]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/evp_extra_test.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Deprecate RSA harder
[thirdparty/openssl.git] / test / evp_extra_test.c
1 /*
2 * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include "testutil.h"
33 #include "internal/nelem.h"
34 #include "internal/sizes.h"
35 #include "crypto/evp.h"
36 #include "../e_os.h" /* strcasecmp */
37
38 static OSSL_LIB_CTX *testctx = NULL;
39
40 /*
41 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
42 * should never use this key anywhere but in an example.
43 */
44 static const unsigned char kExampleRSAKeyDER[] = {
45 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
46 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
47 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
48 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
49 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
50 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
51 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
52 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
53 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
54 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
55 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
56 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
57 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
58 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
59 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
60 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
61 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
62 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
63 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
64 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
65 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
66 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
67 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
68 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
69 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
70 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
71 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
72 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
73 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
74 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
75 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
76 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
77 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
78 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
79 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
80 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
81 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
82 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
83 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
84 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
85 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
86 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
87 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
88 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
89 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
90 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
91 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
92 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
93 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
94 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
95 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
96 };
97
98 /*
99 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
100 * should never use this key anywhere but in an example.
101 */
102 #ifndef OPENSSL_NO_DSA
103 static const unsigned char kExampleDSAKeyDER[] = {
104 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
105 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
106 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
107 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
108 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
109 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
110 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
111 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
112 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
113 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
114 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
115 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
116 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
117 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
118 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
119 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
120 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
121 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
122 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
123 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
124 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
125 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
126 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
127 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
128 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
129 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
130 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
131 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
132 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
133 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
134 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
135 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
136 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
137 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
138 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
139 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
140 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
141 0x40, 0x48
142 };
143 #endif
144
145 /*
146 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
147 * components are not correct.
148 */
149 static const unsigned char kExampleBadRSAKeyDER[] = {
150 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
151 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
152 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
153 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
154 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
155 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
156 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
157 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
158 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
159 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
160 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
161 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
162 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
163 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
164 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
165 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
166 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
167 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
168 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
169 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
170 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
171 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
172 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
173 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
174 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
175 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
176 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
177 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
178 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
179 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
180 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
181 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
182 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
183 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
184 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
185 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
186 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
187 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
188 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
189 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
190 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
191 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
192 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
193 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
194 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
195 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
196 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
197 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
198 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
199 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
200 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
201 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
202 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
203 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
204 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
205 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
206 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
207 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
208 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
209 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
210 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
211 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
212 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
213 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
214 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
215 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
216 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
217 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
218 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
219 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
220 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
221 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
222 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
223 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
224 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
225 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
226 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
227 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
228 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
229 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
230 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
231 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
232 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
233 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
234 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
235 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
236 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
237 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
238 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
239 };
240
241 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
242
243 static const unsigned char kSignature[] = {
244 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
245 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
246 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
247 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
248 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
249 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
250 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
251 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
252 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
253 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
254 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
255 };
256
257 /*
258 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
259 * PrivateKeyInfo.
260 */
261 static const unsigned char kExampleRSAKeyPKCS8[] = {
262 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
263 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
264 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
265 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
266 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
267 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
268 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
269 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
270 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
271 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
272 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
273 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
274 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
275 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
276 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
277 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
278 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
279 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
280 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
281 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
282 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
283 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
284 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
285 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
286 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
287 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
288 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
289 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
290 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
291 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
292 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
293 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
294 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
295 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
296 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
297 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
298 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
299 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
