 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
147 * components are not correct.
148 */
149 static const unsigned char kExampleBadRSAKeyDER[] = {
150 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
151 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
152 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
153 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
154 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
155 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
156 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
157 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
158 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
159 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
160 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
161 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
162 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
163 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
164 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
165 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
166 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
167 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
168 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
169 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
170 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
171 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
172 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
173 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
174 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
175 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
176 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
177 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
178 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
179 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
180 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
181 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
182 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
183 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
184 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
185 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
186 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
187 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
188 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
189 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
190 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
191 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
192 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
193 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
194 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
195 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
196 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
197 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
198 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
199 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
200 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
201 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
202 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
203 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
204 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
205 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
206 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
207 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
208 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
209 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
210 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
211 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
212 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
213 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
214 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
215 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
216 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
217 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
218 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
219 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
220 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
221 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
222 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
223 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
224 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
225 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
226 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
227 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
228 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
229 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
230 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
231 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
232 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
233 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
234 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
235 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
236 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
237 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
238 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
239 };
240
241 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
242
243 static const unsigned char kSignature[] = {
244 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
245 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
246 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
247 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
248 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
249 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
250 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
251 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
252 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
253 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
254 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
255 };
256
257 /*
258 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
259 * PrivateKeyInfo.
260 */
261 static const unsigned char kExampleRSAKeyPKCS8[] = {
262 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
263 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
264 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
265 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
266 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
267 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
268 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
269 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
270 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
271 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
272 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
273 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
274 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
275 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
276 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
277 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
278 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
279 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
280 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
281 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
282 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
283 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
284 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
285 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
286 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
287 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
288 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
289 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
290 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
291 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
292 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
293 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
294 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
295 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
296 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
297 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
298 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
299 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
300 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
301 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
302 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
303 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
304 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
305 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
306 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
307 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
308 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
309 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
310 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
311 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
312 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
313 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
314 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
315 };
316
317 #ifndef OPENSSL_NO_EC
318 /*
319 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
320 * structure.
321 */
322 static const unsigned char kExampleECKeyDER[] = {
323 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
324 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
325 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
326 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
327 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
328 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
329 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
330 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
331 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
332 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
333 0xc1,
334 };
335
336 /*
337 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
338 * structure. The private key is equal to the order and will fail to import
339 */
340 static const unsigned char kExampleBadECKeyDER[] = {
341 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
342 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
343 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
344 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
345 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
346 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
347 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
348 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
349 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
350 };
351
352 /* prime256v1 */
353 static const unsigned char kExampleECPubKeyDER[] = {
354 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
355 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
356 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
357 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
358 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
359 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
360 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
361 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
362 };
363
364 /*
365 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
366 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
367 */
368 static const unsigned char kExampleBadECPubKeyDER[] = {
369 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
370 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
371 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
372 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
373 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
374 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
375 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
376 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
377 };
378
379 static const unsigned char pExampleECParamDER[] = {
380 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
381 };
382 #endif
383
