]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/evp_extra_test.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fix typos
[thirdparty/openssl.git] / test / evp_extra_test.c
1 /*
2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
34 #include "testutil.h"
35 #include "internal/nelem.h"
36 #include "internal/sizes.h"
37 #include "crypto/evp.h"
38 #include "../e_os.h" /* strcasecmp */
39
40 static OSSL_LIB_CTX *testctx = NULL;
41 static char *testpropq = NULL;
42
43 static OSSL_PROVIDER *nullprov = NULL;
44 static OSSL_PROVIDER *deflprov = NULL;
45 static OSSL_PROVIDER *lgcyprov = NULL;
46
47 /*
48 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
49 * should never use this key anywhere but in an example.
50 */
51 static const unsigned char kExampleRSAKeyDER[] = {
52 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
53 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
54 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
55 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
56 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
57 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
58 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
59 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
60 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
61 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
62 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
63 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
64 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
65 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
66 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
67 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
68 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
69 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
70 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
71 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
72 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
73 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
74 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
75 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
76 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
77 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
78 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
79 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
80 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
81 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
82 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
83 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
84 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
85 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
86 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
87 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
88 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
89 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
90 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
91 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
92 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
93 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
94 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
95 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
96 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
97 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
98 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
99 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
100 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
101 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
102 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
103 };
104
105 /*
106 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
107 * should never use this key anywhere but in an example.
108 */
109 #ifndef OPENSSL_NO_DSA
110 static const unsigned char kExampleDSAKeyDER[] = {
111 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
112 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
113 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
114 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
115 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
116 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
117 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
118 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
119 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
120 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
121 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
122 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
123 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
124 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
125 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
126 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
127 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
128 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
129 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
130 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
131 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
132 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
133 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
134 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
135 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
136 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
137 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
138 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
139 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
140 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
141 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
142 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
143 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
144 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
145 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
146 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
147 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
148 0x40, 0x48
149 };
150 #endif
151
152 /*
153 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
154 * components are not correct.
155 */
156 static const unsigned char kExampleBadRSAKeyDER[] = {
157 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
158 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
159 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
160 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
161 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
162 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
163 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
164 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
165 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
166 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
167 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
168 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
169 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
170 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
171 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
172 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
173 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
174 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
175 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
176 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
177 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
178 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
179 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
180 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
181 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
182 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
183 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
184 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
185 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
186 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
187 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
188 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
189 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
190 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
191 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
192 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
193 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
194 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
195 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
196 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
197 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
198 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
199 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
200 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
201 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
202 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
203 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
204 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
205 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
206 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
207 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
208 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
209 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
210 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
211 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
212 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
213 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
214 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
215 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
216 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
217 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
218 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
219 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
220 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
221 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
222 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
223 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
224 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
225 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
226 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
227 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
228 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
229 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
230 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
231 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
232 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
233 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
234 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
235 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
236 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
237 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
238 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
239 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
240 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
241 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
242 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
243 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
244 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
245 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
246 };
247
248 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
249
250 static const unsigned char kSignature[] = {
251 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
252 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
253 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
254 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
255 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
256 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
257 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
258 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
259 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
260 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
261 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
262 };
263
264 /*
265 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
266 * PrivateKeyInfo.
267 */
268 static const unsigned char kExampleRSAKeyPKCS8[] = {
269 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
270 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
271 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
272 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
273 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
274 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
275 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
276 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
277 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
278 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
279 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
280 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
281 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
282 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
283 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
284 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
285 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
286 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
287 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
288 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
289 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
290 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
291 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
292 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
293 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
294 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
295 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
296 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
297 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
298 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
299 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
300 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
301 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
302 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
303 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
304 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
305 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
306 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
307 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
308 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
309 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
310 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
311 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
312 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
313 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
314 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
315 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
316 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
317 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
318 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
319 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
320 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
321 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
322 };
323
324 #ifndef OPENSSL_NO_EC
325 /*
326 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
327 * structure.
328 */
329 static const unsigned char kExampleECKeyDER[] = {
330 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
331 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
332 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
333 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
334 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
335 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
336 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
337 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
338 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
339 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
340 0xc1,
341 };
342
343 /*
344 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
345 * structure. The private key is equal to the order and will fail to import
346 */
347 static const unsigned char kExampleBadECKeyDER[] = {
348 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
349 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
350 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
351 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
352 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
353 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
354 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
355 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
356 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
357 };
358
359 /* prime256v1 */
360 static const unsigned char kExampleECPubKeyDER[] = {
361 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
362 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
363 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
364 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
365 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
366 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
367 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
368 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
369 };
370
371 /*
372 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
373 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
374 */
375 static const unsigned char kExampleBadECPubKeyDER[] = {
376 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
377 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
378 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
379 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
380 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
381 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
382 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
383 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
384 };
385
386 static const unsigned char pExampleECParamDER[] = {
387 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
388 };
389
390 static const unsigned char kExampleED25519KeyDER[] = {
391 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
392 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
393 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
394 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
395 };
396
397 static const unsigned char kExampleED25519PubKeyDER[] = {
398 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
399 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
400 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
401 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
402 };
403
404 # ifndef OPENSSL_NO_DEPRECATED_3_0
405 static const unsigned char kExampleX25519KeyDER[] = {
406 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
407 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
408 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
409 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
410 };
411 # endif
412 #endif
413
414 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
415 #ifndef OPENSSL_NO_DEPRECATED_3_0
416 # ifndef OPENSSL_NO_DH
417 static const unsigned char kExampleDHKeyDER[] = {
418 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
419 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
420 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
421 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
422 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
423 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
424 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
425 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
426 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
427 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
428 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
429 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
430 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
431 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
432 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
433 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
434 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
435 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
436 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
437 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
438 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
439 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
440 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
441 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
442 0x2e, 0x87, 0x2a, 0x0b, 0x7a
443 };
444 # endif
445 #endif
446
447 static const unsigned char kCFBDefaultKey[] = {
448 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
449 0x09, 0xCF, 0x4F, 0x3C
450 };
451
452 static const unsigned char kGCMDefaultKey[32] = { 0 };
453
454 static const unsigned char kGCMResetKey[] = {
455 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
456 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
457 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
458 };
459
460 static const unsigned char iCFBIV[] = {
461 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
462 0x0C, 0x0D, 0x0E, 0x0F
463 };
464
465 static const unsigned char iGCMDefaultIV[12] = { 0 };
466
467 static const unsigned char iGCMResetIV1[] = {
468 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
469 };
470
471 static const unsigned char iGCMResetIV2[] = {
472 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
473 };
474
475 static const unsigned char cfbPlaintext[] = {
476 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
477 0x73, 0x93, 0x17, 0x2A
478 };
479
480 static const unsigned char gcmDefaultPlaintext[16] = { 0 };
481
482 static const unsigned char gcmResetPlaintext[] = {
483 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
484 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
485 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
486 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
487 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
488 };
489
490 static const unsigned char cfbCiphertext[] = {
491 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
492 0xE8, 0x3C, 0xFB, 0x4A
493 };
494
495 static const unsigned char gcmDefaultCiphertext[] = {
496 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
497 0xba, 0xf3, 0x9d, 0x18
498 };
499
500 static const unsigned char gcmResetCiphertext1[] = {
501 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
502 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
503 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
504 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
505 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
506 };
507
508 static const unsigned char gcmResetCiphertext2[] = {
509 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
510 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
511 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
512 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
513 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
514 };
515
516 static const unsigned char gcmAAD[] = {
517 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
518 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
519 };
520
521 static const unsigned char gcmDefaultTag[] = {
522 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
523 0xd4, 0x8a, 0xb9, 0x19
524 };
525
526 static const unsigned char gcmResetTag1[] = {
527 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
528 0xfe, 0x2e, 0xa8, 0xf2
529 };
530
531 static const unsigned char gcmResetTag2[] = {
532 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
533 0xbb, 0x2d, 0x55, 0x1b
534 };
535
536 typedef struct APK_DATA_st {
537 const unsigned char *kder;
538 size_t size;
539 const char *keytype;
540 int evptype;
541 int check;
542 int pub_check;
543 int param_check;
544 int type; /* 0 for private, 1 for public, 2 for params */
545 } APK_DATA;
546
547 static APK_DATA keydata[] = {
548 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
549 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
550 #ifndef OPENSSL_NO_EC
551 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
552 #endif
553 };
554
555 static APK_DATA keycheckdata[] = {
556 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
557 0},
558 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
559 0, 1, 1, 0},
560 #ifndef OPENSSL_NO_EC
561 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
562 /* group is also associated in our pub key */
563 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
564 1, 1},
565 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
566 2},
567 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
568 EVP_PKEY_ED25519, 1, 1, 1, 0},
569 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
570 EVP_PKEY_ED25519, 0, 1, 1, 1},
571 #endif
572 };
573
574 static EVP_PKEY *load_example_key(const char *keytype,
575 const unsigned char *data, size_t data_len)
576 {
577 const unsigned char **pdata = &data;
578 EVP_PKEY *pkey = NULL;
579 OSSL_DECODER_CTX *dctx =
580 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
581 testctx, testpropq);
582
583 /* |pkey| will be NULL on error */
584 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
585 OSSL_DECODER_CTX_free(dctx);
586 return pkey;
587 }
588
589 static EVP_PKEY *load_example_rsa_key(void)
590 {
591 return load_example_key("RSA", kExampleRSAKeyDER,
592 sizeof(kExampleRSAKeyDER));
593 }
594
595 #ifndef OPENSSL_NO_DSA
596 static EVP_PKEY *load_example_dsa_key(void)
597 {
598 return load_example_key("DSA", kExampleDSAKeyDER,
599 sizeof(kExampleDSAKeyDER));
600 }
601 #endif
602
603 #ifndef OPENSSL_NO_EC
604 static EVP_PKEY *load_example_ec_key(void)
605 {
606 return load_example_key("EC", kExampleECKeyDER,
607 sizeof(kExampleECKeyDER));
608 }
609 #endif
610
611 #ifndef OPENSSL_NO_DEPRECATED_3_0
612 # ifndef OPENSSL_NO_DH
613 static EVP_PKEY *load_example_dh_key(void)
614 {
615 return load_example_key("DH", kExampleDHKeyDER,
616 sizeof(kExampleDHKeyDER));
617 }
618 # endif
619
620 # ifndef OPENSSL_NO_EC
621 static EVP_PKEY *load_example_ed25519_key(void)
622 {
623 return load_example_key("ED25519", kExampleED25519KeyDER,
624 sizeof(kExampleED25519KeyDER));
625 }
626
627 static EVP_PKEY *load_example_x25519_key(void)
628 {
629 return load_example_key("X25519", kExampleX25519KeyDER,
630 sizeof(kExampleX25519KeyDER));
631 }
632 # endif
633 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
634
635 static EVP_PKEY *load_example_hmac_key(void)
636 {
637 EVP_PKEY *pkey = NULL;
638 unsigned char key[] = {
639 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
640 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
641 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
642 };
643
644 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
645 NULL, key, sizeof(key));
646 if (!TEST_ptr(pkey))
647 return NULL;
648
649 return pkey;
650 }
651
652 static int test_EVP_set_default_properties(void)
653 {
654 OSSL_LIB_CTX *ctx;
655 EVP_MD *md = NULL;
656 int res = 0;
657
658 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
659 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
660 goto err;
661 EVP_MD_free(md);
662 md = NULL;
663
664 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
665 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
666 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
667 goto err;
668 EVP_MD_free(md);
669 md = NULL;
670
671 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
672 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
673 goto err;
674 res = 1;
675 err:
676 EVP_MD_free(md);
677 OSSL_LIB_CTX_free(ctx);
678 return res;
679 }
680
681 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
682 static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
683 {
684 EVP_PKEY_CTX *pctx = NULL;
685 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL;
686
687 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
688 goto err;
689 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
690 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
691 params), 0))
692 goto err;
693
694 if (!TEST_ptr(tmp_pkey))
695 goto err;
696
697 pkey = tmp_pkey;
698 tmp_pkey = NULL;
699 err:
700 EVP_PKEY_free(tmp_pkey);
701 EVP_PKEY_CTX_free(pctx);
702 return pkey;
703 }
704
705 static int test_selection(EVP_PKEY *pkey, int selection)
706 {
707 int testresult = 0;
708 int ret;
709 BIO *bio = BIO_new(BIO_s_mem());
710
711 ret = PEM_write_bio_PUBKEY(bio, pkey);
712 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
713 if (!TEST_true(ret))
714 goto err;
715 } else {
716 if (!TEST_false(ret))
717 goto err;
718 }
719 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
720 testctx, NULL);
721 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
722 if (!TEST_true(ret))
723 goto err;
724 } else {
725 if (!TEST_false(ret))
726 goto err;
727 }
728
729 testresult = 1;
730 err:
731 BIO_free(bio);
732
733 return testresult;
734 }
735 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
736
737 /*
738 * Test combinations of private, public, missing and private + public key
739 * params to ensure they are all accepted
740 */
741 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
742 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
743 {
744 OSSL_PARAM_BLD *bld = NULL;
745 OSSL_PARAM *params = NULL;
746 EVP_PKEY *just_params = NULL;
747 EVP_PKEY *params_and_priv = NULL;
748 EVP_PKEY *params_and_pub = NULL;
749 EVP_PKEY *params_and_keypair = NULL;
750 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
751 int ret = 0;
752
753 /*
754 * Setup the parameters for our pkey object. For our purposes they don't
755 * have to actually be *valid* parameters. We just need to set something.