300 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
301 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
302 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
303 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
304 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
305 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
306 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
307 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
308 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
309 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
310 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
311 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
312 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
313 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
314 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
315 };
316
317 #ifndef OPENSSL_NO_EC
318 /*
319 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
320 * structure.
321 */
322 static const unsigned char kExampleECKeyDER[] = {
323 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
324 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
325 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
326 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
327 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
328 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
329 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
330 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
331 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
332 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
333 0xc1,
334 };
335
336 /*
337 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
338 * structure. The private key is equal to the order and will fail to import
339 */
340 static const unsigned char kExampleBadECKeyDER[] = {
341 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
342 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
343 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
344 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
345 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
346 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
347 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
348 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
349 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
350 };
351
352 /* prime256v1 */
353 static const unsigned char kExampleECPubKeyDER[] = {
354 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
355 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
356 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
357 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
358 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
359 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
360 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
361 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
362 };
363
364 /*
365 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
366 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
367 */
368 static const unsigned char kExampleBadECPubKeyDER[] = {
369 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
370 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
371 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
372 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
373 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
374 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
375 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
376 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
377 };
378
379 static const unsigned char pExampleECParamDER[] = {
380 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
381 };
382 #endif
383
384 typedef struct APK_DATA_st {
385 const unsigned char *kder;
386 size_t size;
387 int evptype;
388 int check;
389 int pub_check;
390 int param_check;
391 int type; /* 0 for private, 1 for public, 2 for params */
392 } APK_DATA;
393
394 static APK_DATA keydata[] = {
395 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA},
396 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA},
397 #ifndef OPENSSL_NO_EC
398 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}
399 #endif
400 };
401
402 static APK_DATA keycheckdata[] = {
403 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, 1, 1, 0},
404 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA,
405 0, 1, 1, 0},
406 #ifndef OPENSSL_NO_EC
407 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0},
408 /* group is also associated in our pub key */
409 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1},
410 {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2}
411 #endif
412 };
413
414 static EVP_PKEY *load_example_key(const char *keytype,
415 const unsigned char *data, size_t data_len)
416 {
417 const unsigned char **pdata = &data;
418 EVP_PKEY *pkey = NULL;
419 OSSL_DECODER_CTX *dctx =
420 OSSL_DECODER_CTX_new_by_EVP_PKEY(&pkey, "DER", NULL, keytype, 0,
421 testctx, NULL);
422
423 /* |pkey| will be NULL on error */
424 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
425 OSSL_DECODER_CTX_free(dctx);
426 return pkey;
427 }
428
429 static EVP_PKEY *load_example_rsa_key(void)
430 {
431 return load_example_key("RSA", kExampleRSAKeyDER,
432 sizeof(kExampleRSAKeyDER));
433 }
434
435 #ifndef OPENSSL_NO_DSA
436 static EVP_PKEY *load_example_dsa_key(void)
437 {
438 EVP_PKEY *ret = NULL;
439 const unsigned char *derp = kExampleDSAKeyDER;
440 EVP_PKEY *pkey = NULL;
441 DSA *dsa = NULL;
442
443 if (!TEST_true(d2i_DSAPrivateKey(&dsa, &derp, sizeof(kExampleDSAKeyDER))))
444 return NULL;
445
446 if (!TEST_ptr(pkey = EVP_PKEY_new())
447 || !TEST_true(EVP_PKEY_set1_DSA(pkey, dsa)))
448 goto end;
449
450 ret = pkey;
451 pkey = NULL;
452
453 end:
454 EVP_PKEY_free(pkey);
455 DSA_free(dsa);
456
457 return ret;
458 }
459 #endif
460
461 static EVP_PKEY *load_example_hmac_key(void)
462 {
463 EVP_PKEY *pkey = NULL;
464 unsigned char key[] = {
465 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
466 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
467 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
468 };
469
470 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, key, sizeof(key));
471 if (!TEST_ptr(pkey))
472 return NULL;
473
474 return pkey;
475 }
476
477 static int test_EVP_set_default_properties(void)
478 {
479 OSSL_LIB_CTX *ctx;
480 EVP_MD *md = NULL;
481 int res = 0;
482
483 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
484 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
485 goto err;
486 EVP_MD_free(md);
487 md = NULL;
488
489 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
490 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
491 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
492 goto err;
493 EVP_MD_free(md);
494 md = NULL;
495
496 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
497 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
498 goto err;
499 res = 1;
500 err:
501 EVP_MD_free(md);
502 OSSL_LIB_CTX_free(ctx);
503 return res;
504 }
505
506 static int test_EVP_Enveloped(void)
507 {
508 int ret = 0;
509 EVP_CIPHER_CTX *ctx = NULL;
510 EVP_PKEY *keypair = NULL;
511 unsigned char *kek = NULL;
512 unsigned char iv[EVP_MAX_IV_LENGTH];
513 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
514 int len, kek_len, ciphertext_len, plaintext_len;
515 unsigned char ciphertext[32], plaintext[16];
516 const EVP_CIPHER *type = EVP_aes_256_cbc();
517
518 if (!TEST_ptr(keypair = load_example_rsa_key())
519 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
520 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
521 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
522 &keypair, 1))
523 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
524 msg, sizeof(msg)))
525 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
526 &len)))
527 goto err;
528
529 ciphertext_len += len;
530
531 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
532 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
533 ciphertext, ciphertext_len))
534 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
535 goto err;
536
537 plaintext_len += len;
538 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
539 goto err;
540
541 ret = 1;
542 err:
543 OPENSSL_free(kek);
544 EVP_PKEY_free(keypair);
545 EVP_CIPHER_CTX_free(ctx);
546 return ret;
547 }
548
549 /*
550 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
551 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
552 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
553 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
554 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
555 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
556 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
557 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
558 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
559 */
560 static int test_EVP_DigestSignInit(int tst)
561 {
562 int ret = 0;
563 EVP_PKEY *pkey = NULL;
564 unsigned char *sig = NULL;
565 size_t sig_len = 0;
566 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
567 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
568 BIO *mdbio = NULL, *membio = NULL;
569 size_t written;
570 const EVP_MD *md;
571 EVP_MD *mdexp = NULL;
572
573 if (tst >= 6) {
574 membio = BIO_new(BIO_s_mem());
575 mdbio = BIO_new(BIO_f_md());
576 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
577 goto out;
578 BIO_push(mdbio, membio);
579 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
580 goto out;
581 } else {
582 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
583 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
584 goto out;
585 }
586
587 if (tst == 0 || tst == 3 || tst == 6) {
588 if (!TEST_ptr(pkey = load_example_rsa_key()))
589 goto out;
590 } else if (tst == 1 || tst == 4 || tst == 7) {
591 #ifndef OPENSSL_NO_DSA
592 if (!TEST_ptr(pkey = load_example_dsa_key()))
593 goto out;
594 #else
595 ret = 1;
596 goto out;
597 #endif
598 } else {
599 if (!TEST_ptr(pkey = load_example_hmac_key()))
600 goto out;
601 }
602
603 if (tst >= 3 && tst <= 5)
604 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
605 else
606 md = EVP_sha256();
607
608 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
609 goto out;
610
611 if (tst >= 6) {
612 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
613 goto out;
614 } else {
615 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
616 goto out;
617 }
618
619 /* Determine the size of the signature. */
620 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
621 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
622 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
623 goto out;
624
625 if (tst >= 6) {
626 if (!TEST_int_gt(BIO_reset(mdbio), 0)
627 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
628 goto out;
629 }
630
631 /*
632 * Ensure that the signature round-trips (Verification isn't supported for
633 * HMAC via EVP_DigestVerify*)
634 */
635 if (tst != 2 && tst != 5 && tst != 8) {
636 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
637 NULL, pkey)))
638 goto out;
639
640 if (tst >= 6) {
641 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
642 goto out;
643 } else {
644 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
645 sizeof(kMsg))))
646 goto out;
647 }
648 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
649 goto out;
650 }
651
652 ret = 1;
653
654 out:
655 BIO_free(membio);
656 BIO_free(mdbio);
657 EVP_MD_CTX_free(a_md_ctx);
658 EVP_MD_CTX_free(a_md_ctx_verify);
659 EVP_PKEY_free(pkey);
660 OPENSSL_free(sig);
661 EVP_MD_free(mdexp);
662
663 return ret;
664 }
665
666 static int test_EVP_DigestVerifyInit(void)
667 {
668 int ret = 0;
669 EVP_PKEY *pkey = NULL;
670 EVP_MD_CTX *md_ctx = NULL;
671
672 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
673 || !TEST_ptr(pkey = load_example_rsa_key()))
674 goto out;
675
676 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
677 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
678 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
679 sizeof(kSignature))))
680 goto out;
681 ret = 1;
682
683 out:
684 EVP_MD_CTX_free(md_ctx);
685 EVP_PKEY_free(pkey);
686 return ret;
687 }
688
689 static int test_d2i_AutoPrivateKey(int i)
690 {
691 int ret = 0;
692 const unsigned char *p;
693 EVP_PKEY *pkey = NULL;
694 const APK_DATA *ak = &keydata[i];
695 const unsigned char *input = ak->kder;
696 size_t input_len = ak->size;
697 int expected_id = ak->evptype;
698
699 p = input;
700 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
701 || !TEST_ptr_eq(p, input + input_len)
702 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
703 goto done;
704
705 ret = 1;
706
707 done:
708 EVP_PKEY_free(pkey);
709 return ret;
710 }
711
712 #ifndef OPENSSL_NO_EC
713
714 static const unsigned char ec_public_sect163k1_validxy[] = {
715 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
716 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
717 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
718 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
719 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
720 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
721 };
722
723 static const unsigned char ec_public_sect163k1_badx[] = {
724 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
725 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
726 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
727 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
728 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
729 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
730 };
731
732 static const unsigned char ec_public_sect163k1_bady[] = {
733 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
734 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
735 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
736 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
737 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
738 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
739 };
740
741 static struct ec_der_pub_keys_st {
742 const unsigned char *der;
743 size_t len;
744 int valid;
745 } ec_der_pub_keys[] = {
746 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
747 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
748 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
749 };
750
751 /*
752 * Tests the range of the decoded EC char2 public point.
