]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/evp_extra_test.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Test that a key is usable after an EVP_PKEY_fromdata call
[thirdparty/openssl.git] / test / evp_extra_test.c
1 /*
2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
34 #include "testutil.h"
35 #include "internal/nelem.h"
36 #include "internal/sizes.h"
37 #include "crypto/evp.h"
38 #include "../e_os.h" /* strcasecmp */
39
40 static OSSL_LIB_CTX *testctx = NULL;
41 static char *testpropq = NULL;
42
43 static OSSL_PROVIDER *nullprov = NULL;
44 static OSSL_PROVIDER *deflprov = NULL;
45 static OSSL_PROVIDER *lgcyprov = NULL;
46
47 /*
48 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
49 * should never use this key anywhere but in an example.
50 */
51 static const unsigned char kExampleRSAKeyDER[] = {
52 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
53 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
54 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
55 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
56 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
57 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
58 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
59 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
60 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
61 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
62 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
63 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
64 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
65 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
66 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
67 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
68 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
69 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
70 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
71 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
72 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
73 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
74 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
75 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
76 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
77 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
78 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
79 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
80 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
81 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
82 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
83 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
84 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
85 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
86 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
87 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
88 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
89 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
90 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
91 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
92 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
93 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
94 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
95 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
96 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
97 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
98 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
99 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
100 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
101 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
102 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
103 };
104
105 /*
106 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
107 * should never use this key anywhere but in an example.
108 */
109 #ifndef OPENSSL_NO_DSA
110 static const unsigned char kExampleDSAKeyDER[] = {
111 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
112 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
113 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
114 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
115 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
116 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
117 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
118 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
119 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
120 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
121 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
122 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
123 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
124 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
125 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
126 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
127 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
128 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
129 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
130 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
131 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
132 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
133 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
134 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
135 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
136 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
137 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
138 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
139 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
140 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
141 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
142 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
143 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
144 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
145 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
146 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
147 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
148 0x40, 0x48
149 };
150 #endif
151
152 /*
153 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
154 * components are not correct.
155 */
156 static const unsigned char kExampleBadRSAKeyDER[] = {
157 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
158 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
159 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
160 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
161 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
162 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
163 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
164 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
165 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
166 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
167 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
168 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
169 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
170 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
171 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
172 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
173 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
174 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
175 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
176 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
177 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
178 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
179 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
180 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
181 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
182 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
183 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
184 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
185 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
186 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
187 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
188 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
189 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
190 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
191 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
192 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
193 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
194 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
195 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
196 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
197 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
198 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
199 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
200 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
201 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
202 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
203 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
204 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
205 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
206 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
207 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
208 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
209 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
210 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
211 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
212 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
213 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
214 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
215 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
216 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
217 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
218 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
219 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
220 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
221 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
222 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
223 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
224 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
225 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
226 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
227 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
228 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
229 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
230 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
231 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
232 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
233 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
234 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
235 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
236 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
237 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
238 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
239 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
240 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
241 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
242 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
243 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
244 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
245 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
246 };
247
248 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
249
250 static const unsigned char kSignature[] = {
251 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
252 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
253 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
254 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
255 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
256 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
257 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
258 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
259 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
260 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
261 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
262 };
263
264 /*
265 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
266 * PrivateKeyInfo.
267 */
268 static const unsigned char kExampleRSAKeyPKCS8[] = {
269 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
270 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
271 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
272 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
273 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
274 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
275 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
276 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
277 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
278 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
279 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
280 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
281 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
282 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
283 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
284 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
285 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
286 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
287 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
288 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
289 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
290 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
291 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
292 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
293 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
294 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
295 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
296 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
297 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
298 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
299 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
300 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
301 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
302 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
303 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
304 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
305 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
306 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
307 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
308 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
309 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
310 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
311 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
312 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
313 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
314 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
315 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
316 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
317 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
318 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
319 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
320 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
321 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
322 };
323
324 #ifndef OPENSSL_NO_EC
325 /*
326 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
327 * structure.
328 */
329 static const unsigned char kExampleECKeyDER[] = {
330 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
331 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
332 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
333 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
334 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
335 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
336 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
337 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
338 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
339 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
340 0xc1,
341 };
342
343 /*
344 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
345 * structure. The private key is equal to the order and will fail to import
346 */
347 static const unsigned char kExampleBadECKeyDER[] = {
348 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
349 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
350 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
351 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
352 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
353 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
354 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
355 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
356 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
357 };
358
359 /* prime256v1 */
360 static const unsigned char kExampleECPubKeyDER[] = {
361 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
362 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
363 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
364 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
365 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
366 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
367 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
368 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
369 };
370
371 /*
372 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
373 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
374 */
375 static const unsigned char kExampleBadECPubKeyDER[] = {
376 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
377 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
378 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
379 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
380 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
381 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
382 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
383 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
384 };
385
386 static const unsigned char pExampleECParamDER[] = {
387 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
388 };
389
390 static const unsigned char kExampleED25519KeyDER[] = {
391 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
392 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
393 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
394 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
395 };
396
397 static const unsigned char kExampleED25519PubKeyDER[] = {
398 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
399 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
400 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
401 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
402 };
403
404 # ifndef OPENSSL_NO_DEPRECATED_3_0
405 static const unsigned char kExampleX25519KeyDER[] = {
406 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
407 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
408 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
409 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
410 };
411 # endif
412 #endif
413
414 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
415 #ifndef OPENSSL_NO_DEPRECATED_3_0
416 # ifndef OPENSSL_NO_DH
417 static const unsigned char kExampleDHKeyDER[] = {
418 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
419 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
420 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
421 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
422 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
423 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
424 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
425 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
426 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
427 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
428 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
429 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
430 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
431 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
432 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
433 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
434 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
435 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
436 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
437 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
438 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
439 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
440 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
441 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
442 0x2e, 0x87, 0x2a, 0x0b, 0x7a
443 };
444 # endif
445 #endif
446
447 static const unsigned char kCFBDefaultKey[] = {
448 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
449 0x09, 0xCF, 0x4F, 0x3C
450 };
451
452 static const unsigned char kGCMDefaultKey[32] = { 0 };
453
454 static const unsigned char kGCMResetKey[] = {
455 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
456 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
457 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
458 };
459
460 static const unsigned char iCFBIV[] = {
461 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
462 0x0C, 0x0D, 0x0E, 0x0F
463 };
464
465 static const unsigned char iGCMDefaultIV[12] = { 0 };
466
467 static const unsigned char iGCMResetIV1[] = {
468 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
469 };
470
471 static const unsigned char iGCMResetIV2[] = {
472 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
473 };
474
475 static const unsigned char cfbPlaintext[] = {
476 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
477 0x73, 0x93, 0x17, 0x2A
478 };
479
480 static const unsigned char gcmDefaultPlaintext[16] = { 0 };
481
482 static const unsigned char gcmResetPlaintext[] = {
483 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
484 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
485 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
486 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
487 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
488 };
489
490 static const unsigned char cfbCiphertext[] = {
491 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
492 0xE8, 0x3C, 0xFB, 0x4A
493 };
494
495 static const unsigned char gcmDefaultCiphertext[] = {
496 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
497 0xba, 0xf3, 0x9d, 0x18
498 };
499
500 static const unsigned char gcmResetCiphertext1[] = {
501 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
502 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
503 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
504 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
505 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
506 };
507
508 static const unsigned char gcmResetCiphertext2[] = {
509 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
510 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
511 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
512 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
513 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
514 };
515
516 static const unsigned char gcmAAD[] = {
517 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
518 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
519 };
520
521 static const unsigned char gcmDefaultTag[] = {
522 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
523 0xd4, 0x8a, 0xb9, 0x19
524 };
525
526 static const unsigned char gcmResetTag1[] = {
527 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
528 0xfe, 0x2e, 0xa8, 0xf2
529 };
530
531 static const unsigned char gcmResetTag2[] = {
532 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
533 0xbb, 0x2d, 0x55, 0x1b
534 };
535
536 typedef struct APK_DATA_st {
537 const unsigned char *kder;
538 size_t size;
539 const char *keytype;
540 int evptype;
541 int check;
542 int pub_check;
543 int param_check;
544 int type; /* 0 for private, 1 for public, 2 for params */
545 } APK_DATA;
546
547 static APK_DATA keydata[] = {
548 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
549 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
550 #ifndef OPENSSL_NO_EC
551 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
552 #endif
553 };
554
555 static APK_DATA keycheckdata[] = {
556 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
557 0},
558 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
559 0, 1, 1, 0},
560 #ifndef OPENSSL_NO_EC
561 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
562 /* group is also associated in our pub key */
563 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
564 1, 1},
565 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
566 2},
567 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
568 EVP_PKEY_ED25519, 1, 1, 1, 0},
569 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
570 EVP_PKEY_ED25519, 0, 1, 1, 1},
571 #endif
572 };
573
574 static EVP_PKEY *load_example_key(const char *keytype,
575 const unsigned char *data, size_t data_len)
576 {
577 const unsigned char **pdata = &data;
578 EVP_PKEY *pkey = NULL;
579 OSSL_DECODER_CTX *dctx =
580 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
581 testctx, testpropq);
582
583 /* |pkey| will be NULL on error */
584 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
585 OSSL_DECODER_CTX_free(dctx);
586 return pkey;
587 }
588
589 static EVP_PKEY *load_example_rsa_key(void)
590 {
591 return load_example_key("RSA", kExampleRSAKeyDER,
592 sizeof(kExampleRSAKeyDER));
593 }
594
595 #ifndef OPENSSL_NO_DSA
596 static EVP_PKEY *load_example_dsa_key(void)
597 {
598 return load_example_key("DSA", kExampleDSAKeyDER,
599 sizeof(kExampleDSAKeyDER));
600 }
601 #endif
602
603 #ifndef OPENSSL_NO_EC
604 static EVP_PKEY *load_example_ec_key(void)
605 {
606 return load_example_key("EC", kExampleECKeyDER,
607 sizeof(kExampleECKeyDER));
608 }
609 #endif
610
611 #ifndef OPENSSL_NO_DEPRECATED_3_0
612 # ifndef OPENSSL_NO_DH
613 static EVP_PKEY *load_example_dh_key(void)
614 {
615 return load_example_key("DH", kExampleDHKeyDER,
616 sizeof(kExampleDHKeyDER));
617 }
618 # endif
619
620 # ifndef OPENSSL_NO_EC
621 static EVP_PKEY *load_example_ed25519_key(void)
622 {
623 return load_example_key("ED25519", kExampleED25519KeyDER,
624 sizeof(kExampleED25519KeyDER));
625 }
626
627 static EVP_PKEY *load_example_x25519_key(void)
628 {
629 return load_example_key("X25519", kExampleX25519KeyDER,
630 sizeof(kExampleX25519KeyDER));
631 }
632 # endif
633 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
634
635 static EVP_PKEY *load_example_hmac_key(void)
636 {
637 EVP_PKEY *pkey = NULL;
638 unsigned char key[] = {
639 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
640 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
641 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
642 };
643
644 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
645 NULL, key, sizeof(key));
646 if (!TEST_ptr(pkey))
647 return NULL;
648
649 return pkey;
650 }
651
652 static int test_EVP_set_default_properties(void)
653 {
654 OSSL_LIB_CTX *ctx;
655 EVP_MD *md = NULL;
656 int res = 0;
657
658 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
659 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
660 goto err;
661 EVP_MD_free(md);
662 md = NULL;
663
664 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
665 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
666 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
667 goto err;
668 EVP_MD_free(md);
669 md = NULL;
670
671 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
672 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
673 goto err;
674 res = 1;
675 err:
676 EVP_MD_free(md);
677 OSSL_LIB_CTX_free(ctx);
678 return res;
679 }
680
681 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
682 static int test_fromdata(char *keytype, int selection, OSSL_PARAM *params)
683 {
684 EVP_PKEY_CTX *pctx = NULL;
685 EVP_PKEY *pkey = NULL;
686 int testresult = 0;
687 int ret;
688 BIO *bio = BIO_new(BIO_s_mem());
689
690 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
691 goto err;
692 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
693 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
694 params), 0))
695 goto err;
696
697 if (!TEST_ptr(pkey))
698 goto err;
699
700 /* Check we can use the resulting key */
701 ret = PEM_write_bio_PUBKEY(bio, pkey);
702 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
703 if (!TEST_true(ret))
704 goto err;
705 } else {
706 if (!TEST_false(ret))
707 goto err;
708 }
709 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
710 testctx, NULL);
711 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
712 if (!TEST_true(ret))
713 goto err;
714 } else {
715 if (!TEST_false(ret))
716 goto err;
717 }
718
719 testresult = 1;
720 err:
721 EVP_PKEY_free(pkey);
722 EVP_PKEY_CTX_free(pctx);
723 BIO_free(bio);
724
725 return testresult;
726 }
727 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
728
729 /*
730 * Test combinations of private, public, missing and private + public key
731 * params to ensure they are all accepted
732 */
733 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
734 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
735 {
736 OSSL_PARAM_BLD *bld = NULL;
737 OSSL_PARAM *params = NULL;
738 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
739 int ret = 0;
740
741 /*
742 * Setup the parameters for our pkey object. For our purposes they don't
743 * have to actually be *valid* parameters. We just need to set something.
