]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/evp_extra_test.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Implement EVP_PKEY_dup() function
[thirdparty/openssl.git] / test / evp_extra_test.c
CommitLineData
440e5d80 1/*
4333b89f 2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
71ea6b48 3 *
909f1a2e 4 * Licensed under the Apache License 2.0 (the "License"). You may not use
440e5d80
RS		 5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
71ea6b48
MC		 8 */
9
41bbba53
P		 10/* We need to use some deprecated APIs */
11#define OPENSSL_SUPPRESS_DEPRECATED
12
71ea6b48
MC		 13#include <stdio.h>
14#include <stdlib.h>
bb5f281a 15#include <string.h>
71ea6b48 16#include <openssl/bio.h>
7bb82f92 17#include <openssl/conf.h>
71ea6b48
MC		 18#include <openssl/crypto.h>
19#include <openssl/err.h>
20#include <openssl/evp.h>
71ea6b48 21#include <openssl/x509.h>
4803717f 22#include <openssl/pem.h>
10d5b415 23#include <openssl/kdf.h>
847d0f81 24#include <openssl/provider.h>
9c45222d 25#include <openssl/core_names.h>
f54a4101 26#include <openssl/params.h>
d7e498ac 27#include <openssl/param_build.h>
9c45222d 28#include <openssl/dsa.h>
e295de1d 29#include <openssl/dh.h>
e5bc0ce2 30#include <openssl/aes.h>
d7e498ac 31#include <openssl/decoder.h>
e947a064 32#include <openssl/rsa.h>
adcd8e37 33#include "testutil.h"
176db6dc 34#include "internal/nelem.h"
00bc1ad9 35#include "internal/sizes.h"
25f2138b 36#include "crypto/evp.h"
f0c62c53 37#include "../e_os.h" /* strcasecmp */
71ea6b48 38
b4250010 39static OSSL_LIB_CTX *testctx = NULL;
062490db
JS		 40static char *testpropq = NULL;
41
42static OSSL_PROVIDER *nullprov = NULL;
43static OSSL_PROVIDER *deflprov = NULL;
44static OSSL_PROVIDER *lgcyprov = NULL;
86dc26ba 45
71ea6b48
MC		 46/*
47 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
48 * should never use this key anywhere but in an example.
49 */
50static const unsigned char kExampleRSAKeyDER[] = {
51 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
52 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
53 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
54 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
55 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
56 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
57 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
58 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
59 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
60 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
61 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
62 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
63 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
64 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
65 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
66 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
67 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
68 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
69 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
70 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
71 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
72 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
73 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
74 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
75 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
76 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
77 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
78 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
79 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
80 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
81 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
82 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
83 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
84 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
85 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
86 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
87 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
88 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
89 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
90 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
91 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
92 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
93 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
94 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
95 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
96 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
97 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
98 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
99 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
100 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
101 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
102};
103
59d0e6c8
MC		 104/*
105* kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
106 * should never use this key anywhere but in an example.
107 */
f650ab47 108#ifndef OPENSSL_NO_DSA
59d0e6c8
MC		 109static const unsigned char kExampleDSAKeyDER[] = {
110 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
111 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
112 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
113 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
114 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
115 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
116 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
117 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
118 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
119 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
120 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
121 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
122 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
123 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
124 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
125 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
126 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
127 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
128 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
129 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
130 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
131 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
132 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
133 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
134 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
135 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
136 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
137 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
138 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
139 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
140 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
141 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
142 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
143 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
144 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
145 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
146 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
147 0x40, 0x48
148};
f650ab47 149#endif
59d0e6c8 150
2aee35d3
PY		 151/*
152 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
153 * components are not correct.
154 */
155static const unsigned char kExampleBadRSAKeyDER[] = {
156 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
157 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
158 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
159 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
160 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
161 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
162 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
163 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
164 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
165 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
166 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
167 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
168 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
169 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
170 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
171 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
172 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
173 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
174 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
175 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
176 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
177 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
178 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
179 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
180 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
181 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
182 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
183 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
184 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
185 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
186 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
187 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
188 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
189 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
190 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
191 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
192 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
193 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
194 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
195 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
196 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
197 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
198 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
199 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
200 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
201 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
202 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
203 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
204 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
205 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
206 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
207 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
208 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
209 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
210 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
211 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
212 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
213 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
214 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
215 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
216 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
217 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
218 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
219 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
220 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
221 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
222 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
223 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
224 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
225 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
226 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
227 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
228 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
229 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
230 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
231 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
232 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
233 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
234 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
235 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
236 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
237 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
238 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
239 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
240 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
241 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
242 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
243 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
244 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
245};
246
71ea6b48
MC		 247static const unsigned char kMsg[] = { 1, 2, 3, 4 };
248
249static const unsigned char kSignature[] = {
250 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
251 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
252 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
253 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
254 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
255 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
256 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
257 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
258 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
259 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
260 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
261};
262
263/*
264 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
265 * PrivateKeyInfo.
266 */
267static const unsigned char kExampleRSAKeyPKCS8[] = {
268 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
269 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
270 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
271 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
272 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
273 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
274 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
275 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
276 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
277 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
278 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
279 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
280 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
281 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
282 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
283 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
284 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
285 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
286 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
287 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
288 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
289 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
290 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
291 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
292 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
293 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
294 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
295 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
296 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
297 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
298 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
299 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
300 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
301 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
302 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
303 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
304 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
305 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
306 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
307 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
308 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
309 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
310 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
311 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
312 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
313 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
314 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
315 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
316 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
317 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
318 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
319 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
320 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
321};
322
a9880362 323#ifndef OPENSSL_NO_EC
71ea6b48
MC		 324/*
325 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
326 * structure.