756 */
757 if (!TEST_ptr(p = BN_new())
758 || !TEST_ptr(q = BN_new())
759 || !TEST_ptr(g = BN_new())
760 || !TEST_ptr(pub = BN_new())
761 || !TEST_ptr(priv = BN_new()))
762 goto err;
763
764 /* Test !priv and !pub */
765 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
766 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
767 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
768 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
769 goto err;
770 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
771 || !TEST_ptr(just_params = make_key_fromdata(keytype, params)))
772 goto err;
773
774 OSSL_PARAM_free(params);
775 OSSL_PARAM_BLD_free(bld);
776 params = NULL;
777 bld = NULL;
778
779 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
780 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
781 goto err;
782
783 /* Test priv and !pub */
784 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
785 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
786 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
787 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
788 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
789 priv)))
790 goto err;
791 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
792 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params)))
793 goto err;
794
795 OSSL_PARAM_free(params);
796 OSSL_PARAM_BLD_free(bld);
797 params = NULL;
798 bld = NULL;
799
800 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
801 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
802 goto err;
803
804 /* Test !priv and pub */
805 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
806 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
807 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
808 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
809 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
810 pub)))
811 goto err;
812 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
813 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params)))
814 goto err;
815
816 OSSL_PARAM_free(params);
817 OSSL_PARAM_BLD_free(bld);
818 params = NULL;
819 bld = NULL;
820
821 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
822 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
823 goto err;
824
825 /* Test priv and pub */
826 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
827 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
828 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
829 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
830 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
831 pub))
832 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
833 priv)))
834 goto err;
835 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
836 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params)))
837 goto err;
838
839 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
840 goto err;
841
842 ret = 1;
843 err:
844 OSSL_PARAM_free(params);
845 OSSL_PARAM_BLD_free(bld);
846 EVP_PKEY_free(just_params);
847 EVP_PKEY_free(params_and_priv);
848 EVP_PKEY_free(params_and_pub);
849 EVP_PKEY_free(params_and_keypair);
850 BN_free(p);
851 BN_free(q);
852 BN_free(g);
853 BN_free(pub);
854 BN_free(priv);
855
856 return ret;
857 }
858 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
859
860 /*
861 * Test combinations of private, public, missing and private + public key
862 * params to ensure they are all accepted for EC keys
863 */
864 #ifndef OPENSSL_NO_EC
865 static unsigned char ec_priv[] = {
866 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
867 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
868 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
869 };
870 static unsigned char ec_pub[] = {
871 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
872 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
873 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
874 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
875 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
876 0x08, 0x09, 0xb8, 0xdb, 0x03
877 };
878
879 static int test_EC_priv_pub(void)
880 {
881 OSSL_PARAM_BLD *bld = NULL;
882 OSSL_PARAM *params = NULL;
883 EVP_PKEY *just_params = NULL;
884 EVP_PKEY *params_and_priv = NULL;
885 EVP_PKEY *params_and_pub = NULL;
886 EVP_PKEY *params_and_keypair = NULL;
887 BIGNUM *priv = NULL;
888 int ret = 0;
889
890 /*
891 * Setup the parameters for our pkey object. For our purposes they don't
892 * have to actually be *valid* parameters. We just need to set something.
893 */
894 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
895 goto err;
896
897 /* Test !priv and !pub */
898 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
899 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
900 OSSL_PKEY_PARAM_GROUP_NAME,
901 "P-256", 0)))
902 goto err;
903 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
904 || !TEST_ptr(just_params = make_key_fromdata("EC", params)))
905 goto err;
906
907 OSSL_PARAM_free(params);
908 OSSL_PARAM_BLD_free(bld);
909 params = NULL;
910 bld = NULL;
911
912 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
913 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
914 goto err;
915
916 /* Test priv and !pub */
917 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
918 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
919 OSSL_PKEY_PARAM_GROUP_NAME,
920 "P-256", 0))
921 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
922 priv)))
923 goto err;
924 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
925 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params)))
926 goto err;
927
928 OSSL_PARAM_free(params);
929 OSSL_PARAM_BLD_free(bld);
930 params = NULL;
931 bld = NULL;
932
933 /*
934 * We indicate only parameters here, in spite of having built a key that
935 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
936 * expected to fail because it does not support exporting a private EC
937 * key without a corresponding public key
938 */
939 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
940 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
941 goto err;
942
943 /* Test !priv and pub */
944 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
945 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
946 OSSL_PKEY_PARAM_GROUP_NAME,
947 "P-256", 0))
948 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
949 OSSL_PKEY_PARAM_PUB_KEY,
950 ec_pub, sizeof(ec_pub))))
951 goto err;
952 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
953 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params)))
954 goto err;
955
956 OSSL_PARAM_free(params);
957 OSSL_PARAM_BLD_free(bld);
958 params = NULL;
959 bld = NULL;
960
961 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
962 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
963 goto err;
964
965 /* Test priv and pub */
966 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
967 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
968 OSSL_PKEY_PARAM_GROUP_NAME,
969 "P-256", 0))
970 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
971 OSSL_PKEY_PARAM_PUB_KEY,
972 ec_pub, sizeof(ec_pub)))
973 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
974 priv)))
975 goto err;
976 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
977 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params)))
978 goto err;
979
980 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
981 goto err;
982
983 /* Try key equality */
984 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0)
985 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub),
986 0)
987 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv),
988 0)
989 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair),
990 0)
991 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0)
992 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0)
993 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0)
994 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0))
995 goto err;
996
997 ret = 1;
998 err:
999 OSSL_PARAM_free(params);
1000 OSSL_PARAM_BLD_free(bld);
1001 EVP_PKEY_free(just_params);
1002 EVP_PKEY_free(params_and_priv);
1003 EVP_PKEY_free(params_and_pub);
1004 EVP_PKEY_free(params_and_keypair);
1005 BN_free(priv);
1006
1007 return ret;
1008 }
1009
1010 /* Test that using a legacy EC key with only a private key in it works */
1011 # ifndef OPENSSL_NO_DEPRECATED_3_0
1012 static int test_EC_priv_only_legacy(void)
1013 {
1014 BIGNUM *priv = NULL;
1015 int ret = 0;
1016 EC_KEY *eckey = NULL;
1017 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
1018 EVP_MD_CTX *ctx = NULL;
1019
1020 /* Create the low level EC_KEY */
1021 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1022 goto err;
1023
1024 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1025 if (!TEST_ptr(eckey))
1026 goto err;
1027
1028 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1029 goto err;
1030
1031 pkey = EVP_PKEY_new();
1032 if (!TEST_ptr(pkey))
1033 goto err;
1034
1035 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1036 goto err;
1037 eckey = NULL;
1038
1039 while (dup_pk == NULL) {
1040 ret = 0;
1041 ctx = EVP_MD_CTX_new();
1042 if (!TEST_ptr(ctx))
1043 goto err;
1044
1045 /*
1046 * The EVP_DigestSignInit function should create the key on the
1047 * provider side which is sufficient for this test.
1048 */
1049 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
1050 testpropq, pkey, NULL)))
1051 goto err;
1052 EVP_MD_CTX_free(ctx);
1053 ctx = NULL;
1054
1055 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
1056 goto err;
1057 /* EVP_PKEY_eq() returns -2 with missing public keys */
1058 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
1059 EVP_PKEY_free(pkey);
1060 pkey = dup_pk;
1061 if (!ret)
1062 goto err;
1063 }
1064
1065 err:
1066 EVP_MD_CTX_free(ctx);
1067 EVP_PKEY_free(pkey);
1068 EC_KEY_free(eckey);
1069 BN_free(priv);
1070
1071 return ret;
1072 }
1073 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
1074 #endif /* OPENSSL_NO_EC */
1075
1076 static int test_EVP_PKEY_sign(int tst)
1077 {
1078 int ret = 0;
1079 EVP_PKEY *pkey = NULL;
1080 unsigned char *sig = NULL;
1081 size_t sig_len = 0, shortsig_len = 1;
1082 EVP_PKEY_CTX *ctx = NULL;
1083 unsigned char tbs[] = {
1084 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1085 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1086 };
1087
1088 if (tst == 0) {
1089 if (!TEST_ptr(pkey = load_example_rsa_key()))
1090 goto out;
1091 } else if (tst == 1) {
1092 #ifndef OPENSSL_NO_DSA
1093 if (!TEST_ptr(pkey = load_example_dsa_key()))
1094 goto out;
1095 #else
1096 ret = 1;
1097 goto out;
1098 #endif
1099 } else {
1100 #ifndef OPENSSL_NO_EC
1101 if (!TEST_ptr(pkey = load_example_ec_key()))
1102 goto out;
1103 #else
1104 ret = 1;
1105 goto out;
1106 #endif
1107 }
1108
1109 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1110 if (!TEST_ptr(ctx)
1111 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1112 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1113 sizeof(tbs)), 0))
1114 goto out;
1115 sig = OPENSSL_malloc(sig_len);
1116 if (!TEST_ptr(sig)
1117 /* Test sending a signature buffer that is too short is rejected */
1118 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1119 sizeof(tbs)), 0)
1120 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1121 0)
1122 /* Test the signature round-trips */
1123 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1124 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1125 0))
1126 goto out;
1127
1128 ret = 1;
1129 out:
1130 EVP_PKEY_CTX_free(ctx);
1131 OPENSSL_free(sig);
1132 EVP_PKEY_free(pkey);
1133 return ret;
1134 }
1135
1136 /*
1137 * n = 0 => test using legacy cipher
1138 * n = 1 => test using fetched cipher
1139 */
1140 static int test_EVP_Enveloped(int n)
1141 {
1142 int ret = 0;
1143 EVP_CIPHER_CTX *ctx = NULL;
1144 EVP_PKEY *keypair = NULL;
1145 unsigned char *kek = NULL;
1146 unsigned char iv[EVP_MAX_IV_LENGTH];
1147 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1148 int len, kek_len, ciphertext_len, plaintext_len;
1149 unsigned char ciphertext[32], plaintext[16];
1150 EVP_CIPHER *type = NULL;
1151
1152 if (nullprov != NULL)
1153 return TEST_skip("Test does not support a non-default library context");
1154
1155 if (n == 0)
1156 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1157 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1158 testpropq)))
1159 goto err;
1160
1161 if (!TEST_ptr(keypair = load_example_rsa_key())
1162 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
1163 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1164 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1165 &keypair, 1))
1166 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1167 msg, sizeof(msg)))
1168 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1169 &len)))
1170 goto err;
1171
1172 ciphertext_len += len;
1173
1174 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1175 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1176 ciphertext, ciphertext_len))
1177 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1178 goto err;
1179
1180 plaintext_len += len;
1181 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1182 goto err;
1183
1184 ret = 1;
1185 err:
1186 if (n != 0)
1187 EVP_CIPHER_free(type);
1188 OPENSSL_free(kek);
1189 EVP_PKEY_free(keypair);
1190 EVP_CIPHER_CTX_free(ctx);
1191 return ret;
1192 }
1193
1194 /*
1195 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1196 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1197 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1198 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1199 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1200 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1201 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1202 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1203 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1204 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1205 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1206 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1207 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1208 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1209 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1210 * Test 15-29: Same as above with reinitialization
1211 */
1212 static int test_EVP_DigestSignInit(int tst)
1213 {
1214 int ret = 0;
1215 EVP_PKEY *pkey = NULL;
1216 unsigned char *sig = NULL, *sig2 = NULL;
1217 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
1218 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1219 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1220 BIO *mdbio = NULL, *membio = NULL;
1221 size_t written;
1222 const EVP_MD *md;
1223 EVP_MD *mdexp = NULL;
1224 int reinit = 0;
1225
1226 if (nullprov != NULL)
1227 return TEST_skip("Test does not support a non-default library context");
1228
1229 if (tst >= 15) {
1230 reinit = 1;
1231 tst -= 15;
1232 }
1233
1234 if (tst >= 6 && tst <= 8) {
1235 membio = BIO_new(BIO_s_mem());
1236 mdbio = BIO_new(BIO_f_md());
1237 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1238 goto out;
1239 BIO_push(mdbio, membio);
1240 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1241 goto out;
1242 } else {
1243 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1244 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1245 goto out;
1246 }
1247
1248 if (tst % 3 == 0) {
1249 if (!TEST_ptr(pkey = load_example_rsa_key()))
1250 goto out;
1251 } else if (tst % 3 == 1) {
1252 #ifndef OPENSSL_NO_DSA
1253 if (!TEST_ptr(pkey = load_example_dsa_key()))
1254 goto out;
1255 #else
1256 ret = 1;
1257 goto out;
1258 #endif
1259 } else {
1260 if (!TEST_ptr(pkey = load_example_hmac_key()))
1261 goto out;
1262 }
1263
1264 if (tst >= 3 && tst <= 5)
1265 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1266 else
1267 md = EVP_sha256();
1268
1269 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1270 goto out;
1271
1272 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
1273 goto out;
1274
1275 if (tst >= 6 && tst <= 8) {
1276 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1277 goto out;
1278 } else if (tst < 6) {
1279 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1280 goto out;
1281 }
1282
1283 if (tst >= 9) {
1284 /* Determine the size of the signature. */
1285 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1286 sizeof(kMsg)))
1287 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1288 goto out;
1289 if (tst <= 11) {
1290 /* Test that supply a short sig buffer fails */
1291 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1292 sizeof(kMsg))))
1293 goto out;
1294 /*
1295 * We end here because once EVP_DigestSign() has failed you should
1296 * not call it again without re-initing the ctx
1297 */
1298 ret = 1;
1299 goto out;
1300 }
1301 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1302 sizeof(kMsg))))
1303 goto out;
1304 } else {
1305 /* Determine the size of the signature. */
1306 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1307 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1308 /*
1309 * Trying to create a signature with a deliberately short
1310 * buffer should fail.
1311 */
1312 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1313 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1314 goto out;
1315 }
1316
1317 /*
1318 * Ensure that the signature round-trips (Verification isn't supported for
1319 * HMAC via EVP_DigestVerify*)
1320 */
1321 if (tst % 3 != 2) {
1322 if (tst >= 6 && tst <= 8) {
1323 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1324 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1325 goto out;
1326 }
1327
1328 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1329 NULL, pkey)))
1330 goto out;
1331
1332 if (tst >= 6 && tst <= 8) {
1333 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1334 goto out;
1335 } else {
1336 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1337 sizeof(kMsg))))
1338 goto out;
1339 }
1340 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1341 goto out;
1342
1343 /* Multiple calls to EVP_DigestVerifyFinal should work */
1344 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1345 goto out;
1346 } else {
1347 /*
1348 * For HMAC a doubled call to DigestSignFinal should produce the same
1349 * value as finalization should not happen.