744 */
745 if (!TEST_ptr(p = BN_new())
746 || !TEST_ptr(q = BN_new())
747 || !TEST_ptr(g = BN_new())
748 || !TEST_ptr(pub = BN_new())
749 || !TEST_ptr(priv = BN_new()))
750 goto err;
751
752 /* Test !priv and !pub */
753 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
754 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
755 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
756 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
757 goto err;
758 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
759 goto err;
760
761 if (!test_fromdata(keytype, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, params))
762 goto err;
763 OSSL_PARAM_free(params);
764 params = NULL;
765 OSSL_PARAM_BLD_free(bld);
766
767 /* Test priv and !pub */
768 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
769 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
770 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
771 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
772 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
773 priv)))
774 goto err;
775 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
776 goto err;
777
778 if (!test_fromdata(keytype, OSSL_KEYMGMT_SELECT_PRIVATE_KEY, params))
779 goto err;
780 OSSL_PARAM_free(params);
781 params = NULL;
782 OSSL_PARAM_BLD_free(bld);
783
784 /* Test !priv and pub */
785 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
786 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
787 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
788 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
789 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
790 pub)))
791 goto err;
792 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
793 goto err;
794
795 if (!test_fromdata(keytype, OSSL_KEYMGMT_SELECT_PUBLIC_KEY, params))
796 goto err;
797 OSSL_PARAM_free(params);
798 params = NULL;
799 OSSL_PARAM_BLD_free(bld);
800
801 /* Test priv and pub */
802 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
803 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
804 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
805 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
806 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
807 pub))
808 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
809 priv)))
810 goto err;
811 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
812 goto err;
813
814 if (!test_fromdata(keytype, EVP_PKEY_KEYPAIR, params))
815 goto err;
816
817 ret = 1;
818 err:
819 OSSL_PARAM_free(params);
820 OSSL_PARAM_BLD_free(bld);
821 BN_free(p);
822 BN_free(q);
823 BN_free(g);
824 BN_free(pub);
825 BN_free(priv);
826
827 return ret;
828 }
829 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
830
831 /*
832 * Test combinations of private, public, missing and private + public key
833 * params to ensure they are all accepted for EC keys
834 */
835 #ifndef OPENSSL_NO_EC
836 static unsigned char ec_priv[] = {
837 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
838 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
839 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
840 };
841 static unsigned char ec_pub[] = {
842 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
843 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
844 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
845 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
846 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
847 0x08, 0x09, 0xb8, 0xdb, 0x03
848 };
849
850 static int test_EC_priv_pub(void)
851 {
852 OSSL_PARAM_BLD *bld = NULL;
853 OSSL_PARAM *params = NULL;
854 BIGNUM *priv = NULL;
855 int ret = 0;
856
857 /*
858 * Setup the parameters for our pkey object. For our purposes they don't
859 * have to actually be *valid* parameters. We just need to set something.
860 */
861 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
862 goto err;
863
864 /* Test !priv and !pub */
865 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
866 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
867 OSSL_PKEY_PARAM_GROUP_NAME,
868 "P-256", 0)))
869 goto err;
870 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
871 goto err;
872
873 if (!test_fromdata("EC", OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, params))
874 goto err;
875 OSSL_PARAM_free(params);
876 params = NULL;
877 OSSL_PARAM_BLD_free(bld);
878
879 /* Test priv and !pub */
880 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
881 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
882 OSSL_PKEY_PARAM_GROUP_NAME,
883 "P-256", 0))
884 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
885 priv)))
886 goto err;
887 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
888 goto err;
889
890 /*
891 * We indicate only parameters here. The "EVP_PKEY_fromdata" call will do
892 * the private key anyway, but the subsequent PEM_write_bio_PrivateKey_ex
893 * call is expected to fail because PEM_write_bio_PrivateKey_ex does not
894 * support exporting a private EC key without a corresponding public key
895 */
896 if (!test_fromdata("EC", OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, params))
897 goto err;
898 OSSL_PARAM_free(params);
899 params = NULL;
900 OSSL_PARAM_BLD_free(bld);
901
902 /* Test !priv and pub */
903 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
904 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
905 OSSL_PKEY_PARAM_GROUP_NAME,
906 "P-256", 0))
907 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
908 OSSL_PKEY_PARAM_PUB_KEY,
909 ec_pub, sizeof(ec_pub))))
910 goto err;
911 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
912 goto err;
913
914 if (!test_fromdata("EC", OSSL_KEYMGMT_SELECT_PUBLIC_KEY, params))
915 goto err;
916 OSSL_PARAM_free(params);
917 params = NULL;
918 OSSL_PARAM_BLD_free(bld);
919
920 /* Test priv and pub */
921 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
922 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
923 OSSL_PKEY_PARAM_GROUP_NAME,
924 "P-256", 0))
925 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
926 OSSL_PKEY_PARAM_PUB_KEY,
927 ec_pub, sizeof(ec_pub)))
928 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
929 priv)))
930 goto err;
931 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
932 goto err;
933
934 if (!test_fromdata("EC", EVP_PKEY_KEYPAIR, params))
935 goto err;
936
937 ret = 1;
938 err:
939 OSSL_PARAM_free(params);
940 OSSL_PARAM_BLD_free(bld);
941 BN_free(priv);
942
943 return ret;
944 }
945
946 /* Test that using a legacy EC key with only a private key in it works */
947 # ifndef OPENSSL_NO_DEPRECATED_3_0
948 static int test_EC_priv_only_legacy(void)
949 {
950 BIGNUM *priv = NULL;
951 int ret = 0;
952 EC_KEY *eckey = NULL;
953 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
954 EVP_MD_CTX *ctx = NULL;
955
956 /* Create the low level EC_KEY */
957 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
958 goto err;
959
960 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
961 if (!TEST_ptr(eckey))
962 goto err;
963
964 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
965 goto err;
966
967 pkey = EVP_PKEY_new();
968 if (!TEST_ptr(pkey))
969 goto err;
970
971 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
972 goto err;
973 eckey = NULL;
974
975 while (dup_pk == NULL) {
976 ret = 0;
977 ctx = EVP_MD_CTX_new();
978 if (!TEST_ptr(ctx))
979 goto err;
980
981 /*
982 * The EVP_DigestSignInit function should create the key on the
983 * provider side which is sufficient for this test.
984 */
985 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
986 testpropq, pkey, NULL)))
987 goto err;
988 EVP_MD_CTX_free(ctx);
989 ctx = NULL;
990
991 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
992 goto err;
993 /* EVP_PKEY_eq() returns -2 with missing public keys */
994 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
995 EVP_PKEY_free(pkey);
996 pkey = dup_pk;
997 if (!ret)
998 goto err;
999 }
1000
1001 err:
1002 EVP_MD_CTX_free(ctx);
1003 EVP_PKEY_free(pkey);
1004 EC_KEY_free(eckey);
1005 BN_free(priv);
1006
1007 return ret;
1008 }
1009 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
1010 #endif /* OPENSSL_NO_EC */
1011
1012 static int test_EVP_PKEY_sign(int tst)
1013 {
1014 int ret = 0;
1015 EVP_PKEY *pkey = NULL;
1016 unsigned char *sig = NULL;
1017 size_t sig_len = 0, shortsig_len = 1;
1018 EVP_PKEY_CTX *ctx = NULL;
1019 unsigned char tbs[] = {
1020 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1021 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1022 };
1023
1024 if (tst == 0 ) {
1025 if (!TEST_ptr(pkey = load_example_rsa_key()))
1026 goto out;
1027 } else if (tst == 1) {
1028 #ifndef OPENSSL_NO_DSA
1029 if (!TEST_ptr(pkey = load_example_dsa_key()))
1030 goto out;
1031 #else
1032 ret = 1;
1033 goto out;
1034 #endif
1035 } else {
1036 #ifndef OPENSSL_NO_EC
1037 if (!TEST_ptr(pkey = load_example_ec_key()))
1038 goto out;
1039 #else
1040 ret = 1;
1041 goto out;
1042 #endif
1043 }
1044
1045 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1046 if (!TEST_ptr(ctx)
1047 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1048 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1049 sizeof(tbs)), 0))
1050 goto out;
1051 sig = OPENSSL_malloc(sig_len);
1052 if (!TEST_ptr(sig)
1053 /* Test sending a signature buffer that is too short is rejected */
1054 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1055 sizeof(tbs)), 0)
1056 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1057 0)
1058 /* Test the signature round-trips */
1059 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1060 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1061 0))
1062 goto out;
1063
1064 ret = 1;
1065 out:
1066 EVP_PKEY_CTX_free(ctx);
1067 OPENSSL_free(sig);
1068 EVP_PKEY_free(pkey);
1069 return ret;
1070 }
1071
1072 /*
1073 * n = 0 => test using legacy cipher
1074 * n = 1 => test using fetched cipher
1075 */
1076 static int test_EVP_Enveloped(int n)
1077 {
1078 int ret = 0;
1079 EVP_CIPHER_CTX *ctx = NULL;
1080 EVP_PKEY *keypair = NULL;
1081 unsigned char *kek = NULL;
1082 unsigned char iv[EVP_MAX_IV_LENGTH];
1083 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1084 int len, kek_len, ciphertext_len, plaintext_len;
1085 unsigned char ciphertext[32], plaintext[16];
1086 EVP_CIPHER *type = NULL;
1087
1088 if (nullprov != NULL)
1089 return TEST_skip("Test does not support a non-default library context");
1090
1091 if (n == 0)
1092 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1093 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1094 testpropq)))
1095 goto err;
1096
1097 if (!TEST_ptr(keypair = load_example_rsa_key())
1098 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
1099 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1100 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1101 &keypair, 1))
1102 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1103 msg, sizeof(msg)))
1104 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1105 &len)))
1106 goto err;
1107
1108 ciphertext_len += len;
1109
1110 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1111 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1112 ciphertext, ciphertext_len))
1113 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1114 goto err;
1115
1116 plaintext_len += len;
1117 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1118 goto err;
1119
1120 ret = 1;
1121 err:
1122 if (n != 0)
1123 EVP_CIPHER_free(type);
1124 OPENSSL_free(kek);
1125 EVP_PKEY_free(keypair);
1126 EVP_CIPHER_CTX_free(ctx);
1127 return ret;
1128 }
1129
1130 /*
1131 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1132 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1133 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1134 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1135 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1136 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1137 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1138 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1139 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1140 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1141 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1142 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1143 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1144 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1145 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1146 */
1147 static int test_EVP_DigestSignInit(int tst)
1148 {
1149 int ret = 0;
1150 EVP_PKEY *pkey = NULL;
1151 unsigned char *sig = NULL, *sig2 = NULL;
1152 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
1153 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1154 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1155 BIO *mdbio = NULL, *membio = NULL;
1156 size_t written;
1157 const EVP_MD *md;
1158 EVP_MD *mdexp = NULL;
1159
1160 if (nullprov != NULL)
1161 return TEST_skip("Test does not support a non-default library context");
1162
1163 if (tst >= 6 && tst <= 8) {
1164 membio = BIO_new(BIO_s_mem());
1165 mdbio = BIO_new(BIO_f_md());
1166 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1167 goto out;
1168 BIO_push(mdbio, membio);
1169 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1170 goto out;
1171 } else {
1172 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1173 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1174 goto out;
1175 }
1176
1177 if (tst % 3 == 0) {
1178 if (!TEST_ptr(pkey = load_example_rsa_key()))
1179 goto out;
1180 } else if (tst % 3 == 1) {
1181 #ifndef OPENSSL_NO_DSA
1182 if (!TEST_ptr(pkey = load_example_dsa_key()))
1183 goto out;
1184 #else
1185 ret = 1;
1186 goto out;
1187 #endif
1188 } else {
1189 if (!TEST_ptr(pkey = load_example_hmac_key()))
1190 goto out;
1191 }
1192
1193 if (tst >= 3 && tst <= 5)
1194 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1195 else
1196 md = EVP_sha256();
1197
1198 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1199 goto out;
1200
1201 if (tst >= 6 && tst <= 8) {
1202 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1203 goto out;
1204 } else if (tst < 6) {
1205 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1206 goto out;
1207 }
1208
1209 if (tst >= 9) {
1210 /* Determine the size of the signature. */
1211 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1212 sizeof(kMsg)))
1213 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1214 goto out;
1215 if (tst <= 11) {
1216 /* Test that supply a short sig buffer fails */
1217 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1218 sizeof(kMsg))))
1219 goto out;
1220 /*
1221 * We end here because once EVP_DigestSign() has failed you should
1222 * not call it again without re-initing the ctx
1223 */
1224 ret = 1;
1225 goto out;
1226 }
1227 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1228 sizeof(kMsg))))
1229 goto out;
1230 } else {
1231 /* Determine the size of the signature. */
1232 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1233 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1234 /*
1235 * Trying to create a signature with a deliberately short
1236 * buffer should fail.
1237 */
1238 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1239 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1240 goto out;
1241 }
1242
1243 /*
1244 * Ensure that the signature round-trips (Verification isn't supported for
1245 * HMAC via EVP_DigestVerify*)
1246 */
1247 if (tst % 3 != 2) {
1248 if (tst >= 6 && tst <= 8) {
1249 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1250 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1251 goto out;
1252 }
1253
1254 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1255 NULL, pkey)))
1256 goto out;
1257
1258 if (tst >= 6 && tst <= 8) {
1259 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1260 goto out;
1261 } else {
1262 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1263 sizeof(kMsg))))
1264 goto out;
1265 }
1266 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1267 goto out;
1268
1269 /* Multiple calls to EVP_DigestVerifyFinal should work */
1270 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1271 goto out;
1272 } else {
1273 /*
1274 * For HMAC a doubled call to DigestSignFinal should produce the same
1275 * value as finalization should not happen.