327 */
328static const unsigned char kExampleECKeyDER[] = {
329 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
330 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
331 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
332 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
333 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
334 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
335 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
336 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
337 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
338 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
339 0xc1,
340};
341
342/*
343 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
344 * structure. The private key is equal to the order and will fail to import
345 */
346static const unsigned char kExampleBadECKeyDER[] = {
347 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
348 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
349 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
350 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
351 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
352 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
353 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
354 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
355 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
356};
b0004708
PY		 357
358/* prime256v1 */
359static const unsigned char kExampleECPubKeyDER[] = {
360 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
361 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
362 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
363 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
364 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
365 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
366 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
367 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
368};
369
5dc40a83 370/*
87762939 371 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
5dc40a83
BE		 372 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
373 */
374static const unsigned char kExampleBadECPubKeyDER[] = {
375 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
376 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
377 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
378 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
379 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
380 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
381 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
382 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
383};
384
b0004708
PY		 385static const unsigned char pExampleECParamDER[] = {
386 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
387};
2cf8bb46
MC		 388
389static const unsigned char kExampleED25519KeyDER[] = {
390 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
391 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
392 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
393 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
394};
395
396static const unsigned char kExampleED25519PubKeyDER[] = {
397 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
398 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
399 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
400 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
401};
402
a9880362 403#endif
71ea6b48 404
adcd8e37
RS		 405typedef struct APK_DATA_st {
406 const unsigned char *kder;
407 size_t size;
5b5eea4b 408 const char *keytype;
adcd8e37 409 int evptype;
2aee35d3 410 int check;
b0004708
PY		 411 int pub_check;
412 int param_check;
413 int type; /* 0 for private, 1 for public, 2 for params */
adcd8e37
RS		 414} APK_DATA;
415
416static APK_DATA keydata[] = {
5b5eea4b
SL		 417 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
418 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
aa24cd1b 419#ifndef OPENSSL_NO_EC
5b5eea4b 420 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
aa24cd1b 421#endif
adcd8e37
RS		 422};
423
2aee35d3 424static APK_DATA keycheckdata[] = {
2cf8bb46
MC		 425 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
426 0},
5b5eea4b 427 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
e6774a72 428 0, 1, 1, 0},
2aee35d3 429#ifndef OPENSSL_NO_EC
5b5eea4b 430 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
b0004708 431 /* group is also associated in our pub key */
2cf8bb46
MC		 432 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
433 1, 1},
434 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
435 2},
436 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
437 EVP_PKEY_ED25519, 1, 1, 1, 0},
438 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
439 EVP_PKEY_ED25519, 0, 1, 1, 1},
2aee35d3
PY		 440#endif
441};
442
d7e498ac
RL		 443static EVP_PKEY *load_example_key(const char *keytype,
444 const unsigned char *data, size_t data_len)
71ea6b48 445{
d7e498ac 446 const unsigned char **pdata = &data;
71ea6b48 447 EVP_PKEY *pkey = NULL;
d7e498ac 448 OSSL_DECODER_CTX *dctx =
fe75766c 449 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
062490db 450 testctx, testpropq);
71ea6b48 451
d7e498ac
RL		 452 /* |pkey| will be NULL on error */
453 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
454 OSSL_DECODER_CTX_free(dctx);
455 return pkey;
456}
71ea6b48 457
d7e498ac
RL		 458static EVP_PKEY *load_example_rsa_key(void)
459{
460 return load_example_key("RSA", kExampleRSAKeyDER,
461 sizeof(kExampleRSAKeyDER));
71ea6b48
MC		 462}
463
f650ab47 464#ifndef OPENSSL_NO_DSA
59d0e6c8
MC		 465static EVP_PKEY *load_example_dsa_key(void)
466{
6ed4022c
RL		 467 return load_example_key("DSA", kExampleDSAKeyDER,
468 sizeof(kExampleDSAKeyDER));
59d0e6c8 469}
f650ab47 470#endif
59d0e6c8 471
6d242fa5
MC		 472static EVP_PKEY *load_example_hmac_key(void)
473{
474 EVP_PKEY *pkey = NULL;
475 unsigned char key[] = {
476 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
477 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
478 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
479 };
480
481 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, key, sizeof(key));
482 if (!TEST_ptr(pkey))
483 return NULL;
484
485 return pkey;
486}
487
f9e504e8
P		 488static int test_EVP_set_default_properties(void)
489{
b4250010 490 OSSL_LIB_CTX *ctx;
f9e504e8
P		 491 EVP_MD *md = NULL;
492 int res = 0;
493
b4250010 494 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
f9e504e8
P		 495 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
496 goto err;
497 EVP_MD_free(md);
498 md = NULL;
499
500 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
501 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
502 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
503 goto err;
504 EVP_MD_free(md);
505 md = NULL;
506
507 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
508 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
509 goto err;
510 res = 1;
511err:
512 EVP_MD_free(md);
b4250010 513 OSSL_LIB_CTX_free(ctx);
f9e504e8
P		 514 return res;
515}
516
b8a1272d
MC		 517#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
518static int test_fromdata(char *keytype, OSSL_PARAM *params)
519{
520 EVP_PKEY_CTX *pctx = NULL;
521 EVP_PKEY *pkey = NULL;
522 int testresult = 0;
523
062490db 524 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
b8a1272d 525 goto err;
2db985b7
SL		 526 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
527 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
528 params), 0))
b8a1272d
MC		 529 goto err;
530
531 if (!TEST_ptr(pkey))
532 goto err;
533
534 testresult = 1;
535 err:
536 EVP_PKEY_free(pkey);
537 EVP_PKEY_CTX_free(pctx);
538
539 return testresult;
540}
541#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
542
2c04b341 543/*
8a9394c1 544 * Test combinations of private, public, missing and private + public key
2c04b341
JS		 545 * params to ensure they are all accepted
546 */
b8a1272d 547#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
2c04b341
JS		 548static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
549{
550 OSSL_PARAM_BLD *bld = NULL;
551 OSSL_PARAM *params = NULL;
552 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2c04b341
JS		 553 int ret = 0;
554
555 /*
556 * Setup the parameters for our pkey object. For our purposes they don't
557 * have to actually be *valid* parameters. We just need to set something.