753 * See ec_GF2m_simple_oct2point().
754 */
755 static int test_invalide_ec_char2_pub_range_decode(int id)
756 {
757 int ret = 0;
758 BIO *bio = NULL;
759 EC_KEY *eckey = NULL;
760
761 if (!TEST_ptr(bio = BIO_new_mem_buf(ec_der_pub_keys[id].der,
762 ec_der_pub_keys[id].len)))
763 goto err;
764 eckey = d2i_EC_PUBKEY_bio(bio, NULL);
765 ret = (ec_der_pub_keys[id].valid && TEST_ptr(eckey))
766 || TEST_ptr_null(eckey);
767 err:
768 EC_KEY_free(eckey);
769 BIO_free(bio);
770 return ret;
771 }
772
773 /* Tests loading a bad key in PKCS8 format */
774 static int test_EVP_PKCS82PKEY(void)
775 {
776 int ret = 0;
777 const unsigned char *derp = kExampleBadECKeyDER;
778 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
779 EVP_PKEY *pkey = NULL;
780
781 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
782 sizeof(kExampleBadECKeyDER))))
783 goto done;
784
785 if (!TEST_ptr_eq(derp,
786 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
787 goto done;
788
789 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
790 goto done;
791
792 ret = 1;
793
794 done:
795 PKCS8_PRIV_KEY_INFO_free(p8inf);
796 EVP_PKEY_free(pkey);
797
798 return ret;
799 }
800 #endif
801
802 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
803 static int test_privatekey_to_pkcs8(void)
804 {
805 EVP_PKEY *pkey = NULL;
806 BIO *membio = NULL;
807 char *membuf = NULL;
808 long membuf_len = 0;
809 int ok = 0;
810
811 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
812 || !TEST_ptr(pkey = load_example_rsa_key())
813 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
814 NULL, 0, NULL, NULL),
815 0)
816 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
817 || !TEST_ptr(membuf)
818 || !TEST_mem_eq(membuf, (size_t)membuf_len,
819 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
820 /*
821 * We try to write PEM as well, just to see that it doesn't err, but
822 * assume that the result is correct.
823 */
824 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
825 NULL, 0, NULL, NULL),
826 0))
827 goto done;
828
829 ok = 1;
830 done:
831 EVP_PKEY_free(pkey);
832 BIO_free_all(membio);
833 return ok;
834 }
835
836 #ifndef OPENSSL_NO_EC
837 static const struct {
838 int encoding;
839 const char *encoding_name;
840 } ec_encodings[] = {
841 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
842 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
843 };
844
845 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
846 {
847 const OSSL_PARAM *p;
848 const char *enc_name = NULL;
849 int *enc = arg;
850 size_t i;
851
852 *enc = -1;
853
854 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
855 OSSL_PKEY_PARAM_EC_ENCODING))
856 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
857 return 0;
858
859 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
860 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
861 *enc = ec_encodings[i].encoding;
862 break;
863 }
864 }
865
866 return (*enc != -1);
867 }
868
869 static int test_EC_keygen_with_enc(int idx)
870 {
871 EVP_PKEY *params = NULL, *key = NULL;
872 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
873 int enc;
874 int ret = 0;
875
876 enc = ec_encodings[idx].encoding;
877
878 /* Create key parameters */
879 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
880 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
881 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
882 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
883 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
884 || !TEST_ptr(params))
885 goto done;
886
887 /* Create key */
888 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
889 || !TEST_true(EVP_PKEY_keygen_init(kctx))
890 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
891 || !TEST_ptr(key))
892 goto done;
893
894 /* Check that the encoding got all the way into the key */
895 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
896 ec_export_get_encoding_cb, &enc))
897 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
898 goto done;
899
900 ret = 1;
901 done:
902 EVP_PKEY_free(key);
903 EVP_PKEY_free(params);
904 EVP_PKEY_CTX_free(kctx);
905 EVP_PKEY_CTX_free(pctx);
906 return ret;
907 }
908 #endif
909
910 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
911
912 static int test_EVP_SM2_verify(void)
913 {
914 const char *pubkey =
915 "-----BEGIN PUBLIC KEY-----\n"
916 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
917 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
918 "-----END PUBLIC KEY-----\n";
919
920 const char *msg = "message digest";
921 const char *id = "ALICE123@YAHOO.COM";
922
923 const uint8_t signature[] = {
924 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
925 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
926 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
927 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
928 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
929 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
930 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
931 };
932
933 int rc = 0;
934 BIO *bio = NULL;
935 EVP_PKEY *pkey = NULL;
936 EVP_MD_CTX *mctx = NULL;
937 EVP_PKEY_CTX *pctx = NULL;
938
939 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
940 if (!TEST_true(bio != NULL))
941 goto done;
942
943 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
944 if (!TEST_true(pkey != NULL))
945 goto done;
946
947 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
948 goto done;
949
950 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
951 goto done;
952
953 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)))
954 goto done;
955
956 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
957
958 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey)))
959 goto done;
960
961 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
962 goto done;
963
964 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
965 goto done;
966
967 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
968 goto done;
969 rc = 1;
970
971 done:
972 BIO_free(bio);
973 EVP_PKEY_free(pkey);
974 EVP_PKEY_CTX_free(pctx);
975 EVP_MD_CTX_free(mctx);
976 return rc;
977 }
978
979 static int test_EVP_SM2(void)
980 {
981 int ret = 0;
982 EVP_PKEY *pkey = NULL;
983 EVP_PKEY *pkeyparams = NULL;
984 EVP_PKEY_CTX *pctx = NULL;
985 EVP_PKEY_CTX *kctx = NULL;
986 EVP_PKEY_CTX *sctx = NULL;
987 size_t sig_len = 0;
988 unsigned char *sig = NULL;
989 EVP_MD_CTX *md_ctx = NULL;
990 EVP_MD_CTX *md_ctx_verify = NULL;
991 EVP_PKEY_CTX *cctx = NULL;
992
993 uint8_t ciphertext[128];
994 size_t ctext_len = sizeof(ciphertext);
995
996 uint8_t plaintext[8];
997 size_t ptext_len = sizeof(plaintext);
998
999 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1000
1001 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1002 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1003 int i;
1004 char mdname[20];
1005
1006 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SM2, NULL);
1007 if (!TEST_ptr(pctx))
1008 goto done;
1009
1010 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1011 goto done;
1012
1013 /* TODO is this even needed? */
1014 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1015 goto done;
1016
1017 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1018 goto done;
1019
1020 kctx = EVP_PKEY_CTX_new(pkeyparams, NULL);
1021 if (!TEST_ptr(kctx))
1022 goto done;