1350 */
1351 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1352 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1353 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1354 goto out;
1355
1356 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1357 goto out;
1358 }
1359
1360 ret = 1;
1361
1362 out:
1363 BIO_free(membio);
1364 BIO_free(mdbio);
1365 EVP_MD_CTX_free(a_md_ctx);
1366 EVP_MD_CTX_free(a_md_ctx_verify);
1367 EVP_PKEY_free(pkey);
1368 OPENSSL_free(sig);
1369 OPENSSL_free(sig2);
1370 EVP_MD_free(mdexp);
1371
1372 return ret;
1373 }
1374
1375 static int test_EVP_DigestVerifyInit(void)
1376 {
1377 int ret = 0;
1378 EVP_PKEY *pkey = NULL;
1379 EVP_MD_CTX *md_ctx = NULL;
1380
1381 if (nullprov != NULL)
1382 return TEST_skip("Test does not support a non-default library context");
1383
1384 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1385 || !TEST_ptr(pkey = load_example_rsa_key()))
1386 goto out;
1387
1388 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1389 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1390 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1391 sizeof(kSignature)), 0))
1392 goto out;
1393
1394 /* test with reinitialization */
1395 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
1396 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1397 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1398 sizeof(kSignature)), 0))
1399 goto out;
1400 ret = 1;
1401
1402 out:
1403 EVP_MD_CTX_free(md_ctx);
1404 EVP_PKEY_free(pkey);
1405 return ret;
1406 }
1407
1408 #ifndef OPENSSL_NO_SIPHASH
1409 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
1410 static int test_siphash_digestsign(void)
1411 {
1412 unsigned char key[16];
1413 unsigned char buf[8], digest[8];
1414 unsigned char expected[8] = {
1415 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1416 };
1417 EVP_PKEY *pkey = NULL;
1418 EVP_MD_CTX *mdctx = NULL;
1419 EVP_PKEY_CTX *ctx = NULL;
1420 int ret = 0;
1421 size_t len = 8;
1422
1423 if (nullprov != NULL)
1424 return TEST_skip("Test does not support a non-default library context");
1425
1426 memset(buf, 0, 8);
1427 memset(key, 1, 16);
1428 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
1429 key, 16)))
1430 goto out;
1431
1432 if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
1433 goto out;
1434
1435 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
1436 goto out;
1437 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
1438 EVP_PKEY_CTRL_SET_DIGEST_SIZE,
1439 8, NULL), 1))
1440 goto out;
1441 /* reinitialize */
1442 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
1443 goto out;
1444 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
1445 goto out;
1446 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
1447 goto out;
1448 if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
1449 goto out;
1450
1451 ret = 1;
1452 out:
1453 EVP_PKEY_free(pkey);
1454 EVP_MD_CTX_free(mdctx);
1455 return ret;
1456 }
1457 #endif
1458
1459 /*
1460 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1461 */
1462 static int test_EVP_Digest(void)
1463 {
1464 int ret = 0;
1465 EVP_MD_CTX *md_ctx = NULL;
1466 unsigned char md[EVP_MAX_MD_SIZE];
1467 EVP_MD *sha256 = NULL;
1468 EVP_MD *shake256 = NULL;
1469
1470 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1471 goto out;
1472
1473 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1474 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1475 goto out;
1476
1477 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1478 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1479 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1480 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1481 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1482 goto out;
1483
1484 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1485 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1486 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1487 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1488 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1489 /*
1490 * EVP_DigestInit_ex with NULL type should work on
1491 * pre-initialized context.
1492 */
1493 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1494 goto out;
1495
1496 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1497 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1498 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1499 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1500 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1501 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1502 goto out;
1503 ret = 1;
1504
1505 out:
1506 EVP_MD_CTX_free(md_ctx);
1507 EVP_MD_free(sha256);
1508 EVP_MD_free(shake256);
1509 return ret;
1510 }
1511
1512 static int test_EVP_md_null(void)
1513 {
1514 int ret = 0;
1515 EVP_MD_CTX *md_ctx = NULL;
1516 const EVP_MD *md_null = EVP_md_null();
1517 unsigned char md_value[EVP_MAX_MD_SIZE];
1518 unsigned int md_len = sizeof(md_value);
1519
1520 if (nullprov != NULL)
1521 return TEST_skip("Test does not support a non-default library context");
1522
1523 if (!TEST_ptr(md_null)
1524 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1525 goto out;
1526
1527 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
1528 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
1529 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
1530 goto out;
1531
1532 if (!TEST_uint_eq(md_len, 0))
1533 goto out;
1534
1535 ret = 1;
1536 out:
1537 EVP_MD_CTX_free(md_ctx);
1538 return ret;
1539 }
1540
1541 static int test_d2i_AutoPrivateKey(int i)
1542 {
1543 int ret = 0;
1544 const unsigned char *p;
1545 EVP_PKEY *pkey = NULL;
1546 const APK_DATA *ak = &keydata[i];
1547 const unsigned char *input = ak->kder;
1548 size_t input_len = ak->size;
1549 int expected_id = ak->evptype;
1550
1551 p = input;
1552 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1553 || !TEST_ptr_eq(p, input + input_len)
1554 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
1555 goto done;
1556
1557 ret = 1;
1558
1559 done:
1560 EVP_PKEY_free(pkey);
1561 return ret;
1562 }
1563
1564 #ifndef OPENSSL_NO_EC
1565
1566 static const unsigned char ec_public_sect163k1_validxy[] = {
1567 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1568 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1569 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1570 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1571 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1572 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1573 };
1574
1575 static const unsigned char ec_public_sect163k1_badx[] = {
1576 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1577 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1578 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1579 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1580 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1581 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1582 };
1583
1584 static const unsigned char ec_public_sect163k1_bady[] = {
1585 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1586 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1587 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1588 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1589 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1590 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1591 };
1592
1593 static struct ec_der_pub_keys_st {
1594 const unsigned char *der;
1595 size_t len;
1596 int valid;
1597 } ec_der_pub_keys[] = {
1598 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1599 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1600 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1601 };
1602
1603 /*
1604 * Tests the range of the decoded EC char2 public point.
1605 * See ec_GF2m_simple_oct2point().
1606 */
1607 static int test_invalide_ec_char2_pub_range_decode(int id)
1608 {
1609 int ret = 0;
1610 EVP_PKEY *pkey;
1611
1612 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1613 ec_der_pub_keys[id].len);
1614
1615 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1616 || TEST_ptr_null(pkey);
1617 EVP_PKEY_free(pkey);
1618 return ret;
1619 }
1620
1621 /* Tests loading a bad key in PKCS8 format */
1622 static int test_EVP_PKCS82PKEY(void)
1623 {
1624 int ret = 0;
1625 const unsigned char *derp = kExampleBadECKeyDER;
1626 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1627 EVP_PKEY *pkey = NULL;
1628
1629 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1630 sizeof(kExampleBadECKeyDER))))
1631 goto done;
1632
1633 if (!TEST_ptr_eq(derp,
1634 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1635 goto done;
1636
1637 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1638 goto done;
1639
1640 ret = 1;
1641
1642 done:
1643 PKCS8_PRIV_KEY_INFO_free(p8inf);
1644 EVP_PKEY_free(pkey);
1645
1646 return ret;
1647 }
1648
1649 #endif
1650 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1651 {
1652 EVP_PKEY *pkey = NULL;
1653 EVP_PKEY *pkey2 = NULL;
1654 BIO *membio = NULL;
1655 char *membuf = NULL;
1656 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1657 int ok = 0;
1658
1659 if (testctx != NULL)
1660 /* test not supported with non-default context */
1661 return 1;
1662
1663 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1664 || !TEST_ptr(pkey = load_example_rsa_key())
1665 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1666 NULL, 0, NULL, NULL),
1667 0)
1668 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1669 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1670 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
1671 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1672 goto done;
1673 }
1674
1675 ok = 1;
1676 done:
1677 EVP_PKEY_free(pkey);
1678 EVP_PKEY_free(pkey2);
1679 PKCS8_PRIV_KEY_INFO_free(p8inf);
1680 BIO_free_all(membio);
1681 return ok;
1682 }
1683
1684 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1685 static int test_privatekey_to_pkcs8(void)
1686 {
1687 EVP_PKEY *pkey = NULL;
1688 BIO *membio = NULL;
1689 char *membuf = NULL;
1690 long membuf_len = 0;
1691 int ok = 0;
1692
1693 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1694 || !TEST_ptr(pkey = load_example_rsa_key())
1695 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1696 NULL, 0, NULL, NULL),
1697 0)
1698 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1699 || !TEST_ptr(membuf)
1700 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1701 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1702 /*
1703 * We try to write PEM as well, just to see that it doesn't err, but
1704 * assume that the result is correct.
1705 */
1706 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1707 NULL, 0, NULL, NULL),
1708 0))
1709 goto done;
1710
1711 ok = 1;
1712 done:
1713 EVP_PKEY_free(pkey);
1714 BIO_free_all(membio);
1715 return ok;
1716 }
1717
1718 #ifndef OPENSSL_NO_EC
1719 static const struct {
1720 int encoding;
1721 const char *encoding_name;
1722 } ec_encodings[] = {
1723 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1724 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1725 };
1726
1727 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1728 {
1729 const OSSL_PARAM *p;
1730 const char *enc_name = NULL;
1731 int *enc = arg;
1732 size_t i;
1733
1734 *enc = -1;
1735
1736 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1737 OSSL_PKEY_PARAM_EC_ENCODING))
1738 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1739 return 0;
1740
1741 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1742 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1743 *enc = ec_encodings[i].encoding;
1744 break;
1745 }
1746 }
1747
1748 return (*enc != -1);
1749 }
1750
1751 static int test_EC_keygen_with_enc(int idx)
1752 {
1753 EVP_PKEY *params = NULL, *key = NULL;
1754 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1755 int enc;
1756 int ret = 0;
1757
1758 enc = ec_encodings[idx].encoding;
1759
1760 /* Create key parameters */
1761 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1762 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
1763 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
1764 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1765 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
1766 || !TEST_ptr(params))
1767 goto done;
1768
1769 /* Create key */
1770 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1771 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1772 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1773 || !TEST_ptr(key))
1774 goto done;
1775
1776 /* Check that the encoding got all the way into the key */
1777 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1778 ec_export_get_encoding_cb, &enc))
1779 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1780 goto done;
1781
1782 ret = 1;
1783 done:
1784 EVP_PKEY_free(key);
1785 EVP_PKEY_free(params);
1786 EVP_PKEY_CTX_free(kctx);
1787 EVP_PKEY_CTX_free(pctx);
1788 return ret;
1789 }
1790 #endif
1791
1792 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1793
1794 static int test_EVP_SM2_verify(void)
1795 {
1796 const char *pubkey =
1797 "-----BEGIN PUBLIC KEY-----\n"
1798 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1799 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1800 "-----END PUBLIC KEY-----\n";
1801
1802 const char *msg = "message digest";
1803 const char *id = "ALICE123@YAHOO.COM";
1804
1805 const uint8_t signature[] = {
1806 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1807 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1808 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1809 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1810 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1811 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1812 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1813 };
1814
1815 int rc = 0;
1816 BIO *bio = NULL;
1817 EVP_PKEY *pkey = NULL;
1818 EVP_MD_CTX *mctx = NULL;
1819 EVP_PKEY_CTX *pctx = NULL;
1820 EVP_MD *sm3 = NULL;
1821
1822 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1823 if (!TEST_true(bio != NULL))
1824 goto done;
1825
1826 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
1827 if (!TEST_true(pkey != NULL))
1828 goto done;
1829
1830 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1831 goto done;
1832
1833 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1834 goto done;
1835
1836 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1837 goto done;
1838
1839 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1840
1841 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1842 goto done;
1843
1844 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
1845 goto done;
1846
1847 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1848 goto done;
1849
1850 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1851 goto done;
1852
1853 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
1854 goto done;
1855 rc = 1;
1856
1857 done:
1858 BIO_free(bio);
1859 EVP_PKEY_free(pkey);
1860 EVP_PKEY_CTX_free(pctx);
1861 EVP_MD_CTX_free(mctx);
1862 EVP_MD_free(sm3);
1863 return rc;
1864 }
1865
1866 static int test_EVP_SM2(void)
1867 {
1868 int ret = 0;
1869 EVP_PKEY *pkey = NULL;
1870 EVP_PKEY *pkeyparams = NULL;
1871 EVP_PKEY_CTX *pctx = NULL;
1872 EVP_PKEY_CTX *kctx = NULL;
1873 EVP_PKEY_CTX *sctx = NULL;
1874 size_t sig_len = 0;
1875 unsigned char *sig = NULL;
1876 EVP_MD_CTX *md_ctx = NULL;
1877 EVP_MD_CTX *md_ctx_verify = NULL;
1878 EVP_PKEY_CTX *cctx = NULL;
1879 EVP_MD *check_md = NULL;
1880
1881 uint8_t ciphertext[128];
1882 size_t ctext_len = sizeof(ciphertext);
1883
1884 uint8_t plaintext[8];
1885 size_t ptext_len = sizeof(plaintext);
1886
1887 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1888
1889 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1890 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1891 int i;
1892 char mdname[OSSL_MAX_NAME_SIZE];
1893
1894 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
1895 "SM2", testpropq)))
1896 goto done;
1897
1898 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1899 goto done;
1900
1901 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1902 goto done;
1903
1904 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1905 goto done;
1906
1907 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1908 pkeyparams, testpropq)))
1909 goto done;
1910
1911 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0))
1912 goto done;
1913
1914 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1915 goto done;
1916
1917 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1918 goto done;
1919
1920 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1921 goto done;
1922
1923 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1924 goto done;
1925
1926 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1927 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1928
1929 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
1930 goto done;
1931
1932 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
1933 goto done;
1934
1935 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1936 goto done;
1937
1938 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1939 goto done;
1940
1941 /* Determine the size of the signature. */
1942 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1943 goto done;
1944
1945 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1946 goto done;
1947
1948 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1949 goto done;
1950
1951 /* Ensure that the signature round-trips. */
1952
1953 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1954 pkey)))
1955 goto done;
1956
1957 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1958 goto done;
1959
1960 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1961 goto done;
1962
1963 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1964 goto done;
1965
1966 /* now check encryption/decryption */
1967
1968 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1969 mdname, sizeof(mdname));
1970 for (i = 0; i < 2; i++) {
1971 const char *mdnames[] = {
1972 #ifndef OPENSSL_NO_SM3
1973 "SM3",
1974 #else
1975 NULL,
1976 #endif
1977 "SHA2-256" };
1978 EVP_PKEY_CTX_free(cctx);
1979
1980 if (mdnames[i] == NULL)
1981 continue;
1982
1983 sparams[0] =
1984 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1985 (char *)mdnames[i], 0);
1986
1987 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1988 pkey, testpropq)))
1989 goto done;
1990
1991 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1992 goto done;
1993
1994 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1995 goto done;
1996
1997 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1998 sizeof(kMsg))))
1999 goto done;
2000
2001 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
2002 goto done;
2003
2004 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2005 goto done;
2006
2007 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
2008 ctext_len), 0))
2009 goto done;
2010
2011 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
2012 goto done;
2013
2014 /*
2015 * Test we're still using the digest we think we are.
