]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/evp_extra_test.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add a test for an all 0 RSA key
[thirdparty/openssl.git] / test / evp_extra_test.c
1 /*
2 * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
34 #include "testutil.h"
35 #include "internal/nelem.h"
36 #include "internal/sizes.h"
37 #include "crypto/evp.h"
38
39 static OSSL_LIB_CTX *testctx = NULL;
40 static char *testpropq = NULL;
41
42 static OSSL_PROVIDER *nullprov = NULL;
43 static OSSL_PROVIDER *deflprov = NULL;
44 static OSSL_PROVIDER *lgcyprov = NULL;
45
46 /*
47 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
48 * should never use this key anywhere but in an example.
49 */
50 static const unsigned char kExampleRSAKeyDER[] = {
51 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
52 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
53 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
54 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
55 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
56 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
57 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
58 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
59 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
60 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
61 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
62 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
63 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
64 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
65 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
66 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
67 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
68 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
69 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
70 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
71 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
72 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
73 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
74 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
75 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
76 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
77 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
78 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
79 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
80 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
81 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
82 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
83 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
84 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
85 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
86 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
87 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
88 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
89 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
90 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
91 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
92 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
93 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
94 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
95 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
96 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
97 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
98 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
99 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
100 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
101 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
102 };
103
104 /*
105 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
106 * should never use this key anywhere but in an example.
107 */
108 #ifndef OPENSSL_NO_DSA
109 static const unsigned char kExampleDSAKeyDER[] = {
110 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
111 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
112 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
113 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
114 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
115 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
116 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
117 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
118 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
119 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
120 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
121 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
122 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
123 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
124 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
125 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
126 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
127 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
128 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
129 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
130 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
131 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
132 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
133 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
134 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
135 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
136 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
137 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
138 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
139 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
140 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
141 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
142 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
143 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
144 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
145 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
146 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
147 0x40, 0x48
148 };
149 #endif
150
151 /*
152 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
153 * components are not correct.
154 */
155 static const unsigned char kExampleBadRSAKeyDER[] = {
156 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
157 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
158 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
159 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
160 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
161 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
162 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
163 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
164 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
165 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
166 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
167 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
168 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
169 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
170 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
171 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
172 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
173 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
174 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
175 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
176 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
177 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
178 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
179 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
180 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
181 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
182 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
183 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
184 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
185 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
186 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
187 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
188 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
189 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
190 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
191 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
192 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
193 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
194 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
195 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
196 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
197 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
198 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
199 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
200 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
201 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
202 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
203 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
204 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
205 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
206 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
207 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
208 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
209 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
210 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
211 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
212 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
213 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
214 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
215 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
216 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
217 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
218 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
219 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
220 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
221 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
222 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
223 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
224 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
225 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
226 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
227 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
228 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
229 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
230 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
231 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
232 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
233 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
234 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
235 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
236 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
237 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
238 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
239 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
240 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
241 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
242 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
243 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
244 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
245 };
246
247 /*
248 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All
249 * values are 0.
250 */
251 static const unsigned char kExampleBad2RSAKeyDER[] = {
252 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
253 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
254 0x01, 0x00, 0x02, 0x01, 0x00
255 };
256
257 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
258
259 static const unsigned char kSignature[] = {
260 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
261 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
262 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
263 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
264 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
265 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
266 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
267 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
268 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
269 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
270 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
271 };
272
273 /*
274 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
275 * PrivateKeyInfo.
276 */
277 static const unsigned char kExampleRSAKeyPKCS8[] = {
278 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
279 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
280 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
281 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
282 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
283 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
284 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
285 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
286 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
287 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
288 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
289 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
290 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
291 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
292 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
293 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
294 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
295 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
296 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
297 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
298 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
299 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
300 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
301 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
302 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
303 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
304 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
305 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
306 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
307 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
308 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
309 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
310 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
311 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
312 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
313 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
314 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
315 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
316 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
317 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
318 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
319 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
320 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
321 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
322 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
323 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
324 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
325 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
326 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
327 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
328 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
329 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
330 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
331 };
332
333 #ifndef OPENSSL_NO_EC
334 /*
335 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
336 * structure.
337 */
338 static const unsigned char kExampleECKeyDER[] = {
339 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
340 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
341 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
342 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
343 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
344 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
345 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
346 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
347 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
348 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
349 0xc1,
350 };
351
352 /*
353 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
354 * structure. The private key is equal to the order and will fail to import
355 */
356 static const unsigned char kExampleBadECKeyDER[] = {
357 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
358 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
359 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
360 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
361 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
362 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
363 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
364 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
365 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
366 };
367
368 /* prime256v1 */
369 static const unsigned char kExampleECPubKeyDER[] = {
370 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
371 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
372 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
373 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
374 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
375 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
376 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
377 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
378 };
379
380 /*
381 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
382 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
383 */
384 static const unsigned char kExampleBadECPubKeyDER[] = {
385 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
386 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
387 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
388 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
389 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
390 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
391 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
392 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
393 };
394
395 static const unsigned char pExampleECParamDER[] = {
396 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
397 };
398
399 static const unsigned char kExampleED25519KeyDER[] = {
400 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
401 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
402 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
403 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
404 };
405
406 static const unsigned char kExampleED25519PubKeyDER[] = {
407 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
408 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
409 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
410 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
411 };
412
413 # ifndef OPENSSL_NO_DEPRECATED_3_0
414 static const unsigned char kExampleX25519KeyDER[] = {
415 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
416 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
417 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
418 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
419 };
420 # endif
421 #endif
422
423 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
424 #ifndef OPENSSL_NO_DEPRECATED_3_0
425 # ifndef OPENSSL_NO_DH
426 static const unsigned char kExampleDHKeyDER[] = {
427 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
428 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
429 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
430 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
431 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
432 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
433 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
434 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
435 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
436 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
437 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
438 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
439 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
440 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
441 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
442 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
443 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
444 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
445 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
446 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
447 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
448 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
449 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
450 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
451 0x2e, 0x87, 0x2a, 0x0b, 0x7a
452 };
453 # endif
454 #endif
455
456 static const unsigned char kCFBDefaultKey[] = {
457 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
458 0x09, 0xCF, 0x4F, 0x3C
459 };
460
461 static const unsigned char kGCMDefaultKey[32] = { 0 };
462
463 static const unsigned char kGCMResetKey[] = {
464 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
465 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
466 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
467 };
468
469 static const unsigned char iCFBIV[] = {
470 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
471 0x0C, 0x0D, 0x0E, 0x0F
472 };
473
474 static const unsigned char iGCMDefaultIV[12] = { 0 };
475
476 static const unsigned char iGCMResetIV1[] = {
477 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
478 };
479
480 static const unsigned char iGCMResetIV2[] = {
481 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
482 };
483
484 static const unsigned char cfbPlaintext[] = {
485 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
486 0x73, 0x93, 0x17, 0x2A
487 };
488
489 static const unsigned char gcmDefaultPlaintext[16] = { 0 };
490
491 static const unsigned char gcmResetPlaintext[] = {
492 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
493 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
494 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
495 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
496 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
497 };
498
499 static const unsigned char cfbCiphertext[] = {
500 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
501 0xE8, 0x3C, 0xFB, 0x4A
502 };
503
504 static const unsigned char gcmDefaultCiphertext[] = {
505 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
506 0xba, 0xf3, 0x9d, 0x18
507 };
508
509 static const unsigned char gcmResetCiphertext1[] = {
510 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
511 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
512 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
513 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
514 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
515 };
516
517 static const unsigned char gcmResetCiphertext2[] = {
518 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
519 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
520 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
521 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
522 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
523 };
524
525 static const unsigned char gcmAAD[] = {
526 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
527 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
528 };
529
530 static const unsigned char gcmDefaultTag[] = {
531 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
532 0xd4, 0x8a, 0xb9, 0x19
533 };
534
535 static const unsigned char gcmResetTag1[] = {
536 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
537 0xfe, 0x2e, 0xa8, 0xf2
538 };
539
540 static const unsigned char gcmResetTag2[] = {
541 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
542 0xbb, 0x2d, 0x55, 0x1b
543 };
544
545 typedef struct APK_DATA_st {
546 const unsigned char *kder;
547 size_t size;
548 const char *keytype;
549 int evptype;
550 int check;
551 int pub_check;
552 int param_check;
553 int type; /* 0 for private, 1 for public, 2 for params */
554 } APK_DATA;
555
556 static APK_DATA keydata[] = {
557 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
558 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
559 #ifndef OPENSSL_NO_EC
560 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
561 #endif
562 };
563
564 static APK_DATA keycheckdata[] = {
565 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
566 0},
567 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
568 0, 1, 1, 0},
569 {kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA,
570 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0},
571 #ifndef OPENSSL_NO_EC
572 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
573 /* group is also associated in our pub key */
574 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
575 1, 1},
576 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
577 2},
578 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
579 EVP_PKEY_ED25519, 1, 1, 1, 0},
580 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
581 EVP_PKEY_ED25519, 0, 1, 1, 1},
582 #endif
583 };
584
585 static EVP_PKEY *load_example_key(const char *keytype,
586 const unsigned char *data, size_t data_len)
587 {
588 const unsigned char **pdata = &data;
589 EVP_PKEY *pkey = NULL;
590 OSSL_DECODER_CTX *dctx =
591 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
592 testctx, testpropq);
593
594 /* |pkey| will be NULL on error */
595 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
596 OSSL_DECODER_CTX_free(dctx);
597 return pkey;
598 }
599
600 static EVP_PKEY *load_example_rsa_key(void)
601 {
602 return load_example_key("RSA", kExampleRSAKeyDER,
603 sizeof(kExampleRSAKeyDER));
604 }
605
606 #ifndef OPENSSL_NO_DSA
607 static EVP_PKEY *load_example_dsa_key(void)
608 {
609 return load_example_key("DSA", kExampleDSAKeyDER,
610 sizeof(kExampleDSAKeyDER));
611 }
612 #endif
613
614 #ifndef OPENSSL_NO_EC
615 static EVP_PKEY *load_example_ec_key(void)
616 {
617 return load_example_key("EC", kExampleECKeyDER,
618 sizeof(kExampleECKeyDER));
619 }
620 #endif
621
622 #ifndef OPENSSL_NO_DEPRECATED_3_0
623 # ifndef OPENSSL_NO_DH
624 static EVP_PKEY *load_example_dh_key(void)
625 {
626 return load_example_key("DH", kExampleDHKeyDER,
627 sizeof(kExampleDHKeyDER));
628 }
629 # endif
630
631 # ifndef OPENSSL_NO_EC
632 static EVP_PKEY *load_example_ed25519_key(void)
633 {
634 return load_example_key("ED25519", kExampleED25519KeyDER,
635 sizeof(kExampleED25519KeyDER));
636 }
637
638 static EVP_PKEY *load_example_x25519_key(void)
639 {
640 return load_example_key("X25519", kExampleX25519KeyDER,
641 sizeof(kExampleX25519KeyDER));
642 }
643 # endif
644 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
645
646 static EVP_PKEY *load_example_hmac_key(void)
647 {
648 EVP_PKEY *pkey = NULL;
649 unsigned char key[] = {
650 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
651 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
652 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
653 };
654
655 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
656 NULL, key, sizeof(key));
657 if (!TEST_ptr(pkey))
658 return NULL;
659
660 return pkey;
661 }
662
663 static int test_EVP_set_default_properties(void)
664 {
665 OSSL_LIB_CTX *ctx;
666 EVP_MD *md = NULL;
667 int res = 0;
668
669 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
670 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
671 goto err;
672 EVP_MD_free(md);
673 md = NULL;
674
675 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
676 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
677 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
678 goto err;
679 EVP_MD_free(md);
680 md = NULL;
681
682 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
683 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
684 goto err;
685 res = 1;
686 err:
687 EVP_MD_free(md);
688 OSSL_LIB_CTX_free(ctx);
689 return res;
690 }
691
692 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
693 static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
694 {
695 EVP_PKEY_CTX *pctx = NULL;
696 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL;
697
698 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
699 goto err;
700 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
701 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
702 params), 0))
703 goto err;
704
705 if (!TEST_ptr(tmp_pkey))
706 goto err;
707
708 pkey = tmp_pkey;
709 tmp_pkey = NULL;
710 err:
711 EVP_PKEY_free(tmp_pkey);
712 EVP_PKEY_CTX_free(pctx);
713 return pkey;
714 }
715
716 static int test_selection(EVP_PKEY *pkey, int selection)
717 {
718 int testresult = 0;
719 int ret;
720 BIO *bio = BIO_new(BIO_s_mem());
721
722 ret = PEM_write_bio_PUBKEY(bio, pkey);
723 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
724 if (!TEST_true(ret))
725 goto err;
726 } else {
727 if (!TEST_false(ret))
728 goto err;
729 }
730 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
731 testctx, NULL);
732 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
733 if (!TEST_true(ret))
734 goto err;
735 } else {
736 if (!TEST_false(ret))
737 goto err;
738 }
739
740 testresult = 1;
741 err:
742 BIO_free(bio);
743
744 return testresult;
745 }
746 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
747
748 /*
749 * Test combinations of private, public, missing and private + public key
750 * params to ensure they are all accepted
751 */
752 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
753 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
754 {
755 OSSL_PARAM_BLD *bld = NULL;
756 OSSL_PARAM *params = NULL;
757 EVP_PKEY *just_params = NULL;
758 EVP_PKEY *params_and_priv = NULL;
759 EVP_PKEY *params_and_pub = NULL;
760 EVP_PKEY *params_and_keypair = NULL;
761 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
762 int ret = 0;
763
764 /*
765 * Setup the parameters for our pkey object. For our purposes they don't
766 * have to actually be *valid* parameters. We just need to set something.