1023
1024 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1025 goto done;
1026
1027 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1028 goto done;
1029
1030 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1031 goto done;
1032
1033 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1034 goto done;
1035
1036 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL)))
1037 goto done;
1038
1039 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1040 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1041
1042 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey)))
1043 goto done;
1044
1045 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1046 goto done;
1047
1048 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1049 goto done;
1050
1051 /* Determine the size of the signature. */
1052 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1053 goto done;
1054
1055 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1056 goto done;
1057
1058 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1059 goto done;
1060
1061 /* Ensure that the signature round-trips. */
1062
1063 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey)))
1064 goto done;
1065
1066 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1067 goto done;
1068
1069 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1070 goto done;
1071
1072 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1073 goto done;
1074
1075 /* now check encryption/decryption */
1076
1077 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1078 mdname, sizeof(mdname));
1079 for (i = 0; i < 2; i++) {
1080 EVP_PKEY_CTX_free(cctx);
1081
1082 sparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1083 i == 0 ? "SM3" : "SHA2-256",
1084 0);
1085
1086 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
1087 goto done;
1088
1089 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1090 goto done;
1091
1092 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1093 goto done;
1094
1095 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1096 sizeof(kMsg))))
1097 goto done;
1098
1099 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1100 goto done;
1101
1102 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1103 goto done;
1104
1105 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1106 ctext_len)))
1107 goto done;
1108
1109 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1110 goto done;
1111
1112 /* Test we're still using the digest we think we are */
1113 if (i == 0 && !TEST_int_eq(strcmp(mdname, "SM3"), 0))
1114 goto done;
1115 if (i == 1 && !TEST_int_eq(strcmp(mdname, "SHA2-256"), 0))
1116 goto done;
1117
1118 if (!TEST_true(ptext_len == sizeof(kMsg)))
1119 goto done;
1120
1121 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1122 goto done;
1123 }
1124
1125 ret = 1;
1126 done:
1127 EVP_PKEY_CTX_free(pctx);
1128 EVP_PKEY_CTX_free(kctx);
1129 EVP_PKEY_CTX_free(sctx);
1130 EVP_PKEY_CTX_free(cctx);
1131 EVP_PKEY_free(pkey);
1132 EVP_PKEY_free(pkeyparams);
1133 EVP_MD_CTX_free(md_ctx);
1134 EVP_MD_CTX_free(md_ctx_verify);
1135 OPENSSL_free(sig);
1136 return ret;
1137 }
1138
1139 #endif
1140
1141 static struct keys_st {
1142 int type;
1143 char *priv;
1144 char *pub;
1145 } keys[] = {
1146 {
1147 EVP_PKEY_HMAC, "0123456789", NULL
1148 }, {
1149 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1150 }, {
1151 EVP_PKEY_SIPHASH, "0123456789012345", NULL
1152 },
1153 #ifndef OPENSSL_NO_EC
1154 {
1155 EVP_PKEY_X25519, "01234567890123456789012345678901",
1156 "abcdefghijklmnopqrstuvwxyzabcdef"
1157 }, {
1158 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1159 "abcdefghijklmnopqrstuvwxyzabcdef"
1160 }, {
1161 EVP_PKEY_X448,
1162 "01234567890123456789012345678901234567890123456789012345",
1163 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1164 }, {
1165 EVP_PKEY_ED448,
1166 "012345678901234567890123456789012345678901234567890123456",
1167 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1168 }
1169 #endif
1170 };
1171
1172 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
1173 {
1174 int ret = 0;
1175 unsigned char buf[80];
1176 unsigned char *in;
1177 size_t inlen, len = 0;
1178 EVP_PKEY *pkey;
1179
1180 /* Check if this algorithm supports public keys */
1181 if (keys[tst].pub == NULL)
1182 return 1;
1183
1184 memset(buf, 0, sizeof(buf));
1185
1186 if (pub) {
1187 inlen = strlen(keys[tst].pub);
1188 in = (unsigned char *)keys[tst].pub;
1189 if (uselibctx) {
1190 pkey = EVP_PKEY_new_raw_public_key_ex(
1191 testctx,
1192 OBJ_nid2sn(keys[tst].type),
1193 NULL,
1194 in,
1195 inlen);
1196 } else {
1197 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1198 NULL,
1199 in,
1200 inlen);
1201 }
1202 } else {
1203 inlen = strlen(keys[tst].priv);
1204 in = (unsigned char *)keys[tst].priv;
1205 if (uselibctx) {
1206 pkey = EVP_PKEY_new_raw_private_key_ex(
1207 testctx, OBJ_nid2sn(keys[tst].type),
1208 NULL,
1209 in,
1210 inlen);
1211 } else {
1212 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1213 NULL,
1214 in,
1215 inlen);
1216 }
1217 }
1218
1219 if (!TEST_ptr(pkey)
1220 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1221 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1222 || !TEST_true(len == inlen)
1223 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1224 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1225 || !TEST_mem_eq(in, inlen, buf, len))
1226 goto done;
1227
1228 ret = 1;
1229 done:
1230 EVP_PKEY_free(pkey);
1231 return ret;
1232 }
1233
1234 static int test_set_get_raw_keys(int tst)
1235 {
1236 return test_set_get_raw_keys_int(tst, 0, 0)
1237 && test_set_get_raw_keys_int(tst, 0, 1)
1238 && test_set_get_raw_keys_int(tst, 1, 0)
1239 && test_set_get_raw_keys_int(tst, 1, 1);
1240 }
1241
1242 #ifndef OPENSSL_NO_DEPRECATED_3_0
1243 static int pkey_custom_check(EVP_PKEY *pkey)
1244 {
1245 return 0xbeef;
1246 }
1247
1248 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1249 {
1250 return 0xbeef;
1251 }
1252
1253 static int pkey_custom_param_check(EVP_PKEY *pkey)
1254 {
1255 return 0xbeef;
1256 }
1257
1258 static EVP_PKEY_METHOD *custom_pmeth;
1259 #endif
1260
1261 static int test_EVP_PKEY_check(int i)
1262 {
1263 int ret = 0;
1264 const unsigned char *p;
1265 EVP_PKEY *pkey = NULL;
1266 #ifndef OPENSSL_NO_EC
1267 EC_KEY *eckey = NULL;
1268 #endif
1269 EVP_PKEY_CTX *ctx = NULL;
1270 #ifndef OPENSSL_NO_DEPRECATED_3_0
1271 EVP_PKEY_CTX *ctx2 = NULL;
1272 #endif
1273 const APK_DATA *ak = &keycheckdata[i];
1274 const unsigned char *input = ak->kder;
1275 size_t input_len = ak->size;
1276 int expected_id = ak->evptype;
1277 int expected_check = ak->check;
1278 int expected_pub_check = ak->pub_check;
1279 int expected_param_check = ak->param_check;
1280 int type = ak->type;
1281 BIO *pubkey = NULL;
1282
1283 p = input;
1284
1285 switch (type) {
1286 case 0:
1287 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1288 || !TEST_ptr_eq(p, input + input_len)
1289 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1290 goto done;
1291 break;
1292 #ifndef OPENSSL_NO_EC
1293 case 1:
1294 if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len))
1295 || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL))
1296 || !TEST_ptr(pkey = EVP_PKEY_new())
1297 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1298 goto done;
1299 break;
1300 case 2:
1301 if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len))