558 */
b8a1272d 559 if (!TEST_ptr(p = BN_new())
2c04b341
JS		 560 || !TEST_ptr(q = BN_new())
561 || !TEST_ptr(g = BN_new())
562 || !TEST_ptr(pub = BN_new())
563 || !TEST_ptr(priv = BN_new()))
564 goto err;
565
566 /* Test !priv and !pub */
567 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
568 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
569 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
570 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
571 goto err;
572 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
573 goto err;
574
b8a1272d 575 if (!test_fromdata(keytype, params))
2c04b341 576 goto err;
2c04b341
JS		 577 OSSL_PARAM_BLD_free_params(params);
578 OSSL_PARAM_BLD_free(bld);
579
580 /* Test priv and !pub */
581 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
582 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
583 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
584 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
585 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
586 priv)))
587 goto err;
588 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
589 goto err;
590
b8a1272d 591 if (!test_fromdata(keytype, params))
2c04b341 592 goto err;
2c04b341
JS		 593 OSSL_PARAM_BLD_free_params(params);
594 OSSL_PARAM_BLD_free(bld);
595
596 /* Test !priv and pub */
597 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
598 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
599 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
600 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
601 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
602 pub)))
603 goto err;
604 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
605 goto err;
606
b8a1272d 607 if (!test_fromdata(keytype, params))
2c04b341 608 goto err;
2c04b341
JS		 609 OSSL_PARAM_BLD_free_params(params);
610 OSSL_PARAM_BLD_free(bld);
611
612 /* Test priv and pub */
613 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
614 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
615 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
616 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
617 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
618 pub))
619 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
620 priv)))
621 goto err;
622 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
623 goto err;
624
b8a1272d 625 if (!test_fromdata(keytype, params))
2c04b341
JS		 626 goto err;
627
628 ret = 1;
629 err:
2c04b341
JS		 630 OSSL_PARAM_BLD_free_params(params);
631 OSSL_PARAM_BLD_free(bld);
632 BN_free(p);
633 BN_free(q);
634 BN_free(g);
635 BN_free(pub);
636 BN_free(priv);
637
638 return ret;
639}
8a9394c1 640#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
2c04b341 641
b8a1272d
MC		 642/*
643 * Test combinations of private, public, missing and private + public key
644 * params to ensure they are all accepted for EC keys
645 */
646#ifndef OPENSSL_NO_EC
647static unsigned char ec_priv[] = {
648 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
649 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
650 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
651};
652static unsigned char ec_pub[] = {
653 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
654 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
655 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
656 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
657 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
658 0x08, 0x09, 0xb8, 0xdb, 0x03
659};
660
661static int test_EC_priv_pub(void)
662{
663 OSSL_PARAM_BLD *bld = NULL;
664 OSSL_PARAM *params = NULL;
665 BIGNUM *priv = NULL;
666 int ret = 0;
667
668 /*
669 * Setup the parameters for our pkey object. For our purposes they don't
670 * have to actually be *valid* parameters. We just need to set something.
671 */
672 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
673 goto err;
674
675 /* Test !priv and !pub */
676 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
677 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
678 OSSL_PKEY_PARAM_GROUP_NAME,
679 "P-256", 0)))
680 goto err;
681 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
682 goto err;
683
684 if (!test_fromdata("EC", params))
685 goto err;
686 OSSL_PARAM_BLD_free_params(params);
687 OSSL_PARAM_BLD_free(bld);
688
689 /* Test priv and !pub */
690 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
691 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
692 OSSL_PKEY_PARAM_GROUP_NAME,
693 "P-256", 0))
694 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
695 priv)))
696 goto err;
697 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
698 goto err;
699
700 if (!test_fromdata("EC", params))
701 goto err;
702 OSSL_PARAM_BLD_free_params(params);
703 OSSL_PARAM_BLD_free(bld);
704
705 /* Test !priv and pub */
706 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
707 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
708 OSSL_PKEY_PARAM_GROUP_NAME,
709 "P-256", 0))
710 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
711 OSSL_PKEY_PARAM_PUB_KEY,
712 ec_pub, sizeof(ec_pub))))
713 goto err;
714 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
715 goto err;
716
717 if (!test_fromdata("EC", params))
718 goto err;
719 OSSL_PARAM_BLD_free_params(params);
720 OSSL_PARAM_BLD_free(bld);
721
722 /* Test priv and pub */
723 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
724 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
725 OSSL_PKEY_PARAM_GROUP_NAME,
726 "P-256", 0))
727 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
728 OSSL_PKEY_PARAM_PUB_KEY,
729 ec_pub, sizeof(ec_pub)))
d36a5dd0
MC		 730 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
731 priv)))
b8a1272d
MC		 732 goto err;
733 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
734 goto err;
735
736 if (!test_fromdata("EC", params))
737 goto err;
738
739 ret = 1;
740 err:
741 OSSL_PARAM_BLD_free_params(params);
742 OSSL_PARAM_BLD_free(bld);
743 BN_free(priv);
744
745 return ret;
746}
747
748/* Test that using a legacy EC key with only a private key in it works */
749# ifndef OPENSSL_NO_DEPRECATED_3_0
750static int test_EC_priv_only_legacy(void)
751{
752 BIGNUM *priv = NULL;
753 int ret = 0;
754 EC_KEY *eckey = NULL;
2145ba5e 755 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
b8a1272d
MC		 756 EVP_MD_CTX *ctx = NULL;
757
758 /* Create the low level EC_KEY */
759 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
760 goto err;
761
762 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
763 if (!TEST_ptr(eckey))
764 goto err;
765
766 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
767 goto err;
768
769 pkey = EVP_PKEY_new();
770 if (!TEST_ptr(pkey))
771 goto err;
772
773 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
774 goto err;
775 eckey = NULL;
776
2145ba5e
TM		 777 while (dup_pk == NULL) {
778 ret = 0;
779 ctx = EVP_MD_CTX_new();
780 if (!TEST_ptr(ctx))
781 goto err;
782
783 /*
784 * The EVP_DigestSignInit function should create the key on the
785 * provider side which is sufficient for this test.