384 typedef struct APK_DATA_st {
385 const unsigned char *kder;
386 size_t size;
387 int evptype;
388 int check;
389 int pub_check;
390 int param_check;
391 int type; /* 0 for private, 1 for public, 2 for params */
392 } APK_DATA;
393
394 static APK_DATA keydata[] = {
395 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA},
396 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA},
397 #ifndef OPENSSL_NO_EC
398 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}
399 #endif
400 };
401
402 static APK_DATA keycheckdata[] = {
403 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, 1, 1, 0},
404 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA,
405 0, 1, 1, 0},
406 #ifndef OPENSSL_NO_EC
407 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0},
408 /* group is also associated in our pub key */
409 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1},
410 {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2}
411 #endif
412 };
413
414 static EVP_PKEY *load_example_key(const char *keytype,
415 const unsigned char *data, size_t data_len)
416 {
417 const unsigned char **pdata = &data;
418 EVP_PKEY *pkey = NULL;
419 OSSL_DECODER_CTX *dctx =
420 OSSL_DECODER_CTX_new_by_EVP_PKEY(&pkey, "DER", NULL, keytype, 0,
421 testctx, NULL);
422
423 /* |pkey| will be NULL on error */
424 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
425 OSSL_DECODER_CTX_free(dctx);
426 return pkey;
427 }
428
429 static EVP_PKEY *load_example_rsa_key(void)
430 {
431 return load_example_key("RSA", kExampleRSAKeyDER,
432 sizeof(kExampleRSAKeyDER));
433 }
434
435 #ifndef OPENSSL_NO_DSA
436 static EVP_PKEY *load_example_dsa_key(void)
437 {
438 EVP_PKEY *ret = NULL;
439 const unsigned char *derp = kExampleDSAKeyDER;
440 EVP_PKEY *pkey = NULL;
441 DSA *dsa = NULL;
442
443 if (!TEST_true(d2i_DSAPrivateKey(&dsa, &derp, sizeof(kExampleDSAKeyDER))))
444 return NULL;
445
446 if (!TEST_ptr(pkey = EVP_PKEY_new())
447 || !TEST_true(EVP_PKEY_set1_DSA(pkey, dsa)))
448 goto end;
449
450 ret = pkey;
451 pkey = NULL;
452
453 end:
454 EVP_PKEY_free(pkey);
455 DSA_free(dsa);
456
457 return ret;
458 }
459 #endif
460
461 static EVP_PKEY *load_example_hmac_key(void)
462 {
463 EVP_PKEY *pkey = NULL;
464 unsigned char key[] = {
465 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
466 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
467 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
468 };
469
470 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, key, sizeof(key));
471 if (!TEST_ptr(pkey))
472 return NULL;
473
474 return pkey;
475 }
476
477 static int test_EVP_set_default_properties(void)
478 {
479 OSSL_LIB_CTX *ctx;
480 EVP_MD *md = NULL;
481 int res = 0;
482
483 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
484 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
485 goto err;
486 EVP_MD_free(md);
487 md = NULL;
488
489 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
490 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
491 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
492 goto err;
493 EVP_MD_free(md);
494 md = NULL;
495
496 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
497 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
498 goto err;
499 res = 1;
500 err:
501 EVP_MD_free(md);
502 OSSL_LIB_CTX_free(ctx);
503 return res;
504 }
505
506 static int test_EVP_Enveloped(void)
507 {
508 int ret = 0;
509 EVP_CIPHER_CTX *ctx = NULL;
510 EVP_PKEY *keypair = NULL;
511 unsigned char *kek = NULL;
512 unsigned char iv[EVP_MAX_IV_LENGTH];
513 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
514 int len, kek_len, ciphertext_len, plaintext_len;
515 unsigned char ciphertext[32], plaintext[16];
516 const EVP_CIPHER *type = EVP_aes_256_cbc();
517
518 if (!TEST_ptr(keypair = load_example_rsa_key())
519 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
520 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
521 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
522 &keypair, 1))
523 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
524 msg, sizeof(msg)))
525 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
526 &len)))
527 goto err;
528
529 ciphertext_len += len;
530
531 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
532 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
533 ciphertext, ciphertext_len))
534 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
535 goto err;
536
537 plaintext_len += len;
538 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
539 goto err;
540
541 ret = 1;
542 err:
543 OPENSSL_free(kek);
544 EVP_PKEY_free(keypair);
545 EVP_CIPHER_CTX_free(ctx);
546 return ret;
547 }
548
549 /*
550 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
551 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
552 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
553 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
554 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
555 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
556 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
557 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
558 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
559 */
560 static int test_EVP_DigestSignInit(int tst)
561 {
562 int ret = 0;
563 EVP_PKEY *pkey = NULL;
564 unsigned char *sig = NULL;
565 size_t sig_len = 0;
566 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
567 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
568 BIO *mdbio = NULL, *membio = NULL;
569 size_t written;
570 const EVP_MD *md;
571 EVP_MD *mdexp = NULL;
572
573 if (tst >= 6) {
574 membio = BIO_new(BIO_s_mem());
575 mdbio = BIO_new(BIO_f_md());
576 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
577 goto out;
578 BIO_push(mdbio, membio);
579 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
580 goto out;
581 } else {
582 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
583 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
584 goto out;
585 }
586
587 if (tst == 0 || tst == 3 || tst == 6) {
588 if (!TEST_ptr(pkey = load_example_rsa_key()))
589 goto out;
590 } else if (tst == 1 || tst == 4 || tst == 7) {
591 #ifndef OPENSSL_NO_DSA
592 if (!TEST_ptr(pkey = load_example_dsa_key()))
593 goto out;
594 #else
595 ret = 1;
596 goto out;
597 #endif
598 } else {
599 if (!TEST_ptr(pkey = load_example_hmac_key()))
600 goto out;
601 }
602
603 if (tst >= 3 && tst <= 5)
604 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
605 else
606 md = EVP_sha256();
607
608 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
609 goto out;
610
611 if (tst >= 6) {
612 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
613 goto out;
614 } else {
615 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
616 goto out;
617 }
618
619 /* Determine the size of the signature. */
620 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
621 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
622 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
623 goto out;
624
625 if (tst >= 6) {
626 if (!TEST_int_gt(BIO_reset(mdbio), 0)
627 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
628 goto out;
629 }
630
631 /*
632 * Ensure that the signature round-trips (Verification isn't supported for
633 * HMAC via EVP_DigestVerify*)
634 */
635 if (tst != 2 && tst != 5 && tst != 8) {
636 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
637 NULL, pkey)))
638 goto out;
639
640 if (tst >= 6) {
641 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
642 goto out;
643 } else {
644 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
645 sizeof(kMsg))))
646 goto out;
647 }
648 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
649 goto out;
650 }
651
652 ret = 1;
653
654 out:
655 BIO_free(membio);
656 BIO_free(mdbio);
657 EVP_MD_CTX_free(a_md_ctx);
658 EVP_MD_CTX_free(a_md_ctx_verify);
659 EVP_PKEY_free(pkey);
660 OPENSSL_free(sig);
661 EVP_MD_free(mdexp);
662
663 return ret;
664 }
665
666 static int test_EVP_DigestVerifyInit(void)
667 {
668 int ret = 0;
669 EVP_PKEY *pkey = NULL;
670 EVP_MD_CTX *md_ctx = NULL;
671
672 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
673 || !TEST_ptr(pkey = load_example_rsa_key()))
674 goto out;
675
676 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
677 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
678 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
679 sizeof(kSignature))))
680 goto out;
681 ret = 1;
682
683 out:
684 EVP_MD_CTX_free(md_ctx);
685 EVP_PKEY_free(pkey);
686 return ret;
687 }
688
689 /*
690 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
691 */
692 static int test_EVP_Digest(void)
693 {
694 int ret = 0;
695 EVP_MD_CTX *md_ctx = NULL;
696 unsigned char md[EVP_MAX_MD_SIZE];
697
698 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
699 goto out;
700
701 if (!TEST_true(EVP_DigestInit_ex(md_ctx, EVP_sha256(), NULL))
702 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
703 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
704 /* EVP_DigestFinal resets the EVP_MD_CTX. */
705 || !TEST_ptr_eq(EVP_MD_CTX_md(md_ctx), NULL))
706 goto out;
707
708 if (!TEST_true(EVP_DigestInit_ex(md_ctx, EVP_sha256(), NULL))
709 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
710 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
711 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
712 || !TEST_ptr(EVP_MD_CTX_md(md_ctx))
713 /*
714 * EVP_DigestInit_ex with NULL type should work on
715 * pre-initialized context.
716 */
717 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
718 goto out;
719
720 if (!TEST_true(EVP_DigestInit_ex(md_ctx, EVP_shake256(), NULL))
721 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
722 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
723 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
724 || !TEST_ptr(EVP_MD_CTX_md(md_ctx))
725 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
726 goto out;
727 ret = 1;
728
729 out:
730 EVP_MD_CTX_free(md_ctx);
731 return ret;
732 }
733
734 static int test_d2i_AutoPrivateKey(int i)
735 {
736 int ret = 0;
737 const unsigned char *p;
738 EVP_PKEY *pkey = NULL;
739 const APK_DATA *ak = &keydata[i];
740 const unsigned char *input = ak->kder;
741 size_t input_len = ak->size;
742 int expected_id = ak->evptype;
743
744 p = input;
745 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
746 || !TEST_ptr_eq(p, input + input_len)
747 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
748 goto done;
749
750 ret = 1;
751
752 done:
753 EVP_PKEY_free(pkey);
754 return ret;
755 }
756
757 #ifndef OPENSSL_NO_EC
758
759 static const unsigned char ec_public_sect163k1_validxy[] = {
760 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
761 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
762 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
763 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
764 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
765 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
766 };
767
768 static const unsigned char ec_public_sect163k1_badx[] = {
769 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
770 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
771 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
772 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
773 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
774 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
775 };
776
777 static const unsigned char ec_public_sect163k1_bady[] = {
778 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
779 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
780 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
781 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
782 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
783 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
784 };
785
786 static struct ec_der_pub_keys_st {
787 const unsigned char *der;
788 size_t len;
789 int valid;
790 } ec_der_pub_keys[] = {
791 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
792 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
793 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
794 };
795
796 /*
797 * Tests the range of the decoded EC char2 public point.
798 * See ec_GF2m_simple_oct2point().