1276 */
1277 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1278 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1279 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1280 goto out;
1281
1282 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1283 goto out;
1284 }
1285
1286 ret = 1;
1287
1288 out:
1289 BIO_free(membio);
1290 BIO_free(mdbio);
1291 EVP_MD_CTX_free(a_md_ctx);
1292 EVP_MD_CTX_free(a_md_ctx_verify);
1293 EVP_PKEY_free(pkey);
1294 OPENSSL_free(sig);
1295 OPENSSL_free(sig2);
1296 EVP_MD_free(mdexp);
1297
1298 return ret;
1299 }
1300
1301 static int test_EVP_DigestVerifyInit(void)
1302 {
1303 int ret = 0;
1304 EVP_PKEY *pkey = NULL;
1305 EVP_MD_CTX *md_ctx = NULL;
1306
1307 if (nullprov != NULL)
1308 return TEST_skip("Test does not support a non-default library context");
1309
1310 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1311 || !TEST_ptr(pkey = load_example_rsa_key()))
1312 goto out;
1313
1314 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1315 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1316 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
1317 sizeof(kSignature))))
1318 goto out;
1319 ret = 1;
1320
1321 out:
1322 EVP_MD_CTX_free(md_ctx);
1323 EVP_PKEY_free(pkey);
1324 return ret;
1325 }
1326
1327 /*
1328 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1329 */
1330 static int test_EVP_Digest(void)
1331 {
1332 int ret = 0;
1333 EVP_MD_CTX *md_ctx = NULL;
1334 unsigned char md[EVP_MAX_MD_SIZE];
1335 EVP_MD *sha256 = NULL;
1336 EVP_MD *shake256 = NULL;
1337
1338 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1339 goto out;
1340
1341 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1342 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1343 goto out;
1344
1345 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1346 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1347 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1348 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1349 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1350 goto out;
1351
1352 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1353 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1354 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1355 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1356 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1357 /*
1358 * EVP_DigestInit_ex with NULL type should work on
1359 * pre-initialized context.
1360 */
1361 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1362 goto out;
1363
1364 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1365 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1366 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1367 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1368 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1369 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1370 goto out;
1371 ret = 1;
1372
1373 out:
1374 EVP_MD_CTX_free(md_ctx);
1375 EVP_MD_free(sha256);
1376 EVP_MD_free(shake256);
1377 return ret;
1378 }
1379
1380 static int test_d2i_AutoPrivateKey(int i)
1381 {
1382 int ret = 0;
1383 const unsigned char *p;
1384 EVP_PKEY *pkey = NULL;
1385 const APK_DATA *ak = &keydata[i];
1386 const unsigned char *input = ak->kder;
1387 size_t input_len = ak->size;
1388 int expected_id = ak->evptype;
1389
1390 p = input;
1391 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1392 || !TEST_ptr_eq(p, input + input_len)
1393 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
1394 goto done;
1395
1396 ret = 1;
1397
1398 done:
1399 EVP_PKEY_free(pkey);
1400 return ret;
1401 }
1402
1403 #ifndef OPENSSL_NO_EC
1404
1405 static const unsigned char ec_public_sect163k1_validxy[] = {
1406 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1407 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1408 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1409 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1410 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1411 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1412 };
1413
1414 static const unsigned char ec_public_sect163k1_badx[] = {
1415 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1416 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1417 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1418 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1419 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1420 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1421 };
1422
1423 static const unsigned char ec_public_sect163k1_bady[] = {
1424 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1425 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1426 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1427 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1428 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1429 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1430 };
1431
1432 static struct ec_der_pub_keys_st {
1433 const unsigned char *der;
1434 size_t len;
1435 int valid;
1436 } ec_der_pub_keys[] = {
1437 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1438 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1439 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1440 };
1441
1442 /*
1443 * Tests the range of the decoded EC char2 public point.
1444 * See ec_GF2m_simple_oct2point().
1445 */
1446 static int test_invalide_ec_char2_pub_range_decode(int id)
1447 {
1448 int ret = 0;
1449 EVP_PKEY *pkey;
1450
1451 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1452 ec_der_pub_keys[id].len);
1453
1454 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1455 || TEST_ptr_null(pkey);
1456 EVP_PKEY_free(pkey);
1457 return ret;
1458 }
1459
1460 /* Tests loading a bad key in PKCS8 format */
1461 static int test_EVP_PKCS82PKEY(void)
1462 {
1463 int ret = 0;
1464 const unsigned char *derp = kExampleBadECKeyDER;
1465 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1466 EVP_PKEY *pkey = NULL;
1467
1468 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1469 sizeof(kExampleBadECKeyDER))))
1470 goto done;
1471
1472 if (!TEST_ptr_eq(derp,
1473 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1474 goto done;
1475
1476 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1477 goto done;
1478
1479 ret = 1;
1480
1481 done:
1482 PKCS8_PRIV_KEY_INFO_free(p8inf);
1483 EVP_PKEY_free(pkey);
1484
1485 return ret;
1486 }
1487
1488 #endif
1489 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1490 {
1491 EVP_PKEY *pkey = NULL;
1492 EVP_PKEY *pkey2 = NULL;
1493 BIO *membio = NULL;
1494 char *membuf = NULL;
1495 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1496 int ok = 0;
1497
1498 if (testctx != NULL)
1499 /* test not supported with non-default context */
1500 return 1;
1501
1502 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1503 || !TEST_ptr(pkey = load_example_rsa_key())
1504 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1505 NULL, 0, NULL, NULL),
1506 0)
1507 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1508 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1509 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
1510 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1511 goto done;
1512 }
1513
1514 ok = 1;
1515 done:
1516 EVP_PKEY_free(pkey);
1517 EVP_PKEY_free(pkey2);
1518 PKCS8_PRIV_KEY_INFO_free(p8inf);
1519 BIO_free_all(membio);
1520 return ok;
1521 }
1522
1523 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1524 static int test_privatekey_to_pkcs8(void)
1525 {
1526 EVP_PKEY *pkey = NULL;
1527 BIO *membio = NULL;
1528 char *membuf = NULL;
1529 long membuf_len = 0;
1530 int ok = 0;
1531
1532 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1533 || !TEST_ptr(pkey = load_example_rsa_key())
1534 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1535 NULL, 0, NULL, NULL),
1536 0)
1537 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1538 || !TEST_ptr(membuf)
1539 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1540 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1541 /*
1542 * We try to write PEM as well, just to see that it doesn't err, but
1543 * assume that the result is correct.
1544 */
1545 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1546 NULL, 0, NULL, NULL),
1547 0))
1548 goto done;
1549
1550 ok = 1;
1551 done:
1552 EVP_PKEY_free(pkey);
1553 BIO_free_all(membio);
1554 return ok;
1555 }
1556
1557 #ifndef OPENSSL_NO_EC
1558 static const struct {
1559 int encoding;
1560 const char *encoding_name;
1561 } ec_encodings[] = {
1562 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1563 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1564 };
1565
1566 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1567 {
1568 const OSSL_PARAM *p;
1569 const char *enc_name = NULL;
1570 int *enc = arg;
1571 size_t i;
1572
1573 *enc = -1;
1574
1575 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1576 OSSL_PKEY_PARAM_EC_ENCODING))
1577 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1578 return 0;
1579
1580 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1581 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1582 *enc = ec_encodings[i].encoding;
1583 break;
1584 }
1585 }
1586
1587 return (*enc != -1);
1588 }
1589
1590 static int test_EC_keygen_with_enc(int idx)
1591 {
1592 EVP_PKEY *params = NULL, *key = NULL;
1593 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1594 int enc;
1595 int ret = 0;
1596
1597 enc = ec_encodings[idx].encoding;
1598
1599 /* Create key parameters */
1600 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1601 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
1602 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
1603 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1604 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
1605 || !TEST_ptr(params))
1606 goto done;
1607
1608 /* Create key */
1609 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1610 || !TEST_true(EVP_PKEY_keygen_init(kctx))
1611 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1612 || !TEST_ptr(key))
1613 goto done;
1614
1615 /* Check that the encoding got all the way into the key */
1616 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1617 ec_export_get_encoding_cb, &enc))
1618 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1619 goto done;
1620
1621 ret = 1;
1622 done:
1623 EVP_PKEY_free(key);
1624 EVP_PKEY_free(params);
1625 EVP_PKEY_CTX_free(kctx);
1626 EVP_PKEY_CTX_free(pctx);
1627 return ret;
1628 }
1629 #endif
1630
1631 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1632
1633 static int test_EVP_SM2_verify(void)
1634 {
1635 const char *pubkey =
1636 "-----BEGIN PUBLIC KEY-----\n"
1637 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1638 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1639 "-----END PUBLIC KEY-----\n";
1640
1641 const char *msg = "message digest";
1642 const char *id = "ALICE123@YAHOO.COM";
1643
1644 const uint8_t signature[] = {
1645 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1646 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1647 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1648 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1649 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1650 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1651 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1652 };
1653
1654 int rc = 0;
1655 BIO *bio = NULL;
1656 EVP_PKEY *pkey = NULL;
1657 EVP_MD_CTX *mctx = NULL;
1658 EVP_PKEY_CTX *pctx = NULL;
1659 EVP_MD *sm3 = NULL;
1660
1661 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1662 if (!TEST_true(bio != NULL))
1663 goto done;
1664
1665 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
1666 if (!TEST_true(pkey != NULL))
1667 goto done;
1668
1669 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1670 goto done;
1671
1672 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1673 goto done;
1674
1675 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1676 goto done;
1677
1678 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1679
1680 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1681 goto done;
1682
1683 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
1684 goto done;
1685
1686 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1687 goto done;
1688
1689 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1690 goto done;
1691
1692 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
1693 goto done;
1694 rc = 1;
1695
1696 done:
1697 BIO_free(bio);
1698 EVP_PKEY_free(pkey);
1699 EVP_PKEY_CTX_free(pctx);
1700 EVP_MD_CTX_free(mctx);
1701 EVP_MD_free(sm3);
1702 return rc;
1703 }
1704
1705 static int test_EVP_SM2(void)
1706 {
1707 int ret = 0;
1708 EVP_PKEY *pkey = NULL;
1709 EVP_PKEY *pkeyparams = NULL;
1710 EVP_PKEY_CTX *pctx = NULL;
1711 EVP_PKEY_CTX *kctx = NULL;
1712 EVP_PKEY_CTX *sctx = NULL;
1713 size_t sig_len = 0;
1714 unsigned char *sig = NULL;
1715 EVP_MD_CTX *md_ctx = NULL;
1716 EVP_MD_CTX *md_ctx_verify = NULL;
1717 EVP_PKEY_CTX *cctx = NULL;
1718 EVP_MD *check_md = NULL;
1719
1720 uint8_t ciphertext[128];
1721 size_t ctext_len = sizeof(ciphertext);
1722
1723 uint8_t plaintext[8];
1724 size_t ptext_len = sizeof(plaintext);
1725
1726 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1727
1728 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1729 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1730 int i;
1731 char mdname[OSSL_MAX_NAME_SIZE];
1732
1733 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
1734 "SM2", testpropq)))
1735 goto done;
1736
1737 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1738 goto done;
1739
1740 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1741 goto done;
1742
1743 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1744 goto done;
1745
1746 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1747 pkeyparams, testpropq)))
1748 goto done;
1749
1750 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1751 goto done;
1752
1753 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1754 goto done;
1755
1756 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1757 goto done;
1758
1759 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1760 goto done;
1761
1762 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1763 goto done;
1764
1765 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1766 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1767
1768 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
1769 goto done;
1770
1771 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
1772 goto done;
1773
1774 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1775 goto done;
1776
1777 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1778 goto done;
1779
1780 /* Determine the size of the signature. */
1781 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1782 goto done;
1783
1784 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1785 goto done;
1786
1787 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1788 goto done;
1789
1790 /* Ensure that the signature round-trips. */
1791
1792 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1793 pkey)))
1794 goto done;
1795
1796 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1797 goto done;
1798
1799 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1800 goto done;
1801
1802 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1803 goto done;
1804
1805 /* now check encryption/decryption */
1806
1807 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1808 mdname, sizeof(mdname));
1809 for (i = 0; i < 2; i++) {
1810 const char *mdnames[] = {
1811 #ifndef OPENSSL_NO_SM3
1812 "SM3",
1813 #else
1814 NULL,
1815 #endif
1816 "SHA2-256" };
1817 EVP_PKEY_CTX_free(cctx);
1818
1819 if (mdnames[i] == NULL)
1820 continue;
1821
1822 sparams[0] =
1823 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1824 (char *)mdnames[i], 0);
1825
1826 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1827 pkey, testpropq)))
1828 goto done;
1829
1830 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1831 goto done;
1832
1833 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1834 goto done;
1835
1836 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1837 sizeof(kMsg))))
1838 goto done;
1839
1840 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1841 goto done;
1842
1843 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1844 goto done;
1845
1846 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1847 ctext_len)))
1848 goto done;
1849
1850 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1851 goto done;
1852
1853 /*
1854 * Test we're still using the digest we think we are.