1302 || !TEST_ptr_eq(p, input + input_len)
1303 || !TEST_ptr(pkey = EVP_PKEY_new())
1304 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1305 goto done;
1306 break;
1307 #endif
1308 default:
1309 return 0;
1310 }
1311
1312 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
1313 goto done;
1314
1315 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1316 goto done;
1317
1318 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1319 goto done;
1320
1321 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1322 goto done;
1323
1324 #ifndef OPENSSL_NO_DEPRECATED_3_0
1325 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1326 /* assign the pkey directly, as an internal test */
1327 EVP_PKEY_up_ref(pkey);
1328 ctx2->pkey = pkey;
1329
1330 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1331 goto done;
1332
1333 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1334 goto done;
1335
1336 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1337 goto done;
1338 #endif
1339
1340 ret = 1;
1341
1342 done:
1343 EVP_PKEY_CTX_free(ctx);
1344 #ifndef OPENSSL_NO_DEPRECATED_3_0
1345 EVP_PKEY_CTX_free(ctx2);
1346 #endif
1347 EVP_PKEY_free(pkey);
1348 BIO_free(pubkey);
1349 return ret;
1350 }
1351
1352 #ifndef OPENSSL_NO_CMAC
1353 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
1354 {
1355 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
1356 const char msg[] = "Hello World";
1357 size_t maclen;
1358 int ret = 1;
1359
1360 if (!TEST_ptr(mdctx)
1361 || !TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, pkey))
1362 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
1363 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
1364 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
1365 ret = 0;
1366
1367 EVP_MD_CTX_free(mdctx);
1368
1369 return ret;
1370 }
1371 static int test_CMAC_keygen(void)
1372 {
1373 static unsigned char key[] = {
1374 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1375 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1376 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1377 };
1378 /*
1379 * This is a legacy method for CMACs, but should still work.
1380 * This verifies that it works without an ENGINE.
1381 */
1382 EVP_PKEY_CTX *kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
1383 int ret = 0;
1384 EVP_PKEY *pkey = NULL;
1385 unsigned char mac[AES_BLOCK_SIZE], mac2[AES_BLOCK_SIZE];
1386
1387 /* Test a CMAC key created using the "generated" method */
1388 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1389 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1390 EVP_PKEY_CTRL_CIPHER,
1391 0, (void *)EVP_aes_256_ecb()), 0)
1392 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1393 EVP_PKEY_CTRL_SET_MAC_KEY,
1394 sizeof(key), (void *)key), 0)
1395 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
1396 || !TEST_ptr(pkey)
1397 || !TEST_true(get_cmac_val(pkey, mac)))
1398 goto done;
1399
1400 EVP_PKEY_free(pkey);
1401
1402 /*
1403 * Test a CMAC key using the direct method, and compare with the mac
1404 * created above.
1405 */
1406 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
1407 if (!TEST_ptr(pkey)
1408 || !TEST_true(get_cmac_val(pkey, mac2))
1409 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
1410 goto done;
1411
1412 ret = 1;
1413
1414 done:
1415 EVP_PKEY_free(pkey);
1416 EVP_PKEY_CTX_free(kctx);
1417 return ret;
1418 }
1419 #endif
1420
1421 static int test_HKDF(void)
1422 {
1423 EVP_PKEY_CTX *pctx;
1424 unsigned char out[20];
1425 size_t outlen;
1426 int i, ret = 0;
1427 unsigned char salt[] = "0123456789";
1428 unsigned char key[] = "012345678901234567890123456789";
1429 unsigned char info[] = "infostring";
1430 const unsigned char expected[] = {
1431 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1432 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1433 };
1434 size_t expectedlen = sizeof(expected);
1435
1436 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1437 goto done;
1438
1439 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1440 for (i = 0; i < 2; i++) {
1441 outlen = sizeof(out);
1442 memset(out, 0, outlen);
1443
1444 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1445 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1446 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1447 sizeof(salt) - 1), 0)
1448 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1449 sizeof(key) - 1), 0)
1450 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1451 sizeof(info) - 1), 0)
1452 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1453 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1454 goto done;
1455 }
1456
1457 ret = 1;
1458
1459 done:
1460 EVP_PKEY_CTX_free(pctx);
1461
1462 return ret;
1463 }
1464
1465 static int test_emptyikm_HKDF(void)
1466 {
1467 EVP_PKEY_CTX *pctx;
1468 unsigned char out[20];
1469 size_t outlen;
1470 int ret = 0;
1471 unsigned char salt[] = "9876543210";
1472 unsigned char key[] = "";
1473 unsigned char info[] = "stringinfo";
1474 const unsigned char expected[] = {
1475 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
1476 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
1477 };
1478 size_t expectedlen = sizeof(expected);
1479
1480 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1481 goto done;
1482
1483 outlen = sizeof(out);
1484 memset(out, 0, outlen);
1485
1486 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1487 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1488 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1489 sizeof(salt) - 1), 0)
1490 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1491 sizeof(key) - 1), 0)
1492 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1493 sizeof(info) - 1), 0)
1494 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1495 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1496 goto done;
1497
1498 ret = 1;
1499
1500 done:
1501 EVP_PKEY_CTX_free(pctx);
1502
1503 return ret;
1504 }
1505
1506 #ifndef OPENSSL_NO_EC
1507 static int test_X509_PUBKEY_inplace(void)
1508 {
1509 int ret = 0;
1510 X509_PUBKEY *xp = NULL;
1511 const unsigned char *p = kExampleECPubKeyDER;
1512 size_t input_len = sizeof(kExampleECPubKeyDER);
1513
1514 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1515 goto done;
1516
1517 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1518 goto done;
1519
1520 p = kExampleBadECPubKeyDER;
1521 input_len = sizeof(kExampleBadECPubKeyDER);
1522
1523 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1524 goto done;
1525
1526 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1527 goto done;
1528
1529 ret = 1;
1530
1531 done:
1532 X509_PUBKEY_free(xp);
1533 return ret;
1534 }
1535 #endif /* OPENSSL_NO_EC */
1536
1537 /* Test getting and setting parameters on an EVP_PKEY_CTX */
1538 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
1539 {
1540 EVP_MD_CTX *mdctx = NULL;
1541 EVP_PKEY_CTX *ctx = NULL;
1542 const OSSL_PARAM *params;
1543 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
1544 int ret = 0;
1545 const EVP_MD *md;
1546 char mdname[OSSL_MAX_NAME_SIZE];
1547 char ssl3ms[48];
1548
1549 /* Initialise a sign operation */
1550 ctx = EVP_PKEY_CTX_new(pkey, NULL);
1551 if (!TEST_ptr(ctx)
1552 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
1553 goto err;
1554
1555 /*
1556 * We should be able to query the parameters now.