799 */
800 static int test_invalide_ec_char2_pub_range_decode(int id)
801 {
802 int ret = 0;
803 BIO *bio = NULL;
804 EC_KEY *eckey = NULL;
805
806 if (!TEST_ptr(bio = BIO_new_mem_buf(ec_der_pub_keys[id].der,
807 ec_der_pub_keys[id].len)))
808 goto err;
809 eckey = d2i_EC_PUBKEY_bio(bio, NULL);
810 ret = (ec_der_pub_keys[id].valid && TEST_ptr(eckey))
811 || TEST_ptr_null(eckey);
812 err:
813 EC_KEY_free(eckey);
814 BIO_free(bio);
815 return ret;
816 }
817
818 /* Tests loading a bad key in PKCS8 format */
819 static int test_EVP_PKCS82PKEY(void)
820 {
821 int ret = 0;
822 const unsigned char *derp = kExampleBadECKeyDER;
823 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
824 EVP_PKEY *pkey = NULL;
825
826 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
827 sizeof(kExampleBadECKeyDER))))
828 goto done;
829
830 if (!TEST_ptr_eq(derp,
831 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
832 goto done;
833
834 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
835 goto done;
836
837 ret = 1;
838
839 done:
840 PKCS8_PRIV_KEY_INFO_free(p8inf);
841 EVP_PKEY_free(pkey);
842
843 return ret;
844 }
845 #endif
846
847 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
848 static int test_privatekey_to_pkcs8(void)
849 {
850 EVP_PKEY *pkey = NULL;
851 BIO *membio = NULL;
852 char *membuf = NULL;
853 long membuf_len = 0;
854 int ok = 0;
855
856 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
857 || !TEST_ptr(pkey = load_example_rsa_key())
858 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
859 NULL, 0, NULL, NULL),
860 0)
861 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
862 || !TEST_ptr(membuf)
863 || !TEST_mem_eq(membuf, (size_t)membuf_len,
864 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
865 /*
866 * We try to write PEM as well, just to see that it doesn't err, but
867 * assume that the result is correct.
868 */
869 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
870 NULL, 0, NULL, NULL),
871 0))
872 goto done;
873
874 ok = 1;
875 done:
876 EVP_PKEY_free(pkey);
877 BIO_free_all(membio);
878 return ok;
879 }
880
881 #ifndef OPENSSL_NO_EC
882 static const struct {
883 int encoding;
884 const char *encoding_name;
885 } ec_encodings[] = {
886 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
887 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
888 };
889
890 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
891 {
892 const OSSL_PARAM *p;
893 const char *enc_name = NULL;
894 int *enc = arg;
895 size_t i;
896
897 *enc = -1;
898
899 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
900 OSSL_PKEY_PARAM_EC_ENCODING))
901 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
902 return 0;
903
904 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
905 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
906 *enc = ec_encodings[i].encoding;
907 break;
908 }
909 }
910
911 return (*enc != -1);
912 }
913
914 static int test_EC_keygen_with_enc(int idx)
915 {
916 EVP_PKEY *params = NULL, *key = NULL;
917 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
918 int enc;
919 int ret = 0;
920
921 enc = ec_encodings[idx].encoding;
922
923 /* Create key parameters */
924 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
925 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
926 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
927 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
928 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
929 || !TEST_ptr(params))
930 goto done;
931
932 /* Create key */
933 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
934 || !TEST_true(EVP_PKEY_keygen_init(kctx))
935 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
936 || !TEST_ptr(key))
937 goto done;
938
939 /* Check that the encoding got all the way into the key */
940 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
941 ec_export_get_encoding_cb, &enc))
942 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
943 goto done;
944
945 ret = 1;
946 done:
947 EVP_PKEY_free(key);
948 EVP_PKEY_free(params);
949 EVP_PKEY_CTX_free(kctx);
950 EVP_PKEY_CTX_free(pctx);
951 return ret;
952 }
953 #endif
954
955 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
956
957 static int test_EVP_SM2_verify(void)
958 {
959 const char *pubkey =
960 "-----BEGIN PUBLIC KEY-----\n"
961 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
962 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
963 "-----END PUBLIC KEY-----\n";
964
965 const char *msg = "message digest";
966 const char *id = "ALICE123@YAHOO.COM";
967
968 const uint8_t signature[] = {
969 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
970 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
971 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
972 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
973 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
974 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
975 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
976 };
977
978 int rc = 0;
979 BIO *bio = NULL;
980 EVP_PKEY *pkey = NULL;
981 EVP_MD_CTX *mctx = NULL;
982 EVP_PKEY_CTX *pctx = NULL;
983
984 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
985 if (!TEST_true(bio != NULL))
986 goto done;
987
988 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
989 if (!TEST_true(pkey != NULL))
990 goto done;
991
992 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
993 goto done;
994
995 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
996 goto done;
997
998 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)))
999 goto done;
1000
1001 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1002
1003 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey)))
1004 goto done;
1005
1006 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1007 goto done;
1008
1009 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1010 goto done;
1011
1012 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
1013 goto done;
1014 rc = 1;
1015
1016 done:
1017 BIO_free(bio);
1018 EVP_PKEY_free(pkey);
1019 EVP_PKEY_CTX_free(pctx);
1020 EVP_MD_CTX_free(mctx);
1021 return rc;
1022 }
1023
1024 static int test_EVP_SM2(void)
1025 {
1026 int ret = 0;
1027 EVP_PKEY *pkey = NULL;
1028 EVP_PKEY *pkeyparams = NULL;
1029 EVP_PKEY_CTX *pctx = NULL;
1030 EVP_PKEY_CTX *kctx = NULL;
1031 EVP_PKEY_CTX *sctx = NULL;
1032 size_t sig_len = 0;
1033 unsigned char *sig = NULL;
1034 EVP_MD_CTX *md_ctx = NULL;
1035 EVP_MD_CTX *md_ctx_verify = NULL;
1036 EVP_PKEY_CTX *cctx = NULL;
1037
1038 uint8_t ciphertext[128];
1039 size_t ctext_len = sizeof(ciphertext);
1040
1041 uint8_t plaintext[8];
1042 size_t ptext_len = sizeof(plaintext);
1043
1044 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1045
1046 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1047 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1048 int i;
1049 char mdname[20];
1050
1051 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SM2, NULL);
1052 if (!TEST_ptr(pctx))
1053 goto done;
1054
1055 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1056 goto done;
1057
1058 /* TODO is this even needed? */
1059 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1060 goto done;
1061
1062 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1063 goto done;
1064
1065 kctx = EVP_PKEY_CTX_new(pkeyparams, NULL);
1066 if (!TEST_ptr(kctx))