2016 * Because of aliases, the easiest is to fetch the digest and
2017 * check the name with EVP_MD_is_a().
2018 */
2019 EVP_MD_free(check_md);
2020 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
2021 goto done;
2022 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
2023 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
2024 goto done;
2025 }
2026
2027 if (!TEST_true(ptext_len == sizeof(kMsg)))
2028 goto done;
2029
2030 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
2031 goto done;
2032 }
2033
2034 ret = 1;
2035 done:
2036 EVP_PKEY_CTX_free(pctx);
2037 EVP_PKEY_CTX_free(kctx);
2038 EVP_PKEY_CTX_free(sctx);
2039 EVP_PKEY_CTX_free(cctx);
2040 EVP_PKEY_free(pkey);
2041 EVP_PKEY_free(pkeyparams);
2042 EVP_MD_CTX_free(md_ctx);
2043 EVP_MD_CTX_free(md_ctx_verify);
2044 EVP_MD_free(check_md);
2045 OPENSSL_free(sig);
2046 return ret;
2047 }
2048
2049 #endif
2050
2051 static struct keys_st {
2052 int type;
2053 char *priv;
2054 char *pub;
2055 } keys[] = {
2056 {
2057 EVP_PKEY_HMAC, "0123456789", NULL
2058 },
2059 {
2060 EVP_PKEY_HMAC, "", NULL
2061 #ifndef OPENSSL_NO_POLY1305
2062 }, {
2063 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
2064 #endif
2065 #ifndef OPENSSL_NO_SIPHASH
2066 }, {
2067 EVP_PKEY_SIPHASH, "0123456789012345", NULL
2068 #endif
2069 },
2070 #ifndef OPENSSL_NO_EC
2071 {
2072 EVP_PKEY_X25519, "01234567890123456789012345678901",
2073 "abcdefghijklmnopqrstuvwxyzabcdef"
2074 }, {
2075 EVP_PKEY_ED25519, "01234567890123456789012345678901",
2076 "abcdefghijklmnopqrstuvwxyzabcdef"
2077 }, {
2078 EVP_PKEY_X448,
2079 "01234567890123456789012345678901234567890123456789012345",
2080 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2081 }, {
2082 EVP_PKEY_ED448,
2083 "012345678901234567890123456789012345678901234567890123456",
2084 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2085 }
2086 #endif
2087 };
2088
2089 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
2090 {
2091 int ret = 0;
2092 unsigned char buf[80];
2093 unsigned char *in;
2094 size_t inlen, len = 0, shortlen = 1;
2095 EVP_PKEY *pkey;
2096
2097 /* Check if this algorithm supports public keys */
2098 if (pub && keys[tst].pub == NULL)
2099 return 1;
2100
2101 memset(buf, 0, sizeof(buf));
2102
2103 if (pub) {
2104 #ifndef OPENSSL_NO_EC
2105 inlen = strlen(keys[tst].pub);
2106 in = (unsigned char *)keys[tst].pub;
2107 if (uselibctx) {
2108 pkey = EVP_PKEY_new_raw_public_key_ex(
2109 testctx,
2110 OBJ_nid2sn(keys[tst].type),
2111 NULL,
2112 in,
2113 inlen);
2114 } else {
2115 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
2116 NULL,
2117 in,
2118 inlen);
2119 }
2120 #else
2121 return 1;
2122 #endif
2123 } else {
2124 inlen = strlen(keys[tst].priv);
2125 in = (unsigned char *)keys[tst].priv;
2126 if (uselibctx) {
2127 pkey = EVP_PKEY_new_raw_private_key_ex(
2128 testctx, OBJ_nid2sn(keys[tst].type),
2129 NULL,
2130 in,
2131 inlen);
2132 } else {
2133 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
2134 NULL,
2135 in,
2136 inlen);
2137 }
2138 }
2139
2140 if (!TEST_ptr(pkey)
2141 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
2142 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
2143 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
2144 || !TEST_true(len == inlen))
2145 goto done;
2146 if (tst != 1) {
2147 /*
2148 * Test that supplying a buffer that is too small fails. Doesn't apply
2149 * to HMAC with a zero length key
2150 */
2151 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
2152 &shortlen)))
2153 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
2154 &shortlen))))
2155 goto done;
2156 }
2157 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
2158 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
2159 || !TEST_mem_eq(in, inlen, buf, len))
2160 goto done;
2161
2162 ret = 1;
2163 done:
2164 EVP_PKEY_free(pkey);
2165 return ret;
2166 }
2167
2168 static int test_set_get_raw_keys(int tst)
2169 {
2170 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
2171 && test_set_get_raw_keys_int(tst, 0, 1)
2172 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
2173 && test_set_get_raw_keys_int(tst, 1, 1);
2174 }
2175
2176 #ifndef OPENSSL_NO_DEPRECATED_3_0
2177 static int pkey_custom_check(EVP_PKEY *pkey)
2178 {
2179 return 0xbeef;
2180 }
2181
2182 static int pkey_custom_pub_check(EVP_PKEY *pkey)
2183 {
2184 return 0xbeef;
2185 }
2186
2187 static int pkey_custom_param_check(EVP_PKEY *pkey)
2188 {
2189 return 0xbeef;
2190 }
2191
2192 static EVP_PKEY_METHOD *custom_pmeth;
2193 #endif
2194
2195 static int test_EVP_PKEY_check(int i)
2196 {
2197 int ret = 0;
2198 EVP_PKEY *pkey = NULL;
2199 EVP_PKEY_CTX *ctx = NULL;
2200 #ifndef OPENSSL_NO_DEPRECATED_3_0
2201 EVP_PKEY_CTX *ctx2 = NULL;
2202 #endif
2203 const APK_DATA *ak = &keycheckdata[i];
2204 const unsigned char *input = ak->kder;
2205 size_t input_len = ak->size;
2206 int expected_id = ak->evptype;
2207 int expected_check = ak->check;
2208 int expected_pub_check = ak->pub_check;
2209 int expected_param_check = ak->param_check;
2210 int type = ak->type;
2211
2212 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
2213 goto done;
2214 if (type == 0
2215 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2216 goto done;
2217
2218 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2219 goto done;
2220
2221 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
2222 goto done;
2223
2224 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
2225 goto done;
2226
2227 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
2228 goto done;
2229
2230 #ifndef OPENSSL_NO_DEPRECATED_3_0
2231 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
2232 /* assign the pkey directly, as an internal test */
2233 EVP_PKEY_up_ref(pkey);
2234 ctx2->pkey = pkey;
2235
2236 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
2237 goto done;
2238
2239 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
2240 goto done;
2241
2242 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
2243 goto done;
2244 #endif
2245
2246 ret = 1;
2247
2248 done:
2249 EVP_PKEY_CTX_free(ctx);
2250 #ifndef OPENSSL_NO_DEPRECATED_3_0
2251 EVP_PKEY_CTX_free(ctx2);
2252 #endif
2253 EVP_PKEY_free(pkey);
2254 return ret;
2255 }
2256
2257 #ifndef OPENSSL_NO_CMAC
2258 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
2259 {
2260 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
2261 const char msg[] = "Hello World";
2262 size_t maclen = AES_BLOCK_SIZE;
2263 int ret = 1;
2264
2265 if (!TEST_ptr(mdctx)
2266 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
2267 testpropq, pkey, NULL))
2268 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
2269 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
2270 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
2271 ret = 0;
2272
2273 EVP_MD_CTX_free(mdctx);
2274
2275 return ret;
2276 }
2277 static int test_CMAC_keygen(void)
2278 {
2279 static unsigned char key[] = {
2280 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2281 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2282 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2283 };
2284 EVP_PKEY_CTX *kctx = NULL;
2285 int ret = 0;
2286 EVP_PKEY *pkey = NULL;
2287 unsigned char mac[AES_BLOCK_SIZE];
2288 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2289 unsigned char mac2[AES_BLOCK_SIZE];
2290 # endif
2291
2292 if (nullprov != NULL)
2293 return TEST_skip("Test does not support a non-default library context");
2294
2295 /*
2296 * This is a legacy method for CMACs, but should still work.
2297 * This verifies that it works without an ENGINE.
2298 */
2299 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2300
2301 /* Test a CMAC key created using the "generated" method */
2302 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2303 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2304 EVP_PKEY_CTRL_CIPHER,
2305 0, (void *)EVP_aes_256_ecb()), 0)
2306 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2307 EVP_PKEY_CTRL_SET_MAC_KEY,
2308 sizeof(key), (void *)key), 0)
2309 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2310 || !TEST_ptr(pkey)
2311 || !TEST_true(get_cmac_val(pkey, mac)))
2312 goto done;
2313
2314 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2315 EVP_PKEY_free(pkey);
2316
2317 /*
2318 * Test a CMAC key using the direct method, and compare with the mac
2319 * created above.
2320 */
2321 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
2322 if (!TEST_ptr(pkey)
2323 || !TEST_true(get_cmac_val(pkey, mac2))
2324 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
2325 goto done;
2326 # endif
2327
2328 ret = 1;
2329
2330 done:
2331 EVP_PKEY_free(pkey);
2332 EVP_PKEY_CTX_free(kctx);
2333 return ret;
2334 }
2335 #endif
2336
2337 static int test_HKDF(void)
2338 {
2339 EVP_PKEY_CTX *pctx;
2340 unsigned char out[20];
2341 size_t outlen;
2342 int i, ret = 0;
2343 unsigned char salt[] = "0123456789";
2344 unsigned char key[] = "012345678901234567890123456789";
2345 unsigned char info[] = "infostring";
2346 const unsigned char expected[] = {
2347 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2348 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2349 };
2350 size_t expectedlen = sizeof(expected);
2351
2352 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2353 goto done;
2354
2355 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2356 for (i = 0; i < 2; i++) {
2357 outlen = sizeof(out);
2358 memset(out, 0, outlen);
2359
2360 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2361 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2362 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2363 sizeof(salt) - 1), 0)
2364 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2365 sizeof(key) - 1), 0)
2366 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2367 sizeof(info) - 1), 0)
2368 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2369 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2370 goto done;
2371 }
2372
2373 ret = 1;
2374
2375 done:
2376 EVP_PKEY_CTX_free(pctx);
2377
2378 return ret;
2379 }
2380
2381 static int test_emptyikm_HKDF(void)
2382 {
2383 EVP_PKEY_CTX *pctx;
2384 unsigned char out[20];
2385 size_t outlen;
2386 int ret = 0;
2387 unsigned char salt[] = "9876543210";
2388 unsigned char key[] = "";
2389 unsigned char info[] = "stringinfo";
2390 const unsigned char expected[] = {
2391 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2392 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2393 };
2394 size_t expectedlen = sizeof(expected);
2395
2396 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2397 goto done;
2398
2399 outlen = sizeof(out);
2400 memset(out, 0, outlen);
2401
2402 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2403 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2404 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2405 sizeof(salt) - 1), 0)
2406 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2407 sizeof(key) - 1), 0)
2408 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2409 sizeof(info) - 1), 0)
2410 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2411 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2412 goto done;
2413
2414 ret = 1;
2415
2416 done:
2417 EVP_PKEY_CTX_free(pctx);
2418
2419 return ret;
2420 }
2421
2422 #ifndef OPENSSL_NO_EC
2423 static int test_X509_PUBKEY_inplace(void)
2424 {
2425 int ret = 0;
2426 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
2427 const unsigned char *p = kExampleECPubKeyDER;
2428 size_t input_len = sizeof(kExampleECPubKeyDER);
2429
2430 if (!TEST_ptr(xp))
2431 goto done;
2432 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
2433 goto done;
2434
2435 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2436 goto done;
2437
2438 p = kExampleBadECPubKeyDER;
2439 input_len = sizeof(kExampleBadECPubKeyDER);
2440
2441 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2442 goto done;
2443
2444 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2445 goto done;
2446
2447 ret = 1;
2448
2449 done:
2450 X509_PUBKEY_free(xp);
2451 return ret;
2452 }
2453
2454 static int test_X509_PUBKEY_dup(void)
2455 {
2456 int ret = 0;
2457 X509_PUBKEY *xp = NULL, *xq = NULL;
2458 const unsigned char *p = kExampleECPubKeyDER;
2459 size_t input_len = sizeof(kExampleECPubKeyDER);
2460
2461 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2462 if (!TEST_ptr(xp)
2463 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
2464 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2465 || !TEST_ptr_ne(xp, xq))
2466 goto done;
2467
2468 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2469 || !TEST_ptr(X509_PUBKEY_get0(xp))
2470 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
2471 goto done;
2472
2473 X509_PUBKEY_free(xq);
2474 xq = NULL;
2475 p = kExampleBadECPubKeyDER;
2476 input_len = sizeof(kExampleBadECPubKeyDER);
2477
2478 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2479 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2480 goto done;
2481
2482 X509_PUBKEY_free(xp);
2483 xp = NULL;
2484 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2485 goto done;
2486
2487 ret = 1;
2488
2489 done:
2490 X509_PUBKEY_free(xp);
2491 X509_PUBKEY_free(xq);
2492 return ret;
2493 }
2494 #endif /* OPENSSL_NO_EC */
2495
2496 /* Test getting and setting parameters on an EVP_PKEY_CTX */
2497 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
2498 {
2499 EVP_MD_CTX *mdctx = NULL;
2500 EVP_PKEY_CTX *ctx = NULL;
2501 const OSSL_PARAM *params;
2502 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
2503 int ret = 0;
2504 const EVP_MD *md;
2505 char mdname[OSSL_MAX_NAME_SIZE];
2506 char ssl3ms[48];
2507
2508 /* Initialise a sign operation */
2509 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
2510 if (!TEST_ptr(ctx)
2511 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
2512 goto err;
2513
2514 /*
2515 * We should be able to query the parameters now.