786 */
787 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
788 testpropq, pkey, NULL)))
789 goto err;
790 EVP_MD_CTX_free(ctx);
791 ctx = NULL;
792
793 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
794 goto err;
795 /* EVP_PKEY_eq() returns -2 with missing public keys */
796 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
797 EVP_PKEY_free(pkey);
798 pkey = dup_pk;
799 if (!ret)
800 goto err;
801 }
b8a1272d
MC		 802
803 err:
804 EVP_MD_CTX_free(ctx);
805 EVP_PKEY_free(pkey);
806 EC_KEY_free(eckey);
807 BN_free(priv);
808
809 return ret;
810}
811# endif /* OPENSSL_NO_DEPRECATED_3_0 */
812#endif /* OPENSSL_NO_EC */
813
2eb2b4f3
SL		 814static int test_EVP_Enveloped(void)
815{
816 int ret = 0;
817 EVP_CIPHER_CTX *ctx = NULL;
818 EVP_PKEY *keypair = NULL;
819 unsigned char *kek = NULL;
820 unsigned char iv[EVP_MAX_IV_LENGTH];
821 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
822 int len, kek_len, ciphertext_len, plaintext_len;
823 unsigned char ciphertext[32], plaintext[16];
062490db
JS		 824 const EVP_CIPHER *type = NULL;
825
826 if (nullprov != NULL)
827 return TEST_skip("Test does not support a non-default library context");
828
829 type = EVP_aes_256_cbc();
2eb2b4f3
SL		 830
831 if (!TEST_ptr(keypair = load_example_rsa_key())
832 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
833 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
834 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
835 &keypair, 1))
836 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
837 msg, sizeof(msg)))
838 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
839 &len)))
840 goto err;
841
842 ciphertext_len += len;
843
844 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
845 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
846 ciphertext, ciphertext_len))
847 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
848 goto err;
849
850 plaintext_len += len;
851 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
852 goto err;
853
854 ret = 1;
855err:
856 OPENSSL_free(kek);
857 EVP_PKEY_free(keypair);
858 EVP_CIPHER_CTX_free(ctx);
859 return ret;
860}
861
59d0e6c8 862/*
6d242fa5
MC		 863 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
864 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
865 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
866 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
867 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
868 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
869 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
870 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
871 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
59d0e6c8
MC		 872 */
873static int test_EVP_DigestSignInit(int tst)
71ea6b48
MC		 874{
875 int ret = 0;
876 EVP_PKEY *pkey = NULL;
877 unsigned char *sig = NULL;
878 size_t sig_len = 0;
59d0e6c8
MC		 879 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
880 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
881 BIO *mdbio = NULL, *membio = NULL;
882 size_t written;
6d242fa5
MC		 883 const EVP_MD *md;
884 EVP_MD *mdexp = NULL;
59d0e6c8 885
062490db
JS		 886 if (nullprov != NULL)
887 return TEST_skip("Test does not support a non-default library context");
888
6d242fa5 889 if (tst >= 6) {
59d0e6c8
MC		 890 membio = BIO_new(BIO_s_mem());
891 mdbio = BIO_new(BIO_f_md());
892 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
893 goto out;
894 BIO_push(mdbio, membio);
895 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
896 goto out;
897 } else {
898 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
899 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
900 goto out;
901 }
71ea6b48 902
6d242fa5 903 if (tst == 0 || tst == 3 || tst == 6) {
59d0e6c8
MC		 904 if (!TEST_ptr(pkey = load_example_rsa_key()))
905 goto out;
6d242fa5 906 } else if (tst == 1 || tst == 4 || tst == 7) {
f650ab47 907#ifndef OPENSSL_NO_DSA
59d0e6c8
MC		 908 if (!TEST_ptr(pkey = load_example_dsa_key()))
909 goto out;
f650ab47
MC		 910#else
911 ret = 1;
912 goto out;
913#endif
6d242fa5
MC		 914 } else {
915 if (!TEST_ptr(pkey = load_example_hmac_key()))
916 goto out;
59d0e6c8 917 }
71ea6b48 918
6d242fa5
MC		 919 if (tst >= 3 && tst <= 5)
920 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
921 else
922 md = EVP_sha256();
923
924 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
71ea6b48 925 goto out;
adcd8e37 926
6d242fa5 927 if (tst >= 6) {
59d0e6c8
MC		 928 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
929 goto out;
930 } else {
931 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
932 goto out;
933 }
934
71ea6b48 935 /* Determine the size of the signature. */
adcd8e37 936 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
0a054d2a 937 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
adcd8e37 938 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
71ea6b48 939 goto out;
71ea6b48 940
6d242fa5 941 if (tst >= 6) {
59d0e6c8
MC		 942 if (!TEST_int_gt(BIO_reset(mdbio), 0)
943 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
944 goto out;
945 }
946
6d242fa5
MC		 947 /*
948 * Ensure that the signature round-trips (Verification isn't supported for
949 * HMAC via EVP_DigestVerify*)
950 */
951 if (tst != 2 && tst != 5 && tst != 8) {
952 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
953 NULL, pkey)))
59d0e6c8 954 goto out;
6d242fa5
MC		 955
956 if (tst >= 6) {
957 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
958 goto out;
959 } else {
960 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
961 sizeof(kMsg))))
962 goto out;
963 }
964 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
59d0e6c8
MC		 965 goto out;
966 }
71ea6b48
MC		 967
968 ret = 1;
969
970 out:
59d0e6c8
MC		 971 BIO_free(membio);
972 BIO_free(mdbio);
973 EVP_MD_CTX_free(a_md_ctx);
974 EVP_MD_CTX_free(a_md_ctx_verify);
c5ba2d99 975 EVP_PKEY_free(pkey);
b548a1f1 976 OPENSSL_free(sig);
6d242fa5 977 EVP_MD_free(mdexp);
71ea6b48
MC		 978
979 return ret;
980}
981
982static int test_EVP_DigestVerifyInit(void)
983{
984 int ret = 0;
985 EVP_PKEY *pkey = NULL;
adcd8e37 986 EVP_MD_CTX *md_ctx = NULL;
71ea6b48 987
062490db
JS		 988 if (nullprov != NULL)
989 return TEST_skip("Test does not support a non-default library context");
990
adcd8e37
RS		 991 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
992 || !TEST_ptr(pkey = load_example_rsa_key()))
993 goto out;
71ea6b48 994
adcd8e37
RS		 995 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
996 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
997 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
998 sizeof(kSignature))))
71ea6b48 999 goto out;
71ea6b48
MC		 1000 ret = 1;
1001
1002 out:
bfb0641f 1003 EVP_MD_CTX_free(md_ctx);
c5ba2d99 1004 EVP_PKEY_free(pkey);
71ea6b48
MC		 1005 return ret;
1006}
1007
8d8dd09b
TM		 1008/*
1009 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1010 */
1011static int test_EVP_Digest(void)
1012{
1013 int ret = 0;
1014 EVP_MD_CTX *md_ctx = NULL;
1015 unsigned char md[EVP_MAX_MD_SIZE];
062490db
JS		 1016 EVP_MD *sha256 = NULL;
1017 EVP_MD *shake256 = NULL;
8d8dd09b
TM		 1018
1019 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1020 goto out;
1021
062490db
JS		 1022 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1023 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1024 goto out;
1025
1026 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
8d8dd09b
TM		 1027 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1028 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1029 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1030 || !TEST_ptr_eq(EVP_MD_CTX_md(md_ctx), NULL))
1031 goto out;
1032
062490db 1033 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
8d8dd09b
TM		 1034 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1035 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1036 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1037 || !TEST_ptr(EVP_MD_CTX_md(md_ctx))
1038 /*
1039 * EVP_DigestInit_ex with NULL type should work on
1040 * pre-initialized context.