1067 goto done;
1068
1069 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1070 goto done;
1071
1072 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1073 goto done;
1074
1075 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1076 goto done;
1077
1078 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1079 goto done;
1080
1081 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL)))
1082 goto done;
1083
1084 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1085 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1086
1087 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey)))
1088 goto done;
1089
1090 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1091 goto done;
1092
1093 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1094 goto done;
1095
1096 /* Determine the size of the signature. */
1097 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1098 goto done;
1099
1100 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1101 goto done;
1102
1103 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1104 goto done;
1105
1106 /* Ensure that the signature round-trips. */
1107
1108 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey)))
1109 goto done;
1110
1111 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1112 goto done;
1113
1114 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1115 goto done;
1116
1117 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1118 goto done;
1119
1120 /* now check encryption/decryption */
1121
1122 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1123 mdname, sizeof(mdname));
1124 for (i = 0; i < 2; i++) {
1125 EVP_PKEY_CTX_free(cctx);
1126
1127 sparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1128 i == 0 ? "SM3" : "SHA2-256",
1129 0);
1130
1131 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
1132 goto done;
1133
1134 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1135 goto done;
1136
1137 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1138 goto done;
1139
1140 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1141 sizeof(kMsg))))
1142 goto done;
1143
1144 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1145 goto done;
1146
1147 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1148 goto done;
1149
1150 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1151 ctext_len)))
1152 goto done;
1153
1154 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1155 goto done;
1156
1157 /* Test we're still using the digest we think we are */
1158 if (i == 0 && !TEST_int_eq(strcmp(mdname, "SM3"), 0))
1159 goto done;
1160 if (i == 1 && !TEST_int_eq(strcmp(mdname, "SHA2-256"), 0))
1161 goto done;
1162
1163 if (!TEST_true(ptext_len == sizeof(kMsg)))
1164 goto done;
1165
1166 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1167 goto done;
1168 }
1169
1170 ret = 1;
1171 done:
1172 EVP_PKEY_CTX_free(pctx);
1173 EVP_PKEY_CTX_free(kctx);
1174 EVP_PKEY_CTX_free(sctx);
1175 EVP_PKEY_CTX_free(cctx);
1176 EVP_PKEY_free(pkey);
1177 EVP_PKEY_free(pkeyparams);
1178 EVP_MD_CTX_free(md_ctx);
1179 EVP_MD_CTX_free(md_ctx_verify);
1180 OPENSSL_free(sig);
1181 return ret;
1182 }
1183
1184 #endif
1185
1186 static struct keys_st {
1187 int type;
1188 char *priv;
1189 char *pub;
1190 } keys[] = {
1191 {
1192 EVP_PKEY_HMAC, "0123456789", NULL
1193 }, {
1194 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1195 }, {
1196 EVP_PKEY_SIPHASH, "0123456789012345", NULL
1197 },
1198 #ifndef OPENSSL_NO_EC
1199 {
1200 EVP_PKEY_X25519, "01234567890123456789012345678901",
1201 "abcdefghijklmnopqrstuvwxyzabcdef"
1202 }, {
1203 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1204 "abcdefghijklmnopqrstuvwxyzabcdef"
1205 }, {
1206 EVP_PKEY_X448,
1207 "01234567890123456789012345678901234567890123456789012345",
1208 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1209 }, {
1210 EVP_PKEY_ED448,
1211 "012345678901234567890123456789012345678901234567890123456",
1212 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1213 }
1214 #endif
1215 };
1216
1217 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
1218 {
1219 int ret = 0;
1220 unsigned char buf[80];
1221 unsigned char *in;
1222 size_t inlen, len = 0;
1223 EVP_PKEY *pkey;
1224
1225 /* Check if this algorithm supports public keys */
1226 if (keys[tst].pub == NULL)
1227 return 1;
1228
1229 memset(buf, 0, sizeof(buf));
1230
1231 if (pub) {
1232 inlen = strlen(keys[tst].pub);
1233 in = (unsigned char *)keys[tst].pub;
1234 if (uselibctx) {
1235 pkey = EVP_PKEY_new_raw_public_key_ex(
1236 testctx,
1237 OBJ_nid2sn(keys[tst].type),
1238 NULL,
1239 in,
1240 inlen);
1241 } else {
1242 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1243 NULL,
1244 in,
1245 inlen);
1246 }
1247 } else {
1248 inlen = strlen(keys[tst].priv);
1249 in = (unsigned char *)keys[tst].priv;
1250 if (uselibctx) {
1251 pkey = EVP_PKEY_new_raw_private_key_ex(
1252 testctx, OBJ_nid2sn(keys[tst].type),
1253 NULL,
1254 in,
1255 inlen);
1256 } else {
1257 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1258 NULL,
1259 in,
1260 inlen);
1261 }
1262 }
1263
1264 if (!TEST_ptr(pkey)
1265 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1266 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1267 || !TEST_true(len == inlen)
1268 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1269 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1270 || !TEST_mem_eq(in, inlen, buf, len))
1271 goto done;
1272
1273 ret = 1;
1274 done:
1275 EVP_PKEY_free(pkey);
1276 return ret;
1277 }
1278
1279 static int test_set_get_raw_keys(int tst)
1280 {
1281 return test_set_get_raw_keys_int(tst, 0, 0)
1282 && test_set_get_raw_keys_int(tst, 0, 1)
1283 && test_set_get_raw_keys_int(tst, 1, 0)
1284 && test_set_get_raw_keys_int(tst, 1, 1);
1285 }
1286
1287 #ifndef OPENSSL_NO_DEPRECATED_3_0
1288 static int pkey_custom_check(EVP_PKEY *pkey)
1289 {
1290 return 0xbeef;
1291 }
1292
1293 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1294 {
1295 return 0xbeef;
1296 }
1297
1298 static int pkey_custom_param_check(EVP_PKEY *pkey)
1299 {
1300 return 0xbeef;
1301 }
1302
1303 static EVP_PKEY_METHOD *custom_pmeth;
1304 #endif
1305
1306 static int test_EVP_PKEY_check(int i)
1307 {
1308 int ret = 0;
1309 const unsigned char *p;
1310 EVP_PKEY *pkey = NULL;
1311 #ifndef OPENSSL_NO_EC
1312 EC_KEY *eckey = NULL;
1313 #endif
1314 EVP_PKEY_CTX *ctx = NULL;
1315 #ifndef OPENSSL_NO_DEPRECATED_3_0
1316 EVP_PKEY_CTX *ctx2 = NULL;
1317 #endif
1318 const APK_DATA *ak = &keycheckdata[i];
1319 const unsigned char *input = ak->kder;
1320 size_t input_len = ak->size;
1321 int expected_id = ak->evptype;
1322 int expected_check = ak->check;
1323 int expected_pub_check = ak->pub_check;
1324 int expected_param_check = ak->param_check;
1325 int type = ak->type;
1326 BIO *pubkey = NULL;
1327
1328 p = input;
1329
1330 switch (type) {
1331 case 0:
1332 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1333 || !TEST_ptr_eq(p, input + input_len)
1334 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1335 goto done;
1336 break;
1337 #ifndef OPENSSL_NO_EC
1338 case 1:
1339 if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len))
1340 || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL))
1341 || !TEST_ptr(pkey = EVP_PKEY_new())
1342 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1343 goto done;
1344 break;
1345 case 2:
1346 if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len))