2516 */
2517 params = EVP_PKEY_CTX_settable_params(ctx);
2518 if (!TEST_ptr(params)
2519 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2520 OSSL_SIGNATURE_PARAM_DIGEST)))
2521 goto err;
2522
2523 params = EVP_PKEY_CTX_gettable_params(ctx);
2524 if (!TEST_ptr(params)
2525 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2526 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
2527 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2528 OSSL_SIGNATURE_PARAM_DIGEST)))
2529 goto err;
2530
2531 /*
2532 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2533 * EVP_PKEY_CTX_get_params()
2534 */
2535 strcpy(mdname, "SHA512");
2536 param_md = param;
2537 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2538 mdname, 0);
2539 *param++ = OSSL_PARAM_construct_end();
2540
2541 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2542 goto err;
2543
2544 mdname[0] = '\0';
2545 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2546 mdname, sizeof(mdname));
2547 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
2548 || !TEST_str_eq(mdname, "SHA512"))
2549 goto err;
2550
2551 /*
2552 * Test the TEST_PKEY_CTX_set_signature_md() and
2553 * TEST_PKEY_CTX_get_signature_md() functions
2554 */
2555 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2556 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2557 || !TEST_ptr_eq(md, EVP_sha256()))
2558 goto err;
2559
2560 /*
2561 * Test getting MD parameters via an associated EVP_PKEY_CTX
2562 */
2563 mdctx = EVP_MD_CTX_new();
2564 if (!TEST_ptr(mdctx)
2565 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2566 pkey, NULL)))
2567 goto err;
2568
2569 /*
2570 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2571 * able to obtain the digest's settable parameters from the provider.
2572 */
2573 params = EVP_MD_CTX_settable_params(mdctx);
2574 if (!TEST_ptr(params)
2575 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2576 /* The final key should be NULL */
2577 || !TEST_ptr_null(params[1].key))
2578 goto err;
2579
2580 param = ourparams;
2581 memset(ssl3ms, 0, sizeof(ssl3ms));
2582 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2583 ssl3ms, sizeof(ssl3ms));
2584 *param++ = OSSL_PARAM_construct_end();
2585
2586 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2587 goto err;
2588
2589 ret = 1;
2590
2591 err:
2592 EVP_MD_CTX_free(mdctx);
2593 EVP_PKEY_CTX_free(ctx);
2594
2595 return ret;
2596 }
2597
2598 #ifndef OPENSSL_NO_DSA
2599 static int test_DSA_get_set_params(void)
2600 {
2601 OSSL_PARAM_BLD *bld = NULL;
2602 OSSL_PARAM *params = NULL;
2603 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2604 EVP_PKEY_CTX *pctx = NULL;
2605 EVP_PKEY *pkey = NULL;
2606 int ret = 0;
2607
2608 /*
2609 * Setup the parameters for our DSA object. For our purposes they don't
2610 * have to actually be *valid* parameters. We just need to set something.
2611 */
2612 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2613 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2614 || !TEST_ptr(p = BN_new())
2615 || !TEST_ptr(q = BN_new())
2616 || !TEST_ptr(g = BN_new())
2617 || !TEST_ptr(pub = BN_new())
2618 || !TEST_ptr(priv = BN_new()))
2619 goto err;
2620 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2621 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2622 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2623 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2624 pub))
2625 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2626 priv)))
2627 goto err;
2628 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2629 goto err;
2630
2631 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2632 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2633 params), 0))
2634 goto err;
2635
2636 if (!TEST_ptr(pkey))
2637 goto err;
2638
2639 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2640
2641 err:
2642 EVP_PKEY_free(pkey);
2643 EVP_PKEY_CTX_free(pctx);
2644 OSSL_PARAM_free(params);
2645 OSSL_PARAM_BLD_free(bld);
2646 BN_free(p);
2647 BN_free(q);
2648 BN_free(g);
2649 BN_free(pub);
2650 BN_free(priv);
2651
2652 return ret;
2653 }
2654
2655 /*
2656 * Test combinations of private, public, missing and private + public key
2657 * params to ensure they are all accepted
2658 */
2659 static int test_DSA_priv_pub(void)
2660 {
2661 return test_EVP_PKEY_ffc_priv_pub("DSA");
2662 }
2663
2664 #endif /* !OPENSSL_NO_DSA */
2665
2666 static int test_RSA_get_set_params(void)
2667 {
2668 OSSL_PARAM_BLD *bld = NULL;
2669 OSSL_PARAM *params = NULL;
2670 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2671 EVP_PKEY_CTX *pctx = NULL;
2672 EVP_PKEY *pkey = NULL;
2673 int ret = 0;
2674
2675 /*
2676 * Setup the parameters for our RSA object. For our purposes they don't
2677 * have to actually be *valid* parameters. We just need to set something.
2678 */
2679 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2680 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2681 || !TEST_ptr(n = BN_new())
2682 || !TEST_ptr(e = BN_new())
2683 || !TEST_ptr(d = BN_new()))
2684 goto err;
2685 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2686 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2687 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2688 goto err;
2689 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2690 goto err;
2691
2692 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2693 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2694 params), 0))
2695 goto err;
2696
2697 if (!TEST_ptr(pkey))
2698 goto err;
2699
2700 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2701
2702 err:
2703 EVP_PKEY_free(pkey);
2704 EVP_PKEY_CTX_free(pctx);
2705 OSSL_PARAM_free(params);
2706 OSSL_PARAM_BLD_free(bld);
2707 BN_free(n);
2708 BN_free(e);
2709 BN_free(d);
2710
2711 return ret;
2712 }
2713
2714 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2715 static int test_decrypt_null_chunks(void)
2716 {
2717 EVP_CIPHER_CTX* ctx = NULL;
2718 EVP_CIPHER *cipher = NULL;
2719 const unsigned char key[32] = {
2720 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2721 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2722 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2723 };
2724 unsigned char iv[12] = {
2725 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2726 };
2727 unsigned char msg[] = "It was the best of times, it was the worst of times";
2728 unsigned char ciphertext[80];
2729 unsigned char plaintext[80];
2730 /* We initialise tmp to a non zero value on purpose */
2731 int ctlen, ptlen, tmp = 99;
2732 int ret = 0;
2733 const int enc_offset = 10, dec_offset = 20;
2734
2735 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2736 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2737 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
2738 key, iv))
2739 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2740 enc_offset))
2741 /* Deliberate add a zero length update */
2742 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2743 0))
2744 || !TEST_int_eq(tmp, 0)
2745 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2746 msg + enc_offset,
2747 sizeof(msg) - enc_offset))
2748 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2749 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2750 || !TEST_int_eq(tmp, 0))
2751 goto err;
2752
2753 /* Deliberately initialise tmp to a non zero value */
2754 tmp = 99;
2755 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
2756 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2757 dec_offset))
2758 /*
2759 * Deliberately add a zero length update. We also deliberately do
2760 * this at a different offset than for encryption.
2761 */
2762 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2763 0))
2764 || !TEST_int_eq(tmp, 0)
2765 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2766 ciphertext + dec_offset,
2767 ctlen - dec_offset))
2768 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2769 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2770 || !TEST_int_eq(tmp, 0)
2771 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2772 goto err;
2773
2774 ret = 1;
2775 err:
2776 EVP_CIPHER_CTX_free(ctx);
2777 EVP_CIPHER_free(cipher);
2778 return ret;
2779 }
2780 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2781
2782 #ifndef OPENSSL_NO_DH
2783 /*
2784 * Test combinations of private, public, missing and private + public key
2785 * params to ensure they are all accepted
2786 */
2787 static int test_DH_priv_pub(void)
2788 {
2789 return test_EVP_PKEY_ffc_priv_pub("DH");
2790 }
2791
2792 # ifndef OPENSSL_NO_DEPRECATED_3_0
2793 static int test_EVP_PKEY_set1_DH(void)
2794 {
2795 DH *x942dh = NULL, *noqdh = NULL;
2796 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
2797 int ret = 0;
2798 BIGNUM *p, *g = NULL;
2799 BIGNUM *pubkey = NULL;
2800 unsigned char pub[2048 / 8];
2801 size_t len = 0;
2802
2803 if (!TEST_ptr(p = BN_new())
2804 || !TEST_ptr(g = BN_new())
2805 || !TEST_ptr(pubkey = BN_new())
2806 || !TEST_true(BN_set_word(p, 9999))
2807 || !TEST_true(BN_set_word(g, 2))
2808 || !TEST_true(BN_set_word(pubkey, 4321))
2809 || !TEST_ptr(noqdh = DH_new())
2810 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
2811 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
2812 || !TEST_ptr(pubkey = BN_new())
2813 || !TEST_true(BN_set_word(pubkey, 4321)))
2814 goto err;
2815 p = g = NULL;
2816
2817 x942dh = DH_get_2048_256();
2818 pkey1 = EVP_PKEY_new();
2819 pkey2 = EVP_PKEY_new();
2820 if (!TEST_ptr(x942dh)
2821 || !TEST_ptr(noqdh)
2822 || !TEST_ptr(pkey1)
2823 || !TEST_ptr(pkey2)
2824 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
2825 goto err;
2826 pubkey = NULL;
2827
2828 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2829 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
2830 goto err;
2831
2832 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
2833 &pubkey))
2834 || !TEST_ptr(pubkey))
2835 goto err;
2836
2837 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
2838 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
2839 goto err;
2840
2841 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
2842 OSSL_PKEY_PARAM_PUB_KEY,
2843 pub, sizeof(pub), &len))
2844 || !TEST_size_t_ne(len, 0))
2845 goto err;
2846
2847 ret = 1;
2848 err:
2849 BN_free(p);
2850 BN_free(g);
2851 BN_free(pubkey);
2852 EVP_PKEY_free(pkey1);
2853 EVP_PKEY_free(pkey2);
2854 DH_free(x942dh);
2855 DH_free(noqdh);
2856
2857 return ret;
2858 }
2859 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2860 #endif /* !OPENSSL_NO_DH */
2861
2862 /*
2863 * We test what happens with an empty template. For the sake of this test,
2864 * the template must be ignored, and we know that's the case for RSA keys
2865 * (this might arguably be a misfeature, but that's what we currently do,
2866 * even in provider code, since that's how the legacy RSA implementation
2867 * does things)
2868 */
2869 static int test_keygen_with_empty_template(int n)
2870 {
2871 EVP_PKEY_CTX *ctx = NULL;
2872 EVP_PKEY *pkey = NULL;
2873 EVP_PKEY *tkey = NULL;
2874 int ret = 0;
2875
2876 if (nullprov != NULL)
2877 return TEST_skip("Test does not support a non-default library context");
2878
2879 switch (n) {
2880 case 0:
2881 /* We do test with no template at all as well */
2882 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2883 goto err;
2884 break;
2885 case 1:
2886 /* Here we create an empty RSA key that serves as our template */
2887 if (!TEST_ptr(tkey = EVP_PKEY_new())
2888 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2889 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2890 goto err;
2891 break;
2892 }
2893
2894 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2895 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2896 goto err;
2897
2898 ret = 1;
2899 err:
2900 EVP_PKEY_CTX_free(ctx);
2901 EVP_PKEY_free(pkey);
2902 EVP_PKEY_free(tkey);
2903 return ret;
2904 }
2905
2906 /*
2907 * Test that we fail if we attempt to use an algorithm that is not available
2908 * in the current library context (unless we are using an algorithm that
2909 * should be made available via legacy codepaths).
2910 *
2911 * 0: RSA
2912 * 1: SM2
2913 */
2914 static int test_pkey_ctx_fail_without_provider(int tst)
2915 {
2916 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
2917 OSSL_PROVIDER *tmpnullprov = NULL;
2918 EVP_PKEY_CTX *pctx = NULL;
2919 const char *keytype = NULL;
2920 int expect_null = 0;
2921 int ret = 0;
2922
2923 if (!TEST_ptr(tmpctx))
2924 goto err;
2925
2926 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
2927 if (!TEST_ptr(tmpnullprov))
2928 goto err;
2929
2930 /*
2931 * We check for certain algos in the null provider.
2932 * If an algo is expected to have a provider keymgmt, constructing an
2933 * EVP_PKEY_CTX is expected to fail (return NULL).