1855 * Because of aliases, the easiest is to fetch the digest and
1856 * check the name with EVP_MD_is_a().
1857 */
1858 EVP_MD_free(check_md);
1859 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
1860 goto done;
1861 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
1862 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
1863 goto done;
1864 }
1865
1866 if (!TEST_true(ptext_len == sizeof(kMsg)))
1867 goto done;
1868
1869 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1870 goto done;
1871 }
1872
1873 ret = 1;
1874 done:
1875 EVP_PKEY_CTX_free(pctx);
1876 EVP_PKEY_CTX_free(kctx);
1877 EVP_PKEY_CTX_free(sctx);
1878 EVP_PKEY_CTX_free(cctx);
1879 EVP_PKEY_free(pkey);
1880 EVP_PKEY_free(pkeyparams);
1881 EVP_MD_CTX_free(md_ctx);
1882 EVP_MD_CTX_free(md_ctx_verify);
1883 EVP_MD_free(check_md);
1884 OPENSSL_free(sig);
1885 return ret;
1886 }
1887
1888 #endif
1889
1890 static struct keys_st {
1891 int type;
1892 char *priv;
1893 char *pub;
1894 } keys[] = {
1895 {
1896 EVP_PKEY_HMAC, "0123456789", NULL
1897 },
1898 {
1899 EVP_PKEY_HMAC, "", NULL
1900 #ifndef OPENSSL_NO_POLY1305
1901 }, {
1902 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1903 #endif
1904 #ifndef OPENSSL_NO_SIPHASH
1905 }, {
1906 EVP_PKEY_SIPHASH, "0123456789012345", NULL
1907 #endif
1908 },
1909 #ifndef OPENSSL_NO_EC
1910 {
1911 EVP_PKEY_X25519, "01234567890123456789012345678901",
1912 "abcdefghijklmnopqrstuvwxyzabcdef"
1913 }, {
1914 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1915 "abcdefghijklmnopqrstuvwxyzabcdef"
1916 }, {
1917 EVP_PKEY_X448,
1918 "01234567890123456789012345678901234567890123456789012345",
1919 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1920 }, {
1921 EVP_PKEY_ED448,
1922 "012345678901234567890123456789012345678901234567890123456",
1923 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1924 }
1925 #endif
1926 };
1927
1928 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
1929 {
1930 int ret = 0;
1931 unsigned char buf[80];
1932 unsigned char *in;
1933 size_t inlen, len = 0, shortlen = 1;
1934 EVP_PKEY *pkey;
1935
1936 /* Check if this algorithm supports public keys */
1937 if (pub && keys[tst].pub == NULL)
1938 return 1;
1939
1940 memset(buf, 0, sizeof(buf));
1941
1942 if (pub) {
1943 #ifndef OPENSSL_NO_EC
1944 inlen = strlen(keys[tst].pub);
1945 in = (unsigned char *)keys[tst].pub;
1946 if (uselibctx) {
1947 pkey = EVP_PKEY_new_raw_public_key_ex(
1948 testctx,
1949 OBJ_nid2sn(keys[tst].type),
1950 NULL,
1951 in,
1952 inlen);
1953 } else {
1954 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1955 NULL,
1956 in,
1957 inlen);
1958 }
1959 #else
1960 return 1;
1961 #endif
1962 } else {
1963 inlen = strlen(keys[tst].priv);
1964 in = (unsigned char *)keys[tst].priv;
1965 if (uselibctx) {
1966 pkey = EVP_PKEY_new_raw_private_key_ex(
1967 testctx, OBJ_nid2sn(keys[tst].type),
1968 NULL,
1969 in,
1970 inlen);
1971 } else {
1972 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1973 NULL,
1974 in,
1975 inlen);
1976 }
1977 }
1978
1979 if (!TEST_ptr(pkey)
1980 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
1981 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1982 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1983 || !TEST_true(len == inlen))
1984 goto done;
1985 if (tst != 1) {
1986 /*
1987 * Test that supplying a buffer that is too small fails. Doesn't apply
1988 * to HMAC with a zero length key
1989 */
1990 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
1991 &shortlen)))
1992 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
1993 &shortlen))))
1994 goto done;
1995 }
1996 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1997 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1998 || !TEST_mem_eq(in, inlen, buf, len))
1999 goto done;
2000
2001 ret = 1;
2002 done:
2003 EVP_PKEY_free(pkey);
2004 return ret;
2005 }
2006
2007 static int test_set_get_raw_keys(int tst)
2008 {
2009 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
2010 && test_set_get_raw_keys_int(tst, 0, 1)
2011 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
2012 && test_set_get_raw_keys_int(tst, 1, 1);
2013 }
2014
2015 #ifndef OPENSSL_NO_DEPRECATED_3_0
2016 static int pkey_custom_check(EVP_PKEY *pkey)
2017 {
2018 return 0xbeef;
2019 }
2020
2021 static int pkey_custom_pub_check(EVP_PKEY *pkey)
2022 {
2023 return 0xbeef;
2024 }
2025
2026 static int pkey_custom_param_check(EVP_PKEY *pkey)
2027 {
2028 return 0xbeef;
2029 }
2030
2031 static EVP_PKEY_METHOD *custom_pmeth;
2032 #endif
2033
2034 static int test_EVP_PKEY_check(int i)
2035 {
2036 int ret = 0;
2037 EVP_PKEY *pkey = NULL;
2038 EVP_PKEY_CTX *ctx = NULL;
2039 #ifndef OPENSSL_NO_DEPRECATED_3_0
2040 EVP_PKEY_CTX *ctx2 = NULL;
2041 #endif
2042 const APK_DATA *ak = &keycheckdata[i];
2043 const unsigned char *input = ak->kder;
2044 size_t input_len = ak->size;
2045 int expected_id = ak->evptype;
2046 int expected_check = ak->check;
2047 int expected_pub_check = ak->pub_check;
2048 int expected_param_check = ak->param_check;
2049 int type = ak->type;
2050
2051 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
2052 goto done;
2053 if (type == 0
2054 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2055 goto done;
2056
2057 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2058 goto done;
2059
2060 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
2061 goto done;
2062
2063 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
2064 goto done;
2065
2066 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
2067 goto done;
2068
2069 #ifndef OPENSSL_NO_DEPRECATED_3_0
2070 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
2071 /* assign the pkey directly, as an internal test */
2072 EVP_PKEY_up_ref(pkey);
2073 ctx2->pkey = pkey;
2074
2075 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
2076 goto done;
2077
2078 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
2079 goto done;
2080
2081 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
2082 goto done;
2083 #endif
2084
2085 ret = 1;
2086
2087 done:
2088 EVP_PKEY_CTX_free(ctx);
2089 #ifndef OPENSSL_NO_DEPRECATED_3_0
2090 EVP_PKEY_CTX_free(ctx2);
2091 #endif
2092 EVP_PKEY_free(pkey);
2093 return ret;
2094 }
2095
2096 #ifndef OPENSSL_NO_CMAC
2097 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
2098 {
2099 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
2100 const char msg[] = "Hello World";
2101 size_t maclen = AES_BLOCK_SIZE;
2102 int ret = 1;
2103
2104 if (!TEST_ptr(mdctx)
2105 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
2106 testpropq, pkey, NULL))
2107 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
2108 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
2109 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
2110 ret = 0;
2111
2112 EVP_MD_CTX_free(mdctx);
2113
2114 return ret;
2115 }
2116 static int test_CMAC_keygen(void)
2117 {
2118 static unsigned char key[] = {
2119 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2120 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2121 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2122 };
2123 EVP_PKEY_CTX *kctx = NULL;
2124 int ret = 0;
2125 EVP_PKEY *pkey = NULL;
2126 unsigned char mac[AES_BLOCK_SIZE];
2127 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2128 unsigned char mac2[AES_BLOCK_SIZE];
2129 # endif
2130
2131 if (nullprov != NULL)
2132 return TEST_skip("Test does not support a non-default library context");
2133
2134 /*
2135 * This is a legacy method for CMACs, but should still work.
2136 * This verifies that it works without an ENGINE.
2137 */
2138 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2139
2140 /* Test a CMAC key created using the "generated" method */
2141 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2142 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2143 EVP_PKEY_CTRL_CIPHER,
2144 0, (void *)EVP_aes_256_ecb()), 0)
2145 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2146 EVP_PKEY_CTRL_SET_MAC_KEY,
2147 sizeof(key), (void *)key), 0)
2148 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2149 || !TEST_ptr(pkey)
2150 || !TEST_true(get_cmac_val(pkey, mac)))
2151 goto done;
2152
2153 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2154 EVP_PKEY_free(pkey);
2155
2156 /*
2157 * Test a CMAC key using the direct method, and compare with the mac
2158 * created above.
2159 */
2160 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
2161 if (!TEST_ptr(pkey)
2162 || !TEST_true(get_cmac_val(pkey, mac2))
2163 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
2164 goto done;
2165 # endif
2166
2167 ret = 1;
2168
2169 done:
2170 EVP_PKEY_free(pkey);
2171 EVP_PKEY_CTX_free(kctx);
2172 return ret;
2173 }
2174 #endif
2175
2176 static int test_HKDF(void)
2177 {
2178 EVP_PKEY_CTX *pctx;
2179 unsigned char out[20];
2180 size_t outlen;
2181 int i, ret = 0;
2182 unsigned char salt[] = "0123456789";
2183 unsigned char key[] = "012345678901234567890123456789";
2184 unsigned char info[] = "infostring";
2185 const unsigned char expected[] = {
2186 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2187 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2188 };
2189 size_t expectedlen = sizeof(expected);
2190
2191 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2192 goto done;
2193
2194 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2195 for (i = 0; i < 2; i++) {
2196 outlen = sizeof(out);
2197 memset(out, 0, outlen);
2198
2199 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2200 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2201 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2202 sizeof(salt) - 1), 0)
2203 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2204 sizeof(key) - 1), 0)
2205 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2206 sizeof(info) - 1), 0)
2207 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2208 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2209 goto done;
2210 }
2211
2212 ret = 1;
2213
2214 done:
2215 EVP_PKEY_CTX_free(pctx);
2216
2217 return ret;
2218 }
2219
2220 static int test_emptyikm_HKDF(void)
2221 {
2222 EVP_PKEY_CTX *pctx;
2223 unsigned char out[20];
2224 size_t outlen;
2225 int ret = 0;
2226 unsigned char salt[] = "9876543210";
2227 unsigned char key[] = "";
2228 unsigned char info[] = "stringinfo";
2229 const unsigned char expected[] = {
2230 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2231 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2232 };
2233 size_t expectedlen = sizeof(expected);
2234
2235 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2236 goto done;
2237
2238 outlen = sizeof(out);
2239 memset(out, 0, outlen);
2240
2241 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2242 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2243 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2244 sizeof(salt) - 1), 0)
2245 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2246 sizeof(key) - 1), 0)
2247 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2248 sizeof(info) - 1), 0)
2249 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2250 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2251 goto done;
2252
2253 ret = 1;
2254
2255 done:
2256 EVP_PKEY_CTX_free(pctx);
2257
2258 return ret;
2259 }
2260
2261 #ifndef OPENSSL_NO_EC
2262 static int test_X509_PUBKEY_inplace(void)
2263 {
2264 int ret = 0;
2265 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
2266 const unsigned char *p = kExampleECPubKeyDER;
2267 size_t input_len = sizeof(kExampleECPubKeyDER);
2268
2269 if (!TEST_ptr(xp))
2270 goto done;
2271 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
2272 goto done;
2273
2274 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2275 goto done;
2276
2277 p = kExampleBadECPubKeyDER;
2278 input_len = sizeof(kExampleBadECPubKeyDER);
2279
2280 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2281 goto done;
2282
2283 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2284 goto done;
2285
2286 ret = 1;
2287
2288 done:
2289 X509_PUBKEY_free(xp);
2290 return ret;
2291 }
2292
2293 static int test_X509_PUBKEY_dup(void)
2294 {
2295 int ret = 0;
2296 X509_PUBKEY *xp = NULL, *xq = NULL;
2297 const unsigned char *p = kExampleECPubKeyDER;
2298 size_t input_len = sizeof(kExampleECPubKeyDER);
2299
2300 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2301 if (!TEST_ptr(xp)
2302 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
2303 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2304 || !TEST_ptr_ne(xp, xq))
2305 goto done;
2306
2307 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2308 || !TEST_ptr(X509_PUBKEY_get0(xp))
2309 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
2310 goto done;
2311
2312 X509_PUBKEY_free(xq);
2313 xq = NULL;
2314 p = kExampleBadECPubKeyDER;
2315 input_len = sizeof(kExampleBadECPubKeyDER);
2316
2317 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2318 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2319 goto done;
2320
2321 X509_PUBKEY_free(xp);
2322 xp = NULL;
2323 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2324 goto done;
2325
2326 ret = 1;
2327
2328 done:
2329 X509_PUBKEY_free(xp);
2330 X509_PUBKEY_free(xq);
2331 return ret;
2332 }
2333 #endif /* OPENSSL_NO_EC */
2334
2335 /* Test getting and setting parameters on an EVP_PKEY_CTX */
2336 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
2337 {
2338 EVP_MD_CTX *mdctx = NULL;
2339 EVP_PKEY_CTX *ctx = NULL;
2340 const OSSL_PARAM *params;
2341 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
2342 int ret = 0;
2343 const EVP_MD *md;
2344 char mdname[OSSL_MAX_NAME_SIZE];
2345 char ssl3ms[48];
2346
2347 /* Initialise a sign operation */
2348 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
2349 if (!TEST_ptr(ctx)
2350 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
2351 goto err;
2352
2353 /*
2354 * We should be able to query the parameters now.