1347 || !TEST_ptr_eq(p, input + input_len)
1348 || !TEST_ptr(pkey = EVP_PKEY_new())
1349 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1350 goto done;
1351 break;
1352 #endif
1353 default:
1354 return 0;
1355 }
1356
1357 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
1358 goto done;
1359
1360 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1361 goto done;
1362
1363 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1364 goto done;
1365
1366 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1367 goto done;
1368
1369 #ifndef OPENSSL_NO_DEPRECATED_3_0
1370 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1371 /* assign the pkey directly, as an internal test */
1372 EVP_PKEY_up_ref(pkey);
1373 ctx2->pkey = pkey;
1374
1375 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1376 goto done;
1377
1378 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1379 goto done;
1380
1381 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1382 goto done;
1383 #endif
1384
1385 ret = 1;
1386
1387 done:
1388 EVP_PKEY_CTX_free(ctx);
1389 #ifndef OPENSSL_NO_DEPRECATED_3_0
1390 EVP_PKEY_CTX_free(ctx2);
1391 #endif
1392 EVP_PKEY_free(pkey);
1393 BIO_free(pubkey);
1394 return ret;
1395 }
1396
1397 #ifndef OPENSSL_NO_CMAC
1398 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
1399 {
1400 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
1401 const char msg[] = "Hello World";
1402 size_t maclen;
1403 int ret = 1;
1404
1405 if (!TEST_ptr(mdctx)
1406 || !TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, pkey))
1407 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
1408 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
1409 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
1410 ret = 0;
1411
1412 EVP_MD_CTX_free(mdctx);
1413
1414 return ret;
1415 }
1416 static int test_CMAC_keygen(void)
1417 {
1418 static unsigned char key[] = {
1419 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1420 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1421 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1422 };
1423 /*
1424 * This is a legacy method for CMACs, but should still work.
1425 * This verifies that it works without an ENGINE.
1426 */
1427 EVP_PKEY_CTX *kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
1428 int ret = 0;
1429 EVP_PKEY *pkey = NULL;
1430 unsigned char mac[AES_BLOCK_SIZE], mac2[AES_BLOCK_SIZE];
1431
1432 /* Test a CMAC key created using the "generated" method */
1433 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1434 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1435 EVP_PKEY_CTRL_CIPHER,
1436 0, (void *)EVP_aes_256_ecb()), 0)
1437 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1438 EVP_PKEY_CTRL_SET_MAC_KEY,
1439 sizeof(key), (void *)key), 0)
1440 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
1441 || !TEST_ptr(pkey)
1442 || !TEST_true(get_cmac_val(pkey, mac)))
1443 goto done;
1444
1445 EVP_PKEY_free(pkey);
1446
1447 /*
1448 * Test a CMAC key using the direct method, and compare with the mac
1449 * created above.
1450 */
1451 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
1452 if (!TEST_ptr(pkey)
1453 || !TEST_true(get_cmac_val(pkey, mac2))
1454 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
1455 goto done;
1456
1457 ret = 1;
1458
1459 done:
1460 EVP_PKEY_free(pkey);
1461 EVP_PKEY_CTX_free(kctx);
1462 return ret;
1463 }
1464 #endif
1465
1466 static int test_HKDF(void)
1467 {
1468 EVP_PKEY_CTX *pctx;
1469 unsigned char out[20];
1470 size_t outlen;
1471 int i, ret = 0;
1472 unsigned char salt[] = "0123456789";
1473 unsigned char key[] = "012345678901234567890123456789";
1474 unsigned char info[] = "infostring";
1475 const unsigned char expected[] = {
1476 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1477 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1478 };
1479 size_t expectedlen = sizeof(expected);
1480
1481 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1482 goto done;
1483
1484 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1485 for (i = 0; i < 2; i++) {
1486 outlen = sizeof(out);
1487 memset(out, 0, outlen);
1488
1489 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1490 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1491 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1492 sizeof(salt) - 1), 0)
1493 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1494 sizeof(key) - 1), 0)
1495 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1496 sizeof(info) - 1), 0)
1497 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1498 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1499 goto done;
1500 }
1501
1502 ret = 1;
1503
1504 done:
1505 EVP_PKEY_CTX_free(pctx);
1506
1507 return ret;
1508 }
1509
1510 static int test_emptyikm_HKDF(void)
1511 {
1512 EVP_PKEY_CTX *pctx;
1513 unsigned char out[20];
1514 size_t outlen;
1515 int ret = 0;
1516 unsigned char salt[] = "9876543210";
1517 unsigned char key[] = "";
1518 unsigned char info[] = "stringinfo";
1519 const unsigned char expected[] = {
1520 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
1521 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
1522 };
1523 size_t expectedlen = sizeof(expected);
1524
1525 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1526 goto done;
1527
1528 outlen = sizeof(out);
1529 memset(out, 0, outlen);
1530
1531 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1532 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1533 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1534 sizeof(salt) - 1), 0)
1535 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1536 sizeof(key) - 1), 0)
1537 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1538 sizeof(info) - 1), 0)
1539 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1540 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1541 goto done;
1542
1543 ret = 1;
1544
1545 done:
1546 EVP_PKEY_CTX_free(pctx);
1547
1548 return ret;
1549 }
1550
1551 #ifndef OPENSSL_NO_EC
1552 static int test_X509_PUBKEY_inplace(void)
1553 {
1554 int ret = 0;
1555 X509_PUBKEY *xp = NULL;
1556 const unsigned char *p = kExampleECPubKeyDER;
1557 size_t input_len = sizeof(kExampleECPubKeyDER);
1558
1559 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1560 goto done;
1561
1562 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1563 goto done;
1564
1565 p = kExampleBadECPubKeyDER;
1566 input_len = sizeof(kExampleBadECPubKeyDER);
1567
1568 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1569 goto done;
1570
1571 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1572 goto done;
1573
1574 ret = 1;
1575
1576 done:
1577 X509_PUBKEY_free(xp);
1578 return ret;
1579 }
1580 #endif /* OPENSSL_NO_EC */
1581
1582 /* Test getting and setting parameters on an EVP_PKEY_CTX */
1583 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
1584 {
1585 EVP_MD_CTX *mdctx = NULL;
1586 EVP_PKEY_CTX *ctx = NULL;
1587 const OSSL_PARAM *params;
1588 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
1589 int ret = 0;
1590 const EVP_MD *md;
1591 char mdname[OSSL_MAX_NAME_SIZE];
1592 char ssl3ms[48];
1593
1594 /* Initialise a sign operation */
1595 ctx = EVP_PKEY_CTX_new(pkey, NULL);
1596 if (!TEST_ptr(ctx)
1597 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
1598 goto err;
1599
1600 /*
1601 * We should be able to query the parameters now.