2934 * Otherwise, if it's expected to have legacy support, constructing an
2935 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2936 */
2937 switch (tst) {
2938 case 0:
2939 keytype = "RSA";
2940 expect_null = 1;
2941 break;
2942 case 1:
2943 keytype = "SM2";
2944 expect_null = 1;
2945 #ifdef OPENSSL_NO_EC
2946 TEST_info("EC disable, skipping SM2 check...");
2947 goto end;
2948 #endif
2949 #ifdef OPENSSL_NO_SM2
2950 TEST_info("SM2 disable, skipping SM2 check...");
2951 goto end;
2952 #endif
2953 break;
2954 default:
2955 TEST_error("No test for case %d", tst);
2956 goto err;
2957 }
2958
2959 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2960 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
2961 goto err;
2962
2963 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2964 end:
2965 #endif
2966 ret = 1;
2967
2968 err:
2969 EVP_PKEY_CTX_free(pctx);
2970 OSSL_PROVIDER_unload(tmpnullprov);
2971 OSSL_LIB_CTX_free(tmpctx);
2972 return ret;
2973 }
2974
2975 static int test_rand_agglomeration(void)
2976 {
2977 EVP_RAND *rand;
2978 EVP_RAND_CTX *ctx;
2979 OSSL_PARAM params[3], *p = params;
2980 int res;
2981 unsigned int step = 7;
2982 static unsigned char seed[] = "It does not matter how slowly you go "
2983 "as long as you do not stop.";
2984 unsigned char out[sizeof(seed)];
2985
2986 if (!TEST_int_ne(sizeof(seed) % step, 0)
2987 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
2988 return 0;
2989 ctx = EVP_RAND_CTX_new(rand, NULL);
2990 EVP_RAND_free(rand);
2991 if (!TEST_ptr(ctx))
2992 return 0;
2993
2994 memset(out, 0, sizeof(out));
2995 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2996 seed, sizeof(seed));
2997 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
2998 *p = OSSL_PARAM_construct_end();
2999 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
3000 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
3001 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
3002 EVP_RAND_CTX_free(ctx);
3003 return res;
3004 }
3005
3006 /*
3007 * Test that we correctly return the original or "running" IV after
3008 * an encryption operation.
3009 * Run multiple times for some different relevant algorithms/modes.
3010 */
3011 static int test_evp_iv_aes(int idx)
3012 {
3013 int ret = 0;
3014 EVP_CIPHER_CTX *ctx = NULL;
3015 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
3016 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
3017 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
3018 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
3019 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
3020 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3021 9, 10, 11, 12, 13, 14, 15, 16 };
3022 unsigned char ciphertext[32], oiv[16], iv[16];
3023 unsigned char *ref_iv;
3024 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
3025 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
3026
3027 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
3028 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
3029 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
3030 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
3031 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3032 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3033 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
3034 #ifndef OPENSSL_NO_OCB
3035 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3036 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3037 #endif
3038 int len = sizeof(ciphertext);
3039 size_t ivlen, ref_len;
3040 const EVP_CIPHER *type = NULL;
3041 int iv_reset = 0;
3042
3043 if (nullprov != NULL && idx < 6)
3044 return TEST_skip("Test does not support a non-default library context");
3045
3046 switch (idx) {
3047 case 0:
3048 type = EVP_aes_128_cbc();
3049 /* FALLTHROUGH */
3050 case 6:
3051 type = (type != NULL) ? type :
3052 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
3053 ref_iv = cbc_state;
3054 ref_len = sizeof(cbc_state);
3055 iv_reset = 1;
3056 break;
3057 case 1:
3058 type = EVP_aes_128_ofb();
3059 /* FALLTHROUGH */
3060 case 7:
3061 type = (type != NULL) ? type :
3062 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
3063 ref_iv = ofb_state;
3064 ref_len = sizeof(ofb_state);
3065 iv_reset = 1;
3066 break;
3067 case 2:
3068 type = EVP_aes_128_cfb();
3069 /* FALLTHROUGH */
3070 case 8:
3071 type = (type != NULL) ? type :
3072 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
3073 ref_iv = cfb_state;
3074 ref_len = sizeof(cfb_state);
3075 iv_reset = 1;
3076 break;
3077 case 3:
3078 type = EVP_aes_128_gcm();
3079 /* FALLTHROUGH */
3080 case 9:
3081 type = (type != NULL) ? type :
3082 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
3083 ref_iv = gcm_state;
3084 ref_len = sizeof(gcm_state);
3085 break;
3086 case 4:
3087 type = EVP_aes_128_ccm();
3088 /* FALLTHROUGH */
3089 case 10:
3090 type = (type != NULL) ? type :
3091 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
3092 ref_iv = ccm_state;
3093 ref_len = sizeof(ccm_state);
3094 break;
3095 #ifdef OPENSSL_NO_OCB
3096 case 5:
3097 case 11:
3098 return 1;
3099 #else
3100 case 5:
3101 type = EVP_aes_128_ocb();
3102 /* FALLTHROUGH */
3103 case 11:
3104 type = (type != NULL) ? type :
3105 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
3106 ref_iv = ocb_state;
3107 ref_len = sizeof(ocb_state);
3108 break;
3109 #endif
3110 default:
3111 return 0;
3112 }
3113
3114 if (!TEST_ptr(type)
3115 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3116 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3117 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3118 (int)sizeof(msg)))
3119 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3120 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3121 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3122 goto err;
3123 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3124 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3125 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3126 goto err;
3127
3128 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3129 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3130 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3131 goto err;
3132 if (iv_reset) {
3133 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3134 goto err;
3135 } else {
3136 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
3137 goto err;
3138 }
3139
3140 ret = 1;
3141 err:
3142 EVP_CIPHER_CTX_free(ctx);
3143 if (idx >= 6)
3144 EVP_CIPHER_free((EVP_CIPHER *)type);
3145 return ret;
3146 }
3147
3148 #ifndef OPENSSL_NO_DES
3149 static int test_evp_iv_des(int idx)
3150 {
3151 int ret = 0;
3152 EVP_CIPHER_CTX *ctx = NULL;
3153 static const unsigned char key[24] = {
3154 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3155 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3156 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3157 };
3158 static const unsigned char init_iv[8] = {
3159 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3160 };
3161 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3162 9, 10, 11, 12, 13, 14, 15, 16 };
3163 unsigned char ciphertext[32], oiv[8], iv[8];
3164 unsigned const char *ref_iv;
3165 static const unsigned char cbc_state_des[8] = {
3166 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3167 };
3168 static const unsigned char cbc_state_3des[8] = {
3169 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3170 };
3171 static const unsigned char ofb_state_des[8] = {
3172 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3173 };
3174 static const unsigned char ofb_state_3des[8] = {
3175 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3176 };
3177 static const unsigned char cfb_state_des[8] = {
3178 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3179 };
3180 static const unsigned char cfb_state_3des[8] = {
3181 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3182 };
3183 int len = sizeof(ciphertext);
3184 size_t ivlen, ref_len;
3185 EVP_CIPHER *type = NULL;
3186
3187 if (lgcyprov == NULL && idx < 3)
3188 return TEST_skip("Test requires legacy provider to be loaded");
3189
3190 switch (idx) {
3191 case 0:
3192 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
3193 ref_iv = cbc_state_des;
3194 ref_len = sizeof(cbc_state_des);
3195 break;
3196 case 1:
3197 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
3198 ref_iv = ofb_state_des;
3199 ref_len = sizeof(ofb_state_des);
3200 break;
3201 case 2:
3202 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
3203 ref_iv = cfb_state_des;
3204 ref_len = sizeof(cfb_state_des);
3205 break;
3206 case 3:
3207 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
3208 ref_iv = cbc_state_3des;
3209 ref_len = sizeof(cbc_state_3des);
3210 break;
3211 case 4:
3212 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
3213 ref_iv = ofb_state_3des;
3214 ref_len = sizeof(ofb_state_3des);
3215 break;
3216 case 5:
3217 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
3218 ref_iv = cfb_state_3des;
3219 ref_len = sizeof(cfb_state_3des);
3220 break;
3221 default:
3222 return 0;
3223 }
3224
3225 if (!TEST_ptr(type)
3226 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3227 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3228 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3229 (int)sizeof(msg)))
3230 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3231 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3232 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3233 goto err;
3234 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3235 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3236 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3237 goto err;
3238
3239 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3240 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3241 goto err;
3242 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3243 goto err;
3244
3245 ret = 1;
3246 err:
3247 EVP_CIPHER_CTX_free(ctx);
3248 EVP_CIPHER_free(type);
3249 return ret;
3250 }
3251 #endif
3252
3253 #ifndef OPENSSL_NO_EC
3254 static int ecpub_nids[] = {
3255 NID_brainpoolP256r1, NID_X9_62_prime256v1,
3256 NID_secp384r1, NID_secp521r1,
3257 # ifndef OPENSSL_NO_EC2M
3258 NID_sect233k1, NID_sect233r1, NID_sect283r1,
3259 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
3260 # endif
3261 NID_brainpoolP384r1, NID_brainpoolP512r1
3262 };
3263
3264 static int test_ecpub(int idx)
3265 {
3266 int ret = 0, len, savelen;
3267 int nid;
3268 unsigned char buf[1024];
3269 unsigned char *p;
3270 EVP_PKEY *pkey = NULL;
3271 EVP_PKEY_CTX *ctx = NULL;
3272 # ifndef OPENSSL_NO_DEPRECATED_3_0
3273 const unsigned char *q;
3274 EVP_PKEY *pkey2 = NULL;
3275 EC_KEY *ec = NULL;
3276 # endif
3277
3278 if (nullprov != NULL)
3279 return TEST_skip("Test does not support a non-default library context");
3280
3281 nid = ecpub_nids[idx];
3282
3283 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
3284 if (!TEST_ptr(ctx)
3285 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3286 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid))
3287 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
3288 goto done;
3289 len = i2d_PublicKey(pkey, NULL);
3290 savelen = len;
3291 if (!TEST_int_ge(len, 1)
3292 || !TEST_int_lt(len, 1024))
3293 goto done;
3294 p = buf;
3295 len = i2d_PublicKey(pkey, &p);
3296 if (!TEST_int_ge(len, 1)
3297 || !TEST_int_eq(len, savelen))
3298 goto done;
3299
3300 # ifndef OPENSSL_NO_DEPRECATED_3_0
3301 /* Now try to decode the just-created DER. */
3302 q = buf;
3303 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
3304 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
3305 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
3306 goto done;
3307 /* EC_KEY ownership transferred */
3308 ec = NULL;
3309 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
3310 goto done;
3311 /* The keys should match. */
3312 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
3313 goto done;
3314 # endif
3315
3316 ret = 1;
3317
3318 done:
3319 EVP_PKEY_CTX_free(ctx);
3320 EVP_PKEY_free(pkey);
3321 # ifndef OPENSSL_NO_DEPRECATED_3_0
3322 EVP_PKEY_free(pkey2);
3323 EC_KEY_free(ec);
3324 # endif
3325 return ret;
3326 }
3327 #endif
3328
3329 static int test_EVP_rsa_pss_with_keygen_bits(void)
3330 {
3331 int ret = 0;
3332 EVP_PKEY_CTX *ctx = NULL;
3333 EVP_PKEY *pkey = NULL;
3334 EVP_MD *md;
3335
3336 md = EVP_MD_fetch(testctx, "sha256", testpropq);
3337 ret = TEST_ptr(md)
3338 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", testpropq)))
3339 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3340 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
3341 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
3342 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
3343
3344 EVP_MD_free(md);
3345 EVP_PKEY_free(pkey);
3346 EVP_PKEY_CTX_free(ctx);
3347 return ret;
3348 }
3349
3350 static int test_EVP_rsa_pss_set_saltlen(void)
3351 {
3352 int ret = 0;
3353 EVP_PKEY *pkey = NULL;
3354 EVP_PKEY_CTX *pkey_ctx = NULL;
3355 EVP_MD *sha256 = NULL;
3356 EVP_MD_CTX *sha256_ctx = NULL;
3357 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
3358 const int test_value = 32;
3359
3360 ret = TEST_ptr(pkey = load_example_rsa_key())
3361 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
3362 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
3363 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
3364 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
3365 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value))
3366 && TEST_true(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen))
3367 && TEST_int_eq(saltlen, test_value);
3368
3369 EVP_MD_CTX_free(sha256_ctx);
3370 EVP_PKEY_free(pkey);
3371 EVP_MD_free(sha256);
3372
3373 return ret;
3374 }
3375
3376 static int success = 1;
3377 static void md_names(const char *name, void *vctx)
3378 {
3379 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
3380 /* Force a namemap update */
3381 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
3382
3383 if (!TEST_ptr(aes128))
3384 success = 0;
3385
3386 EVP_CIPHER_free(aes128);
3387 }
3388
3389 /*
3390 * Test that changing the namemap in a user callback works in a names_do_all
3391 * function.
3392 */
3393 static int test_names_do_all(void)
3394 {
3395 /* We use a custom libctx so that we know the state of the namemap */
3396 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
3397 EVP_MD *sha256 = NULL;
3398 int testresult = 0;
3399
3400 if (!TEST_ptr(ctx))
3401 goto err;
3402
3403 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
3404 if (!TEST_ptr(sha256))
3405 goto err;
3406
3407 /*
3408 * We loop through all the names for a given digest. This should still work
3409 * even if the namemap changes part way through.
3410 */
3411 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
3412 goto err;
3413
3414 if (!TEST_true(success))
3415 goto err;
3416
3417 testresult = 1;
3418 err:
3419 EVP_MD_free(sha256);
3420 OSSL_LIB_CTX_free(ctx);
3421 return testresult;
3422 }
3423
3424 typedef struct {
3425 const char *cipher;
3426 const unsigned char *key;
3427 const unsigned char *iv;
3428 const unsigned char *input;
3429 const unsigned char *expected;
3430 const unsigned char *tag;
3431 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3432 size_t inlen;
3433 size_t expectedlen;
3434 size_t taglen;
3435 int keyfirst;
3436 int initenc;
3437 int finalenc;
3438 } EVP_INIT_TEST_st;
3439
3440 static const EVP_INIT_TEST_st evp_init_tests[] = {
3441 {
3442 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3443 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3444 0, 1, 0, 1
3445 },
3446 {
3447 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3448 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3449 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3450 sizeof(gcmDefaultTag), 1, 0, 1
3451 },
3452 {
3453 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3454 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3455 0, 0, 0, 1
3456 },
3457 {
3458 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3459 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3460 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3461 sizeof(gcmDefaultTag), 0, 0, 1
3462 },
3463 {
3464 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3465 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3466 0, 1, 1, 0
3467 },
3468 {
3469 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3470 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3471 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3472 sizeof(gcmDefaultTag), 1, 1, 0
3473 },
3474 {
3475 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3476 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3477 0, 0, 1, 0
3478 },
3479 {
3480 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3481 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3482 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3483 sizeof(gcmDefaultTag), 0, 1, 0
3484 }
3485 };
3486
3487 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
3488 {
3489 int res = 0;
3490
3491 if (t->ivlen != 0) {
3492 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL)))
3493 goto err;
3494 }
3495 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
3496 goto err;
3497 res = 1;
3498 err:
3499 return res;
3500 }
3501
3502 /*
3503 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3504 * arguments are given one at a time and a final adjustment to the enc
3505 * parameter sets the correct operation.