2355 */
2356 params = EVP_PKEY_CTX_settable_params(ctx);
2357 if (!TEST_ptr(params)
2358 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2359 OSSL_SIGNATURE_PARAM_DIGEST)))
2360 goto err;
2361
2362 params = EVP_PKEY_CTX_gettable_params(ctx);
2363 if (!TEST_ptr(params)
2364 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2365 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
2366 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2367 OSSL_SIGNATURE_PARAM_DIGEST)))
2368 goto err;
2369
2370 /*
2371 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2372 * EVP_PKEY_CTX_get_params()
2373 */
2374 strcpy(mdname, "SHA512");
2375 param_md = param;
2376 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2377 mdname, 0);
2378 *param++ = OSSL_PARAM_construct_end();
2379
2380 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2381 goto err;
2382
2383 mdname[0] = '\0';
2384 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2385 mdname, sizeof(mdname));
2386 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
2387 || !TEST_str_eq(mdname, "SHA512"))
2388 goto err;
2389
2390 /*
2391 * Test the TEST_PKEY_CTX_set_signature_md() and
2392 * TEST_PKEY_CTX_get_signature_md() functions
2393 */
2394 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2395 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2396 || !TEST_ptr_eq(md, EVP_sha256()))
2397 goto err;
2398
2399 /*
2400 * Test getting MD parameters via an associated EVP_PKEY_CTX
2401 */
2402 mdctx = EVP_MD_CTX_new();
2403 if (!TEST_ptr(mdctx)
2404 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2405 pkey, NULL)))
2406 goto err;
2407
2408 /*
2409 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2410 * able to obtain the digest's settable parameters from the provider.
2411 */
2412 params = EVP_MD_CTX_settable_params(mdctx);
2413 if (!TEST_ptr(params)
2414 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2415 /* The final key should be NULL */
2416 || !TEST_ptr_null(params[1].key))
2417 goto err;
2418
2419 param = ourparams;
2420 memset(ssl3ms, 0, sizeof(ssl3ms));
2421 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2422 ssl3ms, sizeof(ssl3ms));
2423 *param++ = OSSL_PARAM_construct_end();
2424
2425 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2426 goto err;
2427
2428 ret = 1;
2429
2430 err:
2431 EVP_MD_CTX_free(mdctx);
2432 EVP_PKEY_CTX_free(ctx);
2433
2434 return ret;
2435 }
2436
2437 #ifndef OPENSSL_NO_DSA
2438 static int test_DSA_get_set_params(void)
2439 {
2440 OSSL_PARAM_BLD *bld = NULL;
2441 OSSL_PARAM *params = NULL;
2442 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2443 EVP_PKEY_CTX *pctx = NULL;
2444 EVP_PKEY *pkey = NULL;
2445 int ret = 0;
2446
2447 /*
2448 * Setup the parameters for our DSA object. For our purposes they don't
2449 * have to actually be *valid* parameters. We just need to set something.
2450 */
2451 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2452 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2453 || !TEST_ptr(p = BN_new())
2454 || !TEST_ptr(q = BN_new())
2455 || !TEST_ptr(g = BN_new())
2456 || !TEST_ptr(pub = BN_new())
2457 || !TEST_ptr(priv = BN_new()))
2458 goto err;
2459 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2460 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2461 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2462 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2463 pub))
2464 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2465 priv)))
2466 goto err;
2467 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2468 goto err;
2469
2470 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2471 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2472 params), 0))
2473 goto err;
2474
2475 if (!TEST_ptr(pkey))
2476 goto err;
2477
2478 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2479
2480 err:
2481 EVP_PKEY_free(pkey);
2482 EVP_PKEY_CTX_free(pctx);
2483 OSSL_PARAM_free(params);
2484 OSSL_PARAM_BLD_free(bld);
2485 BN_free(p);
2486 BN_free(q);
2487 BN_free(g);
2488 BN_free(pub);
2489 BN_free(priv);
2490
2491 return ret;
2492 }
2493
2494 /*
2495 * Test combinations of private, public, missing and private + public key
2496 * params to ensure they are all accepted
2497 */
2498 static int test_DSA_priv_pub(void)
2499 {
2500 return test_EVP_PKEY_ffc_priv_pub("DSA");
2501 }
2502
2503 #endif /* !OPENSSL_NO_DSA */
2504
2505 static int test_RSA_get_set_params(void)
2506 {
2507 OSSL_PARAM_BLD *bld = NULL;
2508 OSSL_PARAM *params = NULL;
2509 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2510 EVP_PKEY_CTX *pctx = NULL;
2511 EVP_PKEY *pkey = NULL;
2512 int ret = 0;
2513
2514 /*
2515 * Setup the parameters for our RSA object. For our purposes they don't
2516 * have to actually be *valid* parameters. We just need to set something.
2517 */
2518 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2519 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2520 || !TEST_ptr(n = BN_new())
2521 || !TEST_ptr(e = BN_new())
2522 || !TEST_ptr(d = BN_new()))
2523 goto err;
2524 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2525 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2526 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2527 goto err;
2528 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2529 goto err;
2530
2531 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2532 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2533 params), 0))
2534 goto err;
2535
2536 if (!TEST_ptr(pkey))
2537 goto err;
2538
2539 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2540
2541 err:
2542 EVP_PKEY_free(pkey);
2543 EVP_PKEY_CTX_free(pctx);
2544 OSSL_PARAM_free(params);
2545 OSSL_PARAM_BLD_free(bld);
2546 BN_free(n);
2547 BN_free(e);
2548 BN_free(d);
2549
2550 return ret;
2551 }
2552
2553 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2554 static int test_decrypt_null_chunks(void)
2555 {
2556 EVP_CIPHER_CTX* ctx = NULL;
2557 EVP_CIPHER *cipher = NULL;
2558 const unsigned char key[32] = {
2559 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2560 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2561 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2562 };
2563 unsigned char iv[12] = {
2564 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2565 };
2566 unsigned char msg[] = "It was the best of times, it was the worst of times";
2567 unsigned char ciphertext[80];
2568 unsigned char plaintext[80];
2569 /* We initialise tmp to a non zero value on purpose */
2570 int ctlen, ptlen, tmp = 99;
2571 int ret = 0;
2572 const int enc_offset = 10, dec_offset = 20;
2573
2574 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2575 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2576 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
2577 key, iv))
2578 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2579 enc_offset))
2580 /* Deliberate add a zero length update */
2581 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2582 0))
2583 || !TEST_int_eq(tmp, 0)
2584 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2585 msg + enc_offset,
2586 sizeof(msg) - enc_offset))
2587 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2588 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2589 || !TEST_int_eq(tmp, 0))
2590 goto err;
2591
2592 /* Deliberately initialise tmp to a non zero value */
2593 tmp = 99;
2594 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
2595 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2596 dec_offset))
2597 /*
2598 * Deliberately add a zero length update. We also deliberately do
2599 * this at a different offset than for encryption.
2600 */
2601 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2602 0))
2603 || !TEST_int_eq(tmp, 0)
2604 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2605 ciphertext + dec_offset,
2606 ctlen - dec_offset))
2607 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2608 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2609 || !TEST_int_eq(tmp, 0)
2610 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2611 goto err;
2612
2613 ret = 1;
2614 err:
2615 EVP_CIPHER_CTX_free(ctx);
2616 EVP_CIPHER_free(cipher);
2617 return ret;
2618 }
2619 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2620
2621 #ifndef OPENSSL_NO_DH
2622 /*
2623 * Test combinations of private, public, missing and private + public key
2624 * params to ensure they are all accepted
2625 */
2626 static int test_DH_priv_pub(void)
2627 {
2628 return test_EVP_PKEY_ffc_priv_pub("DH");
2629 }
2630
2631 # ifndef OPENSSL_NO_DEPRECATED_3_0
2632 static int test_EVP_PKEY_set1_DH(void)
2633 {
2634 DH *x942dh = NULL, *noqdh = NULL;
2635 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
2636 int ret = 0;
2637 BIGNUM *p, *g = NULL;
2638 BIGNUM *pubkey = NULL;
2639 unsigned char pub[2048 / 8];
2640 size_t len = 0;
2641
2642 if (!TEST_ptr(p = BN_new())
2643 || !TEST_ptr(g = BN_new())
2644 || !TEST_ptr(pubkey = BN_new())
2645 || !TEST_true(BN_set_word(p, 9999))
2646 || !TEST_true(BN_set_word(g, 2))
2647 || !TEST_true(BN_set_word(pubkey, 4321))
2648 || !TEST_ptr(noqdh = DH_new())
2649 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
2650 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
2651 || !TEST_ptr(pubkey = BN_new())
2652 || !TEST_true(BN_set_word(pubkey, 4321)))
2653 goto err;
2654 p = g = NULL;
2655
2656 x942dh = DH_get_2048_256();
2657 pkey1 = EVP_PKEY_new();
2658 pkey2 = EVP_PKEY_new();
2659 if (!TEST_ptr(x942dh)
2660 || !TEST_ptr(noqdh)
2661 || !TEST_ptr(pkey1)
2662 || !TEST_ptr(pkey2)
2663 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
2664 goto err;
2665 pubkey = NULL;
2666
2667 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2668 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
2669 goto err;
2670
2671 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
2672 &pubkey))
2673 || !TEST_ptr(pubkey))
2674 goto err;
2675
2676 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
2677 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
2678 goto err;
2679
2680 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
2681 OSSL_PKEY_PARAM_PUB_KEY,
2682 pub, sizeof(pub), &len))
2683 || !TEST_size_t_ne(len, 0))
2684 goto err;
2685
2686 ret = 1;
2687 err:
2688 BN_free(p);
2689 BN_free(g);
2690 BN_free(pubkey);
2691 EVP_PKEY_free(pkey1);
2692 EVP_PKEY_free(pkey2);
2693 DH_free(x942dh);
2694 DH_free(noqdh);
2695
2696 return ret;
2697 }
2698 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2699 #endif /* !OPENSSL_NO_DH */
2700
2701 /*
2702 * We test what happens with an empty template. For the sake of this test,
2703 * the template must be ignored, and we know that's the case for RSA keys
2704 * (this might arguably be a misfeature, but that's what we currently do,
2705 * even in provider code, since that's how the legacy RSA implementation
2706 * does things)
2707 */
2708 static int test_keygen_with_empty_template(int n)
2709 {
2710 EVP_PKEY_CTX *ctx = NULL;
2711 EVP_PKEY *pkey = NULL;
2712 EVP_PKEY *tkey = NULL;
2713 int ret = 0;
2714
2715 if (nullprov != NULL)
2716 return TEST_skip("Test does not support a non-default library context");
2717
2718 switch (n) {
2719 case 0:
2720 /* We do test with no template at all as well */
2721 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2722 goto err;
2723 break;
2724 case 1:
2725 /* Here we create an empty RSA key that serves as our template */
2726 if (!TEST_ptr(tkey = EVP_PKEY_new())
2727 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2728 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2729 goto err;
2730 break;
2731 }
2732
2733 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2734 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2735 goto err;
2736
2737 ret = 1;
2738 err:
2739 EVP_PKEY_CTX_free(ctx);
2740 EVP_PKEY_free(pkey);
2741 EVP_PKEY_free(tkey);
2742 return ret;
2743 }
2744
2745 /*
2746 * Test that we fail if we attempt to use an algorithm that is not available
2747 * in the current library context (unless we are using an algorithm that
2748 * should be made available via legacy codepaths).
2749 *
2750 * 0: RSA
2751 * 1: SM2
2752 */
2753 static int test_pkey_ctx_fail_without_provider(int tst)
2754 {
2755 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
2756 OSSL_PROVIDER *tmpnullprov = NULL;
2757 EVP_PKEY_CTX *pctx = NULL;
2758 const char *keytype = NULL;
2759 int expect_null = 0;
2760 int ret = 0;
2761
2762 if (!TEST_ptr(tmpctx))
2763 goto err;
2764
2765 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
2766 if (!TEST_ptr(tmpnullprov))
2767 goto err;
2768
2769 /*
2770 * We check for certain algos in the null provider.
2771 * If an algo is expected to have a provider keymgmt, contructing an
2772 * EVP_PKEY_CTX is expected to fail (return NULL).