1602 */
1603 params = EVP_PKEY_CTX_settable_params(ctx);
1604 if (!TEST_ptr(params)
1605 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1606 OSSL_SIGNATURE_PARAM_DIGEST)))
1607 goto err;
1608
1609 params = EVP_PKEY_CTX_gettable_params(ctx);
1610 if (!TEST_ptr(params)
1611 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1612 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
1613 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1614 OSSL_SIGNATURE_PARAM_DIGEST)))
1615 goto err;
1616
1617 /*
1618 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1619 * EVP_PKEY_CTX_get_params()
1620 */
1621 strcpy(mdname, "SHA512");
1622 param_md = param;
1623 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1624 mdname, 0);
1625 *param++ = OSSL_PARAM_construct_end();
1626
1627 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
1628 goto err;
1629
1630 mdname[0] = '\0';
1631 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1632 mdname, sizeof(mdname));
1633 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
1634 || !TEST_str_eq(mdname, "SHA512"))
1635 goto err;
1636
1637 /*
1638 * Test the TEST_PKEY_CTX_set_signature_md() and
1639 * TEST_PKEY_CTX_get_signature_md() functions
1640 */
1641 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
1642 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
1643 || !TEST_ptr_eq(md, EVP_sha256()))
1644 goto err;
1645
1646 /*
1647 * Test getting MD parameters via an associated EVP_PKEY_CTX
1648 */
1649 mdctx = EVP_MD_CTX_new();
1650 if (!TEST_ptr(mdctx)
1651 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", NULL, NULL,
1652 pkey)))
1653 goto err;
1654
1655 /*
1656 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
1657 * able to obtain the digest's settable parameters from the provider.
1658 */
1659 params = EVP_MD_CTX_settable_params(mdctx);
1660 if (!TEST_ptr(params)
1661 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
1662 /* The final key should be NULL */
1663 || !TEST_ptr_null(params[1].key))
1664 goto err;
1665
1666 param = ourparams;
1667 memset(ssl3ms, 0, sizeof(ssl3ms));
1668 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
1669 ssl3ms, sizeof(ssl3ms));
1670 *param++ = OSSL_PARAM_construct_end();
1671
1672 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
1673 goto err;
1674
1675 ret = 1;
1676
1677 err:
1678 EVP_MD_CTX_free(mdctx);
1679 EVP_PKEY_CTX_free(ctx);
1680
1681 return ret;
1682 }
1683
1684 #ifndef OPENSSL_NO_DSA
1685 static int test_DSA_get_set_params(void)
1686 {
1687 DSA *dsa = NULL;
1688 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
1689 EVP_PKEY *pkey = NULL;
1690 int ret = 0;
1691
1692 /*
1693 * Setup the parameters for our DSA object. For our purposes they don't
1694 * have to actually be *valid* parameters. We just need to set something.
1695 */
1696 dsa = DSA_new();
1697 p = BN_new();
1698 q = BN_new();
1699 g = BN_new();
1700 pub = BN_new();
1701 priv = BN_new();
1702 if (!TEST_ptr(dsa)
1703 || !TEST_ptr(p)
1704 || !TEST_ptr(q)
1705 || !TEST_ptr(g)
1706 || !TEST_ptr(pub)
1707 || !DSA_set0_pqg(dsa, p, q, g)
1708 || !DSA_set0_key(dsa, pub, priv))
1709 goto err;
1710 p = q = g = pub = priv = NULL;
1711
1712 pkey = EVP_PKEY_new();
1713 if (!TEST_ptr(pkey)
1714 || !TEST_true(EVP_PKEY_assign_DSA(pkey, dsa)))
1715 goto err;
1716
1717 dsa = NULL;
1718
1719 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1720
1721 err:
1722 EVP_PKEY_free(pkey);
1723 DSA_free(dsa);
1724 BN_free(p);
1725 BN_free(q);
1726 BN_free(g);
1727 BN_free(pub);
1728 BN_free(priv);
1729
1730 return ret;
1731 }
1732 #endif
1733
1734 static int test_RSA_get_set_params(void)
1735 {
1736 OSSL_PARAM_BLD *bld = NULL;
1737 OSSL_PARAM *params = NULL;
1738 BIGNUM *n = NULL, *e = NULL, *d = NULL;
1739 EVP_PKEY_CTX *pctx = NULL;
1740 EVP_PKEY *pkey = NULL;
1741 int ret = 0;
1742
1743 /*
1744 * Setup the parameters for our RSA object. For our purposes they don't
1745 * have to actually be *valid* parameters. We just need to set something.
1746 */
1747 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
1748 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
1749 || !TEST_ptr(n = BN_new())
1750 || !TEST_ptr(e = BN_new())
1751 || !TEST_ptr(d = BN_new()))
1752 goto err;
1753 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
1754 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
1755 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
1756 goto err;
1757 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
1758 goto err;
1759
1760 if (!TEST_int_gt(EVP_PKEY_key_fromdata_init(pctx), 0)
1761 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, params), 0))
1762 goto err;
1763
1764 if (!TEST_ptr(pkey))
1765 goto err;
1766
1767 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1768
1769 err:
1770 EVP_PKEY_free(pkey);
1771 EVP_PKEY_CTX_free(pctx);
1772 OSSL_PARAM_BLD_free_params(params);
1773 OSSL_PARAM_BLD_free(bld);
1774 BN_free(n);
1775 BN_free(e);
1776 BN_free(d);
1777
1778 return ret;
1779 }
1780
1781 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1782 static int test_decrypt_null_chunks(void)
1783 {
1784 EVP_CIPHER_CTX* ctx = NULL;
1785 const unsigned char key[32] = {
1786 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1787 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1788 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
1789 };
1790 unsigned char iv[12] = {
1791 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
1792 };
1793 unsigned char msg[] = "It was the best of times, it was the worst of times";
1794 unsigned char ciphertext[80];
1795 unsigned char plaintext[80];
1796 /* We initialise tmp to a non zero value on purpose */
1797 int ctlen, ptlen, tmp = 99;
1798 int ret = 0;
1799 const int enc_offset = 10, dec_offset = 20;
1800
1801 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1802 || !TEST_true(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL,
1803 key, iv))
1804 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
1805 enc_offset))
1806 /* Deliberate add a zero length update */
1807 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
1808 0))
1809 || !TEST_int_eq(tmp, 0)
1810 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
1811 msg + enc_offset,
1812 sizeof(msg) - enc_offset))
1813 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
1814 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
1815 || !TEST_int_eq(tmp, 0))
1816 goto err;
1817
1818 /* Deliberately initialise tmp to a non zero value */
1819 tmp = 99;
1820 if (!TEST_true(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, key,
1821 iv))
1822 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
1823 dec_offset))
1824 /*
1825 * Deliberately add a zero length update. We also deliberately do
1826 * this at a different offset than for encryption.