767 */
768 if (!TEST_ptr(p = BN_new())
769 || !TEST_ptr(q = BN_new())
770 || !TEST_ptr(g = BN_new())
771 || !TEST_ptr(pub = BN_new())
772 || !TEST_ptr(priv = BN_new()))
773 goto err;
774
775 /* Test !priv and !pub */
776 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
777 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
778 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
779 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
780 goto err;
781 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
782 || !TEST_ptr(just_params = make_key_fromdata(keytype, params)))
783 goto err;
784
785 OSSL_PARAM_free(params);
786 OSSL_PARAM_BLD_free(bld);
787 params = NULL;
788 bld = NULL;
789
790 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
791 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
792 goto err;
793
794 /* Test priv and !pub */
795 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
796 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
797 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
798 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
799 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
800 priv)))
801 goto err;
802 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
803 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params)))
804 goto err;
805
806 OSSL_PARAM_free(params);
807 OSSL_PARAM_BLD_free(bld);
808 params = NULL;
809 bld = NULL;
810
811 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
812 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
813 goto err;
814
815 /* Test !priv and pub */
816 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
817 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
818 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
819 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
820 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
821 pub)))
822 goto err;
823 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
824 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params)))
825 goto err;
826
827 OSSL_PARAM_free(params);
828 OSSL_PARAM_BLD_free(bld);
829 params = NULL;
830 bld = NULL;
831
832 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
833 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
834 goto err;
835
836 /* Test priv and pub */
837 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
838 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
839 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
840 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
841 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
842 pub))
843 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
844 priv)))
845 goto err;
846 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
847 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params)))
848 goto err;
849
850 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
851 goto err;
852
853 ret = 1;
854 err:
855 OSSL_PARAM_free(params);
856 OSSL_PARAM_BLD_free(bld);
857 EVP_PKEY_free(just_params);
858 EVP_PKEY_free(params_and_priv);
859 EVP_PKEY_free(params_and_pub);
860 EVP_PKEY_free(params_and_keypair);
861 BN_free(p);
862 BN_free(q);
863 BN_free(g);
864 BN_free(pub);
865 BN_free(priv);
866
867 return ret;
868 }
869 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
870
871 /*
872 * Test combinations of private, public, missing and private + public key
873 * params to ensure they are all accepted for EC keys
874 */
875 #ifndef OPENSSL_NO_EC
876 static unsigned char ec_priv[] = {
877 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
878 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
879 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
880 };
881 static unsigned char ec_pub[] = {
882 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
883 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
884 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
885 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
886 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
887 0x08, 0x09, 0xb8, 0xdb, 0x03
888 };
889
890 static int test_EC_priv_pub(void)
891 {
892 OSSL_PARAM_BLD *bld = NULL;
893 OSSL_PARAM *params = NULL;
894 EVP_PKEY *just_params = NULL;
895 EVP_PKEY *params_and_priv = NULL;
896 EVP_PKEY *params_and_pub = NULL;
897 EVP_PKEY *params_and_keypair = NULL;
898 BIGNUM *priv = NULL;
899 int ret = 0;
900
901 /*
902 * Setup the parameters for our pkey object. For our purposes they don't
903 * have to actually be *valid* parameters. We just need to set something.
904 */
905 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
906 goto err;
907
908 /* Test !priv and !pub */
909 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
910 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
911 OSSL_PKEY_PARAM_GROUP_NAME,
912 "P-256", 0)))
913 goto err;
914 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
915 || !TEST_ptr(just_params = make_key_fromdata("EC", params)))
916 goto err;
917
918 OSSL_PARAM_free(params);
919 OSSL_PARAM_BLD_free(bld);
920 params = NULL;
921 bld = NULL;
922
923 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
924 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
925 goto err;
926
927 /* Test priv and !pub */
928 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
929 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
930 OSSL_PKEY_PARAM_GROUP_NAME,
931 "P-256", 0))
932 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
933 priv)))
934 goto err;
935 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
936 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params)))
937 goto err;
938
939 OSSL_PARAM_free(params);
940 OSSL_PARAM_BLD_free(bld);
941 params = NULL;
942 bld = NULL;
943
944 /*
945 * We indicate only parameters here, in spite of having built a key that
946 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
947 * expected to fail because it does not support exporting a private EC
948 * key without a corresponding public key
949 */
950 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
951 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
952 goto err;
953
954 /* Test !priv and pub */
955 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
956 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
957 OSSL_PKEY_PARAM_GROUP_NAME,
958 "P-256", 0))
959 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
960 OSSL_PKEY_PARAM_PUB_KEY,
961 ec_pub, sizeof(ec_pub))))
962 goto err;
963 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
964 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params)))
965 goto err;
966
967 OSSL_PARAM_free(params);
968 OSSL_PARAM_BLD_free(bld);
969 params = NULL;
970 bld = NULL;
971
972 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
973 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
974 goto err;
975
976 /* Test priv and pub */
977 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
978 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
979 OSSL_PKEY_PARAM_GROUP_NAME,
980 "P-256", 0))
981 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
982 OSSL_PKEY_PARAM_PUB_KEY,
983 ec_pub, sizeof(ec_pub)))
984 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
985 priv)))
986 goto err;
987 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
988 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params)))
989 goto err;
990
991 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
992 goto err;
993
994 /* Try key equality */
995 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0)
996 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub),
997 0)
998 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv),
999 0)
1000 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair),
1001 0)
1002 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0)
1003 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0)
1004 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0)
1005 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0))
1006 goto err;
1007
1008 ret = 1;
1009 err:
1010 OSSL_PARAM_free(params);
1011 OSSL_PARAM_BLD_free(bld);
1012 EVP_PKEY_free(just_params);
1013 EVP_PKEY_free(params_and_priv);
1014 EVP_PKEY_free(params_and_pub);
1015 EVP_PKEY_free(params_and_keypair);
1016 BN_free(priv);
1017
1018 return ret;
1019 }
1020
1021 /* Test that using a legacy EC key with only a private key in it works */
1022 # ifndef OPENSSL_NO_DEPRECATED_3_0
1023 static int test_EC_priv_only_legacy(void)
1024 {
1025 BIGNUM *priv = NULL;
1026 int ret = 0;
1027 EC_KEY *eckey = NULL;
1028 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
1029 EVP_MD_CTX *ctx = NULL;
1030
1031 /* Create the low level EC_KEY */
1032 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1033 goto err;
1034
1035 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1036 if (!TEST_ptr(eckey))
1037 goto err;
1038
1039 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1040 goto err;
1041
1042 pkey = EVP_PKEY_new();
1043 if (!TEST_ptr(pkey))
1044 goto err;
1045
1046 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1047 goto err;
1048 eckey = NULL;
1049
1050 while (dup_pk == NULL) {
1051 ret = 0;
1052 ctx = EVP_MD_CTX_new();
1053 if (!TEST_ptr(ctx))
1054 goto err;
1055
1056 /*
1057 * The EVP_DigestSignInit function should create the key on the
1058 * provider side which is sufficient for this test.
1059 */
1060 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
1061 testpropq, pkey, NULL)))
1062 goto err;
1063 EVP_MD_CTX_free(ctx);
1064 ctx = NULL;
1065
1066 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
1067 goto err;
1068 /* EVP_PKEY_eq() returns -2 with missing public keys */
1069 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
1070 EVP_PKEY_free(pkey);
1071 pkey = dup_pk;
1072 if (!ret)
1073 goto err;
1074 }
1075
1076 err:
1077 EVP_MD_CTX_free(ctx);
1078 EVP_PKEY_free(pkey);
1079 EC_KEY_free(eckey);
1080 BN_free(priv);
1081
1082 return ret;
1083 }
1084 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
1085 #endif /* OPENSSL_NO_EC */
1086
1087 static int test_EVP_PKEY_sign(int tst)
1088 {
1089 int ret = 0;
1090 EVP_PKEY *pkey = NULL;
1091 unsigned char *sig = NULL;
1092 size_t sig_len = 0, shortsig_len = 1;
1093 EVP_PKEY_CTX *ctx = NULL;
1094 unsigned char tbs[] = {
1095 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1096 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1097 };
1098
1099 if (tst == 0) {
1100 if (!TEST_ptr(pkey = load_example_rsa_key()))
1101 goto out;
1102 } else if (tst == 1) {
1103 #ifndef OPENSSL_NO_DSA
1104 if (!TEST_ptr(pkey = load_example_dsa_key()))
1105 goto out;
1106 #else
1107 ret = 1;
1108 goto out;
1109 #endif
1110 } else {
1111 #ifndef OPENSSL_NO_EC
1112 if (!TEST_ptr(pkey = load_example_ec_key()))
1113 goto out;
1114 #else
1115 ret = 1;
1116 goto out;
1117 #endif
1118 }
1119
1120 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1121 if (!TEST_ptr(ctx)
1122 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1123 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1124 sizeof(tbs)), 0))
1125 goto out;
1126 sig = OPENSSL_malloc(sig_len);
1127 if (!TEST_ptr(sig)
1128 /* Test sending a signature buffer that is too short is rejected */
1129 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1130 sizeof(tbs)), 0)
1131 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1132 0)
1133 /* Test the signature round-trips */
1134 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1135 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1136 0))
1137 goto out;
1138
1139 ret = 1;
1140 out:
1141 EVP_PKEY_CTX_free(ctx);
1142 OPENSSL_free(sig);
1143 EVP_PKEY_free(pkey);
1144 return ret;
1145 }
1146
1147 /*
1148 * n = 0 => test using legacy cipher
1149 * n = 1 => test using fetched cipher
1150 */
1151 static int test_EVP_Enveloped(int n)
1152 {
1153 int ret = 0;
1154 EVP_CIPHER_CTX *ctx = NULL;
1155 EVP_PKEY *keypair = NULL;
1156 unsigned char *kek = NULL;
1157 unsigned char iv[EVP_MAX_IV_LENGTH];
1158 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1159 int len, kek_len, ciphertext_len, plaintext_len;
1160 unsigned char ciphertext[32], plaintext[16];
1161 EVP_CIPHER *type = NULL;
1162
1163 if (nullprov != NULL)
1164 return TEST_skip("Test does not support a non-default library context");
1165
1166 if (n == 0)
1167 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1168 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1169 testpropq)))
1170 goto err;
1171
1172 if (!TEST_ptr(keypair = load_example_rsa_key())
1173 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
1174 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1175 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1176 &keypair, 1))
1177 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1178 msg, sizeof(msg)))
1179 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1180 &len)))
1181 goto err;
1182
1183 ciphertext_len += len;
1184
1185 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1186 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1187 ciphertext, ciphertext_len))
1188 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1189 goto err;
1190
1191 plaintext_len += len;
1192 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1193 goto err;
1194
1195 ret = 1;
1196 err:
1197 if (n != 0)
1198 EVP_CIPHER_free(type);
1199 OPENSSL_free(kek);
1200 EVP_PKEY_free(keypair);
1201 EVP_CIPHER_CTX_free(ctx);
1202 return ret;
1203 }
1204
1205 /*
1206 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1207 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1208 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1209 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1210 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1211 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1212 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1213 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1214 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1215 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1216 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1217 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1218 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1219 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1220 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1221 * Test 15-29: Same as above with reinitialization
1222 */
1223 static int test_EVP_DigestSignInit(int tst)
1224 {
1225 int ret = 0;
1226 EVP_PKEY *pkey = NULL;
1227 unsigned char *sig = NULL, *sig2 = NULL;
1228 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
1229 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1230 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1231 BIO *mdbio = NULL, *membio = NULL;
1232 size_t written;
1233 const EVP_MD *md;
1234 EVP_MD *mdexp = NULL;
1235 int reinit = 0;
1236
1237 if (nullprov != NULL)
1238 return TEST_skip("Test does not support a non-default library context");
1239
1240 if (tst >= 15) {
1241 reinit = 1;
1242 tst -= 15;
1243 }
1244
1245 if (tst >= 6 && tst <= 8) {
1246 membio = BIO_new(BIO_s_mem());
1247 mdbio = BIO_new(BIO_f_md());
1248 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1249 goto out;
1250 BIO_push(mdbio, membio);
1251 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1252 goto out;
1253 } else {
1254 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1255 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1256 goto out;
1257 }
1258
1259 if (tst % 3 == 0) {
1260 if (!TEST_ptr(pkey = load_example_rsa_key()))
1261 goto out;
1262 } else if (tst % 3 == 1) {
1263 #ifndef OPENSSL_NO_DSA
1264 if (!TEST_ptr(pkey = load_example_dsa_key()))
1265 goto out;
1266 #else
1267 ret = 1;
1268 goto out;
1269 #endif
1270 } else {
1271 if (!TEST_ptr(pkey = load_example_hmac_key()))
1272 goto out;
1273 }
1274
1275 if (tst >= 3 && tst <= 5)
1276 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1277 else
1278 md = EVP_sha256();
1279
1280 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1281 goto out;
1282
1283 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
1284 goto out;
1285
1286 if (tst >= 6 && tst <= 8) {
1287 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1288 goto out;
1289 } else if (tst < 6) {
1290 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1291 goto out;
1292 }
1293
1294 if (tst >= 9) {
1295 /* Determine the size of the signature. */
1296 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1297 sizeof(kMsg)))
1298 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1299 goto out;
1300 if (tst <= 11) {
1301 /* Test that supply a short sig buffer fails */
1302 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1303 sizeof(kMsg))))
1304 goto out;
1305 /*
1306 * We end here because once EVP_DigestSign() has failed you should
1307 * not call it again without re-initing the ctx
1308 */
1309 ret = 1;
1310 goto out;
1311 }
1312 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1313 sizeof(kMsg))))
1314 goto out;
1315 } else {
1316 /* Determine the size of the signature. */
1317 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1318 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1319 /*
1320 * Trying to create a signature with a deliberately short
1321 * buffer should fail.
1322 */
1323 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1324 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1325 goto out;
1326 }
1327
1328 /*
1329 * Ensure that the signature round-trips (Verification isn't supported for
1330 * HMAC via EVP_DigestVerify*)
1331 */
1332 if (tst % 3 != 2) {
1333 if (tst >= 6 && tst <= 8) {
1334 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1335 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1336 goto out;
1337 }
1338
1339 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1340 NULL, pkey)))
1341 goto out;
1342
1343 if (tst >= 6 && tst <= 8) {
1344 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1345 goto out;
1346 } else {
1347 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1348 sizeof(kMsg))))
1349 goto out;
1350 }
1351 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1352 goto out;
1353
1354 /* Multiple calls to EVP_DigestVerifyFinal should work */
1355 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1356 goto out;
1357 } else {
1358 /*
1359 * For HMAC a doubled call to DigestSignFinal should produce the same
1360 * value as finalization should not happen.