1041 */
1042 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1043 goto out;
1044
062490db 1045 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
8d8dd09b
TM		 1046 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1047 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1048 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1049 || !TEST_ptr(EVP_MD_CTX_md(md_ctx))
1050 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1051 goto out;
1052 ret = 1;
1053
1054 out:
1055 EVP_MD_CTX_free(md_ctx);
062490db
JS		 1056 EVP_MD_free(sha256);
1057 EVP_MD_free(shake256);
8d8dd09b
TM		 1058 return ret;
1059}
1060
adcd8e37 1061static int test_d2i_AutoPrivateKey(int i)
71ea6b48
MC		 1062{
1063 int ret = 0;
1064 const unsigned char *p;
1065 EVP_PKEY *pkey = NULL;
adcd8e37
RS		 1066 const APK_DATA *ak = &keydata[i];
1067 const unsigned char *input = ak->kder;
1068 size_t input_len = ak->size;
1069 int expected_id = ak->evptype;
71ea6b48
MC		 1070
1071 p = input;
adcd8e37
RS		 1072 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1073 || !TEST_ptr_eq(p, input + input_len)
1074 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
71ea6b48 1075 goto done;
71ea6b48
MC		 1076
1077 ret = 1;
1078
1079 done:
c5ba2d99 1080 EVP_PKEY_free(pkey);
71ea6b48
MC		 1081 return ret;
1082}
1083
a9880362 1084#ifndef OPENSSL_NO_EC
cad8347b
SL		 1085
1086static const unsigned char ec_public_sect163k1_validxy[] = {
1087 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1088 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1089 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1090 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1091 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1092 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1093};
1094
1095static const unsigned char ec_public_sect163k1_badx[] = {
1096 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1097 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1098 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1099 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1100 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1101 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1102};
1103
1104static const unsigned char ec_public_sect163k1_bady[] = {
1105 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1106 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1107 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1108 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1109 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1110 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1111};
1112
1113static struct ec_der_pub_keys_st {
1114 const unsigned char *der;
1115 size_t len;
1116 int valid;
1117} ec_der_pub_keys[] = {
1118 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1119 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1120 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1121};
1122
1123/*
1124 * Tests the range of the decoded EC char2 public point.
1125 * See ec_GF2m_simple_oct2point().
1126 */
1127static int test_invalide_ec_char2_pub_range_decode(int id)
1128{
1129 int ret = 0;
5b5eea4b 1130 EVP_PKEY *pkey;
cad8347b 1131
5b5eea4b
SL		 1132 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1133 ec_der_pub_keys[id].len);
1134
1135 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1136 || TEST_ptr_null(pkey);
1137 EVP_PKEY_free(pkey);
cad8347b
SL		 1138 return ret;
1139}
1140
71ea6b48
MC		 1141/* Tests loading a bad key in PKCS8 format */
1142static int test_EVP_PKCS82PKEY(void)
1143{
1144 int ret = 0;
1145 const unsigned char *derp = kExampleBadECKeyDER;
1146 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1147 EVP_PKEY *pkey = NULL;
1148
adcd8e37
RS		 1149 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1150 sizeof(kExampleBadECKeyDER))))
1151 goto done;
71ea6b48 1152
adcd8e37
RS		 1153 if (!TEST_ptr_eq(derp,
1154 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
71ea6b48 1155 goto done;
71ea6b48 1156
adcd8e37 1157 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
71ea6b48 1158 goto done;
71ea6b48
MC		 1159
1160 ret = 1;
1161
1162 done:
e0e920b1 1163 PKCS8_PRIV_KEY_INFO_free(p8inf);
c5ba2d99 1164 EVP_PKEY_free(pkey);
71ea6b48
MC		 1165
1166 return ret;
1167}
a9880362 1168#endif
71ea6b48 1169
29c49b25
RL		 1170/* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1171static int test_privatekey_to_pkcs8(void)
1172{
1173 EVP_PKEY *pkey = NULL;
1174 BIO *membio = NULL;
1175 char *membuf = NULL;
e2cc68c8 1176 long membuf_len = 0;
29c49b25
RL		 1177 int ok = 0;
1178
1179 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1180 || !TEST_ptr(pkey = load_example_rsa_key())
1181 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1182 NULL, 0, NULL, NULL),
1183 0)
e2cc68c8
SL		 1184 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1185 || !TEST_ptr(membuf)
1186 || !TEST_mem_eq(membuf, (size_t)membuf_len,
29c49b25
RL		 1187 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1188 /*
1189 * We try to write PEM as well, just to see that it doesn't err, but
1190 * assume that the result is correct.