1827 */
1828 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
1829 0))
1830 || !TEST_int_eq(tmp, 0)
1831 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
1832 ciphertext + dec_offset,
1833 ctlen - dec_offset))
1834 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
1835 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
1836 || !TEST_int_eq(tmp, 0)
1837 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
1838 goto err;
1839
1840 ret = 1;
1841 err:
1842 EVP_CIPHER_CTX_free(ctx);
1843 return ret;
1844 }
1845 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
1846
1847 #ifndef OPENSSL_NO_DH
1848 static int test_EVP_PKEY_set1_DH(void)
1849 {
1850 DH *x942dh = NULL, *noqdh = NULL;
1851 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
1852 int ret = 0;
1853 BIGNUM *p, *g = NULL;
1854
1855 if (!TEST_ptr(p = BN_new())
1856 || !TEST_ptr(g = BN_new())
1857 || !BN_set_word(p, 9999)
1858 || !BN_set_word(g, 2)
1859 || !TEST_ptr(noqdh = DH_new())
1860 || !DH_set0_pqg(noqdh, p, NULL, g))
1861 goto err;
1862 p = g = NULL;
1863
1864 x942dh = DH_get_2048_256();
1865 pkey1 = EVP_PKEY_new();
1866 pkey2 = EVP_PKEY_new();
1867 if (!TEST_ptr(x942dh)
1868 || !TEST_ptr(noqdh)
1869 || !TEST_ptr(pkey1)
1870 || !TEST_ptr(pkey2))
1871 goto err;
1872
1873 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
1874 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
1875 goto err;
1876
1877 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
1878 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
1879 goto err;
1880
1881 ret = 1;
1882 err:
1883 BN_free(p);
1884 BN_free(g);
1885 EVP_PKEY_free(pkey1);
1886 EVP_PKEY_free(pkey2);
1887 DH_free(x942dh);
1888 DH_free(noqdh);
1889
1890 return ret;
1891 }
1892 #endif
1893
1894 /*
1895 * We test what happens with an empty template. For the sake of this test,
1896 * the template must be ignored, and we know that's the case for RSA keys
1897 * (this might arguably be a misfeature, but that's what we currently do,
1898 * even in provider code, since that's how the legacy RSA implementation
1899 * does things)
1900 */
1901 static int test_keygen_with_empty_template(int n)
1902 {
1903 EVP_PKEY_CTX *ctx = NULL;
1904 EVP_PKEY *pkey = NULL;
1905 EVP_PKEY *tkey = NULL;
1906 int ret = 0;
1907
1908 switch (n) {
1909 case 0:
1910 /* We do test with no template at all as well */
1911 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
1912 goto err;
1913 break;
1914 case 1:
1915 /* Here we create an empty RSA key that serves as our template */
1916 if (!TEST_ptr(tkey = EVP_PKEY_new())
1917 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
1918 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
1919 goto err;
1920 break;
1921 }
1922
1923 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1924 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
1925 goto err;
1926
1927 ret = 1;
1928 err:
1929 EVP_PKEY_CTX_free(ctx);
1930 EVP_PKEY_free(pkey);
1931 EVP_PKEY_free(tkey);
1932 return ret;
1933 }
1934
1935 /*
1936 * Test that we fail if we attempt to use an algorithm that is not available
1937 * in the current library context (unless we are using an algorithm that
1938 * should be made available via legacy codepaths).
1939 *
1940 * 0: RSA
1941 * 1: SM2
1942 */
1943 static int test_pkey_ctx_fail_without_provider(int tst)
1944 {
1945 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
1946 OSSL_PROVIDER *nullprov = NULL;
1947 EVP_PKEY_CTX *pctx = NULL;
1948 const char *keytype = NULL;
1949 int expect_null = 0;
1950 int ret = 0;
1951
1952 if (!TEST_ptr(tmpctx))
1953 goto err;
1954
1955 nullprov = OSSL_PROVIDER_load(tmpctx, "null");
1956 if (!TEST_ptr(nullprov))
1957 goto err;
1958
1959 /*
1960 * We check for certain algos in the null provider.
1961 * If an algo is expected to have a provider keymgmt, contructing an
1962 * EVP_PKEY_CTX is expected to fail (return NULL).
1963 * Otherwise, if it's expected to have legacy support, contructing an
1964 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
1965 */
1966 switch (tst) {
1967 case 0:
1968 keytype = "RSA";
1969 expect_null = 1;
1970 break;
1971 case 1:
1972 keytype = "SM2";
1973 expect_null = 1;
1974 #ifdef OPENSSL_NO_EC
1975 TEST_info("EC disable, skipping SM2 check...");
1976 goto end;
1977 #endif
1978 #ifdef OPENSSL_NO_SM2
1979 TEST_info("SM2 disable, skipping SM2 check...");
1980 goto end;
1981 #endif
1982 break;
1983 default:
1984 TEST_error("No test for case %d", tst);
1985 goto err;
1986 }
1987
1988 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
1989 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
1990 goto err;
1991
1992 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
1993 end:
1994 #endif
1995 ret = 1;
1996
1997 err:
1998 EVP_PKEY_CTX_free(pctx);
1999 OSSL_PROVIDER_unload(nullprov);
2000 OSSL_LIB_CTX_free(tmpctx);
2001 return ret;
2002 }
2003
2004 static int test_rand_agglomeration(void)
2005 {
2006 EVP_RAND *rand;
2007 EVP_RAND_CTX *ctx;
2008 OSSL_PARAM params[3], *p = params;
2009 int res;
2010 unsigned int step = 7;
2011 static unsigned char seed[] = "It does not matter how slowly you go "
2012 "as long as you do not stop.";
2013 unsigned char out[sizeof(seed)];
2014
2015 if (!TEST_int_ne(sizeof(seed) % step, 0)
2016 || !TEST_ptr(rand = EVP_RAND_fetch(NULL, "TEST-RAND", NULL)))
2017 return 0;
2018 ctx = EVP_RAND_CTX_new(rand, NULL);
2019 EVP_RAND_free(rand);
2020 if (!TEST_ptr(ctx))
2021 return 0;
2022
2023 memset(out, 0, sizeof(out));
2024 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2025 seed, sizeof(seed));
2026 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
2027 *p = OSSL_PARAM_construct_end();
2028 res = TEST_true(EVP_RAND_set_ctx_params(ctx, params))
2029 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
2030 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
2031 EVP_RAND_CTX_free(ctx);
2032 return res;
2033 }
2034
2035 /*
2036 * Test that we correctly return the original or "running" IV after
2037 * an encryption operation.