1361 */
1362 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1363 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1364 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1365 goto out;
1366
1367 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1368 goto out;
1369 }
1370
1371 ret = 1;
1372
1373 out:
1374 BIO_free(membio);
1375 BIO_free(mdbio);
1376 EVP_MD_CTX_free(a_md_ctx);
1377 EVP_MD_CTX_free(a_md_ctx_verify);
1378 EVP_PKEY_free(pkey);
1379 OPENSSL_free(sig);
1380 OPENSSL_free(sig2);
1381 EVP_MD_free(mdexp);
1382
1383 return ret;
1384 }
1385
1386 static int test_EVP_DigestVerifyInit(void)
1387 {
1388 int ret = 0;
1389 EVP_PKEY *pkey = NULL;
1390 EVP_MD_CTX *md_ctx = NULL;
1391
1392 if (nullprov != NULL)
1393 return TEST_skip("Test does not support a non-default library context");
1394
1395 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1396 || !TEST_ptr(pkey = load_example_rsa_key()))
1397 goto out;
1398
1399 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1400 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1401 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1402 sizeof(kSignature)), 0))
1403 goto out;
1404
1405 /* test with reinitialization */
1406 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
1407 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1408 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1409 sizeof(kSignature)), 0))
1410 goto out;
1411 ret = 1;
1412
1413 out:
1414 EVP_MD_CTX_free(md_ctx);
1415 EVP_PKEY_free(pkey);
1416 return ret;
1417 }
1418
1419 #ifndef OPENSSL_NO_SIPHASH
1420 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
1421 static int test_siphash_digestsign(void)
1422 {
1423 unsigned char key[16];
1424 unsigned char buf[8], digest[8];
1425 unsigned char expected[8] = {
1426 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1427 };
1428 EVP_PKEY *pkey = NULL;
1429 EVP_MD_CTX *mdctx = NULL;
1430 EVP_PKEY_CTX *ctx = NULL;
1431 int ret = 0;
1432 size_t len = 8;
1433
1434 if (nullprov != NULL)
1435 return TEST_skip("Test does not support a non-default library context");
1436
1437 memset(buf, 0, 8);
1438 memset(key, 1, 16);
1439 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
1440 key, 16)))
1441 goto out;
1442
1443 if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
1444 goto out;
1445
1446 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
1447 goto out;
1448 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
1449 EVP_PKEY_CTRL_SET_DIGEST_SIZE,
1450 8, NULL), 1))
1451 goto out;
1452 /* reinitialize */
1453 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
1454 goto out;
1455 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
1456 goto out;
1457 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
1458 goto out;
1459 if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
1460 goto out;
1461
1462 ret = 1;
1463 out:
1464 EVP_PKEY_free(pkey);
1465 EVP_MD_CTX_free(mdctx);
1466 return ret;
1467 }
1468 #endif
1469
1470 /*
1471 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1472 */
1473 static int test_EVP_Digest(void)
1474 {
1475 int ret = 0;
1476 EVP_MD_CTX *md_ctx = NULL;
1477 unsigned char md[EVP_MAX_MD_SIZE];
1478 EVP_MD *sha256 = NULL;
1479 EVP_MD *shake256 = NULL;
1480
1481 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1482 goto out;
1483
1484 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1485 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1486 goto out;
1487
1488 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1489 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1490 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1491 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1492 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1493 goto out;
1494
1495 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1496 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1497 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1498 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1499 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1500 /*
1501 * EVP_DigestInit_ex with NULL type should work on
1502 * pre-initialized context.
1503 */
1504 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1505 goto out;
1506
1507 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1508 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1509 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1510 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1511 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1512 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1513 goto out;
1514 ret = 1;
1515
1516 out:
1517 EVP_MD_CTX_free(md_ctx);
1518 EVP_MD_free(sha256);
1519 EVP_MD_free(shake256);
1520 return ret;
1521 }
1522
1523 static int test_EVP_md_null(void)
1524 {
1525 int ret = 0;
1526 EVP_MD_CTX *md_ctx = NULL;
1527 const EVP_MD *md_null = EVP_md_null();
1528 unsigned char md_value[EVP_MAX_MD_SIZE];
1529 unsigned int md_len = sizeof(md_value);
1530
1531 if (nullprov != NULL)
1532 return TEST_skip("Test does not support a non-default library context");
1533
1534 if (!TEST_ptr(md_null)
1535 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1536 goto out;
1537
1538 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
1539 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
1540 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
1541 goto out;
1542
1543 if (!TEST_uint_eq(md_len, 0))
1544 goto out;
1545
1546 ret = 1;
1547 out:
1548 EVP_MD_CTX_free(md_ctx);
1549 return ret;
1550 }
1551
1552 static int test_d2i_AutoPrivateKey(int i)
1553 {
1554 int ret = 0;
1555 const unsigned char *p;
1556 EVP_PKEY *pkey = NULL;
1557 const APK_DATA *ak = &keydata[i];
1558 const unsigned char *input = ak->kder;
1559 size_t input_len = ak->size;
1560 int expected_id = ak->evptype;
1561
1562 p = input;
1563 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1564 || !TEST_ptr_eq(p, input + input_len)
1565 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
1566 goto done;
1567
1568 ret = 1;
1569
1570 done:
1571 EVP_PKEY_free(pkey);
1572 return ret;
1573 }
1574
1575 #ifndef OPENSSL_NO_EC
1576
1577 static const unsigned char ec_public_sect163k1_validxy[] = {
1578 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1579 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1580 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1581 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1582 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1583 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1584 };
1585
1586 static const unsigned char ec_public_sect163k1_badx[] = {
1587 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1588 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1589 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1590 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1591 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1592 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1593 };
1594
1595 static const unsigned char ec_public_sect163k1_bady[] = {
1596 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1597 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1598 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1599 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1600 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1601 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1602 };
1603
1604 static struct ec_der_pub_keys_st {
1605 const unsigned char *der;
1606 size_t len;
1607 int valid;
1608 } ec_der_pub_keys[] = {
1609 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1610 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1611 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1612 };
1613
1614 /*
1615 * Tests the range of the decoded EC char2 public point.
1616 * See ec_GF2m_simple_oct2point().
1617 */
1618 static int test_invalide_ec_char2_pub_range_decode(int id)
1619 {
1620 int ret = 0;
1621 EVP_PKEY *pkey;
1622
1623 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1624 ec_der_pub_keys[id].len);
1625
1626 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1627 || TEST_ptr_null(pkey);
1628 EVP_PKEY_free(pkey);
1629 return ret;
1630 }
1631
1632 /* Tests loading a bad key in PKCS8 format */
1633 static int test_EVP_PKCS82PKEY(void)
1634 {
1635 int ret = 0;
1636 const unsigned char *derp = kExampleBadECKeyDER;
1637 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1638 EVP_PKEY *pkey = NULL;
1639
1640 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1641 sizeof(kExampleBadECKeyDER))))
1642 goto done;
1643
1644 if (!TEST_ptr_eq(derp,
1645 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1646 goto done;
1647
1648 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1649 goto done;
1650
1651 ret = 1;
1652
1653 done:
1654 PKCS8_PRIV_KEY_INFO_free(p8inf);
1655 EVP_PKEY_free(pkey);
1656
1657 return ret;
1658 }
1659
1660 #endif
1661 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1662 {
1663 EVP_PKEY *pkey = NULL;
1664 EVP_PKEY *pkey2 = NULL;
1665 BIO *membio = NULL;
1666 char *membuf = NULL;
1667 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1668 int ok = 0;
1669
1670 if (testctx != NULL)
1671 /* test not supported with non-default context */
1672 return 1;
1673
1674 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1675 || !TEST_ptr(pkey = load_example_rsa_key())
1676 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1677 NULL, 0, NULL, NULL),
1678 0)
1679 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1680 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1681 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
1682 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1683 goto done;
1684 }
1685
1686 ok = 1;
1687 done:
1688 EVP_PKEY_free(pkey);
1689 EVP_PKEY_free(pkey2);
1690 PKCS8_PRIV_KEY_INFO_free(p8inf);
1691 BIO_free_all(membio);
1692 return ok;
1693 }
1694
1695 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1696 static int test_privatekey_to_pkcs8(void)
1697 {
1698 EVP_PKEY *pkey = NULL;
1699 BIO *membio = NULL;
1700 char *membuf = NULL;
1701 long membuf_len = 0;
1702 int ok = 0;
1703
1704 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1705 || !TEST_ptr(pkey = load_example_rsa_key())
1706 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1707 NULL, 0, NULL, NULL),
1708 0)
1709 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1710 || !TEST_ptr(membuf)
1711 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1712 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1713 /*
1714 * We try to write PEM as well, just to see that it doesn't err, but
1715 * assume that the result is correct.
1716 */
1717 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1718 NULL, 0, NULL, NULL),
1719 0))
1720 goto done;
1721
1722 ok = 1;
1723 done:
1724 EVP_PKEY_free(pkey);
1725 BIO_free_all(membio);
1726 return ok;
1727 }
1728
1729 #ifndef OPENSSL_NO_EC
1730 static const struct {
1731 int encoding;
1732 const char *encoding_name;
1733 } ec_encodings[] = {
1734 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1735 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1736 };
1737
1738 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1739 {
1740 const OSSL_PARAM *p;
1741 const char *enc_name = NULL;
1742 int *enc = arg;
1743 size_t i;
1744
1745 *enc = -1;
1746
1747 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1748 OSSL_PKEY_PARAM_EC_ENCODING))
1749 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1750 return 0;
1751
1752 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1753 if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1754 *enc = ec_encodings[i].encoding;
1755 break;
1756 }
1757 }
1758
1759 return (*enc != -1);
1760 }
1761
1762 static int test_EC_keygen_with_enc(int idx)
1763 {
1764 EVP_PKEY *params = NULL, *key = NULL;
1765 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1766 int enc;
1767 int ret = 0;
1768
1769 enc = ec_encodings[idx].encoding;
1770
1771 /* Create key parameters */
1772 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1773 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
1774 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0)
1775 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0)
1776 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
1777 || !TEST_ptr(params))
1778 goto done;
1779
1780 /* Create key */
1781 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1782 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1783 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1784 || !TEST_ptr(key))
1785 goto done;
1786
1787 /* Check that the encoding got all the way into the key */
1788 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1789 ec_export_get_encoding_cb, &enc))
1790 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1791 goto done;
1792
1793 ret = 1;
1794 done:
1795 EVP_PKEY_free(key);
1796 EVP_PKEY_free(params);
1797 EVP_PKEY_CTX_free(kctx);
1798 EVP_PKEY_CTX_free(pctx);
1799 return ret;
1800 }
1801 #endif
1802
1803 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1804
1805 static int test_EVP_SM2_verify(void)
1806 {
1807 const char *pubkey =
1808 "-----BEGIN PUBLIC KEY-----\n"
1809 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1810 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1811 "-----END PUBLIC KEY-----\n";
1812
1813 const char *msg = "message digest";
1814 const char *id = "ALICE123@YAHOO.COM";
1815
1816 const uint8_t signature[] = {
1817 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1818 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1819 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1820 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1821 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1822 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1823 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1824 };
1825
1826 int rc = 0;
1827 BIO *bio = NULL;
1828 EVP_PKEY *pkey = NULL;
1829 EVP_MD_CTX *mctx = NULL;
1830 EVP_PKEY_CTX *pctx = NULL;
1831 EVP_MD *sm3 = NULL;
1832
1833 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1834 if (!TEST_true(bio != NULL))
1835 goto done;
1836
1837 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
1838 if (!TEST_true(pkey != NULL))
1839 goto done;
1840
1841 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1842 goto done;
1843
1844 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1845 goto done;
1846
1847 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1848 goto done;
1849
1850 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1851
1852 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1853 goto done;
1854
1855 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
1856 goto done;
1857
1858 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1859 goto done;
1860
1861 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1862 goto done;
1863
1864 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
1865 goto done;
1866 rc = 1;
1867
1868 done:
1869 BIO_free(bio);
1870 EVP_PKEY_free(pkey);
1871 EVP_PKEY_CTX_free(pctx);
1872 EVP_MD_CTX_free(mctx);
1873 EVP_MD_free(sm3);
1874 return rc;
1875 }
1876
1877 static int test_EVP_SM2(void)
1878 {
1879 int ret = 0;
1880 EVP_PKEY *pkey = NULL;
1881 EVP_PKEY *pkeyparams = NULL;
1882 EVP_PKEY_CTX *pctx = NULL;
1883 EVP_PKEY_CTX *kctx = NULL;
1884 EVP_PKEY_CTX *sctx = NULL;
1885 size_t sig_len = 0;
1886 unsigned char *sig = NULL;
1887 EVP_MD_CTX *md_ctx = NULL;
1888 EVP_MD_CTX *md_ctx_verify = NULL;
1889 EVP_PKEY_CTX *cctx = NULL;
1890 EVP_MD *check_md = NULL;
1891
1892 uint8_t ciphertext[128];
1893 size_t ctext_len = sizeof(ciphertext);
1894
1895 uint8_t plaintext[8];
1896 size_t ptext_len = sizeof(plaintext);
1897
1898 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1899
1900 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1901 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1902 int i;
1903 char mdname[OSSL_MAX_NAME_SIZE];
1904
1905 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
1906 "SM2", testpropq)))
1907 goto done;
1908
1909 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1910 goto done;
1911
1912 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0))
1913 goto done;
1914
1915 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1916 goto done;
1917
1918 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1919 pkeyparams, testpropq)))
1920 goto done;
1921
1922 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0))
1923 goto done;
1924
1925 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1926 goto done;
1927
1928 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1929 goto done;
1930
1931 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1932 goto done;
1933
1934 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1935 goto done;
1936
1937 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1938 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1939
1940 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
1941 goto done;
1942
1943 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
1944 goto done;
1945
1946 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1947 goto done;
1948
1949 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1950 goto done;
1951
1952 /* Determine the size of the signature. */
1953 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1954 goto done;
1955
1956 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1957 goto done;
1958
1959 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1960 goto done;
1961
1962 /* Ensure that the signature round-trips. */
1963
1964 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1965 pkey)))
1966 goto done;
1967
1968 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1969 goto done;
1970
1971 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1972 goto done;
1973
1974 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1975 goto done;
1976
1977 /*
1978 * Try verify again with non-matching 0 length id but ensure that it can
1979 * be set on the context and overrides the previous value.