3506 */
3507 static int test_evp_init_seq(int idx)
3508 {
3509 int outlen1, outlen2;
3510 int testresult = 0;
3511 unsigned char outbuf[1024];
3512 unsigned char tag[16];
3513 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
3514 EVP_CIPHER_CTX *ctx = NULL;
3515 EVP_CIPHER *type = NULL;
3516 size_t taglen = sizeof(tag);
3517 char *errmsg = NULL;
3518
3519 ctx = EVP_CIPHER_CTX_new();
3520 if (ctx == NULL) {
3521 errmsg = "CTX_ALLOC";
3522 goto err;
3523 }
3524 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
3525 errmsg = "CIPHER_FETCH";
3526 goto err;
3527 }
3528 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
3529 errmsg = "EMPTY_ENC_INIT";
3530 goto err;
3531 }
3532 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3533 errmsg = "PADDING";
3534 goto err;
3535 }
3536 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3537 errmsg = "KEY_INIT (before iv)";
3538 goto err;
3539 }
3540 if (!evp_init_seq_set_iv(ctx, t)) {
3541 errmsg = "IV_INIT";
3542 goto err;
3543 }
3544 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3545 errmsg = "KEY_INIT (after iv)";
3546 goto err;
3547 }
3548 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
3549 errmsg = "FINAL_ENC_INIT";
3550 goto err;
3551 }
3552 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3553 errmsg = "CIPHER_UPDATE";
3554 goto err;
3555 }
3556 if (t->finalenc == 0 && t->tag != NULL) {
3557 /* Set expected tag */
3558 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
3559 t->taglen, (void *)t->tag))) {
3560 errmsg = "SET_TAG";
3561 goto err;
3562 }
3563 }
3564 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3565 errmsg = "CIPHER_FINAL";
3566 goto err;
3567 }
3568 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3569 errmsg = "WRONG_RESULT";
3570 goto err;
3571 }
3572 if (t->finalenc != 0 && t->tag != NULL) {
3573 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3574 errmsg = "GET_TAG";
3575 goto err;
3576 }
3577 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
3578 errmsg = "TAG_ERROR";
3579 goto err;
3580 }
3581 }
3582 testresult = 1;
3583 err:
3584 if (errmsg != NULL)
3585 TEST_info("evp_init_test %d: %s", idx, errmsg);
3586 EVP_CIPHER_CTX_free(ctx);
3587 EVP_CIPHER_free(type);
3588 return testresult;
3589 }
3590
3591 typedef struct {
3592 const unsigned char *input;
3593 const unsigned char *expected;
3594 size_t inlen;
3595 size_t expectedlen;
3596 int enc;
3597 } EVP_RESET_TEST_st;
3598
3599 static const EVP_RESET_TEST_st evp_reset_tests[] = {
3600 {
3601 cfbPlaintext, cfbCiphertext,
3602 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
3603 },
3604 {
3605 cfbCiphertext, cfbPlaintext,
3606 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
3607 }
3608 };
3609
3610 /*
3611 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3612 * been used.
3613 */
3614 static int test_evp_reset(int idx)
3615 {
3616 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
3617 int outlen1, outlen2;
3618 int testresult = 0;
3619 unsigned char outbuf[1024];
3620 EVP_CIPHER_CTX *ctx = NULL;
3621 EVP_CIPHER *type = NULL;
3622 char *errmsg = NULL;
3623
3624 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3625 errmsg = "CTX_ALLOC";
3626 goto err;
3627 }
3628 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
3629 errmsg = "CIPHER_FETCH";
3630 goto err;
3631 }
3632 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3633 errmsg = "CIPHER_INIT";
3634 goto err;
3635 }
3636 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3637 errmsg = "PADDING";
3638 goto err;
3639 }
3640 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3641 errmsg = "CIPHER_UPDATE";
3642 goto err;
3643 }
3644 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3645 errmsg = "CIPHER_FINAL";
3646 goto err;
3647 }
3648 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3649 errmsg = "WRONG_RESULT";
3650 goto err;
3651 }
3652 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
3653 errmsg = "CIPHER_REINIT";
3654 goto err;
3655 }
3656 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3657 errmsg = "CIPHER_UPDATE (reinit)";
3658 goto err;
3659 }
3660 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3661 errmsg = "CIPHER_FINAL (reinit)";
3662 goto err;
3663 }
3664 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3665 errmsg = "WRONG_RESULT (reinit)";
3666 goto err;
3667 }
3668 testresult = 1;
3669 err:
3670 if (errmsg != NULL)
3671 TEST_info("test_evp_reset %d: %s", idx, errmsg);
3672 EVP_CIPHER_CTX_free(ctx);
3673 EVP_CIPHER_free(type);
3674 return testresult;
3675 }
3676
3677 typedef struct {
3678 const char *cipher;
3679 int enc;
3680 } EVP_UPDATED_IV_TEST_st;
3681
3682 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
3683 {
3684 "aes-128-cfb", 1
3685 },
3686 {
3687 "aes-128-cfb", 0
3688 },
3689 {
3690 "aes-128-cfb1", 1
3691 },
3692 {
3693 "aes-128-cfb1", 0
3694 },
3695 {
3696 "aes-128-cfb8", 1
3697 },
3698 {
3699 "aes-128-cfb8", 0
3700 },
3701 {
3702 "aes-128-ofb", 1
3703 },
3704 {
3705 "aes-128-ofb", 0
3706 },
3707 {
3708 "aes-128-ctr", 1
3709 },
3710 {
3711 "aes-128-ctr", 0
3712 },
3713 {
3714 "aes-128-cbc", 1
3715 },
3716 {
3717 "aes-128-cbc", 0
3718 }
3719 };
3720
3721 /*
3722 * Test that the IV in the context is updated during a crypto operation for CFB
3723 * and OFB.
3724 */
3725 static int test_evp_updated_iv(int idx)
3726 {
3727 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
3728 int outlen1, outlen2;
3729 int testresult = 0;
3730 unsigned char outbuf[1024];
3731 EVP_CIPHER_CTX *ctx = NULL;
3732 EVP_CIPHER *type = NULL;
3733 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
3734 int iv_len;
3735 char *errmsg = NULL;
3736
3737 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3738 errmsg = "CTX_ALLOC";
3739 goto err;
3740 }
3741 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
3742 TEST_info("cipher %s not supported, skipping", t->cipher);
3743 goto ok;
3744 }
3745
3746 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3747 errmsg = "CIPHER_INIT";
3748 goto err;
3749 }
3750 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3751 errmsg = "PADDING";
3752 goto err;
3753 }
3754 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
3755 errmsg = "CIPHER_UPDATE";
3756 goto err;
3757 }
3758 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
3759 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
3760 goto err;
3761 }
3762 if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) {
3763 errmsg = "CIPHER_CTX_GET_IV_LEN";
3764 goto err;
3765 }
3766 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
3767 errmsg = "IV_NOT_UPDATED";
3768 goto err;
3769 }
3770 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3771 errmsg = "CIPHER_FINAL";
3772 goto err;
3773 }
3774 ok:
3775 testresult = 1;
3776 err:
3777 if (errmsg != NULL)
3778 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
3779 EVP_CIPHER_CTX_free(ctx);
3780 EVP_CIPHER_free(type);
3781 return testresult;
3782 }
3783
3784 typedef struct {
3785 const unsigned char *iv1;
3786 const unsigned char *iv2;
3787 const unsigned char *expected1;
3788 const unsigned char *expected2;
3789 const unsigned char *tag1;
3790 const unsigned char *tag2;
3791 size_t ivlen1;
3792 size_t ivlen2;
3793 size_t expectedlen1;
3794 size_t expectedlen2;
3795 } TEST_GCM_IV_REINIT_st;
3796
3797 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
3798 {
3799 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
3800 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
3801 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
3802 },
3803 {
3804 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
3805 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
3806 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
3807 }
3808 };
3809
3810 static int test_gcm_reinit(int idx)
3811 {
3812 int outlen1, outlen2, outlen3;
3813 int testresult = 0;
3814 unsigned char outbuf[1024];
3815 unsigned char tag[16];
3816 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
3817 EVP_CIPHER_CTX *ctx = NULL;
3818 EVP_CIPHER *type = NULL;
3819 size_t taglen = sizeof(tag);
3820 char *errmsg = NULL;
3821
3822 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3823 errmsg = "CTX_ALLOC";
3824 goto err;
3825 }
3826 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
3827 errmsg = "CIPHER_FETCH";
3828 goto err;
3829 }
3830 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
3831 errmsg = "ENC_INIT";
3832 goto err;
3833 }
3834 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL))) {
3835 errmsg = "SET_IVLEN1";
3836 goto err;
3837 }
3838 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
3839 errmsg = "SET_IV1";
3840 goto err;
3841 }
3842 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3843 errmsg = "AAD1";
3844 goto err;
3845 }
3846 EVP_CIPHER_CTX_set_padding(ctx, 0);
3847 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3848 sizeof(gcmResetPlaintext)))) {
3849 errmsg = "CIPHER_UPDATE1";
3850 goto err;
3851 }
3852 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3853 errmsg = "CIPHER_FINAL1";
3854 goto err;
3855 }
3856 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
3857 errmsg = "WRONG_RESULT1";
3858 goto err;
3859 }
3860 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3861 errmsg = "GET_TAG1";
3862 goto err;
3863 }
3864 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
3865 errmsg = "TAG_ERROR1";
3866 goto err;
3867 }
3868 /* Now reinit */
3869 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL))) {
3870 errmsg = "SET_IVLEN2";
3871 goto err;
3872 }
3873 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
3874 errmsg = "SET_IV2";
3875 goto err;
3876 }
3877 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3878 errmsg = "AAD2";
3879 goto err;
3880 }
3881 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3882 sizeof(gcmResetPlaintext)))) {
3883 errmsg = "CIPHER_UPDATE2";
3884 goto err;
3885 }
3886 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3887 errmsg = "CIPHER_FINAL2";
3888 goto err;
3889 }
3890 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
3891 errmsg = "WRONG_RESULT2";
3892 goto err;
3893 }
3894 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3895 errmsg = "GET_TAG2";
3896 goto err;
3897 }
3898 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
3899 errmsg = "TAG_ERROR2";
3900 goto err;
3901 }
3902 testresult = 1;
3903 err:
3904 if (errmsg != NULL)
3905 TEST_info("evp_init_test %d: %s", idx, errmsg);
3906 EVP_CIPHER_CTX_free(ctx);
3907 EVP_CIPHER_free(type);
3908 return testresult;
3909 }
3910
3911 #ifndef OPENSSL_NO_DEPRECATED_3_0
3912 static EVP_PKEY_METHOD *custom_pmeth = NULL;
3913 static const EVP_PKEY_METHOD *orig_pmeth = NULL;
3914
3915 # define EVP_PKEY_CTRL_MY_COMMAND 9999
3916
3917 static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
3918 {
3919 int (*pinit)(EVP_PKEY_CTX *ctx);
3920
3921 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
3922 return pinit(ctx);
3923 }
3924
3925 static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
3926 {
3927 void (*pcleanup)(EVP_PKEY_CTX *ctx);
3928
3929 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
3930 pcleanup(ctx);
3931 }
3932
3933 static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
3934 size_t *outlen, const unsigned char *in,
3935 size_t inlen)
3936 {
3937 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
3938 const unsigned char *tbs, size_t tbslen);
3939
3940 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
3941 return psign(ctx, out, outlen, in, inlen);
3942 }
3943
3944 static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
3945 size_t *siglen, const unsigned char *tbs,
3946 size_t tbslen)
3947 {
3948 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
3949 const unsigned char *tbs, size_t tbslen);
3950
3951 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
3952 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
3953 }
3954
3955 static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
3956 size_t *keylen)
3957 {
3958 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
3959
3960 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
3961 return pderive(ctx, key, keylen);
3962 }
3963
3964 static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
3965 {
3966 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
3967
3968 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
3969 return pcopy(dst, src);
3970 }
3971
3972 static int ctrl_called;
3973
3974 static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
3975 {
3976 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
3977
3978 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
3979
3980 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
3981 ctrl_called = 1;
3982 return 1;
3983 }
3984
3985 return pctrl(ctx, type, p1, p2);
3986 }
3987
3988 static int test_custom_pmeth(int idx)
3989 {
3990 EVP_PKEY_CTX *pctx = NULL;
3991 EVP_MD_CTX *ctx = NULL;
3992 EVP_PKEY *pkey = NULL;
3993 int id, orig_id, orig_flags;
3994 int testresult = 0;
3995 size_t reslen;
3996 unsigned char *res = NULL;
3997 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
3998 const EVP_MD *md = EVP_sha256();
3999 int doderive = 0;
4000
4001 ctrl_called = 0;
4002
4003 /* We call deprecated APIs so this test doesn't support a custom libctx */
4004 if (testctx != NULL)
4005 return 1;
4006
4007 switch (idx) {
4008 case 0:
4009 case 6:
4010 id = EVP_PKEY_RSA;
4011 pkey = load_example_rsa_key();
4012 break;
4013 case 1:
4014 case 7:
4015 # ifndef OPENSSL_NO_DSA
4016 id = EVP_PKEY_DSA;
4017 pkey = load_example_dsa_key();