2773 * Otherwise, if it's expected to have legacy support, contructing an
2774 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2775 */
2776 switch (tst) {
2777 case 0:
2778 keytype = "RSA";
2779 expect_null = 1;
2780 break;
2781 case 1:
2782 keytype = "SM2";
2783 expect_null = 1;
2784 #ifdef OPENSSL_NO_EC
2785 TEST_info("EC disable, skipping SM2 check...");
2786 goto end;
2787 #endif
2788 #ifdef OPENSSL_NO_SM2
2789 TEST_info("SM2 disable, skipping SM2 check...");
2790 goto end;
2791 #endif
2792 break;
2793 default:
2794 TEST_error("No test for case %d", tst);
2795 goto err;
2796 }
2797
2798 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2799 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
2800 goto err;
2801
2802 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2803 end:
2804 #endif
2805 ret = 1;
2806
2807 err:
2808 EVP_PKEY_CTX_free(pctx);
2809 OSSL_PROVIDER_unload(tmpnullprov);
2810 OSSL_LIB_CTX_free(tmpctx);
2811 return ret;
2812 }
2813
2814 static int test_rand_agglomeration(void)
2815 {
2816 EVP_RAND *rand;
2817 EVP_RAND_CTX *ctx;
2818 OSSL_PARAM params[3], *p = params;
2819 int res;
2820 unsigned int step = 7;
2821 static unsigned char seed[] = "It does not matter how slowly you go "
2822 "as long as you do not stop.";
2823 unsigned char out[sizeof(seed)];
2824
2825 if (!TEST_int_ne(sizeof(seed) % step, 0)
2826 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
2827 return 0;
2828 ctx = EVP_RAND_CTX_new(rand, NULL);
2829 EVP_RAND_free(rand);
2830 if (!TEST_ptr(ctx))
2831 return 0;
2832
2833 memset(out, 0, sizeof(out));
2834 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2835 seed, sizeof(seed));
2836 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
2837 *p = OSSL_PARAM_construct_end();
2838 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
2839 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
2840 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
2841 EVP_RAND_CTX_free(ctx);
2842 return res;
2843 }
2844
2845 /*
2846 * Test that we correctly return the original or "running" IV after
2847 * an encryption operation.
2848 * Run multiple times for some different relevant algorithms/modes.
2849 */
2850 static int test_evp_iv_aes(int idx)
2851 {
2852 int ret = 0;
2853 EVP_CIPHER_CTX *ctx = NULL;
2854 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2855 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2856 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
2857 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2858 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2859 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2860 9, 10, 11, 12, 13, 14, 15, 16 };
2861 unsigned char ciphertext[32], oiv[16], iv[16];
2862 unsigned char *ref_iv;
2863 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2864 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2865
2866 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2867 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2868 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
2869 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
2870 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2871 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2872 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2873 #ifndef OPENSSL_NO_OCB
2874 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2875 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2876 #endif
2877 int len = sizeof(ciphertext);
2878 size_t ivlen, ref_len;
2879 const EVP_CIPHER *type = NULL;
2880 int iv_reset = 0;
2881
2882 if (nullprov != NULL && idx < 6)
2883 return TEST_skip("Test does not support a non-default library context");
2884
2885 switch(idx) {
2886 case 0:
2887 type = EVP_aes_128_cbc();
2888 /* FALLTHROUGH */
2889 case 6:
2890 type = (type != NULL) ? type :
2891 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
2892 ref_iv = cbc_state;
2893 ref_len = sizeof(cbc_state);
2894 iv_reset = 1;
2895 break;
2896 case 1:
2897 type = EVP_aes_128_ofb();
2898 /* FALLTHROUGH */
2899 case 7:
2900 type = (type != NULL) ? type :
2901 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
2902 ref_iv = ofb_state;
2903 ref_len = sizeof(ofb_state);
2904 iv_reset = 1;
2905 break;
2906 case 2:
2907 type = EVP_aes_128_cfb();
2908 /* FALLTHROUGH */
2909 case 8:
2910 type = (type != NULL) ? type :
2911 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
2912 ref_iv = cfb_state;
2913 ref_len = sizeof(cfb_state);
2914 iv_reset = 1;
2915 break;
2916 case 3:
2917 type = EVP_aes_128_gcm();
2918 /* FALLTHROUGH */
2919 case 9:
2920 type = (type != NULL) ? type :
2921 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
2922 ref_iv = gcm_state;
2923 ref_len = sizeof(gcm_state);
2924 break;
2925 case 4:
2926 type = EVP_aes_128_ccm();
2927 /* FALLTHROUGH */
2928 case 10:
2929 type = (type != NULL) ? type :
2930 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
2931 ref_iv = ccm_state;
2932 ref_len = sizeof(ccm_state);
2933 break;
2934 #ifdef OPENSSL_NO_OCB
2935 case 5:
2936 case 11:
2937 return 1;
2938 #else
2939 case 5:
2940 type = EVP_aes_128_ocb();
2941 /* FALLTHROUGH */
2942 case 11:
2943 type = (type != NULL) ? type :
2944 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
2945 ref_iv = ocb_state;
2946 ref_len = sizeof(ocb_state);
2947 break;
2948 #endif
2949 default:
2950 return 0;
2951 }
2952
2953 if (!TEST_ptr(type)
2954 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2955 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2956 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2957 (int)sizeof(msg)))
2958 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2959 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
2960 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2961 goto err;
2962 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
2963 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2964 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2965 goto err;
2966
2967 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
2968 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
2969 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
2970 goto err;
2971 if (iv_reset) {
2972 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
2973 goto err;
2974 } else {
2975 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
2976 goto err;
2977 }
2978
2979 ret = 1;
2980 err:
2981 EVP_CIPHER_CTX_free(ctx);
2982 if (idx >= 6)
2983 EVP_CIPHER_free((EVP_CIPHER *)type);
2984 return ret;
2985 }
2986
2987 #ifndef OPENSSL_NO_DES
2988 static int test_evp_iv_des(int idx)
2989 {
2990 int ret = 0;
2991 EVP_CIPHER_CTX *ctx = NULL;
2992 static const unsigned char key[24] = {
2993 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
2994 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
2995 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2996 };
2997 static const unsigned char init_iv[8] = {
2998 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2999 };
3000 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3001 9, 10, 11, 12, 13, 14, 15, 16 };
3002 unsigned char ciphertext[32], oiv[8], iv[8];
3003 unsigned const char *ref_iv;
3004 static const unsigned char cbc_state_des[8] = {
3005 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3006 };
3007 static const unsigned char cbc_state_3des[8] = {
3008 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3009 };
3010 static const unsigned char ofb_state_des[8] = {
3011 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3012 };
3013 static const unsigned char ofb_state_3des[8] = {
3014 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3015 };
3016 static const unsigned char cfb_state_des[8] = {
3017 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3018 };
3019 static const unsigned char cfb_state_3des[8] = {
3020 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3021 };
3022 int len = sizeof(ciphertext);
3023 size_t ivlen, ref_len;
3024 EVP_CIPHER *type = NULL;
3025
3026 if (lgcyprov == NULL && idx < 3)
3027 return TEST_skip("Test requires legacy provider to be loaded");
3028
3029 switch(idx) {
3030 case 0:
3031 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
3032 ref_iv = cbc_state_des;
3033 ref_len = sizeof(cbc_state_des);
3034 break;
3035 case 1:
3036 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
3037 ref_iv = ofb_state_des;
3038 ref_len = sizeof(ofb_state_des);
3039 break;
3040 case 2:
3041 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
3042 ref_iv = cfb_state_des;
3043 ref_len = sizeof(cfb_state_des);
3044 break;
3045 case 3:
3046 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
3047 ref_iv = cbc_state_3des;
3048 ref_len = sizeof(cbc_state_3des);
3049 break;
3050 case 4:
3051 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
3052 ref_iv = ofb_state_3des;
3053 ref_len = sizeof(ofb_state_3des);
3054 break;
3055 case 5:
3056 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
3057 ref_iv = cfb_state_3des;
3058 ref_len = sizeof(cfb_state_3des);
3059 break;
3060 default:
3061 return 0;
3062 }
3063
3064 if (!TEST_ptr(type)
3065 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3066 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3067 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3068 (int)sizeof(msg)))
3069 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3070 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3071 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3072 goto err;
3073 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3074 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3075 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3076 goto err;
3077
3078 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3079 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3080 goto err;
3081 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3082 goto err;
3083
3084 ret = 1;
3085 err:
3086 EVP_CIPHER_CTX_free(ctx);
3087 EVP_CIPHER_free(type);
3088 return ret;
3089 }
3090 #endif
3091
3092 #ifndef OPENSSL_NO_EC
3093 static int ecpub_nids[] = {
3094 NID_brainpoolP256r1, NID_X9_62_prime256v1,
3095 NID_secp384r1, NID_secp521r1,
3096 # ifndef OPENSSL_NO_EC2M
3097 NID_sect233k1, NID_sect233r1, NID_sect283r1,
3098 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
3099 # endif
3100 NID_brainpoolP384r1, NID_brainpoolP512r1
3101 };
3102
3103 static int test_ecpub(int idx)
3104 {
3105 int ret = 0, len, savelen;
3106 int nid;
3107 unsigned char buf[1024];
3108 unsigned char *p;
3109 EVP_PKEY *pkey = NULL;
3110 EVP_PKEY_CTX *ctx = NULL;
3111 # ifndef OPENSSL_NO_DEPRECATED_3_0
3112 const unsigned char *q;
3113 EVP_PKEY *pkey2 = NULL;
3114 EC_KEY *ec = NULL;
3115 # endif
3116
3117 if (nullprov != NULL)
3118 return TEST_skip("Test does not support a non-default library context");
3119
3120 nid = ecpub_nids[idx];
3121
3122 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
3123 if (!TEST_ptr(ctx)
3124 || !TEST_true(EVP_PKEY_keygen_init(ctx))
3125 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid))
3126 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
3127 goto done;
3128 len = i2d_PublicKey(pkey, NULL);
3129 savelen = len;
3130 if (!TEST_int_ge(len, 1)
3131 || !TEST_int_lt(len, 1024))
3132 goto done;
3133 p = buf;
3134 len = i2d_PublicKey(pkey, &p);
3135 if (!TEST_int_ge(len, 1)
3136 || !TEST_int_eq(len, savelen))
3137 goto done;
3138
3139 # ifndef OPENSSL_NO_DEPRECATED_3_0
3140 /* Now try to decode the just-created DER. */
3141 q = buf;
3142 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
3143 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
3144 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
3145 goto done;
3146 /* EC_KEY ownership transferred */
3147 ec = NULL;
3148 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
3149 goto done;
3150 /* The keys should match. */
3151 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
3152 goto done;
3153 # endif
3154
3155 ret = 1;
3156
3157 done:
3158 EVP_PKEY_CTX_free(ctx);
3159 EVP_PKEY_free(pkey);
3160 # ifndef OPENSSL_NO_DEPRECATED_3_0
3161 EVP_PKEY_free(pkey2);
3162 EC_KEY_free(ec);
3163 # endif
3164 return ret;
3165 }
3166 #endif
3167
3168 static int test_EVP_rsa_pss_with_keygen_bits(void)
3169 {
3170 int ret = 0;
3171 EVP_PKEY_CTX *ctx = NULL;
3172 EVP_PKEY *pkey = NULL;
3173 EVP_MD *md;
3174
3175 md = EVP_MD_fetch(testctx, "sha256", testpropq);
3176 ret = TEST_ptr(md)
3177 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", testpropq)))
3178 && TEST_true(EVP_PKEY_keygen_init(ctx))
3179 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
3180 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
3181 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
3182
3183 EVP_MD_free(md);
3184 EVP_PKEY_free(pkey);
3185 EVP_PKEY_CTX_free(ctx);
3186 return ret;
3187 }
3188
3189 static int success = 1;
3190 static void md_names(const char *name, void *vctx)
3191 {
3192 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
3193 /* Force a namemap update */
3194 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
3195
3196 if (!TEST_ptr(aes128))
3197 success = 0;
3198
3199 EVP_CIPHER_free(aes128);
3200 }
3201
3202 /*
3203 * Test that changing the namemap in a user callback works in a names_do_all
3204 * function.
3205 */
3206 static int test_names_do_all(void)
3207 {
3208 /* We use a custom libctx so that we know the state of the namemap */
3209 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
3210 EVP_MD *sha256 = NULL;
3211 int testresult = 0;
3212
3213 if (!TEST_ptr(ctx))
3214 goto err;
3215
3216 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
3217 if (!TEST_ptr(sha256))
3218 goto err;
3219
3220 /*
3221 * We loop through all the names for a given digest. This should still work
3222 * even if the namemap changes part way through.
3223 */
3224 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
3225 goto err;
3226
3227 if (!TEST_true(success))
3228 goto err;
3229
3230 testresult = 1;
3231 err:
3232 EVP_MD_free(sha256);
3233 OSSL_LIB_CTX_free(ctx);
3234 return testresult;
3235 }
3236
3237 typedef struct {
3238 const char *cipher;
3239 const unsigned char *key;
3240 const unsigned char *iv;
3241 const unsigned char *input;
3242 const unsigned char *expected;
3243 const unsigned char *tag;
3244 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3245 size_t inlen;
3246 size_t expectedlen;
3247 size_t taglen;
3248 int keyfirst;
3249 int initenc;
3250 int finalenc;
3251 } EVP_INIT_TEST_st;
3252
3253 static const EVP_INIT_TEST_st evp_init_tests[] = {
3254 {
3255 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3256 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3257 0, 1, 0, 1
3258 },
3259 {
3260 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3261 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3262 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3263 sizeof(gcmDefaultTag), 1, 0, 1
3264 },
3265 {
3266 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3267 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3268 0, 0, 0, 1
3269 },
3270 {
3271 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3272 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3273 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3274 sizeof(gcmDefaultTag), 0, 0, 1
3275 },
3276 {
3277 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3278 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3279 0, 1, 1, 0
3280 },
3281 {
3282 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3283 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3284 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3285 sizeof(gcmDefaultTag), 1, 1, 0
3286 },
3287 {
3288 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3289 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3290 0, 0, 1, 0
3291 },
3292 {
3293 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3294 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3295 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3296 sizeof(gcmDefaultTag), 0, 1, 0
3297 }
3298 };
3299
3300 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
3301 {
3302 int res = 0;
3303
3304 if (t->ivlen != 0) {
3305 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL)))
3306 goto err;
3307 }
3308 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
3309 goto err;
3310 res = 1;
3311 err:
3312 return res;
3313 }
3314
3315 /*
3316 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3317 * arguments are given one at a time and a final adjustment to the enc
3318 * parameter sets the correct operation.