1980 */
1981
1982 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1983 pkey)))
1984 goto done;
1985
1986 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0))
1987 goto done;
1988
1989 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1990 goto done;
1991
1992 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1993 goto done;
1994
1995 /* now check encryption/decryption */
1996
1997 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1998 mdname, sizeof(mdname));
1999 for (i = 0; i < 2; i++) {
2000 const char *mdnames[] = {
2001 #ifndef OPENSSL_NO_SM3
2002 "SM3",
2003 #else
2004 NULL,
2005 #endif
2006 "SHA2-256" };
2007 EVP_PKEY_CTX_free(cctx);
2008
2009 if (mdnames[i] == NULL)
2010 continue;
2011
2012 sparams[0] =
2013 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2014 (char *)mdnames[i], 0);
2015
2016 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2017 pkey, testpropq)))
2018 goto done;
2019
2020 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
2021 goto done;
2022
2023 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2024 goto done;
2025
2026 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
2027 sizeof(kMsg))))
2028 goto done;
2029
2030 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
2031 goto done;
2032
2033 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2034 goto done;
2035
2036 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
2037 ctext_len), 0))
2038 goto done;
2039
2040 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
2041 goto done;
2042
2043 /*
2044 * Test we're still using the digest we think we are.
2045 * Because of aliases, the easiest is to fetch the digest and
2046 * check the name with EVP_MD_is_a().
2047 */
2048 EVP_MD_free(check_md);
2049 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
2050 goto done;
2051 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
2052 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
2053 goto done;
2054 }
2055
2056 if (!TEST_true(ptext_len == sizeof(kMsg)))
2057 goto done;
2058
2059 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
2060 goto done;
2061 }
2062
2063 ret = 1;
2064 done:
2065 EVP_PKEY_CTX_free(pctx);
2066 EVP_PKEY_CTX_free(kctx);
2067 EVP_PKEY_CTX_free(sctx);
2068 EVP_PKEY_CTX_free(cctx);
2069 EVP_PKEY_free(pkey);
2070 EVP_PKEY_free(pkeyparams);
2071 EVP_MD_CTX_free(md_ctx);
2072 EVP_MD_CTX_free(md_ctx_verify);
2073 EVP_MD_free(check_md);
2074 OPENSSL_free(sig);
2075 return ret;
2076 }
2077
2078 #endif
2079
2080 static struct keys_st {
2081 int type;
2082 char *priv;
2083 char *pub;
2084 } keys[] = {
2085 {
2086 EVP_PKEY_HMAC, "0123456789", NULL
2087 },
2088 {
2089 EVP_PKEY_HMAC, "", NULL
2090 #ifndef OPENSSL_NO_POLY1305
2091 }, {
2092 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
2093 #endif
2094 #ifndef OPENSSL_NO_SIPHASH
2095 }, {
2096 EVP_PKEY_SIPHASH, "0123456789012345", NULL
2097 #endif
2098 },
2099 #ifndef OPENSSL_NO_EC
2100 {
2101 EVP_PKEY_X25519, "01234567890123456789012345678901",
2102 "abcdefghijklmnopqrstuvwxyzabcdef"
2103 }, {
2104 EVP_PKEY_ED25519, "01234567890123456789012345678901",
2105 "abcdefghijklmnopqrstuvwxyzabcdef"
2106 }, {
2107 EVP_PKEY_X448,
2108 "01234567890123456789012345678901234567890123456789012345",
2109 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2110 }, {
2111 EVP_PKEY_ED448,
2112 "012345678901234567890123456789012345678901234567890123456",
2113 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2114 }
2115 #endif
2116 };
2117
2118 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
2119 {
2120 int ret = 0;
2121 unsigned char buf[80];
2122 unsigned char *in;
2123 size_t inlen, len = 0, shortlen = 1;
2124 EVP_PKEY *pkey;
2125
2126 /* Check if this algorithm supports public keys */
2127 if (pub && keys[tst].pub == NULL)
2128 return 1;
2129
2130 memset(buf, 0, sizeof(buf));
2131
2132 if (pub) {
2133 #ifndef OPENSSL_NO_EC
2134 inlen = strlen(keys[tst].pub);
2135 in = (unsigned char *)keys[tst].pub;
2136 if (uselibctx) {
2137 pkey = EVP_PKEY_new_raw_public_key_ex(
2138 testctx,
2139 OBJ_nid2sn(keys[tst].type),
2140 NULL,
2141 in,
2142 inlen);
2143 } else {
2144 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
2145 NULL,
2146 in,
2147 inlen);
2148 }
2149 #else
2150 return 1;
2151 #endif
2152 } else {
2153 inlen = strlen(keys[tst].priv);
2154 in = (unsigned char *)keys[tst].priv;
2155 if (uselibctx) {
2156 pkey = EVP_PKEY_new_raw_private_key_ex(
2157 testctx, OBJ_nid2sn(keys[tst].type),
2158 NULL,
2159 in,
2160 inlen);
2161 } else {
2162 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
2163 NULL,
2164 in,
2165 inlen);
2166 }
2167 }
2168
2169 if (!TEST_ptr(pkey)
2170 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
2171 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
2172 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
2173 || !TEST_true(len == inlen))
2174 goto done;
2175 if (tst != 1) {
2176 /*
2177 * Test that supplying a buffer that is too small fails. Doesn't apply
2178 * to HMAC with a zero length key
2179 */
2180 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
2181 &shortlen)))
2182 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
2183 &shortlen))))
2184 goto done;
2185 }
2186 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
2187 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
2188 || !TEST_mem_eq(in, inlen, buf, len))
2189 goto done;
2190
2191 ret = 1;
2192 done:
2193 EVP_PKEY_free(pkey);
2194 return ret;
2195 }
2196
2197 static int test_set_get_raw_keys(int tst)
2198 {
2199 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
2200 && test_set_get_raw_keys_int(tst, 0, 1)
2201 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
2202 && test_set_get_raw_keys_int(tst, 1, 1);
2203 }
2204
2205 #ifndef OPENSSL_NO_DEPRECATED_3_0
2206 static int pkey_custom_check(EVP_PKEY *pkey)
2207 {
2208 return 0xbeef;
2209 }
2210
2211 static int pkey_custom_pub_check(EVP_PKEY *pkey)
2212 {
2213 return 0xbeef;
2214 }
2215
2216 static int pkey_custom_param_check(EVP_PKEY *pkey)
2217 {
2218 return 0xbeef;
2219 }
2220
2221 static EVP_PKEY_METHOD *custom_pmeth;
2222 #endif
2223
2224 static int test_EVP_PKEY_check(int i)
2225 {
2226 int ret = 0;
2227 EVP_PKEY *pkey = NULL;
2228 EVP_PKEY_CTX *ctx = NULL;
2229 #ifndef OPENSSL_NO_DEPRECATED_3_0
2230 EVP_PKEY_CTX *ctx2 = NULL;
2231 #endif
2232 const APK_DATA *ak = &keycheckdata[i];
2233 const unsigned char *input = ak->kder;
2234 size_t input_len = ak->size;
2235 int expected_id = ak->evptype;
2236 int expected_check = ak->check;
2237 int expected_pub_check = ak->pub_check;
2238 int expected_param_check = ak->param_check;
2239 int type = ak->type;
2240
2241 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
2242 goto done;
2243 if (type == 0
2244 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2245 goto done;
2246
2247 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2248 goto done;
2249
2250 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
2251 goto done;
2252
2253 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
2254 goto done;
2255
2256 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
2257 goto done;
2258
2259 #ifndef OPENSSL_NO_DEPRECATED_3_0
2260 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
2261 /* assign the pkey directly, as an internal test */
2262 EVP_PKEY_up_ref(pkey);
2263 ctx2->pkey = pkey;
2264
2265 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
2266 goto done;
2267
2268 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
2269 goto done;
2270
2271 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
2272 goto done;
2273 #endif
2274
2275 ret = 1;
2276
2277 done:
2278 EVP_PKEY_CTX_free(ctx);
2279 #ifndef OPENSSL_NO_DEPRECATED_3_0
2280 EVP_PKEY_CTX_free(ctx2);
2281 #endif
2282 EVP_PKEY_free(pkey);
2283 return ret;
2284 }
2285
2286 #ifndef OPENSSL_NO_CMAC
2287 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
2288 {
2289 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
2290 const char msg[] = "Hello World";
2291 size_t maclen = AES_BLOCK_SIZE;
2292 int ret = 1;
2293
2294 if (!TEST_ptr(mdctx)
2295 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
2296 testpropq, pkey, NULL))
2297 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
2298 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
2299 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
2300 ret = 0;
2301
2302 EVP_MD_CTX_free(mdctx);
2303
2304 return ret;
2305 }
2306 static int test_CMAC_keygen(void)
2307 {
2308 static unsigned char key[] = {
2309 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2310 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2311 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2312 };
2313 EVP_PKEY_CTX *kctx = NULL;
2314 int ret = 0;
2315 EVP_PKEY *pkey = NULL;
2316 unsigned char mac[AES_BLOCK_SIZE];
2317 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2318 unsigned char mac2[AES_BLOCK_SIZE];
2319 # endif
2320
2321 if (nullprov != NULL)
2322 return TEST_skip("Test does not support a non-default library context");
2323
2324 /*
2325 * This is a legacy method for CMACs, but should still work.
2326 * This verifies that it works without an ENGINE.
2327 */
2328 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2329
2330 /* Test a CMAC key created using the "generated" method */
2331 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2332 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2333 EVP_PKEY_CTRL_CIPHER,
2334 0, (void *)EVP_aes_256_ecb()), 0)
2335 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2336 EVP_PKEY_CTRL_SET_MAC_KEY,
2337 sizeof(key), (void *)key), 0)
2338 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2339 || !TEST_ptr(pkey)
2340 || !TEST_true(get_cmac_val(pkey, mac)))
2341 goto done;
2342
2343 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2344 EVP_PKEY_free(pkey);
2345
2346 /*
2347 * Test a CMAC key using the direct method, and compare with the mac
2348 * created above.
2349 */
2350 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
2351 if (!TEST_ptr(pkey)
2352 || !TEST_true(get_cmac_val(pkey, mac2))
2353 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
2354 goto done;
2355 # endif
2356
2357 ret = 1;
2358
2359 done:
2360 EVP_PKEY_free(pkey);
2361 EVP_PKEY_CTX_free(kctx);
2362 return ret;
2363 }
2364 #endif
2365
2366 static int test_HKDF(void)
2367 {
2368 EVP_PKEY_CTX *pctx;
2369 unsigned char out[20];
2370 size_t outlen;
2371 int i, ret = 0;
2372 unsigned char salt[] = "0123456789";
2373 unsigned char key[] = "012345678901234567890123456789";
2374 unsigned char info[] = "infostring";
2375 const unsigned char expected[] = {
2376 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2377 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2378 };
2379 size_t expectedlen = sizeof(expected);
2380
2381 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2382 goto done;
2383
2384 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2385 for (i = 0; i < 2; i++) {
2386 outlen = sizeof(out);
2387 memset(out, 0, outlen);
2388
2389 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2390 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2391 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2392 sizeof(salt) - 1), 0)
2393 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2394 sizeof(key) - 1), 0)
2395 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2396 sizeof(info) - 1), 0)
2397 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2398 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2399 goto done;
2400 }
2401
2402 ret = 1;
2403
2404 done:
2405 EVP_PKEY_CTX_free(pctx);
2406
2407 return ret;
2408 }
2409
2410 static int test_emptyikm_HKDF(void)
2411 {
2412 EVP_PKEY_CTX *pctx;
2413 unsigned char out[20];
2414 size_t outlen;
2415 int ret = 0;
2416 unsigned char salt[] = "9876543210";
2417 unsigned char key[] = "";
2418 unsigned char info[] = "stringinfo";
2419 const unsigned char expected[] = {
2420 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2421 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2422 };
2423 size_t expectedlen = sizeof(expected);
2424
2425 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2426 goto done;
2427
2428 outlen = sizeof(out);
2429 memset(out, 0, outlen);
2430
2431 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2432 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2433 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2434 sizeof(salt) - 1), 0)
2435 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2436 sizeof(key) - 1), 0)
2437 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2438 sizeof(info) - 1), 0)
2439 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2440 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2441 goto done;
2442
2443 ret = 1;
2444
2445 done:
2446 EVP_PKEY_CTX_free(pctx);
2447
2448 return ret;
2449 }
2450
2451 #ifndef OPENSSL_NO_EC
2452 static int test_X509_PUBKEY_inplace(void)
2453 {
2454 int ret = 0;
2455 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
2456 const unsigned char *p = kExampleECPubKeyDER;
2457 size_t input_len = sizeof(kExampleECPubKeyDER);
2458
2459 if (!TEST_ptr(xp))
2460 goto done;
2461 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
2462 goto done;
2463
2464 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2465 goto done;
2466
2467 p = kExampleBadECPubKeyDER;
2468 input_len = sizeof(kExampleBadECPubKeyDER);
2469
2470 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2471 goto done;
2472
2473 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2474 goto done;
2475
2476 ret = 1;
2477
2478 done:
2479 X509_PUBKEY_free(xp);
2480 return ret;
2481 }
2482
2483 static int test_X509_PUBKEY_dup(void)
2484 {
2485 int ret = 0;
2486 X509_PUBKEY *xp = NULL, *xq = NULL;
2487 const unsigned char *p = kExampleECPubKeyDER;
2488 size_t input_len = sizeof(kExampleECPubKeyDER);
2489
2490 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2491 if (!TEST_ptr(xp)
2492 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
2493 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2494 || !TEST_ptr_ne(xp, xq))
2495 goto done;
2496
2497 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2498 || !TEST_ptr(X509_PUBKEY_get0(xp))
2499 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
2500 goto done;
2501
2502 X509_PUBKEY_free(xq);
2503 xq = NULL;
2504 p = kExampleBadECPubKeyDER;
2505 input_len = sizeof(kExampleBadECPubKeyDER);
2506
2507 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2508 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2509 goto done;
2510
2511 X509_PUBKEY_free(xp);
2512 xp = NULL;
2513 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2514 goto done;
2515
2516 ret = 1;
2517
2518 done:
2519 X509_PUBKEY_free(xp);
2520 X509_PUBKEY_free(xq);
2521 return ret;
2522 }
2523 #endif /* OPENSSL_NO_EC */
2524
2525 /* Test getting and setting parameters on an EVP_PKEY_CTX */
2526 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
2527 {
2528 EVP_MD_CTX *mdctx = NULL;
2529 EVP_PKEY_CTX *ctx = NULL;
2530 const OSSL_PARAM *params;
2531 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
2532 int ret = 0;
2533 const EVP_MD *md;
2534 char mdname[OSSL_MAX_NAME_SIZE];
2535 char ssl3ms[48];
2536
2537 /* Initialise a sign operation */
2538 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
2539 if (!TEST_ptr(ctx)
2540 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
2541 goto err;
2542
2543 /*
2544 * We should be able to query the parameters now.