1557 */
1558 params = EVP_PKEY_CTX_settable_params(ctx);
1559 if (!TEST_ptr(params)
1560 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1561 OSSL_SIGNATURE_PARAM_DIGEST)))
1562 goto err;
1563
1564 params = EVP_PKEY_CTX_gettable_params(ctx);
1565 if (!TEST_ptr(params)
1566 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1567 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
1568 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1569 OSSL_SIGNATURE_PARAM_DIGEST)))
1570 goto err;
1571
1572 /*
1573 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1574 * EVP_PKEY_CTX_get_params()
1575 */
1576 strcpy(mdname, "SHA512");
1577 param_md = param;
1578 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1579 mdname, 0);
1580 *param++ = OSSL_PARAM_construct_end();
1581
1582 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
1583 goto err;
1584
1585 mdname[0] = '\0';
1586 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1587 mdname, sizeof(mdname));
1588 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
1589 || !TEST_str_eq(mdname, "SHA512"))
1590 goto err;
1591
1592 /*
1593 * Test the TEST_PKEY_CTX_set_signature_md() and
1594 * TEST_PKEY_CTX_get_signature_md() functions
1595 */
1596 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
1597 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
1598 || !TEST_ptr_eq(md, EVP_sha256()))
1599 goto err;
1600
1601 /*
1602 * Test getting MD parameters via an associated EVP_PKEY_CTX
1603 */
1604 mdctx = EVP_MD_CTX_new();
1605 if (!TEST_ptr(mdctx)
1606 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", NULL, NULL,
1607 pkey)))
1608 goto err;
1609
1610 /*
1611 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
1612 * able to obtain the digest's settable parameters from the provider.
1613 */
1614 params = EVP_MD_CTX_settable_params(mdctx);
1615 if (!TEST_ptr(params)
1616 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
1617 /* The final key should be NULL */
1618 || !TEST_ptr_null(params[1].key))
1619 goto err;
1620
1621 param = ourparams;
1622 memset(ssl3ms, 0, sizeof(ssl3ms));
1623 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
1624 ssl3ms, sizeof(ssl3ms));
1625 *param++ = OSSL_PARAM_construct_end();
1626
1627 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
1628 goto err;
1629
1630 ret = 1;
1631
1632 err:
1633 EVP_MD_CTX_free(mdctx);
1634 EVP_PKEY_CTX_free(ctx);
1635
1636 return ret;
1637 }
1638
1639 #ifndef OPENSSL_NO_DSA
1640 static int test_DSA_get_set_params(void)
1641 {
1642 DSA *dsa = NULL;
1643 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
1644 EVP_PKEY *pkey = NULL;
1645 int ret = 0;
1646
1647 /*
1648 * Setup the parameters for our DSA object. For our purposes they don't
1649 * have to actually be *valid* parameters. We just need to set something.
1650 */
1651 dsa = DSA_new();
1652 p = BN_new();
1653 q = BN_new();
1654 g = BN_new();
1655 pub = BN_new();
1656 priv = BN_new();
1657 if (!TEST_ptr(dsa)
1658 || !TEST_ptr(p)
1659 || !TEST_ptr(q)
1660 || !TEST_ptr(g)
1661 || !TEST_ptr(pub)
1662 || !DSA_set0_pqg(dsa, p, q, g)
1663 || !DSA_set0_key(dsa, pub, priv))
1664 goto err;
1665 p = q = g = pub = priv = NULL;
1666
1667 pkey = EVP_PKEY_new();
1668 if (!TEST_ptr(pkey)
1669 || !TEST_true(EVP_PKEY_assign_DSA(pkey, dsa)))
1670 goto err;
1671
1672 dsa = NULL;
1673
1674 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1675
1676 err:
1677 EVP_PKEY_free(pkey);
1678 DSA_free(dsa);
1679 BN_free(p);
1680 BN_free(q);
1681 BN_free(g);
1682 BN_free(pub);
1683 BN_free(priv);
1684
1685 return ret;
1686 }
1687 #endif
1688
1689 static int test_RSA_get_set_params(void)
1690 {
1691 OSSL_PARAM_BLD *bld = NULL;
1692 OSSL_PARAM *params = NULL;
1693 BIGNUM *n = NULL, *e = NULL, *d = NULL;
1694 EVP_PKEY_CTX *pctx = NULL;
1695 EVP_PKEY *pkey = NULL;
1696 int ret = 0;
1697
1698 /*
1699 * Setup the parameters for our RSA object. For our purposes they don't
1700 * have to actually be *valid* parameters. We just need to set something.
1701 */
1702 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
1703 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
1704 || !TEST_ptr(n = BN_new())
1705 || !TEST_ptr(e = BN_new())
1706 || !TEST_ptr(d = BN_new()))
1707 goto err;
1708 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
1709 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
1710 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
1711 goto err;
1712 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
1713 goto err;
1714
1715 if (!TEST_int_gt(EVP_PKEY_key_fromdata_init(pctx), 0)
1716 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, params), 0))
1717 goto err;
1718
1719 if (!TEST_ptr(pkey))
1720 goto err;
1721
1722 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1723
1724 err:
1725 EVP_PKEY_free(pkey);
1726 EVP_PKEY_CTX_free(pctx);
1727 OSSL_PARAM_BLD_free_params(params);
1728 OSSL_PARAM_BLD_free(bld);
1729 BN_free(n);
1730 BN_free(e);
1731 BN_free(d);
1732
1733 return ret;
1734 }
1735
1736 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1737 static int test_decrypt_null_chunks(void)
1738 {
1739 EVP_CIPHER_CTX* ctx = NULL;
1740 const unsigned char key[32] = {
1741 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1742 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1743 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
1744 };
1745 unsigned char iv[12] = {
1746 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
1747 };
1748 unsigned char msg[] = "It was the best of times, it was the worst of times";
1749 unsigned char ciphertext[80];
1750 unsigned char plaintext[80];
1751 /* We initialise tmp to a non zero value on purpose */
1752 int ctlen, ptlen, tmp = 99;
1753 int ret = 0;
1754 const int enc_offset = 10, dec_offset = 20;
1755
1756 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1757 || !TEST_true(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL,
1758 key, iv))
1759 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
1760 enc_offset))
1761 /* Deliberate add a zero length update */
1762 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
1763 0))
1764 || !TEST_int_eq(tmp, 0)
1765 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
1766 msg + enc_offset,
1767 sizeof(msg) - enc_offset))
1768 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
1769 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
1770 || !TEST_int_eq(tmp, 0))
1771 goto err;
1772
1773 /* Deliberately initialise tmp to a non zero value */
1774 tmp = 99;
1775 if (!TEST_true(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, key,
1776 iv))
1777 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
1778 dec_offset))
1779 /*
1780 * Deliberately add a zero length update. We also deliberately do
1781 * this at a different offset than for encryption.