3319 */
3320 static int test_evp_init_seq(int idx)
3321 {
3322 int outlen1, outlen2;
3323 int testresult = 0;
3324 unsigned char outbuf[1024];
3325 unsigned char tag[16];
3326 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
3327 EVP_CIPHER_CTX *ctx = NULL;
3328 EVP_CIPHER *type = NULL;
3329 size_t taglen = sizeof(tag);
3330 char *errmsg = NULL;
3331
3332 ctx = EVP_CIPHER_CTX_new();
3333 if (ctx == NULL) {
3334 errmsg = "CTX_ALLOC";
3335 goto err;
3336 }
3337 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
3338 errmsg = "CIPHER_FETCH";
3339 goto err;
3340 }
3341 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
3342 errmsg = "EMPTY_ENC_INIT";
3343 goto err;
3344 }
3345 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3346 errmsg = "PADDING";
3347 goto err;
3348 }
3349 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3350 errmsg = "KEY_INIT (before iv)";
3351 goto err;
3352 }
3353 if (!evp_init_seq_set_iv(ctx, t)) {
3354 errmsg = "IV_INIT";
3355 goto err;
3356 }
3357 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3358 errmsg = "KEY_INIT (after iv)";
3359 goto err;
3360 }
3361 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
3362 errmsg = "FINAL_ENC_INIT";
3363 goto err;
3364 }
3365 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3366 errmsg = "CIPHER_UPDATE";
3367 goto err;
3368 }
3369 if (t->finalenc == 0 && t->tag != NULL) {
3370 /* Set expected tag */
3371 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
3372 t->taglen, (void *)t->tag))) {
3373 errmsg = "SET_TAG";
3374 goto err;
3375 }
3376 }
3377 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3378 errmsg = "CIPHER_FINAL";
3379 goto err;
3380 }
3381 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3382 errmsg = "WRONG_RESULT";
3383 goto err;
3384 }
3385 if (t->finalenc != 0 && t->tag != NULL) {
3386 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3387 errmsg = "GET_TAG";
3388 goto err;
3389 }
3390 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
3391 errmsg = "TAG_ERROR";
3392 goto err;
3393 }
3394 }
3395 testresult = 1;
3396 err:
3397 if (errmsg != NULL)
3398 TEST_info("evp_init_test %d: %s", idx, errmsg);
3399 EVP_CIPHER_CTX_free(ctx);
3400 EVP_CIPHER_free(type);
3401 return testresult;
3402 }
3403
3404 typedef struct {
3405 const unsigned char *input;
3406 const unsigned char *expected;
3407 size_t inlen;
3408 size_t expectedlen;
3409 int enc;
3410 } EVP_RESET_TEST_st;
3411
3412 static const EVP_RESET_TEST_st evp_reset_tests[] = {
3413 {
3414 cfbPlaintext, cfbCiphertext,
3415 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
3416 },
3417 {
3418 cfbCiphertext, cfbPlaintext,
3419 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
3420 }
3421 };
3422
3423 /*
3424 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3425 * been used.
3426 */
3427 static int test_evp_reset(int idx)
3428 {
3429 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
3430 int outlen1, outlen2;
3431 int testresult = 0;
3432 unsigned char outbuf[1024];
3433 EVP_CIPHER_CTX *ctx = NULL;
3434 EVP_CIPHER *type = NULL;
3435 char *errmsg = NULL;
3436
3437 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3438 errmsg = "CTX_ALLOC";
3439 goto err;
3440 }
3441 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
3442 errmsg = "CIPHER_FETCH";
3443 goto err;
3444 }
3445 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3446 errmsg = "CIPHER_INIT";
3447 goto err;
3448 }
3449 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3450 errmsg = "PADDING";
3451 goto err;
3452 }
3453 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3454 errmsg = "CIPHER_UPDATE";
3455 goto err;
3456 }
3457 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3458 errmsg = "CIPHER_FINAL";
3459 goto err;
3460 }
3461 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3462 errmsg = "WRONG_RESULT";
3463 goto err;
3464 }
3465 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
3466 errmsg = "CIPHER_REINIT";
3467 goto err;
3468 }
3469 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3470 errmsg = "CIPHER_UPDATE (reinit)";
3471 goto err;
3472 }
3473 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3474 errmsg = "CIPHER_FINAL (reinit)";
3475 goto err;
3476 }
3477 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3478 errmsg = "WRONG_RESULT (reinit)";
3479 goto err;
3480 }
3481 testresult = 1;
3482 err:
3483 if (errmsg != NULL)
3484 TEST_info("test_evp_reset %d: %s", idx, errmsg);
3485 EVP_CIPHER_CTX_free(ctx);
3486 EVP_CIPHER_free(type);
3487 return testresult;
3488 }
3489
3490 typedef struct {
3491 const char *cipher;
3492 int enc;
3493 } EVP_UPDATED_IV_TEST_st;
3494
3495 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
3496 {
3497 "aes-128-cfb", 1
3498 },
3499 {
3500 "aes-128-cfb", 0
3501 },
3502 {
3503 "aes-128-cfb1", 1
3504 },
3505 {
3506 "aes-128-cfb1", 0
3507 },
3508 {
3509 "aes-128-cfb8", 1
3510 },
3511 {
3512 "aes-128-cfb8", 0
3513 },
3514 {
3515 "aes-128-ofb", 1
3516 },
3517 {
3518 "aes-128-ofb", 0
3519 },
3520 {
3521 "aes-128-ctr", 1
3522 },
3523 {
3524 "aes-128-ctr", 0
3525 },
3526 {
3527 "aes-128-cbc", 1
3528 },
3529 {
3530 "aes-128-cbc", 0
3531 }
3532 };
3533
3534 /*
3535 * Test that the IV in the context is updated during a crypto operation for CFB
3536 * and OFB.
3537 */
3538 static int test_evp_updated_iv(int idx)
3539 {
3540 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
3541 int outlen1, outlen2;
3542 int testresult = 0;
3543 unsigned char outbuf[1024];
3544 EVP_CIPHER_CTX *ctx = NULL;
3545 EVP_CIPHER *type = NULL;
3546 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
3547 int iv_len;
3548 char *errmsg = NULL;
3549
3550 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3551 errmsg = "CTX_ALLOC";
3552 goto err;
3553 }
3554 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
3555 TEST_info("cipher %s not supported, skipping", t->cipher);
3556 goto ok;
3557 }
3558
3559 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3560 errmsg = "CIPHER_INIT";
3561 goto err;
3562 }
3563 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3564 errmsg = "PADDING";
3565 goto err;
3566 }
3567 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
3568 errmsg = "CIPHER_UPDATE";
3569 goto err;
3570 }
3571 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
3572 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
3573 goto err;
3574 }
3575 if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) {
3576 errmsg = "CIPHER_CTX_GET_IV_LEN";
3577 goto err;
3578 }
3579 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
3580 errmsg = "IV_NOT_UPDATED";
3581 goto err;
3582 }
3583 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3584 errmsg = "CIPHER_FINAL";
3585 goto err;
3586 }
3587 ok:
3588 testresult = 1;
3589 err:
3590 if (errmsg != NULL)
3591 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
3592 EVP_CIPHER_CTX_free(ctx);
3593 EVP_CIPHER_free(type);
3594 return testresult;
3595 }
3596
3597 typedef struct {
3598 const unsigned char *iv1;
3599 const unsigned char *iv2;
3600 const unsigned char *expected1;
3601 const unsigned char *expected2;
3602 const unsigned char *tag1;
3603 const unsigned char *tag2;
3604 size_t ivlen1;
3605 size_t ivlen2;
3606 size_t expectedlen1;
3607 size_t expectedlen2;
3608 } TEST_GCM_IV_REINIT_st;
3609
3610 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
3611 {
3612 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
3613 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
3614 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
3615 },
3616 {
3617 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
3618 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
3619 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
3620 }
3621 };
3622
3623 static int test_gcm_reinit(int idx)
3624 {
3625 int outlen1, outlen2, outlen3;
3626 int testresult = 0;
3627 unsigned char outbuf[1024];
3628 unsigned char tag[16];
3629 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
3630 EVP_CIPHER_CTX *ctx = NULL;
3631 EVP_CIPHER *type = NULL;
3632 size_t taglen = sizeof(tag);
3633 char *errmsg = NULL;
3634
3635 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3636 errmsg = "CTX_ALLOC";
3637 goto err;
3638 }
3639 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
3640 errmsg = "CIPHER_FETCH";
3641 goto err;
3642 }
3643 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
3644 errmsg = "ENC_INIT";
3645 goto err;
3646 }
3647 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL))) {
3648 errmsg = "SET_IVLEN1";
3649 goto err;
3650 }
3651 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
3652 errmsg = "SET_IV1";
3653 goto err;
3654 }
3655 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3656 errmsg = "AAD1";
3657 goto err;
3658 }
3659 EVP_CIPHER_CTX_set_padding(ctx, 0);
3660 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3661 sizeof(gcmResetPlaintext)))) {
3662 errmsg = "CIPHER_UPDATE1";
3663 goto err;
3664 }
3665 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3666 errmsg = "CIPHER_FINAL1";
3667 goto err;
3668 }
3669 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
3670 errmsg = "WRONG_RESULT1";
3671 goto err;
3672 }
3673 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3674 errmsg = "GET_TAG1";
3675 goto err;
3676 }
3677 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
3678 errmsg = "TAG_ERROR1";
3679 goto err;
3680 }
3681 /* Now reinit */
3682 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL))) {
3683 errmsg = "SET_IVLEN2";
3684 goto err;
3685 }
3686 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
3687 errmsg = "SET_IV2";
3688 goto err;
3689 }
3690 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3691 errmsg = "AAD2";
3692 goto err;
3693 }
3694 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3695 sizeof(gcmResetPlaintext)))) {
3696 errmsg = "CIPHER_UPDATE2";
3697 goto err;
3698 }
3699 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3700 errmsg = "CIPHER_FINAL2";
3701 goto err;
3702 }
3703 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
3704 errmsg = "WRONG_RESULT2";
3705 goto err;
3706 }
3707 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3708 errmsg = "GET_TAG2";
3709 goto err;
3710 }
3711 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
3712 errmsg = "TAG_ERROR2";
3713 goto err;
3714 }
3715 testresult = 1;
3716 err:
3717 if (errmsg != NULL)
3718 TEST_info("evp_init_test %d: %s", idx, errmsg);
3719 EVP_CIPHER_CTX_free(ctx);
3720 EVP_CIPHER_free(type);
3721 return testresult;
3722 }
3723
3724 #ifndef OPENSSL_NO_DEPRECATED_3_0
3725 static EVP_PKEY_METHOD *custom_pmeth = NULL;
3726 static const EVP_PKEY_METHOD *orig_pmeth = NULL;
3727
3728 # define EVP_PKEY_CTRL_MY_COMMAND 9999
3729
3730 static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
3731 {
3732 int (*pinit)(EVP_PKEY_CTX *ctx);
3733
3734 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
3735 return pinit(ctx);
3736 }
3737
3738 static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
3739 {
3740 void (*pcleanup)(EVP_PKEY_CTX *ctx);
3741
3742 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
3743 pcleanup(ctx);
3744 }
3745
3746 static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
3747 size_t *outlen, const unsigned char *in,
3748 size_t inlen)
3749 {
3750 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
3751 const unsigned char *tbs, size_t tbslen);
3752
3753 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
3754 return psign(ctx, out, outlen, in, inlen);
3755 }
3756
3757 static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
3758 size_t *siglen, const unsigned char *tbs,
3759 size_t tbslen)
3760 {
3761 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
3762 const unsigned char *tbs, size_t tbslen);
3763
3764 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
3765 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
3766 }
3767
3768 static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
3769 size_t *keylen)
3770 {
3771 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
3772
3773 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
3774 return pderive(ctx, key, keylen);
3775 }
3776
3777 static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
3778 {
3779 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
3780
3781 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
3782 return pcopy(dst, src);
3783 }
3784
3785 static int ctrl_called;
3786
3787 static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
3788 {
3789 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
3790
3791 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
3792
3793 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
3794 ctrl_called = 1;
3795 return 1;
3796 }
3797
3798 return pctrl(ctx, type, p1, p2);
3799 }
3800
3801 static int test_custom_pmeth(int idx)
3802 {
3803 EVP_PKEY_CTX *pctx = NULL;
3804 EVP_MD_CTX *ctx = NULL;
3805 EVP_PKEY *pkey = NULL;
3806 int id, orig_id, orig_flags;
3807 int testresult = 0;
3808 size_t reslen;
3809 unsigned char *res = NULL;
3810 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
3811 const EVP_MD *md = EVP_sha256();
3812 int doderive = 0;
3813
3814 ctrl_called = 0;
3815