2545 */
2546 params = EVP_PKEY_CTX_settable_params(ctx);
2547 if (!TEST_ptr(params)
2548 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2549 OSSL_SIGNATURE_PARAM_DIGEST)))
2550 goto err;
2551
2552 params = EVP_PKEY_CTX_gettable_params(ctx);
2553 if (!TEST_ptr(params)
2554 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2555 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
2556 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2557 OSSL_SIGNATURE_PARAM_DIGEST)))
2558 goto err;
2559
2560 /*
2561 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2562 * EVP_PKEY_CTX_get_params()
2563 */
2564 strcpy(mdname, "SHA512");
2565 param_md = param;
2566 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2567 mdname, 0);
2568 *param++ = OSSL_PARAM_construct_end();
2569
2570 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2571 goto err;
2572
2573 mdname[0] = '\0';
2574 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2575 mdname, sizeof(mdname));
2576 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
2577 || !TEST_str_eq(mdname, "SHA512"))
2578 goto err;
2579
2580 /*
2581 * Test the TEST_PKEY_CTX_set_signature_md() and
2582 * TEST_PKEY_CTX_get_signature_md() functions
2583 */
2584 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2585 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2586 || !TEST_ptr_eq(md, EVP_sha256()))
2587 goto err;
2588
2589 /*
2590 * Test getting MD parameters via an associated EVP_PKEY_CTX
2591 */
2592 mdctx = EVP_MD_CTX_new();
2593 if (!TEST_ptr(mdctx)
2594 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2595 pkey, NULL)))
2596 goto err;
2597
2598 /*
2599 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2600 * able to obtain the digest's settable parameters from the provider.
2601 */
2602 params = EVP_MD_CTX_settable_params(mdctx);
2603 if (!TEST_ptr(params)
2604 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2605 /* The final key should be NULL */
2606 || !TEST_ptr_null(params[1].key))
2607 goto err;
2608
2609 param = ourparams;
2610 memset(ssl3ms, 0, sizeof(ssl3ms));
2611 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2612 ssl3ms, sizeof(ssl3ms));
2613 *param++ = OSSL_PARAM_construct_end();
2614
2615 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2616 goto err;
2617
2618 ret = 1;
2619
2620 err:
2621 EVP_MD_CTX_free(mdctx);
2622 EVP_PKEY_CTX_free(ctx);
2623
2624 return ret;
2625 }
2626
2627 #ifndef OPENSSL_NO_DSA
2628 static int test_DSA_get_set_params(void)
2629 {
2630 OSSL_PARAM_BLD *bld = NULL;
2631 OSSL_PARAM *params = NULL;
2632 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2633 EVP_PKEY_CTX *pctx = NULL;
2634 EVP_PKEY *pkey = NULL;
2635 int ret = 0;
2636
2637 /*
2638 * Setup the parameters for our DSA object. For our purposes they don't
2639 * have to actually be *valid* parameters. We just need to set something.
2640 */
2641 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2642 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2643 || !TEST_ptr(p = BN_new())
2644 || !TEST_ptr(q = BN_new())
2645 || !TEST_ptr(g = BN_new())
2646 || !TEST_ptr(pub = BN_new())
2647 || !TEST_ptr(priv = BN_new()))
2648 goto err;
2649 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2650 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2651 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2652 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2653 pub))
2654 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2655 priv)))
2656 goto err;
2657 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2658 goto err;
2659
2660 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2661 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2662 params), 0))
2663 goto err;
2664
2665 if (!TEST_ptr(pkey))
2666 goto err;
2667
2668 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2669
2670 err:
2671 EVP_PKEY_free(pkey);
2672 EVP_PKEY_CTX_free(pctx);
2673 OSSL_PARAM_free(params);
2674 OSSL_PARAM_BLD_free(bld);
2675 BN_free(p);
2676 BN_free(q);
2677 BN_free(g);
2678 BN_free(pub);
2679 BN_free(priv);
2680
2681 return ret;
2682 }
2683
2684 /*
2685 * Test combinations of private, public, missing and private + public key
2686 * params to ensure they are all accepted
2687 */
2688 static int test_DSA_priv_pub(void)
2689 {
2690 return test_EVP_PKEY_ffc_priv_pub("DSA");
2691 }
2692
2693 #endif /* !OPENSSL_NO_DSA */
2694
2695 static int test_RSA_get_set_params(void)
2696 {
2697 OSSL_PARAM_BLD *bld = NULL;
2698 OSSL_PARAM *params = NULL;
2699 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2700 EVP_PKEY_CTX *pctx = NULL;
2701 EVP_PKEY *pkey = NULL;
2702 int ret = 0;
2703
2704 /*
2705 * Setup the parameters for our RSA object. For our purposes they don't
2706 * have to actually be *valid* parameters. We just need to set something.
2707 */
2708 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2709 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2710 || !TEST_ptr(n = BN_new())
2711 || !TEST_ptr(e = BN_new())
2712 || !TEST_ptr(d = BN_new()))
2713 goto err;
2714 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2715 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2716 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2717 goto err;
2718 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2719 goto err;
2720
2721 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2722 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2723 params), 0))
2724 goto err;
2725
2726 if (!TEST_ptr(pkey))
2727 goto err;
2728
2729 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2730
2731 err:
2732 EVP_PKEY_free(pkey);
2733 EVP_PKEY_CTX_free(pctx);
2734 OSSL_PARAM_free(params);
2735 OSSL_PARAM_BLD_free(bld);
2736 BN_free(n);
2737 BN_free(e);
2738 BN_free(d);
2739
2740 return ret;
2741 }
2742
2743 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2744 static int test_decrypt_null_chunks(void)
2745 {
2746 EVP_CIPHER_CTX* ctx = NULL;
2747 EVP_CIPHER *cipher = NULL;
2748 const unsigned char key[32] = {
2749 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2750 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2751 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2752 };
2753 unsigned char iv[12] = {
2754 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2755 };
2756 unsigned char msg[] = "It was the best of times, it was the worst of times";
2757 unsigned char ciphertext[80];
2758 unsigned char plaintext[80];
2759 /* We initialise tmp to a non zero value on purpose */
2760 int ctlen, ptlen, tmp = 99;
2761 int ret = 0;
2762 const int enc_offset = 10, dec_offset = 20;
2763
2764 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2765 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2766 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
2767 key, iv))
2768 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2769 enc_offset))
2770 /* Deliberate add a zero length update */
2771 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2772 0))
2773 || !TEST_int_eq(tmp, 0)
2774 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2775 msg + enc_offset,
2776 sizeof(msg) - enc_offset))
2777 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2778 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2779 || !TEST_int_eq(tmp, 0))
2780 goto err;
2781
2782 /* Deliberately initialise tmp to a non zero value */
2783 tmp = 99;
2784 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
2785 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2786 dec_offset))
2787 /*
2788 * Deliberately add a zero length update. We also deliberately do
2789 * this at a different offset than for encryption.
2790 */
2791 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2792 0))
2793 || !TEST_int_eq(tmp, 0)
2794 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2795 ciphertext + dec_offset,
2796 ctlen - dec_offset))
2797 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2798 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2799 || !TEST_int_eq(tmp, 0)
2800 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2801 goto err;
2802
2803 ret = 1;
2804 err:
2805 EVP_CIPHER_CTX_free(ctx);
2806 EVP_CIPHER_free(cipher);
2807 return ret;
2808 }
2809 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2810
2811 #ifndef OPENSSL_NO_DH
2812 /*
2813 * Test combinations of private, public, missing and private + public key
2814 * params to ensure they are all accepted
2815 */
2816 static int test_DH_priv_pub(void)
2817 {
2818 return test_EVP_PKEY_ffc_priv_pub("DH");
2819 }
2820
2821 # ifndef OPENSSL_NO_DEPRECATED_3_0
2822 static int test_EVP_PKEY_set1_DH(void)
2823 {
2824 DH *x942dh = NULL, *noqdh = NULL;
2825 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
2826 int ret = 0;
2827 BIGNUM *p, *g = NULL;
2828 BIGNUM *pubkey = NULL;
2829 unsigned char pub[2048 / 8];
2830 size_t len = 0;
2831
2832 if (!TEST_ptr(p = BN_new())
2833 || !TEST_ptr(g = BN_new())
2834 || !TEST_ptr(pubkey = BN_new())
2835 || !TEST_true(BN_set_word(p, 9999))
2836 || !TEST_true(BN_set_word(g, 2))
2837 || !TEST_true(BN_set_word(pubkey, 4321))
2838 || !TEST_ptr(noqdh = DH_new())
2839 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
2840 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
2841 || !TEST_ptr(pubkey = BN_new())
2842 || !TEST_true(BN_set_word(pubkey, 4321)))
2843 goto err;
2844 p = g = NULL;
2845
2846 x942dh = DH_get_2048_256();
2847 pkey1 = EVP_PKEY_new();
2848 pkey2 = EVP_PKEY_new();
2849 if (!TEST_ptr(x942dh)
2850 || !TEST_ptr(noqdh)
2851 || !TEST_ptr(pkey1)
2852 || !TEST_ptr(pkey2)
2853 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
2854 goto err;
2855 pubkey = NULL;
2856
2857 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2858 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
2859 goto err;
2860
2861 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
2862 &pubkey))
2863 || !TEST_ptr(pubkey))
2864 goto err;
2865
2866 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
2867 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
2868 goto err;
2869
2870 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
2871 OSSL_PKEY_PARAM_PUB_KEY,
2872 pub, sizeof(pub), &len))
2873 || !TEST_size_t_ne(len, 0))
2874 goto err;
2875
2876 ret = 1;
2877 err:
2878 BN_free(p);
2879 BN_free(g);
2880 BN_free(pubkey);
2881 EVP_PKEY_free(pkey1);
2882 EVP_PKEY_free(pkey2);
2883 DH_free(x942dh);
2884 DH_free(noqdh);
2885
2886 return ret;
2887 }
2888 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2889 #endif /* !OPENSSL_NO_DH */
2890
2891 /*
2892 * We test what happens with an empty template. For the sake of this test,
2893 * the template must be ignored, and we know that's the case for RSA keys
2894 * (this might arguably be a misfeature, but that's what we currently do,
2895 * even in provider code, since that's how the legacy RSA implementation
2896 * does things)
2897 */
2898 static int test_keygen_with_empty_template(int n)
2899 {
2900 EVP_PKEY_CTX *ctx = NULL;
2901 EVP_PKEY *pkey = NULL;
2902 EVP_PKEY *tkey = NULL;
2903 int ret = 0;
2904
2905 if (nullprov != NULL)
2906 return TEST_skip("Test does not support a non-default library context");
2907
2908 switch (n) {
2909 case 0:
2910 /* We do test with no template at all as well */
2911 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2912 goto err;
2913 break;
2914 case 1:
2915 /* Here we create an empty RSA key that serves as our template */
2916 if (!TEST_ptr(tkey = EVP_PKEY_new())
2917 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2918 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2919 goto err;
2920 break;
2921 }
2922
2923 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2924 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2925 goto err;
2926
2927 ret = 1;
2928 err:
2929 EVP_PKEY_CTX_free(ctx);
2930 EVP_PKEY_free(pkey);
2931 EVP_PKEY_free(tkey);
2932 return ret;
2933 }
2934
2935 /*
2936 * Test that we fail if we attempt to use an algorithm that is not available
2937 * in the current library context (unless we are using an algorithm that
2938 * should be made available via legacy codepaths).
2939 *
2940 * 0: RSA
2941 * 1: SM2
2942 */
2943 static int test_pkey_ctx_fail_without_provider(int tst)
2944 {
2945 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
2946 OSSL_PROVIDER *tmpnullprov = NULL;
2947 EVP_PKEY_CTX *pctx = NULL;
2948 const char *keytype = NULL;
2949 int expect_null = 0;
2950 int ret = 0;
2951
2952 if (!TEST_ptr(tmpctx))
2953 goto err;
2954
2955 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
2956 if (!TEST_ptr(tmpnullprov))
2957 goto err;
2958
2959 /*
2960 * We check for certain algos in the null provider.
2961 * If an algo is expected to have a provider keymgmt, constructing an
2962 * EVP_PKEY_CTX is expected to fail (return NULL).
2963 * Otherwise, if it's expected to have legacy support, constructing an
2964 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2965 */
2966 switch (tst) {
2967 case 0:
2968 keytype = "RSA";
2969 expect_null = 1;
2970 break;
2971 case 1:
2972 keytype = "SM2";
2973 expect_null = 1;
2974 #ifdef OPENSSL_NO_EC
2975 TEST_info("EC disable, skipping SM2 check...");
2976 goto end;
2977 #endif
2978 #ifdef OPENSSL_NO_SM2
2979 TEST_info("SM2 disable, skipping SM2 check...");
2980 goto end;
2981 #endif
2982 break;
2983 default:
2984 TEST_error("No test for case %d", tst);
2985 goto err;
2986 }
2987
2988 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2989 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
2990 goto err;
2991
2992 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2993 end:
2994 #endif
2995 ret = 1;
2996
2997 err:
2998 EVP_PKEY_CTX_free(pctx);
2999 OSSL_PROVIDER_unload(tmpnullprov);
3000 OSSL_LIB_CTX_free(tmpctx);
3001 return ret;
3002 }
3003
3004 static int test_rand_agglomeration(void)
3005 {
3006 EVP_RAND *rand;
3007 EVP_RAND_CTX *ctx;
3008 OSSL_PARAM params[3], *p = params;
3009 int res;
3010 unsigned int step = 7;
3011 static unsigned char seed[] = "It does not matter how slowly you go "
3012 "as long as you do not stop.";
3013 unsigned char out[sizeof(seed)];
3014
3015 if (!TEST_int_ne(sizeof(seed) % step, 0)
3016 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
3017 return 0;
3018 ctx = EVP_RAND_CTX_new(rand, NULL);
3019 EVP_RAND_free(rand);
3020 if (!TEST_ptr(ctx))
3021 return 0;
3022
3023 memset(out, 0, sizeof(out));
3024 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
3025 seed, sizeof(seed));
3026 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
3027 *p = OSSL_PARAM_construct_end();
3028 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
3029 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
3030 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
3031 EVP_RAND_CTX_free(ctx);
3032 return res;
3033 }
3034
3035 /*
3036 * Test that we correctly return the original or "running" IV after
3037 * an encryption operation.
3038 * Run multiple times for some different relevant algorithms/modes.