1782 */
1783 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
1784 0))
1785 || !TEST_int_eq(tmp, 0)
1786 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
1787 ciphertext + dec_offset,
1788 ctlen - dec_offset))
1789 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
1790 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
1791 || !TEST_int_eq(tmp, 0)
1792 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
1793 goto err;
1794
1795 ret = 1;
1796 err:
1797 EVP_CIPHER_CTX_free(ctx);
1798 return ret;
1799 }
1800 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
1801
1802 #ifndef OPENSSL_NO_DH
1803 static int test_EVP_PKEY_set1_DH(void)
1804 {
1805 DH *x942dh = NULL, *noqdh = NULL;
1806 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
1807 int ret = 0;
1808 BIGNUM *p, *g = NULL;
1809
1810 if (!TEST_ptr(p = BN_new())
1811 || !TEST_ptr(g = BN_new())
1812 || !BN_set_word(p, 9999)
1813 || !BN_set_word(g, 2)
1814 || !TEST_ptr(noqdh = DH_new())
1815 || !DH_set0_pqg(noqdh, p, NULL, g))
1816 goto err;
1817 p = g = NULL;
1818
1819 x942dh = DH_get_2048_256();
1820 pkey1 = EVP_PKEY_new();
1821 pkey2 = EVP_PKEY_new();
1822 if (!TEST_ptr(x942dh)
1823 || !TEST_ptr(noqdh)
1824 || !TEST_ptr(pkey1)
1825 || !TEST_ptr(pkey2))
1826 goto err;
1827
1828 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
1829 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
1830 goto err;
1831
1832 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
1833 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
1834 goto err;
1835
1836 ret = 1;
1837 err:
1838 BN_free(p);
1839 BN_free(g);
1840 EVP_PKEY_free(pkey1);
1841 EVP_PKEY_free(pkey2);
1842 DH_free(x942dh);
1843 DH_free(noqdh);
1844
1845 return ret;
1846 }
1847 #endif
1848
1849 /*
1850 * We test what happens with an empty template. For the sake of this test,
1851 * the template must be ignored, and we know that's the case for RSA keys
1852 * (this might arguably be a misfeature, but that's what we currently do,
1853 * even in provider code, since that's how the legacy RSA implementation
1854 * does things)
1855 */
1856 static int test_keygen_with_empty_template(int n)
1857 {
1858 EVP_PKEY_CTX *ctx = NULL;
1859 EVP_PKEY *pkey = NULL;
1860 EVP_PKEY *tkey = NULL;
1861 int ret = 0;
1862
1863 switch (n) {
1864 case 0:
1865 /* We do test with no template at all as well */
1866 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
1867 goto err;
1868 break;
1869 case 1:
1870 /* Here we create an empty RSA key that serves as our template */
1871 if (!TEST_ptr(tkey = EVP_PKEY_new())
1872 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
1873 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
1874 goto err;
1875 break;
1876 }
1877
1878 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1879 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
1880 goto err;
1881
1882 ret = 1;
1883 err:
1884 EVP_PKEY_CTX_free(ctx);
1885 EVP_PKEY_free(pkey);
1886 EVP_PKEY_free(tkey);
1887 return ret;
1888 }
1889
1890 /*
1891 * Test that we fail if we attempt to use an algorithm that is not available
1892 * in the current library context (unless we are using an algorithm that
1893 * should be made available via legacy codepaths).
1894 *
1895 * 0: RSA
1896 * 1: SM2
1897 */
1898 static int test_pkey_ctx_fail_without_provider(int tst)
1899 {
1900 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
1901 OSSL_PROVIDER *nullprov = NULL;
1902 EVP_PKEY_CTX *pctx = NULL;
1903 const char *keytype = NULL;
1904 int expect_null = 0;
1905 int ret = 0;
1906
1907 if (!TEST_ptr(tmpctx))
1908 goto err;
1909
1910 nullprov = OSSL_PROVIDER_load(tmpctx, "null");
1911 if (!TEST_ptr(nullprov))
1912 goto err;
1913
1914 /*
1915 * We check for certain algos in the null provider.
1916 * If an algo is expected to have a provider keymgmt, contructing an
1917 * EVP_PKEY_CTX is expected to fail (return NULL).
1918 * Otherwise, if it's expected to have legacy support, contructing an
1919 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
1920 */
1921 switch (tst) {
1922 case 0:
1923 keytype = "RSA";
1924 expect_null = 1;
1925 break;
1926 case 1:
1927 keytype = "SM2";
1928 expect_null = 1;
1929 #ifdef OPENSSL_NO_EC
1930 TEST_info("EC disable, skipping SM2 check...");
1931 goto end;
1932 #endif
1933 #ifdef OPENSSL_NO_SM2
1934 TEST_info("SM2 disable, skipping SM2 check...");
1935 goto end;
1936 #endif
1937 break;
1938 default:
1939 TEST_error("No test for case %d", tst);
1940 goto err;
1941 }
1942
1943 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
1944 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
1945 goto err;
1946
1947 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
1948 end:
1949 #endif
1950 ret = 1;
1951
1952 err:
1953 EVP_PKEY_CTX_free(pctx);
1954 OSSL_PROVIDER_unload(nullprov);
1955 OSSL_LIB_CTX_free(tmpctx);
1956 return ret;
1957 }
1958
1959 static int test_rand_agglomeration(void)
1960 {
1961 EVP_RAND *rand;
1962 EVP_RAND_CTX *ctx;
1963 OSSL_PARAM params[3], *p = params;
1964 int res;
1965 unsigned int step = 7;
1966 static unsigned char seed[] = "It does not matter how slowly you go "
1967 "as long as you do not stop.";
1968 unsigned char out[sizeof(seed)];
1969
1970 if (!TEST_int_ne(sizeof(seed) % step, 0)
1971 || !TEST_ptr(rand = EVP_RAND_fetch(NULL, "TEST-RAND", NULL)))
1972 return 0;
1973 ctx = EVP_RAND_CTX_new(rand, NULL);
1974 EVP_RAND_free(rand);
1975 if (!TEST_ptr(ctx))
1976 return 0;
1977
1978 memset(out, 0, sizeof(out));
1979 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
1980 seed, sizeof(seed));
1981 *p++ = OSSL_PARAM_construct_uint(OSSL_DRBG_PARAM_MAX_REQUEST, &step);
1982 *p = OSSL_PARAM_construct_end();
1983 res = TEST_true(EVP_RAND_set_ctx_params(ctx, params))
1984 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
1985 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
1986 EVP_RAND_CTX_free(ctx);
1987 return res;
1988 }
1989
1990 /*
1991 * Test that we correctly return the original or "running" IV after
1992 * an encryption operation.