1191 */
1192 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1193 NULL, 0, NULL, NULL),
1194 0))
1195 goto done;
1196
1197 ok = 1;
1198 done:
1199 EVP_PKEY_free(pkey);
1200 BIO_free_all(membio);
1201 return ok;
1202}
1203
f0c62c53
RL		 1204#ifndef OPENSSL_NO_EC
1205static const struct {
1206 int encoding;
1207 const char *encoding_name;
1208} ec_encodings[] = {
1209 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1210 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1211};
1212
1213static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1214{
1215 const OSSL_PARAM *p;
1216 const char *enc_name = NULL;
1217 int *enc = arg;
1218 size_t i;
1219
1220 *enc = -1;
1221
1222 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1223 OSSL_PKEY_PARAM_EC_ENCODING))
1224 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1225 return 0;
1226
1227 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1228 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1229 *enc = ec_encodings[i].encoding;
1230 break;
1231 }
1232 }
1233
1234 return (*enc != -1);
1235}
1236
1237static int test_EC_keygen_with_enc(int idx)
1238{
1239 EVP_PKEY *params = NULL, *key = NULL;
1240 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1241 int enc;
1242 int ret = 0;
1243
1244 enc = ec_encodings[idx].encoding;
1245
1246 /* Create key parameters */
1247 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1248 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
1249 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
1250 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1251 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
1252 || !TEST_ptr(params))
1253 goto done;
1254
1255 /* Create key */
1256 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1257 || !TEST_true(EVP_PKEY_keygen_init(kctx))
1258 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1259 || !TEST_ptr(key))
1260 goto done;
1261
1262 /* Check that the encoding got all the way into the key */
1263 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1264 ec_export_get_encoding_cb, &enc))
1265 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1266 goto done;
1267
1268 ret = 1;
1269 done:
1270 EVP_PKEY_free(key);
1271 EVP_PKEY_free(params);
1272 EVP_PKEY_CTX_free(kctx);
1273 EVP_PKEY_CTX_free(pctx);
1274 return ret;
1275}
1276#endif
1277
f844f9eb 1278#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
ddb634fe 1279
a6c4cb84
JL		 1280static int test_EVP_SM2_verify(void)
1281{
a6c4cb84 1282 const char *pubkey =
d0b79f86
PY		 1283 "-----BEGIN PUBLIC KEY-----\n"
1284 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1285 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1286 "-----END PUBLIC KEY-----\n";
a6c4cb84
JL		 1287
1288 const char *msg = "message digest";
1289 const char *id = "ALICE123@YAHOO.COM";
1290
1291 const uint8_t signature[] = {
d0b79f86
PY		 1292 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1293 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1294 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1295 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1296 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1297 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1298 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
a6c4cb84
JL		 1299 };
1300
1301 int rc = 0;
1302 BIO *bio = NULL;
1303 EVP_PKEY *pkey = NULL;
1304 EVP_MD_CTX *mctx = NULL;
1305 EVP_PKEY_CTX *pctx = NULL;
062490db 1306 EVP_MD *sm3 = NULL;
a6c4cb84
JL		 1307
1308 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1309 if (!TEST_true(bio != NULL))
1310 goto done;
1311
062490db 1312 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
a6c4cb84
JL		 1313 if (!TEST_true(pkey != NULL))
1314 goto done;
1315
8a288609 1316 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
a6c4cb84
JL		 1317 goto done;
1318
1319 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1320 goto done;
1321
062490db 1322 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
a6c4cb84
JL		 1323 goto done;
1324
a6c4cb84
JL		 1325 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1326
062490db
JS		 1327 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1328 goto done;
1329
1330 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
a6c4cb84
JL		 1331 goto done;
1332
d0b79f86
PY		 1333 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1334 goto done;
1335
a6c4cb84
JL		 1336 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1337 goto done;
1338
1339 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
1340 goto done;
1341 rc = 1;
1342
1343 done:
1344 BIO_free(bio);
1345 EVP_PKEY_free(pkey);
1346 EVP_PKEY_CTX_free(pctx);
1347 EVP_MD_CTX_free(mctx);
062490db 1348 EVP_MD_free(sm3);
a6c4cb84
JL		 1349 return rc;
1350}
1351
ddb634fe
JL		 1352static int test_EVP_SM2(void)
1353{
1354 int ret = 0;
1355 EVP_PKEY *pkey = NULL;
bfb56a97 1356 EVP_PKEY *pkeyparams = NULL;
ddb634fe
JL		 1357 EVP_PKEY_CTX *pctx = NULL;
1358 EVP_PKEY_CTX *kctx = NULL;
4803717f 1359 EVP_PKEY_CTX *sctx = NULL;
ddb634fe
JL		 1360 size_t sig_len = 0;
1361 unsigned char *sig = NULL;
1362 EVP_MD_CTX *md_ctx = NULL;
1363 EVP_MD_CTX *md_ctx_verify = NULL;
1364 EVP_PKEY_CTX *cctx = NULL;
062490db 1365 EVP_MD *sm3 = NULL;
ddb634fe
JL		 1366
1367 uint8_t ciphertext[128];
1368 size_t ctext_len = sizeof(ciphertext);
1369
1370 uint8_t plaintext[8];
1371 size_t ptext_len = sizeof(plaintext);
1372
4803717f
PY		 1373 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1374
bfb56a97
MC		 1375 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1376 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1377 int i;
1378 char mdname[20];
1379
062490db 1380 pctx = EVP_PKEY_CTX_new_from_name(testctx, "SM2", testpropq);
ddb634fe
JL		 1381 if (!TEST_ptr(pctx))
1382 goto done;
1383
1384 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1385 goto done;
1386
1387 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1388 goto done;
1389
bfb56a97 1390 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