4018 break;
4019 # else
4020 return 1;
4021 # endif
4022 case 2:
4023 case 8:
4024 # ifndef OPENSSL_NO_EC
4025 id = EVP_PKEY_EC;
4026 pkey = load_example_ec_key();
4027 break;
4028 # else
4029 return 1;
4030 # endif
4031 case 3:
4032 case 9:
4033 # ifndef OPENSSL_NO_EC
4034 id = EVP_PKEY_ED25519;
4035 md = NULL;
4036 pkey = load_example_ed25519_key();
4037 break;
4038 # else
4039 return 1;
4040 # endif
4041 case 4:
4042 case 10:
4043 # ifndef OPENSSL_NO_DH
4044 id = EVP_PKEY_DH;
4045 doderive = 1;
4046 pkey = load_example_dh_key();
4047 break;
4048 # else
4049 return 1;
4050 # endif
4051 case 5:
4052 case 11:
4053 # ifndef OPENSSL_NO_EC
4054 id = EVP_PKEY_X25519;
4055 doderive = 1;
4056 pkey = load_example_x25519_key();
4057 break;
4058 # else
4059 return 1;
4060 # endif
4061 default:
4062 TEST_error("Should not happen");
4063 goto err;
4064 }
4065
4066 if (!TEST_ptr(pkey))
4067 goto err;
4068
4069 if (idx < 6) {
4070 if (!TEST_true(evp_pkey_is_provided(pkey)))
4071 goto err;
4072 } else {
4073 EVP_PKEY *tmp = pkey;
4074
4075 /* Convert to a legacy key */
4076 pkey = EVP_PKEY_new();
4077 if (!TEST_ptr(pkey)) {
4078 pkey = tmp;
4079 goto err;
4080 }
4081 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
4082 EVP_PKEY_free(tmp);
4083 goto err;
4084 }
4085 EVP_PKEY_free(tmp);
4086 if (!TEST_true(evp_pkey_is_legacy(pkey)))
4087 goto err;
4088 }
4089
4090 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
4091 || !TEST_ptr(pkey))
4092 goto err;
4093
4094 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
4095 if (!TEST_int_eq(orig_id, id)
4096 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
4097 goto err;
4098
4099 if (id == EVP_PKEY_ED25519) {
4100 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
4101 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
4102 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
4103 } else {
4104 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
4105 }
4106 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
4107 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
4108 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
4109 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
4110 }
4111 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
4112 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
4113 goto err;
4114
4115 if (doderive) {
4116 pctx = EVP_PKEY_CTX_new(pkey, NULL);
4117 if (!TEST_ptr(pctx)
4118 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
4119 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4120 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4121 1)
4122 || !TEST_int_eq(ctrl_called, 1)
4123 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
4124 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
4125 || !TEST_ptr(res = OPENSSL_malloc(reslen))
4126 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
4127 goto err;
4128 } else {
4129 ctx = EVP_MD_CTX_new();
4130 reslen = EVP_PKEY_size(pkey);
4131 res = OPENSSL_malloc(reslen);
4132 if (!TEST_ptr(ctx)
4133 || !TEST_ptr(res)
4134 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
4135 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4136 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4137 1)
4138 || !TEST_int_eq(ctrl_called, 1))
4139 goto err;
4140
4141 if (id == EVP_PKEY_ED25519) {
4142 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
4143 goto err;
4144 } else {
4145 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
4146 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
4147 goto err;
4148 }
4149 }
4150
4151 testresult = 1;
4152 err:
4153 OPENSSL_free(res);
4154 EVP_MD_CTX_free(ctx);
4155 if (doderive)
4156 EVP_PKEY_CTX_free(pctx);
4157 EVP_PKEY_free(pkey);
4158 EVP_PKEY_meth_remove(custom_pmeth);
4159 EVP_PKEY_meth_free(custom_pmeth);
4160 custom_pmeth = NULL;
4161 return testresult;
4162 }
4163
4164 static int test_evp_md_cipher_meth(void)
4165 {
4166 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
4167 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
4168 int testresult = 0;
4169
4170 if (!TEST_ptr(md) || !TEST_ptr(ciph))
4171 goto err;
4172
4173 testresult = 1;
4174
4175 err:
4176 EVP_MD_meth_free(md);
4177 EVP_CIPHER_meth_free(ciph);
4178
4179 return testresult;
4180 }
4181
4182 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4183 /* Test we can create a signature keys with an associated ENGINE */
4184 static int test_signatures_with_engine(int tst)
4185 {
4186 ENGINE *e;
4187 const char *engine_id = "dasync";
4188 EVP_PKEY *pkey = NULL;
4189 const unsigned char badcmackey[] = { 0x00, 0x01 };
4190 const unsigned char cmackey[] = {
4191 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4192 0x0c, 0x0d, 0x0e, 0x0f
4193 };
4194 const unsigned char ed25519key[] = {
4195 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4196 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4197 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
4198 };
4199 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4200 int testresult = 0;
4201 EVP_MD_CTX *ctx = NULL;
4202 unsigned char *mac = NULL;
4203 size_t maclen = 0;
4204 int ret;
4205
4206 # ifdef OPENSSL_NO_CMAC
4207 /* Skip CMAC tests in a no-cmac build */
4208 if (tst <= 1)
4209 return 1;
4210 # endif
4211
4212 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4213 return 0;
4214
4215 if (!TEST_true(ENGINE_init(e))) {
4216 ENGINE_free(e);
4217 return 0;
4218 }
4219
4220 switch (tst) {
4221 case 0:
4222 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
4223 EVP_aes_128_cbc());
4224 break;
4225 case 1:
4226 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
4227 EVP_aes_128_cbc());
4228 break;
4229 case 2:
4230 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
4231 sizeof(ed25519key));
4232 break;
4233 default:
4234 TEST_error("Invalid test case");
4235 goto err;
4236 }
4237 if (!TEST_ptr(pkey))
4238 goto err;
4239
4240 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
4241 goto err;
4242
4243 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
4244 pkey);
4245 if (tst == 0) {
4246 if (!TEST_true(ret))
4247 goto err;
4248
4249 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
4250 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
4251 goto err;
4252
4253 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
4254 goto err;
4255
4256 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
4257 goto err;
4258 } else {
4259 /* We used a bad key. We expect a failure here */
4260 if (!TEST_false(ret))
4261 goto err;
4262 }
4263
4264 testresult = 1;
4265 err:
4266 EVP_MD_CTX_free(ctx);
4267 OPENSSL_free(mac);
4268 EVP_PKEY_free(pkey);
4269 ENGINE_finish(e);
4270 ENGINE_free(e);
4271
4272 return testresult;
4273 }
4274
4275 static int test_cipher_with_engine(void)
4276 {
4277 ENGINE *e;
4278 const char *engine_id = "dasync";
4279 const unsigned char keyiv[] = {
4280 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4281 0x0c, 0x0d, 0x0e, 0x0f
4282 };
4283 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4284 int testresult = 0;
4285 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
4286 unsigned char buf[AES_BLOCK_SIZE];
4287 int len = 0;
4288
4289 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4290 return 0;
4291
4292 if (!TEST_true(ENGINE_init(e))) {
4293 ENGINE_free(e);
4294 return 0;
4295 }
4296
4297 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4298 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
4299 goto err;
4300
4301 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
4302 goto err;
4303
4304 /* Copy the ctx, and complete the operation with the new ctx */
4305 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
4306 goto err;
4307
4308 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
4309 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
4310 goto err;
4311
4312 testresult = 1;
4313 err:
4314 EVP_CIPHER_CTX_free(ctx);
4315 EVP_CIPHER_CTX_free(ctx2);
4316 ENGINE_finish(e);
4317 ENGINE_free(e);
4318
4319 return testresult;
4320 }
4321 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
4322 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
4323
4324 static int ecxnids[] = {
4325 NID_X25519,
4326 NID_X448,
4327 NID_ED25519,
4328 NID_ED448
4329 };
4330
4331 /* Test that creating ECX keys with a short private key fails as expected */
4332 static int test_ecx_short_keys(int tst)
4333 {
4334 unsigned char ecxkeydata = 1;
4335 EVP_PKEY *pkey;
4336
4337
4338 pkey = EVP_PKEY_new_raw_private_key(ecxnids[tst], NULL, &ecxkeydata, 1);
4339 if (!TEST_ptr_null(pkey)) {
4340 EVP_PKEY_free(pkey);
4341 return 0;
4342 }
4343 return 1;
4344 }
4345
4346 typedef enum OPTION_choice {
4347 OPT_ERR = -1,
4348 OPT_EOF = 0,
4349 OPT_CONTEXT,
4350 OPT_TEST_ENUM
4351 } OPTION_CHOICE;
4352
4353 const OPTIONS *test_get_options(void)
4354 {
4355 static const OPTIONS options[] = {
4356 OPT_TEST_OPTIONS_DEFAULT_USAGE,
4357 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
4358 { NULL }
4359 };
4360 return options;
4361 }
4362
4363 int setup_tests(void)
4364 {
4365 OPTION_CHOICE o;
4366
4367 while ((o = opt_next()) != OPT_EOF) {
4368 switch (o) {
4369 case OPT_CONTEXT:
4370 /* Set up an alternate library context */
4371 testctx = OSSL_LIB_CTX_new();
4372 if (!TEST_ptr(testctx))
4373 return 0;
4374 /* Swap the libctx to test non-default context only */
4375 nullprov = OSSL_PROVIDER_load(NULL, "null");
4376 deflprov = OSSL_PROVIDER_load(testctx, "default");
4377 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
4378 break;
4379 case OPT_TEST_CASES:
4380 break;
4381 default:
4382 return 0;
4383 }
4384 }
4385
4386 ADD_TEST(test_EVP_set_default_properties);
4387 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
4388 ADD_TEST(test_EVP_DigestVerifyInit);
4389 #ifndef OPENSSL_NO_SIPHASH
4390 ADD_TEST(test_siphash_digestsign);
4391 #endif
4392 ADD_TEST(test_EVP_Digest);
4393 ADD_TEST(test_EVP_md_null);
4394 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
4395 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
4396 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
4397 ADD_TEST(test_privatekey_to_pkcs8);
4398 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
4399 #ifndef OPENSSL_NO_EC
4400 ADD_TEST(test_EVP_PKCS82PKEY);
4401 #endif
4402 #ifndef OPENSSL_NO_EC
4403 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
4404 #endif
4405 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
4406 ADD_TEST(test_EVP_SM2);
4407 ADD_TEST(test_EVP_SM2_verify);
4408 #endif
4409 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
4410 #ifndef OPENSSL_NO_DEPRECATED_3_0
4411 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
4412 if (!TEST_ptr(custom_pmeth))
4413 return 0;
4414 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
4415 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
4416 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
4417 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
4418 return 0;
4419 #endif
4420 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
4421 #ifndef OPENSSL_NO_CMAC
4422 ADD_TEST(test_CMAC_keygen);
4423 #endif
4424 ADD_TEST(test_HKDF);
4425 ADD_TEST(test_emptyikm_HKDF);
4426 #ifndef OPENSSL_NO_EC
4427 ADD_TEST(test_X509_PUBKEY_inplace);
4428 ADD_TEST(test_X509_PUBKEY_dup);
4429 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
4430 OSSL_NELEM(ec_der_pub_keys));
4431 #endif
4432 #ifndef OPENSSL_NO_DSA
4433 ADD_TEST(test_DSA_get_set_params);
4434 ADD_TEST(test_DSA_priv_pub);
4435 #endif
4436 ADD_TEST(test_RSA_get_set_params);
4437 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
4438 ADD_TEST(test_decrypt_null_chunks);
4439 #endif
4440 #ifndef OPENSSL_NO_DH
4441 ADD_TEST(test_DH_priv_pub);
4442 # ifndef OPENSSL_NO_DEPRECATED_3_0
4443 ADD_TEST(test_EVP_PKEY_set1_DH);
4444 # endif
4445 #endif
4446 #ifndef OPENSSL_NO_EC
4447 ADD_TEST(test_EC_priv_pub);
4448 # ifndef OPENSSL_NO_DEPRECATED_3_0
4449 ADD_TEST(test_EC_priv_only_legacy);
4450 # endif
4451 #endif
4452 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
4453 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
4454
4455 ADD_TEST(test_rand_agglomeration);
4456 ADD_ALL_TESTS(test_evp_iv_aes, 12);
4457 #ifndef OPENSSL_NO_DES
4458 ADD_ALL_TESTS(test_evp_iv_des, 6);
4459 #endif
4460 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
4461 ADD_TEST(test_EVP_rsa_pss_set_saltlen);
4462 #ifndef OPENSSL_NO_EC
4463 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
4464 #endif
4465
4466 ADD_TEST(test_names_do_all);
4467
4468 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
4469 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
4470 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
4471 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
4472
4473 #ifndef OPENSSL_NO_DEPRECATED_3_0
4474 ADD_ALL_TESTS(test_custom_pmeth, 12);
4475 ADD_TEST(test_evp_md_cipher_meth);
4476
4477 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4478 /* Tests only support the default libctx */
4479 if (testctx == NULL) {
4480 # ifndef OPENSSL_NO_EC
4481 ADD_ALL_TESTS(test_signatures_with_engine, 3);
4482 # else
4483 ADD_ALL_TESTS(test_signatures_with_engine, 2);
4484 # endif
4485 ADD_TEST(test_cipher_with_engine);
4486 }
4487 # endif
4488 #endif
4489
4490 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
4491
4492 return 1;
4493 }
4494
4495 void cleanup_tests(void)
4496 {
4497 OSSL_PROVIDER_unload(nullprov);
4498 OSSL_PROVIDER_unload(deflprov);
4499 OSSL_PROVIDER_unload(lgcyprov);
4500 OSSL_LIB_CTX_free(testctx);
4501 }
A mirror of the official openssl repository