1993 * Run multiple times for some different relevant algorithms/modes.
1994 */
1995 static int test_evp_iv(int idx)
1996 {
1997 int ret = 0;
1998 EVP_CIPHER_CTX *ctx = NULL;
1999 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2000 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2001 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
2002 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2003 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2004 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2005 9, 10, 11, 12, 13, 14, 15, 16 };
2006 unsigned char ciphertext[32], oiv[16], iv[16];
2007 unsigned char *ref_iv;
2008 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2009 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2010
2011 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2012 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2013 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2014 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2015 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2016 #ifndef OPENSSL_NO_OCB
2017 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2018 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2019 #endif
2020 int len = sizeof(ciphertext);
2021 size_t ivlen, ref_len;
2022 const EVP_CIPHER *type = NULL;
2023
2024 switch(idx) {
2025 case 0:
2026 type = EVP_aes_128_cbc();
2027 /* FALLTHROUGH */
2028 case 5:
2029 type = (type != NULL) ? type :
2030 EVP_CIPHER_fetch(testctx, "aes-128-cbc", NULL);
2031 ref_iv = cbc_state;
2032 ref_len = sizeof(cbc_state);
2033 break;
2034 case 1:
2035 type = EVP_aes_128_ofb();
2036 /* FALLTHROUGH */
2037 case 6:
2038 type = (type != NULL) ? type :
2039 EVP_CIPHER_fetch(testctx, "aes-128-ofb", NULL);
2040 ref_iv = ofb_state;
2041 ref_len = sizeof(ofb_state);
2042 break;
2043 case 2:
2044 type = EVP_aes_128_gcm();
2045 /* FALLTHROUGH */
2046 case 7:
2047 type = (type != NULL) ? type :
2048 EVP_CIPHER_fetch(testctx, "aes-128-gcm", NULL);
2049 ref_iv = gcm_state;
2050 ref_len = sizeof(gcm_state);
2051 break;
2052 case 3:
2053 type = EVP_aes_128_ccm();
2054 /* FALLTHROUGH */
2055 case 8:
2056 type = (type != NULL) ? type :
2057 EVP_CIPHER_fetch(testctx, "aes-128-ccm", NULL);
2058 ref_iv = ccm_state;
2059 ref_len = sizeof(ccm_state);
2060 break;
2061 #ifdef OPENSSL_NO_OCB
2062 case 4:
2063 case 9:
2064 return 1;
2065 #else
2066 case 4:
2067 type = EVP_aes_128_ocb();
2068 /* FALLTHROUGH */
2069 case 9:
2070 type = (type != NULL) ? type :
2071 EVP_CIPHER_fetch(testctx, "aes-128-ocb", NULL);
2072 ref_iv = ocb_state;
2073 ref_len = sizeof(ocb_state);
2074 break;
2075 #endif
2076 default:
2077 return 0;
2078 }
2079
2080 if (!TEST_ptr(type)
2081 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2082 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2083 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2084 (int)sizeof(msg)))
2085 || !TEST_true(EVP_CIPHER_CTX_get_iv(ctx, oiv, sizeof(oiv)))
2086 || !TEST_true(EVP_CIPHER_CTX_get_iv_state(ctx, iv, sizeof(iv)))
2087 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2088 goto err;
2089 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
2090 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2091 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2092 goto err;
2093
2094 ret = 1;
2095 err:
2096 EVP_CIPHER_CTX_free(ctx);
2097 if (idx >= 5)
2098 EVP_CIPHER_free((EVP_CIPHER *)type);
2099 return ret;
2100 }
2101
2102 int setup_tests(void)
2103 {
2104 testctx = OSSL_LIB_CTX_new();
2105
2106 if (!TEST_ptr(testctx))
2107 return 0;
2108
2109 ADD_TEST(test_EVP_set_default_properties);
2110 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
2111 ADD_TEST(test_EVP_DigestVerifyInit);
2112 ADD_TEST(test_EVP_Enveloped);
2113 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
2114 ADD_TEST(test_privatekey_to_pkcs8);
2115 #ifndef OPENSSL_NO_EC
2116 ADD_TEST(test_EVP_PKCS82PKEY);
2117 #endif
2118 #ifndef OPENSSL_NO_EC
2119 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
2120 #endif
2121 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
2122 ADD_TEST(test_EVP_SM2);
2123 ADD_TEST(test_EVP_SM2_verify);
2124 #endif
2125 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
2126 #ifndef OPENSSL_NO_DEPRECATED_3_0
2127 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
2128 if (!TEST_ptr(custom_pmeth))
2129 return 0;
2130 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
2131 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
2132 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
2133 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
2134 return 0;
2135 #endif
2136 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
2137 #ifndef OPENSSL_NO_CMAC
2138 ADD_TEST(test_CMAC_keygen);
2139 #endif
2140 ADD_TEST(test_HKDF);
2141 ADD_TEST(test_emptyikm_HKDF);
2142 #ifndef OPENSSL_NO_EC
2143 ADD_TEST(test_X509_PUBKEY_inplace);
2144 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
2145 OSSL_NELEM(ec_der_pub_keys));
2146 #endif
2147 #ifndef OPENSSL_NO_DSA
2148 ADD_TEST(test_DSA_get_set_params);
2149 #endif
2150 ADD_TEST(test_RSA_get_set_params);
2151 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2152 ADD_TEST(test_decrypt_null_chunks);
2153 #endif
2154 #ifndef OPENSSL_NO_DH
2155 ADD_TEST(test_EVP_PKEY_set1_DH);
2156 #endif
2157 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
2158 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
2159
2160 ADD_TEST(test_rand_agglomeration);
2161 ADD_ALL_TESTS(test_evp_iv, 10);
2162
2163 return 1;
2164 }
2165
2166 void cleanup_tests(void)
2167 {
2168 OSSL_LIB_CTX_free(testctx);
2169 }
A mirror of the official openssl repository