3816 /* We call deprecated APIs so this test doesn't support a custom libctx */
3817 if (testctx != NULL)
3818 return 1;
3819
3820 switch(idx) {
3821 case 0:
3822 case 6:
3823 id = EVP_PKEY_RSA;
3824 pkey = load_example_rsa_key();
3825 break;
3826 case 1:
3827 case 7:
3828 # ifndef OPENSSL_NO_DSA
3829 id = EVP_PKEY_DSA;
3830 pkey = load_example_dsa_key();
3831 break;
3832 # else
3833 return 1;
3834 # endif
3835 case 2:
3836 case 8:
3837 # ifndef OPENSSL_NO_EC
3838 id = EVP_PKEY_EC;
3839 pkey = load_example_ec_key();
3840 break;
3841 # else
3842 return 1;
3843 # endif
3844 case 3:
3845 case 9:
3846 # ifndef OPENSSL_NO_EC
3847 id = EVP_PKEY_ED25519;
3848 md = NULL;
3849 pkey = load_example_ed25519_key();
3850 break;
3851 # else
3852 return 1;
3853 # endif
3854 case 4:
3855 case 10:
3856 # ifndef OPENSSL_NO_DH
3857 id = EVP_PKEY_DH;
3858 doderive = 1;
3859 pkey = load_example_dh_key();
3860 break;
3861 # else
3862 return 1;
3863 # endif
3864 case 5:
3865 case 11:
3866 # ifndef OPENSSL_NO_EC
3867 id = EVP_PKEY_X25519;
3868 doderive = 1;
3869 pkey = load_example_x25519_key();
3870 break;
3871 # else
3872 return 1;
3873 # endif
3874 default:
3875 TEST_error("Should not happen");
3876 goto err;
3877 }
3878
3879 if (!TEST_ptr(pkey))
3880 goto err;
3881
3882 if (idx < 6) {
3883 if (!TEST_true(evp_pkey_is_provided(pkey)))
3884 goto err;
3885 } else {
3886 EVP_PKEY *tmp = pkey;
3887
3888 /* Convert to a legacy key */
3889 pkey = EVP_PKEY_new();
3890 if (!TEST_ptr(pkey)) {
3891 pkey = tmp;
3892 goto err;
3893 }
3894 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
3895 EVP_PKEY_free(tmp);
3896 goto err;
3897 }
3898 EVP_PKEY_free(tmp);
3899 if (!TEST_true(evp_pkey_is_legacy(pkey)))
3900 goto err;
3901 }
3902
3903 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
3904 || !TEST_ptr(pkey))
3905 goto err;
3906
3907 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
3908 if (!TEST_int_eq(orig_id, id)
3909 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
3910 goto err;
3911
3912 if (id == EVP_PKEY_ED25519) {
3913 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
3914 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
3915 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
3916 } else {
3917 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
3918 }
3919 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
3920 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
3921 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
3922 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
3923 }
3924 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
3925 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
3926 goto err;
3927
3928 if (doderive) {
3929 pctx = EVP_PKEY_CTX_new(pkey, NULL);
3930 if (!TEST_ptr(pctx)
3931 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
3932 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
3933 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
3934 1)
3935 || !TEST_int_eq(ctrl_called, 1)
3936 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
3937 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
3938 || !TEST_ptr(res = OPENSSL_malloc(reslen))
3939 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
3940 goto err;
3941 } else {
3942 ctx = EVP_MD_CTX_new();
3943 reslen = EVP_PKEY_size(pkey);
3944 res = OPENSSL_malloc(reslen);
3945 if (!TEST_ptr(ctx)
3946 || !TEST_ptr(res)
3947 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
3948 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
3949 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
3950 1)
3951 || !TEST_int_eq(ctrl_called, 1))
3952 goto err;
3953
3954 if (id == EVP_PKEY_ED25519) {
3955 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
3956 goto err;
3957 } else {
3958 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
3959 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
3960 goto err;
3961 }
3962 }
3963
3964 testresult = 1;
3965 err:
3966 OPENSSL_free(res);
3967 EVP_MD_CTX_free(ctx);
3968 if (doderive)
3969 EVP_PKEY_CTX_free(pctx);
3970 EVP_PKEY_free(pkey);
3971 EVP_PKEY_meth_remove(custom_pmeth);
3972 EVP_PKEY_meth_free(custom_pmeth);
3973 custom_pmeth = NULL;
3974 return testresult;
3975 }
3976
3977 static int test_evp_md_cipher_meth(void)
3978 {
3979 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
3980 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
3981 int testresult = 0;
3982
3983 if (!TEST_ptr(md) || !TEST_ptr(ciph))
3984 goto err;
3985
3986 testresult = 1;
3987
3988 err:
3989 EVP_MD_meth_free(md);
3990 EVP_CIPHER_meth_free(ciph);
3991
3992 return testresult;
3993 }
3994
3995 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
3996 /* Test we can create a signature keys with an associated ENGINE */
3997 static int test_signatures_with_engine(int tst)
3998 {
3999 ENGINE *e;
4000 const char *engine_id = "dasync";
4001 EVP_PKEY *pkey = NULL;
4002 const unsigned char badcmackey[] = { 0x00, 0x01 };
4003 const unsigned char cmackey[] = {
4004 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4005 0x0c, 0x0d, 0x0e, 0x0f
4006 };
4007 const unsigned char ed25519key[] = {
4008 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4009 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4010 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
4011 };
4012 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4013 int testresult = 0;
4014 EVP_MD_CTX *ctx = NULL;
4015 unsigned char *mac = NULL;
4016 size_t maclen = 0;
4017 int ret;
4018
4019 # ifdef OPENSSL_NO_CMAC
4020 /* Skip CMAC tests in a no-cmac build */
4021 if (tst <= 1)
4022 return 1;
4023 # endif
4024
4025 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4026 return 0;
4027
4028 if (!TEST_true(ENGINE_init(e))) {
4029 ENGINE_free(e);
4030 return 0;
4031 }
4032
4033 switch (tst) {
4034 case 0:
4035 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
4036 EVP_aes_128_cbc());
4037 break;
4038 case 1:
4039 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
4040 EVP_aes_128_cbc());
4041 break;
4042 case 2:
4043 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
4044 sizeof(ed25519key));
4045 break;
4046 default:
4047 TEST_error("Invalid test case");
4048 goto err;
4049 }
4050 if (!TEST_ptr(pkey))
4051 goto err;
4052
4053 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
4054 goto err;
4055
4056 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
4057 pkey);
4058 if (tst == 0) {
4059 if (!TEST_true(ret))
4060 goto err;
4061
4062 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
4063 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
4064 goto err;
4065
4066 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
4067 goto err;
4068
4069 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
4070 goto err;
4071 } else {
4072 /* We used a bad key. We expect a failure here */
4073 if (!TEST_false(ret))
4074 goto err;
4075 }
4076
4077 testresult = 1;
4078 err:
4079 EVP_MD_CTX_free(ctx);
4080 OPENSSL_free(mac);
4081 EVP_PKEY_free(pkey);
4082 ENGINE_finish(e);
4083 ENGINE_free(e);
4084
4085 return testresult;
4086 }
4087
4088 static int test_cipher_with_engine(void)
4089 {
4090 ENGINE *e;
4091 const char *engine_id = "dasync";
4092 const unsigned char keyiv[] = {
4093 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4094 0x0c, 0x0d, 0x0e, 0x0f
4095 };
4096 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4097 int testresult = 0;
4098 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
4099 unsigned char buf[AES_BLOCK_SIZE];
4100 int len = 0;
4101
4102 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4103 return 0;
4104
4105 if (!TEST_true(ENGINE_init(e))) {
4106 ENGINE_free(e);
4107 return 0;
4108 }
4109
4110 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4111 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
4112 goto err;
4113
4114 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
4115 goto err;
4116
4117 /* Copy the ctx, and complete the operation with the new ctx */
4118 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
4119 goto err;
4120
4121 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
4122 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
4123 goto err;
4124
4125 testresult = 1;
4126 err:
4127 EVP_CIPHER_CTX_free(ctx);
4128 EVP_CIPHER_CTX_free(ctx2);
4129 ENGINE_finish(e);
4130 ENGINE_free(e);
4131
4132 return testresult;
4133 }
4134 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
4135 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
4136
4137 typedef enum OPTION_choice {
4138 OPT_ERR = -1,
4139 OPT_EOF = 0,
4140 OPT_CONTEXT,
4141 OPT_TEST_ENUM
4142 } OPTION_CHOICE;
4143
4144 const OPTIONS *test_get_options(void)
4145 {
4146 static const OPTIONS options[] = {
4147 OPT_TEST_OPTIONS_DEFAULT_USAGE,
4148 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
4149 { NULL }
4150 };
4151 return options;
4152 }
4153
4154 int setup_tests(void)
4155 {
4156 OPTION_CHOICE o;
4157
4158 while ((o = opt_next()) != OPT_EOF) {
4159 switch (o) {
4160 case OPT_CONTEXT:
4161 /* Set up an alternate library context */
4162 testctx = OSSL_LIB_CTX_new();
4163 if (!TEST_ptr(testctx))
4164 return 0;
4165 /* Swap the libctx to test non-default context only */
4166 nullprov = OSSL_PROVIDER_load(NULL, "null");
4167 deflprov = OSSL_PROVIDER_load(testctx, "default");
4168 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
4169 break;
4170 case OPT_TEST_CASES:
4171 break;
4172 default:
4173 return 0;
4174 }
4175 }
4176
4177 ADD_TEST(test_EVP_set_default_properties);
4178 ADD_ALL_TESTS(test_EVP_DigestSignInit, 15);
4179 ADD_TEST(test_EVP_DigestVerifyInit);
4180 ADD_TEST(test_EVP_Digest);
4181 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
4182 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
4183 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
4184 ADD_TEST(test_privatekey_to_pkcs8);
4185 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
4186 #ifndef OPENSSL_NO_EC
4187 ADD_TEST(test_EVP_PKCS82PKEY);
4188 #endif
4189 #ifndef OPENSSL_NO_EC
4190 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
4191 #endif
4192 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
4193 ADD_TEST(test_EVP_SM2);
4194 ADD_TEST(test_EVP_SM2_verify);
4195 #endif
4196 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
4197 #ifndef OPENSSL_NO_DEPRECATED_3_0
4198 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
4199 if (!TEST_ptr(custom_pmeth))
4200 return 0;
4201 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
4202 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
4203 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
4204 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
4205 return 0;
4206 #endif
4207 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
4208 #ifndef OPENSSL_NO_CMAC
4209 ADD_TEST(test_CMAC_keygen);
4210 #endif
4211 ADD_TEST(test_HKDF);
4212 ADD_TEST(test_emptyikm_HKDF);
4213 #ifndef OPENSSL_NO_EC
4214 ADD_TEST(test_X509_PUBKEY_inplace);
4215 ADD_TEST(test_X509_PUBKEY_dup);
4216 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
4217 OSSL_NELEM(ec_der_pub_keys));
4218 #endif
4219 #ifndef OPENSSL_NO_DSA
4220 ADD_TEST(test_DSA_get_set_params);
4221 ADD_TEST(test_DSA_priv_pub);
4222 #endif
4223 ADD_TEST(test_RSA_get_set_params);
4224 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
4225 ADD_TEST(test_decrypt_null_chunks);
4226 #endif
4227 #ifndef OPENSSL_NO_DH
4228 ADD_TEST(test_DH_priv_pub);
4229 # ifndef OPENSSL_NO_DEPRECATED_3_0
4230 ADD_TEST(test_EVP_PKEY_set1_DH);
4231 # endif
4232 #endif
4233 #ifndef OPENSSL_NO_EC
4234 ADD_TEST(test_EC_priv_pub);
4235 # ifndef OPENSSL_NO_DEPRECATED_3_0
4236 ADD_TEST(test_EC_priv_only_legacy);
4237 # endif
4238 #endif
4239 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
4240 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
4241
4242 ADD_TEST(test_rand_agglomeration);
4243 ADD_ALL_TESTS(test_evp_iv_aes, 12);
4244 #ifndef OPENSSL_NO_DES
4245 ADD_ALL_TESTS(test_evp_iv_des, 6);
4246 #endif
4247 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
4248 #ifndef OPENSSL_NO_EC
4249 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
4250 #endif
4251
4252 ADD_TEST(test_names_do_all);
4253
4254 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
4255 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
4256 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
4257 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
4258
4259 #ifndef OPENSSL_NO_DEPRECATED_3_0
4260 ADD_ALL_TESTS(test_custom_pmeth, 12);
4261 ADD_TEST(test_evp_md_cipher_meth);
4262
4263 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4264 /* Tests only support the default libctx */
4265 if (testctx == NULL) {
4266 # ifndef OPENSSL_NO_EC
4267 ADD_ALL_TESTS(test_signatures_with_engine, 3);
4268 # else
4269 ADD_ALL_TESTS(test_signatures_with_engine, 2);
4270 # endif
4271 ADD_TEST(test_cipher_with_engine);
4272 }
4273 # endif
4274 #endif
4275
4276 return 1;
4277 }
4278
4279 void cleanup_tests(void)
4280 {
4281 OSSL_PROVIDER_unload(nullprov);
4282 OSSL_PROVIDER_unload(deflprov);
4283 OSSL_PROVIDER_unload(lgcyprov);
4284 OSSL_LIB_CTX_free(testctx);
4285 }
A mirror of the official openssl repository