3039 */
3040 static int test_evp_iv_aes(int idx)
3041 {
3042 int ret = 0;
3043 EVP_CIPHER_CTX *ctx = NULL;
3044 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
3045 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
3046 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
3047 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
3048 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
3049 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3050 9, 10, 11, 12, 13, 14, 15, 16 };
3051 unsigned char ciphertext[32], oiv[16], iv[16];
3052 unsigned char *ref_iv;
3053 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
3054 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
3055
3056 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
3057 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
3058 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
3059 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
3060 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3061 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3062 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
3063 #ifndef OPENSSL_NO_OCB
3064 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3065 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3066 #endif
3067 int len = sizeof(ciphertext);
3068 size_t ivlen, ref_len;
3069 const EVP_CIPHER *type = NULL;
3070 int iv_reset = 0;
3071
3072 if (nullprov != NULL && idx < 6)
3073 return TEST_skip("Test does not support a non-default library context");
3074
3075 switch (idx) {
3076 case 0:
3077 type = EVP_aes_128_cbc();
3078 /* FALLTHROUGH */
3079 case 6:
3080 type = (type != NULL) ? type :
3081 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
3082 ref_iv = cbc_state;
3083 ref_len = sizeof(cbc_state);
3084 iv_reset = 1;
3085 break;
3086 case 1:
3087 type = EVP_aes_128_ofb();
3088 /* FALLTHROUGH */
3089 case 7:
3090 type = (type != NULL) ? type :
3091 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
3092 ref_iv = ofb_state;
3093 ref_len = sizeof(ofb_state);
3094 iv_reset = 1;
3095 break;
3096 case 2:
3097 type = EVP_aes_128_cfb();
3098 /* FALLTHROUGH */
3099 case 8:
3100 type = (type != NULL) ? type :
3101 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
3102 ref_iv = cfb_state;
3103 ref_len = sizeof(cfb_state);
3104 iv_reset = 1;
3105 break;
3106 case 3:
3107 type = EVP_aes_128_gcm();
3108 /* FALLTHROUGH */
3109 case 9:
3110 type = (type != NULL) ? type :
3111 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
3112 ref_iv = gcm_state;
3113 ref_len = sizeof(gcm_state);
3114 break;
3115 case 4:
3116 type = EVP_aes_128_ccm();
3117 /* FALLTHROUGH */
3118 case 10:
3119 type = (type != NULL) ? type :
3120 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
3121 ref_iv = ccm_state;
3122 ref_len = sizeof(ccm_state);
3123 break;
3124 #ifdef OPENSSL_NO_OCB
3125 case 5:
3126 case 11:
3127 return 1;
3128 #else
3129 case 5:
3130 type = EVP_aes_128_ocb();
3131 /* FALLTHROUGH */
3132 case 11:
3133 type = (type != NULL) ? type :
3134 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
3135 ref_iv = ocb_state;
3136 ref_len = sizeof(ocb_state);
3137 break;
3138 #endif
3139 default:
3140 return 0;
3141 }
3142
3143 if (!TEST_ptr(type)
3144 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3145 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3146 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3147 (int)sizeof(msg)))
3148 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3149 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3150 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3151 goto err;
3152 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3153 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3154 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3155 goto err;
3156
3157 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3158 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3159 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3160 goto err;
3161 if (iv_reset) {
3162 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3163 goto err;
3164 } else {
3165 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
3166 goto err;
3167 }
3168
3169 ret = 1;
3170 err:
3171 EVP_CIPHER_CTX_free(ctx);
3172 if (idx >= 6)
3173 EVP_CIPHER_free((EVP_CIPHER *)type);
3174 return ret;
3175 }
3176
3177 #ifndef OPENSSL_NO_DES
3178 static int test_evp_iv_des(int idx)
3179 {
3180 int ret = 0;
3181 EVP_CIPHER_CTX *ctx = NULL;
3182 static const unsigned char key[24] = {
3183 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3184 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3185 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3186 };
3187 static const unsigned char init_iv[8] = {
3188 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3189 };
3190 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3191 9, 10, 11, 12, 13, 14, 15, 16 };
3192 unsigned char ciphertext[32], oiv[8], iv[8];
3193 unsigned const char *ref_iv;
3194 static const unsigned char cbc_state_des[8] = {
3195 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3196 };
3197 static const unsigned char cbc_state_3des[8] = {
3198 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3199 };
3200 static const unsigned char ofb_state_des[8] = {
3201 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3202 };
3203 static const unsigned char ofb_state_3des[8] = {
3204 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3205 };
3206 static const unsigned char cfb_state_des[8] = {
3207 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3208 };
3209 static const unsigned char cfb_state_3des[8] = {
3210 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3211 };
3212 int len = sizeof(ciphertext);
3213 size_t ivlen, ref_len;
3214 EVP_CIPHER *type = NULL;
3215
3216 if (lgcyprov == NULL && idx < 3)
3217 return TEST_skip("Test requires legacy provider to be loaded");
3218
3219 switch (idx) {
3220 case 0:
3221 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
3222 ref_iv = cbc_state_des;
3223 ref_len = sizeof(cbc_state_des);
3224 break;
3225 case 1:
3226 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
3227 ref_iv = ofb_state_des;
3228 ref_len = sizeof(ofb_state_des);
3229 break;
3230 case 2:
3231 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
3232 ref_iv = cfb_state_des;
3233 ref_len = sizeof(cfb_state_des);
3234 break;
3235 case 3:
3236 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
3237 ref_iv = cbc_state_3des;
3238 ref_len = sizeof(cbc_state_3des);
3239 break;
3240 case 4:
3241 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
3242 ref_iv = ofb_state_3des;
3243 ref_len = sizeof(ofb_state_3des);
3244 break;
3245 case 5:
3246 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
3247 ref_iv = cfb_state_3des;
3248 ref_len = sizeof(cfb_state_3des);
3249 break;
3250 default:
3251 return 0;
3252 }
3253
3254 if (!TEST_ptr(type)
3255 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3256 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3257 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3258 (int)sizeof(msg)))
3259 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3260 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3261 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3262 goto err;
3263 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3264 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3265 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3266 goto err;
3267
3268 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3269 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3270 goto err;
3271 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3272 goto err;
3273
3274 ret = 1;
3275 err:
3276 EVP_CIPHER_CTX_free(ctx);
3277 EVP_CIPHER_free(type);
3278 return ret;
3279 }
3280 #endif
3281
3282 #ifndef OPENSSL_NO_BF
3283 static int test_evp_bf_default_keylen(int idx)
3284 {
3285 int ret = 0;
3286 static const char *algos[4] = {
3287 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb"
3288 };
3289 int ivlen[4] = { 0, 8, 8, 8 };
3290 EVP_CIPHER *cipher = NULL;
3291
3292 if (lgcyprov == NULL)
3293 return TEST_skip("Test requires legacy provider to be loaded");
3294
3295 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq))
3296 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16)
3297 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx]))
3298 goto err;
3299
3300 ret = 1;
3301 err:
3302 EVP_CIPHER_free(cipher);
3303 return ret;
3304 }
3305 #endif
3306
3307 #ifndef OPENSSL_NO_EC
3308 static int ecpub_nids[] = {
3309 NID_brainpoolP256r1, NID_X9_62_prime256v1,
3310 NID_secp384r1, NID_secp521r1,
3311 # ifndef OPENSSL_NO_EC2M
3312 NID_sect233k1, NID_sect233r1, NID_sect283r1,
3313 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
3314 # endif
3315 NID_brainpoolP384r1, NID_brainpoolP512r1
3316 };
3317
3318 static int test_ecpub(int idx)
3319 {
3320 int ret = 0, len, savelen;
3321 int nid;
3322 unsigned char buf[1024];
3323 unsigned char *p;
3324 EVP_PKEY *pkey = NULL;
3325 EVP_PKEY_CTX *ctx = NULL;
3326 # ifndef OPENSSL_NO_DEPRECATED_3_0
3327 const unsigned char *q;
3328 EVP_PKEY *pkey2 = NULL;
3329 EC_KEY *ec = NULL;
3330 # endif
3331
3332 if (nullprov != NULL)
3333 return TEST_skip("Test does not support a non-default library context");
3334
3335 nid = ecpub_nids[idx];
3336
3337 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
3338 if (!TEST_ptr(ctx)
3339 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3340 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0)
3341 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
3342 goto done;
3343 len = i2d_PublicKey(pkey, NULL);
3344 savelen = len;
3345 if (!TEST_int_ge(len, 1)
3346 || !TEST_int_lt(len, 1024))
3347 goto done;
3348 p = buf;
3349 len = i2d_PublicKey(pkey, &p);
3350 if (!TEST_int_ge(len, 1)
3351 || !TEST_int_eq(len, savelen))
3352 goto done;
3353
3354 # ifndef OPENSSL_NO_DEPRECATED_3_0
3355 /* Now try to decode the just-created DER. */
3356 q = buf;
3357 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
3358 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
3359 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
3360 goto done;
3361 /* EC_KEY ownership transferred */
3362 ec = NULL;
3363 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
3364 goto done;
3365 /* The keys should match. */
3366 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
3367 goto done;
3368 # endif
3369
3370 ret = 1;
3371
3372 done:
3373 EVP_PKEY_CTX_free(ctx);
3374 EVP_PKEY_free(pkey);
3375 # ifndef OPENSSL_NO_DEPRECATED_3_0
3376 EVP_PKEY_free(pkey2);
3377 EC_KEY_free(ec);
3378 # endif
3379 return ret;
3380 }
3381 #endif
3382
3383 static int test_EVP_rsa_pss_with_keygen_bits(void)
3384 {
3385 int ret = 0;
3386 EVP_PKEY_CTX *ctx = NULL;
3387 EVP_PKEY *pkey = NULL;
3388 EVP_MD *md;
3389
3390 md = EVP_MD_fetch(testctx, "sha256", testpropq);
3391 ret = TEST_ptr(md)
3392 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq)))
3393 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3394 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
3395 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0)
3396 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
3397
3398 EVP_MD_free(md);
3399 EVP_PKEY_free(pkey);
3400 EVP_PKEY_CTX_free(ctx);
3401 return ret;
3402 }
3403
3404 static int test_EVP_rsa_pss_set_saltlen(void)
3405 {
3406 int ret = 0;
3407 EVP_PKEY *pkey = NULL;
3408 EVP_PKEY_CTX *pkey_ctx = NULL;
3409 EVP_MD *sha256 = NULL;
3410 EVP_MD_CTX *sha256_ctx = NULL;
3411 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
3412 const int test_value = 32;
3413
3414 ret = TEST_ptr(pkey = load_example_rsa_key())
3415 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
3416 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
3417 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
3418 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
3419 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0)
3420 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0)
3421 && TEST_int_eq(saltlen, test_value);
3422
3423 EVP_MD_CTX_free(sha256_ctx);
3424 EVP_PKEY_free(pkey);
3425 EVP_MD_free(sha256);
3426
3427 return ret;
3428 }
3429
3430 static int success = 1;
3431 static void md_names(const char *name, void *vctx)
3432 {
3433 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
3434 /* Force a namemap update */
3435 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
3436
3437 if (!TEST_ptr(aes128))
3438 success = 0;
3439
3440 EVP_CIPHER_free(aes128);
3441 }
3442
3443 /*
3444 * Test that changing the namemap in a user callback works in a names_do_all
3445 * function.
3446 */
3447 static int test_names_do_all(void)
3448 {
3449 /* We use a custom libctx so that we know the state of the namemap */
3450 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
3451 EVP_MD *sha256 = NULL;
3452 int testresult = 0;
3453
3454 if (!TEST_ptr(ctx))
3455 goto err;
3456
3457 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
3458 if (!TEST_ptr(sha256))
3459 goto err;
3460
3461 /*
3462 * We loop through all the names for a given digest. This should still work
3463 * even if the namemap changes part way through.
3464 */
3465 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
3466 goto err;
3467
3468 if (!TEST_true(success))
3469 goto err;
3470
3471 testresult = 1;
3472 err:
3473 EVP_MD_free(sha256);
3474 OSSL_LIB_CTX_free(ctx);
3475 return testresult;
3476 }
3477
3478 typedef struct {
3479 const char *cipher;
3480 const unsigned char *key;
3481 const unsigned char *iv;
3482 const unsigned char *input;
3483 const unsigned char *expected;
3484 const unsigned char *tag;
3485 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3486 size_t inlen;
3487 size_t expectedlen;
3488 size_t taglen;
3489 int keyfirst;
3490 int initenc;
3491 int finalenc;
3492 } EVP_INIT_TEST_st;
3493
3494 static const EVP_INIT_TEST_st evp_init_tests[] = {
3495 {
3496 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3497 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3498 0, 1, 0, 1
3499 },
3500 {
3501 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3502 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3503 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3504 sizeof(gcmDefaultTag), 1, 0, 1
3505 },
3506 {
3507 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3508 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3509 0, 0, 0, 1
3510 },
3511 {
3512 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3513 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3514 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3515 sizeof(gcmDefaultTag), 0, 0, 1
3516 },
3517 {
3518 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3519 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3520 0, 1, 1, 0
3521 },
3522 {
3523 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3524 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3525 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3526 sizeof(gcmDefaultTag), 1, 1, 0
3527 },
3528 {
3529 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3530 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3531 0, 0, 1, 0
3532 },
3533 {
3534 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3535 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3536 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3537 sizeof(gcmDefaultTag), 0, 1, 0
3538 }
3539 };
3540
3541 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
3542 {
3543 int res = 0;
3544
3545 if (t->ivlen != 0) {
3546 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0))
3547 goto err;
3548 }
3549 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
3550 goto err;
3551 res = 1;
3552 err:
3553 return res;
3554 }
3555
3556 /*
3557 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3558 * arguments are given one at a time and a final adjustment to the enc
3559 * parameter sets the correct operation.