2038 * Run multiple times for some different relevant algorithms/modes.
2039 */
2040 static int test_evp_iv(int idx)
2041 {
2042 int ret = 0;
2043 EVP_CIPHER_CTX *ctx = NULL;
2044 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2045 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2046 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
2047 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2048 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2049 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2050 9, 10, 11, 12, 13, 14, 15, 16 };
2051 unsigned char ciphertext[32], oiv[16], iv[16];
2052 unsigned char *ref_iv;
2053 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2054 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2055
2056 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2057 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2058 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2059 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2060 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2061 #ifndef OPENSSL_NO_OCB
2062 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2063 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2064 #endif
2065 int len = sizeof(ciphertext);
2066 size_t ivlen, ref_len;
2067 const EVP_CIPHER *type = NULL;
2068
2069 switch(idx) {
2070 case 0:
2071 type = EVP_aes_128_cbc();
2072 /* FALLTHROUGH */
2073 case 5:
2074 type = (type != NULL) ? type :
2075 EVP_CIPHER_fetch(testctx, "aes-128-cbc", NULL);
2076 ref_iv = cbc_state;
2077 ref_len = sizeof(cbc_state);
2078 break;
2079 case 1:
2080 type = EVP_aes_128_ofb();
2081 /* FALLTHROUGH */
2082 case 6:
2083 type = (type != NULL) ? type :
2084 EVP_CIPHER_fetch(testctx, "aes-128-ofb", NULL);
2085 ref_iv = ofb_state;
2086 ref_len = sizeof(ofb_state);
2087 break;
2088 case 2:
2089 type = EVP_aes_128_gcm();
2090 /* FALLTHROUGH */
2091 case 7:
2092 type = (type != NULL) ? type :
2093 EVP_CIPHER_fetch(testctx, "aes-128-gcm", NULL);
2094 ref_iv = gcm_state;
2095 ref_len = sizeof(gcm_state);
2096 break;
2097 case 3:
2098 type = EVP_aes_128_ccm();
2099 /* FALLTHROUGH */
2100 case 8:
2101 type = (type != NULL) ? type :
2102 EVP_CIPHER_fetch(testctx, "aes-128-ccm", NULL);
2103 ref_iv = ccm_state;
2104 ref_len = sizeof(ccm_state);
2105 break;
2106 #ifdef OPENSSL_NO_OCB
2107 case 4:
2108 case 9:
2109 return 1;
2110 #else
2111 case 4:
2112 type = EVP_aes_128_ocb();
2113 /* FALLTHROUGH */
2114 case 9:
2115 type = (type != NULL) ? type :
2116 EVP_CIPHER_fetch(testctx, "aes-128-ocb", NULL);
2117 ref_iv = ocb_state;
2118 ref_len = sizeof(ocb_state);
2119 break;
2120 #endif
2121 default:
2122 return 0;
2123 }
2124
2125 if (!TEST_ptr(type)
2126 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2127 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2128 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2129 (int)sizeof(msg)))
2130 || !TEST_true(EVP_CIPHER_CTX_get_iv(ctx, oiv, sizeof(oiv)))
2131 || !TEST_true(EVP_CIPHER_CTX_get_iv_state(ctx, iv, sizeof(iv)))
2132 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2133 goto err;
2134 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
2135 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2136 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2137 goto err;
2138
2139 ret = 1;
2140 err:
2141 EVP_CIPHER_CTX_free(ctx);
2142 if (idx >= 5)
2143 EVP_CIPHER_free((EVP_CIPHER *)type);
2144 return ret;
2145 }
2146
2147 int setup_tests(void)
2148 {
2149 testctx = OSSL_LIB_CTX_new();
2150
2151 if (!TEST_ptr(testctx))
2152 return 0;
2153
2154 ADD_TEST(test_EVP_set_default_properties);
2155 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
2156 ADD_TEST(test_EVP_DigestVerifyInit);
2157 ADD_TEST(test_EVP_Digest);
2158 ADD_TEST(test_EVP_Enveloped);
2159 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
2160 ADD_TEST(test_privatekey_to_pkcs8);
2161 #ifndef OPENSSL_NO_EC
2162 ADD_TEST(test_EVP_PKCS82PKEY);
2163 #endif
2164 #ifndef OPENSSL_NO_EC
2165 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
2166 #endif
2167 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
2168 ADD_TEST(test_EVP_SM2);
2169 ADD_TEST(test_EVP_SM2_verify);
2170 #endif
2171 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
2172 #ifndef OPENSSL_NO_DEPRECATED_3_0
2173 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
2174 if (!TEST_ptr(custom_pmeth))
2175 return 0;
2176 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
2177 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
2178 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
2179 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
2180 return 0;
2181 #endif
2182 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
2183 #ifndef OPENSSL_NO_CMAC
2184 ADD_TEST(test_CMAC_keygen);
2185 #endif
2186 ADD_TEST(test_HKDF);
2187 ADD_TEST(test_emptyikm_HKDF);
2188 #ifndef OPENSSL_NO_EC
2189 ADD_TEST(test_X509_PUBKEY_inplace);
2190 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
2191 OSSL_NELEM(ec_der_pub_keys));
2192 #endif
2193 #ifndef OPENSSL_NO_DSA
2194 ADD_TEST(test_DSA_get_set_params);
2195 #endif
2196 ADD_TEST(test_RSA_get_set_params);
2197 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2198 ADD_TEST(test_decrypt_null_chunks);
2199 #endif
2200 #ifndef OPENSSL_NO_DH
2201 ADD_TEST(test_EVP_PKEY_set1_DH);
2202 #endif
2203 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
2204 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
2205
2206 ADD_TEST(test_rand_agglomeration);
2207 ADD_ALL_TESTS(test_evp_iv, 10);
2208
2209 return 1;
2210 }
2211
2212 void cleanup_tests(void)
2213 {
2214 OSSL_LIB_CTX_free(testctx);
2215 }
A mirror of the official openssl repository