ddb634fe
JL		 1391 goto done;
1392
062490db 1393 kctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkeyparams, testpropq);
ddb634fe
JL		 1394 if (!TEST_ptr(kctx))
1395 goto done;
1396
1397 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1398 goto done;
1399
1400 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1401 goto done;
1402
ddb634fe
JL		 1403 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1404 goto done;
1405
1406 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1407 goto done;
1408
062490db 1409 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
4803717f
PY		 1410 goto done;
1411
1412 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1413 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1414
062490db
JS		 1415 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1416 goto done;
1417
1418 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, sm3, NULL, pkey)))
4803717f
PY		 1419 goto done;
1420
d0b79f86 1421 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
ddb634fe
JL		 1422 goto done;
1423
1424 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1425 goto done;
1426
1427 /* Determine the size of the signature. */
1428 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1429 goto done;
1430
ddb634fe
JL		 1431 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1432 goto done;
1433
1434 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1435 goto done;
1436
1437 /* Ensure that the signature round-trips. */
1438
062490db 1439 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, sm3, NULL, pkey)))
ddb634fe
JL		 1440 goto done;
1441
d0b79f86
PY		 1442 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1443 goto done;
1444
ddb634fe
JL		 1445 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1446 goto done;
1447
1448 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1449 goto done;
1450
1451 /* now check encryption/decryption */
1452
bfb56a97
MC		 1453 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1454 mdname, sizeof(mdname));
1455 for (i = 0; i < 2; i++) {
1456 EVP_PKEY_CTX_free(cctx);
ddb634fe 1457
bfb56a97
MC		 1458 sparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1459 i == 0 ? "SM3" : "SHA2-256",
1460 0);
ddb634fe 1461
062490db 1462 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
bfb56a97 1463 goto done;
ddb634fe 1464
bfb56a97
MC		 1465 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1466 goto done;
ddb634fe 1467
bfb56a97
MC		 1468 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1469 goto done;
ddb634fe 1470
bfb56a97
MC		 1471 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1472 sizeof(kMsg))))
1473 goto done;
ddb634fe 1474
bfb56a97
MC		 1475 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1476 goto done;
1477
1478 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1479 goto done;
1480
1481 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1482 ctext_len)))
1483 goto done;
1484
1485 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1486 goto done;
1487
1488 /* Test we're still using the digest we think we are */
1489 if (i == 0 && !TEST_int_eq(strcmp(mdname, "SM3"), 0))
1490 goto done;
1491 if (i == 1 && !TEST_int_eq(strcmp(mdname, "SHA2-256"), 0))
1492 goto done;
1493
1494 if (!TEST_true(ptext_len == sizeof(kMsg)))
1495 goto done;
1496
1497 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1498 goto done;
1499 }
ddb634fe
JL		 1500
1501 ret = 1;
1502done:
1503 EVP_PKEY_CTX_free(pctx);
1504 EVP_PKEY_CTX_free(kctx);
4803717f 1505 EVP_PKEY_CTX_free(sctx);
ddb634fe
JL		 1506 EVP_PKEY_CTX_free(cctx);
1507 EVP_PKEY_free(pkey);
bfb56a97 1508 EVP_PKEY_free(pkeyparams);
ddb634fe
JL		 1509 EVP_MD_CTX_free(md_ctx);
1510 EVP_MD_CTX_free(md_ctx_verify);
062490db 1511 EVP_MD_free(sm3);
ddb634fe
JL		 1512 OPENSSL_free(sig);
1513 return ret;
1514}
1515
1516#endif
1517
bb5f281a
MC		 1518static struct keys_st {
1519 int type;
1520 char *priv;
1521 char *pub;
1522} keys[] = {
1523 {
1524 EVP_PKEY_HMAC, "0123456789", NULL
1525 }, {
1526 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1527 }, {
1528 EVP_PKEY_SIPHASH, "0123456789012345", NULL
896dcb80
MC		 1529 },
1530#ifndef OPENSSL_NO_EC
1531 {
bb5f281a
MC		 1532 EVP_PKEY_X25519, "01234567890123456789012345678901",
1533 "abcdefghijklmnopqrstuvwxyzabcdef"
1534 }, {
1535 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1536 "abcdefghijklmnopqrstuvwxyzabcdef"
1537 }, {
1538 EVP_PKEY_X448,
1539 "01234567890123456789012345678901234567890123456789012345",
1540 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1541 }, {
1542 EVP_PKEY_ED448,
1543 "012345678901234567890123456789012345678901234567890123456",
1544 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1545 }
896dcb80 1546#endif
bb5f281a
MC		 1547};
1548
86dc26ba 1549static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
bb5f281a
MC		 1550{
1551 int ret = 0;
1552 unsigned char buf[80];
1553 unsigned char *in;
1554 size_t inlen, len = 0;
1555 EVP_PKEY *pkey;
1556
062490db
JS		 1557 if (nullprov != NULL)
1558 return TEST_skip("Test does not support a non-default library context");
1559
bb5f281a
MC		 1560 /* Check if this algorithm supports public keys */
1561 if (keys[tst].pub == NULL)
1562 return 1;
1563
1564 memset(buf, 0, sizeof(buf));
1565
1566 if (pub) {
1567 inlen = strlen(keys[tst].pub);
1568 in = (unsigned char *)keys[tst].pub;
86dc26ba 1569 if (uselibctx) {
d8652be0 1570 pkey = EVP_PKEY_new_raw_public_key_ex(
86dc26ba
MC		 1571 testctx,
1572 OBJ_nid2sn(keys[tst].type),
1573 NULL,
1574 in,
1575 inlen);
1576 } else {
1577 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1578 NULL,
1579 in,
1580 inlen);
1581 }
bb5f281a
MC		 1582 } else {
1583 inlen = strlen(keys[tst].priv);
1584 in = (unsigned char *)keys[tst].priv;
86dc26ba 1585 if (uselibctx) {
d8652be0 1586 pkey = EVP_PKEY_new_raw_private_key_ex(
86dc26ba
MC		 1587 testctx, OBJ_nid2sn(keys[tst].type),
1588 NULL,
1589 in,
1590 inlen);
1591 } else {
1592 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1593 NULL,