3560 */
3561 static int test_evp_init_seq(int idx)
3562 {
3563 int outlen1, outlen2;
3564 int testresult = 0;
3565 unsigned char outbuf[1024];
3566 unsigned char tag[16];
3567 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
3568 EVP_CIPHER_CTX *ctx = NULL;
3569 EVP_CIPHER *type = NULL;
3570 size_t taglen = sizeof(tag);
3571 char *errmsg = NULL;
3572
3573 ctx = EVP_CIPHER_CTX_new();
3574 if (ctx == NULL) {
3575 errmsg = "CTX_ALLOC";
3576 goto err;
3577 }
3578 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
3579 errmsg = "CIPHER_FETCH";
3580 goto err;
3581 }
3582 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
3583 errmsg = "EMPTY_ENC_INIT";
3584 goto err;
3585 }
3586 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3587 errmsg = "PADDING";
3588 goto err;
3589 }
3590 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3591 errmsg = "KEY_INIT (before iv)";
3592 goto err;
3593 }
3594 if (!evp_init_seq_set_iv(ctx, t)) {
3595 errmsg = "IV_INIT";
3596 goto err;
3597 }
3598 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3599 errmsg = "KEY_INIT (after iv)";
3600 goto err;
3601 }
3602 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
3603 errmsg = "FINAL_ENC_INIT";
3604 goto err;
3605 }
3606 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3607 errmsg = "CIPHER_UPDATE";
3608 goto err;
3609 }
3610 if (t->finalenc == 0 && t->tag != NULL) {
3611 /* Set expected tag */
3612 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
3613 t->taglen, (void *)t->tag), 0)) {
3614 errmsg = "SET_TAG";
3615 goto err;
3616 }
3617 }
3618 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3619 errmsg = "CIPHER_FINAL";
3620 goto err;
3621 }
3622 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3623 errmsg = "WRONG_RESULT";
3624 goto err;
3625 }
3626 if (t->finalenc != 0 && t->tag != NULL) {
3627 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
3628 errmsg = "GET_TAG";
3629 goto err;
3630 }
3631 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
3632 errmsg = "TAG_ERROR";
3633 goto err;
3634 }
3635 }
3636 testresult = 1;
3637 err:
3638 if (errmsg != NULL)
3639 TEST_info("evp_init_test %d: %s", idx, errmsg);
3640 EVP_CIPHER_CTX_free(ctx);
3641 EVP_CIPHER_free(type);
3642 return testresult;
3643 }
3644
3645 typedef struct {
3646 const unsigned char *input;
3647 const unsigned char *expected;
3648 size_t inlen;
3649 size_t expectedlen;
3650 int enc;
3651 } EVP_RESET_TEST_st;
3652
3653 static const EVP_RESET_TEST_st evp_reset_tests[] = {
3654 {
3655 cfbPlaintext, cfbCiphertext,
3656 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
3657 },
3658 {
3659 cfbCiphertext, cfbPlaintext,
3660 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
3661 }
3662 };
3663
3664 /*
3665 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3666 * been used.
3667 */
3668 static int test_evp_reset(int idx)
3669 {
3670 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
3671 int outlen1, outlen2;
3672 int testresult = 0;
3673 unsigned char outbuf[1024];
3674 EVP_CIPHER_CTX *ctx = NULL;
3675 EVP_CIPHER *type = NULL;
3676 char *errmsg = NULL;
3677
3678 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3679 errmsg = "CTX_ALLOC";
3680 goto err;
3681 }
3682 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
3683 errmsg = "CIPHER_FETCH";
3684 goto err;
3685 }
3686 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3687 errmsg = "CIPHER_INIT";
3688 goto err;
3689 }
3690 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3691 errmsg = "PADDING";
3692 goto err;
3693 }
3694 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3695 errmsg = "CIPHER_UPDATE";
3696 goto err;
3697 }
3698 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3699 errmsg = "CIPHER_FINAL";
3700 goto err;
3701 }
3702 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3703 errmsg = "WRONG_RESULT";
3704 goto err;
3705 }
3706 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
3707 errmsg = "CIPHER_REINIT";
3708 goto err;
3709 }
3710 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3711 errmsg = "CIPHER_UPDATE (reinit)";
3712 goto err;
3713 }
3714 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3715 errmsg = "CIPHER_FINAL (reinit)";
3716 goto err;
3717 }
3718 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3719 errmsg = "WRONG_RESULT (reinit)";
3720 goto err;
3721 }
3722 testresult = 1;
3723 err:
3724 if (errmsg != NULL)
3725 TEST_info("test_evp_reset %d: %s", idx, errmsg);
3726 EVP_CIPHER_CTX_free(ctx);
3727 EVP_CIPHER_free(type);
3728 return testresult;
3729 }
3730
3731 typedef struct {
3732 const char *cipher;
3733 int enc;
3734 } EVP_UPDATED_IV_TEST_st;
3735
3736 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
3737 {
3738 "aes-128-cfb", 1
3739 },
3740 {
3741 "aes-128-cfb", 0
3742 },
3743 {
3744 "aes-128-cfb1", 1
3745 },
3746 {
3747 "aes-128-cfb1", 0
3748 },
3749 {
3750 "aes-128-cfb8", 1
3751 },
3752 {
3753 "aes-128-cfb8", 0
3754 },
3755 {
3756 "aes-128-ofb", 1
3757 },
3758 {
3759 "aes-128-ofb", 0
3760 },
3761 {
3762 "aes-128-ctr", 1
3763 },
3764 {
3765 "aes-128-ctr", 0
3766 },
3767 {
3768 "aes-128-cbc", 1
3769 },
3770 {
3771 "aes-128-cbc", 0
3772 }
3773 };
3774
3775 /*
3776 * Test that the IV in the context is updated during a crypto operation for CFB
3777 * and OFB.
3778 */
3779 static int test_evp_updated_iv(int idx)
3780 {
3781 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
3782 int outlen1, outlen2;
3783 int testresult = 0;
3784 unsigned char outbuf[1024];
3785 EVP_CIPHER_CTX *ctx = NULL;
3786 EVP_CIPHER *type = NULL;
3787 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
3788 int iv_len;
3789 char *errmsg = NULL;
3790
3791 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3792 errmsg = "CTX_ALLOC";
3793 goto err;
3794 }
3795 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
3796 TEST_info("cipher %s not supported, skipping", t->cipher);
3797 goto ok;
3798 }
3799
3800 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3801 errmsg = "CIPHER_INIT";
3802 goto err;
3803 }
3804 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3805 errmsg = "PADDING";
3806 goto err;
3807 }
3808 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
3809 errmsg = "CIPHER_UPDATE";
3810 goto err;
3811 }
3812 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
3813 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
3814 goto err;
3815 }
3816 if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) {
3817 errmsg = "CIPHER_CTX_GET_IV_LEN";
3818 goto err;
3819 }
3820 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
3821 errmsg = "IV_NOT_UPDATED";
3822 goto err;
3823 }
3824 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3825 errmsg = "CIPHER_FINAL";
3826 goto err;
3827 }
3828 ok:
3829 testresult = 1;
3830 err:
3831 if (errmsg != NULL)
3832 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
3833 EVP_CIPHER_CTX_free(ctx);
3834 EVP_CIPHER_free(type);
3835 return testresult;
3836 }
3837
3838 typedef struct {
3839 const unsigned char *iv1;
3840 const unsigned char *iv2;
3841 const unsigned char *expected1;
3842 const unsigned char *expected2;
3843 const unsigned char *tag1;
3844 const unsigned char *tag2;
3845 size_t ivlen1;
3846 size_t ivlen2;
3847 size_t expectedlen1;
3848 size_t expectedlen2;
3849 } TEST_GCM_IV_REINIT_st;
3850
3851 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
3852 {
3853 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
3854 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
3855 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
3856 },
3857 {
3858 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
3859 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
3860 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
3861 }
3862 };
3863
3864 static int test_gcm_reinit(int idx)
3865 {
3866 int outlen1, outlen2, outlen3;
3867 int testresult = 0;
3868 unsigned char outbuf[1024];
3869 unsigned char tag[16];
3870 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
3871 EVP_CIPHER_CTX *ctx = NULL;
3872 EVP_CIPHER *type = NULL;
3873 size_t taglen = sizeof(tag);
3874 char *errmsg = NULL;
3875
3876 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3877 errmsg = "CTX_ALLOC";
3878 goto err;
3879 }
3880 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
3881 errmsg = "CIPHER_FETCH";
3882 goto err;
3883 }
3884 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
3885 errmsg = "ENC_INIT";
3886 goto err;
3887 }
3888 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) {
3889 errmsg = "SET_IVLEN1";
3890 goto err;
3891 }
3892 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
3893 errmsg = "SET_IV1";
3894 goto err;
3895 }
3896 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3897 errmsg = "AAD1";
3898 goto err;
3899 }
3900 EVP_CIPHER_CTX_set_padding(ctx, 0);
3901 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3902 sizeof(gcmResetPlaintext)))) {
3903 errmsg = "CIPHER_UPDATE1";
3904 goto err;
3905 }
3906 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3907 errmsg = "CIPHER_FINAL1";
3908 goto err;
3909 }
3910 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
3911 errmsg = "WRONG_RESULT1";
3912 goto err;
3913 }
3914 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
3915 errmsg = "GET_TAG1";
3916 goto err;
3917 }
3918 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
3919 errmsg = "TAG_ERROR1";
3920 goto err;
3921 }
3922 /* Now reinit */
3923 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) {
3924 errmsg = "SET_IVLEN2";
3925 goto err;
3926 }
3927 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
3928 errmsg = "SET_IV2";
3929 goto err;
3930 }
3931 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3932 errmsg = "AAD2";
3933 goto err;
3934 }
3935 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3936 sizeof(gcmResetPlaintext)))) {
3937 errmsg = "CIPHER_UPDATE2";
3938 goto err;
3939 }
3940 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3941 errmsg = "CIPHER_FINAL2";
3942 goto err;
3943 }
3944 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
3945 errmsg = "WRONG_RESULT2";
3946 goto err;
3947 }
3948 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
3949 errmsg = "GET_TAG2";
3950 goto err;
3951 }
3952 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
3953 errmsg = "TAG_ERROR2";
3954 goto err;
3955 }
3956 testresult = 1;
3957 err:
3958 if (errmsg != NULL)
3959 TEST_info("evp_init_test %d: %s", idx, errmsg);
3960 EVP_CIPHER_CTX_free(ctx);
3961 EVP_CIPHER_free(type);
3962 return testresult;
3963 }
3964
3965 #ifndef OPENSSL_NO_DEPRECATED_3_0
3966 static EVP_PKEY_METHOD *custom_pmeth = NULL;
3967 static const EVP_PKEY_METHOD *orig_pmeth = NULL;
3968
3969 # define EVP_PKEY_CTRL_MY_COMMAND 9999
3970
3971 static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
3972 {
3973 int (*pinit)(EVP_PKEY_CTX *ctx);
3974
3975 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
3976 return pinit(ctx);
3977 }
3978
3979 static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
3980 {
3981 void (*pcleanup)(EVP_PKEY_CTX *ctx);
3982
3983 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
3984 pcleanup(ctx);
3985 }
3986
3987 static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
3988 size_t *outlen, const unsigned char *in,
3989 size_t inlen)
3990 {
3991 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
3992 const unsigned char *tbs, size_t tbslen);
3993
3994 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
3995 return psign(ctx, out, outlen, in, inlen);
3996 }
3997
3998 static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
3999 size_t *siglen, const unsigned char *tbs,
4000 size_t tbslen)
4001 {
4002 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
4003 const unsigned char *tbs, size_t tbslen);
4004
4005 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
4006 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
4007 }
4008
4009 static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
4010 size_t *keylen)
4011 {
4012 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
4013
4014 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
4015 return pderive(ctx, key, keylen);
4016 }
4017
4018 static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
4019 {
4020 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
4021
4022 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
4023 return pcopy(dst, src);
4024 }
4025
4026 static int ctrl_called;
4027
4028 static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
4029 {
4030 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
4031
4032 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
4033
4034 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
4035 ctrl_called = 1;
4036 return 1;
4037 }
4038
4039 return pctrl(ctx, type, p1, p2);
4040 }
4041
4042 static int test_custom_pmeth(int idx)
4043 {
4044 EVP_PKEY_CTX *pctx = NULL;
4045 EVP_MD_CTX *ctx = NULL;
4046 EVP_PKEY *pkey = NULL;
4047 int id, orig_id, orig_flags;
4048 int testresult = 0;
4049 size_t reslen;
4050 unsigned char *res = NULL;
4051 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
4052 const EVP_MD *md = EVP_sha256();
4053 int doderive = 0;
4054
4055 ctrl_called = 0;
4056
4057 /* We call deprecated APIs so this test doesn't support a custom libctx */
4058 if (testctx != NULL)
4059 return 1;
4060
4061 switch (idx) {
4062 case 0:
4063 case 6:
4064 id = EVP_PKEY_RSA;
4065 pkey = load_example_rsa_key();
4066 break;
4067 case 1:
4068 case 7:
4069 # ifndef OPENSSL_NO_DSA
4070 id = EVP_PKEY_DSA;
4071 pkey = load_example_dsa_key();
4072 break;
4073 # else
4074 return 1;
4075 # endif
4076 case 2:
4077 case 8:
4078 # ifndef OPENSSL_NO_EC
4079 id = EVP_PKEY_EC;
4080 pkey = load_example_ec_key();
4081 break;
4082 # else
4083 return 1;
4084 # endif
4085 case 3:
4086 case 9:
4087 # ifndef OPENSSL_NO_EC
4088 id = EVP_PKEY_ED25519;
4089 md = NULL;
4090 pkey = load_example_ed25519_key();
4091 break;
4092 # else
4093 return 1;
4094 # endif
4095 case 4:
4096 case 10:
4097 # ifndef OPENSSL_NO_DH
4098 id = EVP_PKEY_DH;
4099 doderive = 1;
4100 pkey = load_example_dh_key();
4101 break;
4102 # else
4103 return 1;
4104 # endif
4105 case 5:
4106 case 11:
4107 # ifndef OPENSSL_NO_EC
4108 id = EVP_PKEY_X25519;
4109 doderive = 1;
4110 pkey = load_example_x25519_key();
4111 break;
4112 # else
4113 return 1;
4114 # endif
4115 default:
4116 TEST_error("Should not happen");
4117 goto err;
4118 }
4119
4120 if (!TEST_ptr(pkey))
4121 goto err;
4122
4123 if (idx < 6) {
4124 if (!TEST_true(evp_pkey_is_provided(pkey)))
4125 goto err;
4126 } else {
4127 EVP_PKEY *tmp = pkey;
4128
4129 /* Convert to a legacy key */
4130 pkey = EVP_PKEY_new();
4131 if (!TEST_ptr(pkey)) {
4132 pkey = tmp;
4133 goto err;
4134 }
4135 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
4136 EVP_PKEY_free(tmp);
4137 goto err;
4138 }
4139 EVP_PKEY_free(tmp);
4140 if (!TEST_true(evp_pkey_is_legacy(pkey)))
4141 goto err;
4142 }
4143
4144 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
4145 || !TEST_ptr(pkey))
4146 goto err;
4147
4148 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
4149 if (!TEST_int_eq(orig_id, id)
4150 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
4151 goto err;
4152
4153 if (id == EVP_PKEY_ED25519) {
4154 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
4155 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
4156 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
4157 } else {
4158 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
4159 }
4160 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
4161 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
4162 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
4163 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
4164 }
4165 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
4166 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
4167 goto err;
4168
4169 if (doderive) {
4170 pctx = EVP_PKEY_CTX_new(pkey, NULL);
4171 if (!TEST_ptr(pctx)
4172 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
4173 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4174 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4175 1)
4176 || !TEST_int_eq(ctrl_called, 1)
4177 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
4178 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
4179 || !TEST_ptr(res = OPENSSL_malloc(reslen))
4180 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
4181 goto err;
4182 } else {
4183 ctx = EVP_MD_CTX_new();
4184 reslen = EVP_PKEY_size(pkey);
4185 res = OPENSSL_malloc(reslen);
4186 if (!TEST_ptr(ctx)
4187 || !TEST_ptr(res)
4188 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
4189 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4190 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4191 1)
4192 || !TEST_int_eq(ctrl_called, 1))
4193 goto err;
4194
4195 if (id == EVP_PKEY_ED25519) {
4196 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
4197 goto err;
4198 } else {
4199 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
4200 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
4201 goto err;
4202 }
4203 }
4204
4205 testresult = 1;
4206 err:
4207 OPENSSL_free(res);
4208 EVP_MD_CTX_free(ctx);
4209 if (doderive)
4210 EVP_PKEY_CTX_free(pctx);
4211 EVP_PKEY_free(pkey);
4212 EVP_PKEY_meth_remove(custom_pmeth);
4213 EVP_PKEY_meth_free(custom_pmeth);
4214 custom_pmeth = NULL;
4215 return testresult;
4216 }
4217
4218 static int test_evp_md_cipher_meth(void)
4219 {
4220 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
4221 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
4222 int testresult = 0;
4223
4224 if (!TEST_ptr(md) || !TEST_ptr(ciph))
4225 goto err;
4226
4227 testresult = 1;
4228
4229 err:
4230 EVP_MD_meth_free(md);
4231 EVP_CIPHER_meth_free(ciph);
4232
4233 return testresult;
4234 }
4235
4236 typedef struct {
4237 int data;
4238 } custom_dgst_ctx;
4239
4240 static int custom_md_init_called = 0;
4241 static int custom_md_cleanup_called = 0;
4242
4243 static int custom_md_init(EVP_MD_CTX *ctx)
4244 {
4245 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4246
4247 if (p == NULL)
4248 return 0;
4249
4250 custom_md_init_called++;
4251 return 1;
4252 }
4253
4254 static int custom_md_cleanup(EVP_MD_CTX *ctx)
4255 {
4256 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4257
4258 if (p == NULL)
4259 /* Nothing to do */
4260 return 1;
4261
4262 custom_md_cleanup_called++;
4263 return 1;
4264 }
4265
4266 static int test_custom_md_meth(void)
4267 {
4268 EVP_MD_CTX *mdctx = NULL;
4269 EVP_MD *tmp = NULL;
4270 char mess[] = "Test Message\n";
4271 unsigned char md_value[EVP_MAX_MD_SIZE];
4272 unsigned int md_len;
4273 int testresult = 0;
4274 int nid;
4275
4276 /*
4277 * We are testing deprecated functions. We don't support a non-default
4278 * library context in this test.
4279 */
4280 if (testctx != NULL)
4281 return 1;
4282
4283 custom_md_init_called = custom_md_cleanup_called = 0;
4284
4285 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
4286 if (!TEST_int_ne(nid, NID_undef))
4287 goto err;
4288 tmp = EVP_MD_meth_new(nid, NID_undef);
4289 if (!TEST_ptr(tmp))
4290 goto err;
4291
4292 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init))
4293 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup))
4294 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp,
4295 sizeof(custom_dgst_ctx))))
4296 goto err;
4297
4298 mdctx = EVP_MD_CTX_new();
4299 if (!TEST_ptr(mdctx)
4300 /*
4301 * Initing our custom md and then initing another md should
4302 * result in the init and cleanup functions of the custom md
4303 * from being called.
4304 */
4305 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL))
4306 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
4307 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess)))
4308 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len))
4309 || !TEST_int_eq(custom_md_init_called, 1)
4310 || !TEST_int_eq(custom_md_cleanup_called, 1))
4311 goto err;
4312
4313 testresult = 1;
4314 err:
4315 EVP_MD_CTX_free(mdctx);
4316 EVP_MD_meth_free(tmp);
4317 return testresult;
4318 }
4319
4320 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4321 /* Test we can create a signature keys with an associated ENGINE */
4322 static int test_signatures_with_engine(int tst)
4323 {
4324 ENGINE *e;
4325 const char *engine_id = "dasync";
4326 EVP_PKEY *pkey = NULL;
4327 const unsigned char badcmackey[] = { 0x00, 0x01 };
4328 const unsigned char cmackey[] = {
4329 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4330 0x0c, 0x0d, 0x0e, 0x0f
4331 };
4332 const unsigned char ed25519key[] = {
4333 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4334 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4335 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
4336 };
4337 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4338 int testresult = 0;
4339 EVP_MD_CTX *ctx = NULL;
4340 unsigned char *mac = NULL;
4341 size_t maclen = 0;
4342 int ret;
4343
4344 # ifdef OPENSSL_NO_CMAC
4345 /* Skip CMAC tests in a no-cmac build */
4346 if (tst <= 1)
4347 return 1;
4348 # endif
4349
4350 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4351 return 0;
4352
4353 if (!TEST_true(ENGINE_init(e))) {
4354 ENGINE_free(e);
4355 return 0;
4356 }
4357
4358 switch (tst) {
4359 case 0:
4360 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
4361 EVP_aes_128_cbc());
4362 break;
4363 case 1:
4364 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
4365 EVP_aes_128_cbc());
4366 break;
4367 case 2:
4368 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
4369 sizeof(ed25519key));
4370 break;
4371 default:
4372 TEST_error("Invalid test case");
4373 goto err;
4374 }
4375 if (!TEST_ptr(pkey))
4376 goto err;
4377
4378 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
4379 goto err;
4380
4381 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
4382 pkey);
4383 if (tst == 0) {
4384 if (!TEST_true(ret))
4385 goto err;
4386
4387 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
4388 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
4389 goto err;
4390
4391 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
4392 goto err;
4393
4394 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
4395 goto err;
4396 } else {
4397 /* We used a bad key. We expect a failure here */
4398 if (!TEST_false(ret))
4399 goto err;
4400 }
4401
4402 testresult = 1;
4403 err:
4404 EVP_MD_CTX_free(ctx);
4405 OPENSSL_free(mac);
4406 EVP_PKEY_free(pkey);
4407 ENGINE_finish(e);
4408 ENGINE_free(e);
4409
4410 return testresult;
4411 }
4412
4413 static int test_cipher_with_engine(void)
4414 {
4415 ENGINE *e;
4416 const char *engine_id = "dasync";
4417 const unsigned char keyiv[] = {
4418 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4419 0x0c, 0x0d, 0x0e, 0x0f
4420 };
4421 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4422 int testresult = 0;
4423 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
4424 unsigned char buf[AES_BLOCK_SIZE];
4425 int len = 0;
4426
4427 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4428 return 0;
4429
4430 if (!TEST_true(ENGINE_init(e))) {
4431 ENGINE_free(e);
4432 return 0;
4433 }
4434
4435 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4436 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
4437 goto err;
4438
4439 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
4440 goto err;
4441
4442 /* Copy the ctx, and complete the operation with the new ctx */
4443 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
4444 goto err;
4445
4446 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
4447 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
4448 goto err;
4449
4450 testresult = 1;
4451 err:
4452 EVP_CIPHER_CTX_free(ctx);
4453 EVP_CIPHER_CTX_free(ctx2);
4454 ENGINE_finish(e);
4455 ENGINE_free(e);
4456
4457 return testresult;
4458 }
4459 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
4460 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
4461
4462 static int ecxnids[] = {
4463 NID_X25519,
4464 NID_X448,
4465 NID_ED25519,
4466 NID_ED448
4467 };
4468
4469 /* Test that creating ECX keys with a short private key fails as expected */
4470 static int test_ecx_short_keys(int tst)
4471 {
4472 unsigned char ecxkeydata = 1;
4473 EVP_PKEY *pkey;
4474
4475
4476 pkey = EVP_PKEY_new_raw_private_key(ecxnids[tst], NULL, &ecxkeydata, 1);
4477 if (!TEST_ptr_null(pkey)) {
4478 EVP_PKEY_free(pkey);
4479 return 0;
4480 }
4481 return 1;
4482 }
4483
4484 typedef enum OPTION_choice {
4485 OPT_ERR = -1,
4486 OPT_EOF = 0,
4487 OPT_CONTEXT,
4488 OPT_TEST_ENUM
4489 } OPTION_CHOICE;
4490
4491 const OPTIONS *test_get_options(void)
4492 {
4493 static const OPTIONS options[] = {
4494 OPT_TEST_OPTIONS_DEFAULT_USAGE,
4495 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
4496 { NULL }
4497 };
4498 return options;
4499 }
4500
4501 int setup_tests(void)
4502 {
4503 OPTION_CHOICE o;
4504
4505 while ((o = opt_next()) != OPT_EOF) {
4506 switch (o) {
4507 case OPT_CONTEXT:
4508 /* Set up an alternate library context */
4509 testctx = OSSL_LIB_CTX_new();
4510 if (!TEST_ptr(testctx))
4511 return 0;
4512 /* Swap the libctx to test non-default context only */
4513 nullprov = OSSL_PROVIDER_load(NULL, "null");
4514 deflprov = OSSL_PROVIDER_load(testctx, "default");
4515 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
4516 break;
4517 case OPT_TEST_CASES:
4518 break;
4519 default:
4520 return 0;
4521 }
4522 }
4523
4524 ADD_TEST(test_EVP_set_default_properties);
4525 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
4526 ADD_TEST(test_EVP_DigestVerifyInit);
4527 #ifndef OPENSSL_NO_SIPHASH
4528 ADD_TEST(test_siphash_digestsign);
4529 #endif
4530 ADD_TEST(test_EVP_Digest);
4531 ADD_TEST(test_EVP_md_null);
4532 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
4533 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
4534 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
4535 ADD_TEST(test_privatekey_to_pkcs8);
4536 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
4537 #ifndef OPENSSL_NO_EC
4538 ADD_TEST(test_EVP_PKCS82PKEY);
4539 #endif
4540 #ifndef OPENSSL_NO_EC
4541 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
4542 #endif
4543 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
4544 ADD_TEST(test_EVP_SM2);
4545 ADD_TEST(test_EVP_SM2_verify);
4546 #endif
4547 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
4548 #ifndef OPENSSL_NO_DEPRECATED_3_0
4549 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
4550 if (!TEST_ptr(custom_pmeth))
4551 return 0;
4552 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
4553 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
4554 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
4555 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
4556 return 0;
4557 #endif
4558 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
4559 #ifndef OPENSSL_NO_CMAC
4560 ADD_TEST(test_CMAC_keygen);
4561 #endif
4562 ADD_TEST(test_HKDF);
4563 ADD_TEST(test_emptyikm_HKDF);
4564 #ifndef OPENSSL_NO_EC
4565 ADD_TEST(test_X509_PUBKEY_inplace);
4566 ADD_TEST(test_X509_PUBKEY_dup);
4567 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
4568 OSSL_NELEM(ec_der_pub_keys));
4569 #endif
4570 #ifndef OPENSSL_NO_DSA
4571 ADD_TEST(test_DSA_get_set_params);
4572 ADD_TEST(test_DSA_priv_pub);
4573 #endif
4574 ADD_TEST(test_RSA_get_set_params);
4575 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
4576 ADD_TEST(test_decrypt_null_chunks);
4577 #endif
4578 #ifndef OPENSSL_NO_DH
4579 ADD_TEST(test_DH_priv_pub);
4580 # ifndef OPENSSL_NO_DEPRECATED_3_0
4581 ADD_TEST(test_EVP_PKEY_set1_DH);
4582 # endif
4583 #endif
4584 #ifndef OPENSSL_NO_EC
4585 ADD_TEST(test_EC_priv_pub);
4586 # ifndef OPENSSL_NO_DEPRECATED_3_0
4587 ADD_TEST(test_EC_priv_only_legacy);
4588 # endif
4589 #endif
4590 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
4591 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
4592
4593 ADD_TEST(test_rand_agglomeration);
4594 ADD_ALL_TESTS(test_evp_iv_aes, 12);
4595 #ifndef OPENSSL_NO_DES
4596 ADD_ALL_TESTS(test_evp_iv_des, 6);
4597 #endif
4598 #ifndef OPENSSL_NO_BF
4599 ADD_ALL_TESTS(test_evp_bf_default_keylen, 4);
4600 #endif
4601 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
4602 ADD_TEST(test_EVP_rsa_pss_set_saltlen);
4603 #ifndef OPENSSL_NO_EC
4604 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
4605 #endif
4606
4607 ADD_TEST(test_names_do_all);
4608
4609 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
4610 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
4611 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
4612 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
4613
4614 #ifndef OPENSSL_NO_DEPRECATED_3_0
4615 ADD_ALL_TESTS(test_custom_pmeth, 12);
4616 ADD_TEST(test_evp_md_cipher_meth);
4617 ADD_TEST(test_custom_md_meth);
4618
4619 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4620 /* Tests only support the default libctx */
4621 if (testctx == NULL) {
4622 # ifndef OPENSSL_NO_EC
4623 ADD_ALL_TESTS(test_signatures_with_engine, 3);
4624 # else
4625 ADD_ALL_TESTS(test_signatures_with_engine, 2);
4626 # endif
4627 ADD_TEST(test_cipher_with_engine);
4628 }
4629 # endif
4630 #endif
4631
4632 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
4633
4634 return 1;
4635 }
4636
4637 void cleanup_tests(void)
4638 {
4639 OSSL_PROVIDER_unload(nullprov);
4640 OSSL_PROVIDER_unload(deflprov);
4641 OSSL_PROVIDER_unload(lgcyprov);
4642 OSSL_LIB_CTX_free(testctx);
4643 }
A mirror of the official openssl repository