1594 in,
1595 inlen);
1596 }
bb5f281a
MC		 1597 }
1598
1599 if (!TEST_ptr(pkey)
1600 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1601 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1602 || !TEST_true(len == inlen)
1603 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1604 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1605 || !TEST_mem_eq(in, inlen, buf, len))
1606 goto done;
1607
1608 ret = 1;
1609 done:
1610 EVP_PKEY_free(pkey);
1611 return ret;
1612}
1613
1614static int test_set_get_raw_keys(int tst)
1615{
86dc26ba
MC		 1616 return test_set_get_raw_keys_int(tst, 0, 0)
1617 && test_set_get_raw_keys_int(tst, 0, 1)
1618 && test_set_get_raw_keys_int(tst, 1, 0)
1619 && test_set_get_raw_keys_int(tst, 1, 1);
bb5f281a
MC		 1620}
1621
41bbba53 1622#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3
PY		 1623static int pkey_custom_check(EVP_PKEY *pkey)
1624{
1625 return 0xbeef;
1626}
1627
b0004708
PY		 1628static int pkey_custom_pub_check(EVP_PKEY *pkey)
1629{
1630 return 0xbeef;
1631}
1632
1633static int pkey_custom_param_check(EVP_PKEY *pkey)
1634{
1635 return 0xbeef;
1636}
1637
2aee35d3 1638static EVP_PKEY_METHOD *custom_pmeth;
41bbba53 1639#endif
2aee35d3
PY		 1640
1641static int test_EVP_PKEY_check(int i)
1642{
1643 int ret = 0;
2aee35d3
PY		 1644 EVP_PKEY *pkey = NULL;
1645 EVP_PKEY_CTX *ctx = NULL;
41bbba53 1646#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3 1647 EVP_PKEY_CTX *ctx2 = NULL;
41bbba53 1648#endif
2aee35d3
PY		 1649 const APK_DATA *ak = &keycheckdata[i];
1650 const unsigned char *input = ak->kder;
1651 size_t input_len = ak->size;
1652 int expected_id = ak->evptype;
1653 int expected_check = ak->check;
b0004708
PY		 1654 int expected_pub_check = ak->pub_check;
1655 int expected_param_check = ak->param_check;
1656 int type = ak->type;
b0004708 1657
5b5eea4b
SL		 1658 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
1659 goto done;
1660 if (type == 0
1661 && !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1662 goto done;
2aee35d3 1663
062490db 1664 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2aee35d3
PY		 1665 goto done;
1666
b0004708
PY		 1667 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1668 goto done;
1669
1670 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1671 goto done;
1672
1673 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1674 goto done;
2aee35d3 1675
41bbba53 1676#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3
PY		 1677 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1678 /* assign the pkey directly, as an internal test */
1679 EVP_PKEY_up_ref(pkey);
1680 ctx2->pkey = pkey;
1681
1682 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1683 goto done;
1684
b0004708
PY		 1685 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1686 goto done;
1687
1688 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1689 goto done;
41bbba53 1690#endif
b0004708 1691
2aee35d3
PY		 1692 ret = 1;
1693
1694 done:
1695 EVP_PKEY_CTX_free(ctx);
41bbba53 1696#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3 1697 EVP_PKEY_CTX_free(ctx2);
41bbba53 1698#endif
2aee35d3
PY		 1699 EVP_PKEY_free(pkey);
1700 return ret;
1701}
1702
fab8fde3 1703#ifndef OPENSSL_NO_CMAC
e5bc0ce2
MC		 1704static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
1705{
1706 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
1707 const char msg[] = "Hello World";
1708 size_t maclen;
1709 int ret = 1;
1710
1711 if (!TEST_ptr(mdctx)
062490db
JS		 1712 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
1713 testpropq, pkey, NULL))
e5bc0ce2
MC		 1714 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
1715 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
1716 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
1717 ret = 0;
1718
1719 EVP_MD_CTX_free(mdctx);
1720
1721 return ret;
1722}
a87820e1
RL		 1723static int test_CMAC_keygen(void)
1724{
e5bc0ce2
MC		 1725 static unsigned char key[] = {
1726 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1727 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1728 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1729 };
062490db 1730 EVP_PKEY_CTX *kctx = NULL;
a87820e1 1731 int ret = 0;
e5bc0ce2 1732 EVP_PKEY *pkey = NULL;
a3d267f1
RS		 1733 unsigned char mac[AES_BLOCK_SIZE];
1734# if !defined(OPENSSL_NO_DEPRECATED_3_0)
1735 unsigned char mac2[AES_BLOCK_SIZE];
1736# endif
e5bc0ce2 1737
062490db
JS		 1738 if (nullprov != NULL)
1739 return TEST_skip("Test does not support a non-default library context");
1740
1741 /*
1742 * This is a legacy method for CMACs, but should still work.
1743 * This verifies that it works without an ENGINE.
1744 */
1745 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
1746
e5bc0ce2
MC		 1747 /* Test a CMAC key created using the "generated" method */
1748 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1749 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1750 EVP_PKEY_CTRL_CIPHER,
1751 0, (void *)EVP_aes_256_ecb()), 0)
1752 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1753 EVP_PKEY_CTRL_SET_MAC_KEY,
1754 sizeof(key), (void *)key), 0)
1755 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
1756 || !TEST_ptr(pkey)
1757 || !TEST_true(get_cmac_val(pkey, mac)))
1758 goto done;
a87820e1 1759
a3d267f1 1760# if !defined(OPENSSL_NO_DEPRECATED_3_0)
e5bc0ce2
MC		 1761 EVP_PKEY_free(pkey);
1762
1763 /*
1764 * Test a CMAC key using the direct method, and compare with the mac
1765 * created above.
1766 */
1767 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
1768 if (!TEST_ptr(pkey)
1769 || !TEST_true(get_cmac_val(pkey, mac2))
1770 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
a87820e1 1771 goto done;
a3d267f1 1772# endif
e5bc0ce2 1773
a87820e1
RL		 1774 ret = 1;
1775
1776 done:
e5bc0ce2 1777 EVP_PKEY_free(pkey);
a87820e1
RL		 1778 EVP_PKEY_CTX_free(kctx);
1779 return ret;
1780}
fab8fde3 1781#endif
a87820e1 1782
10d5b415
MC		 1783static int test_HKDF(void)
1784{
1785 EVP_PKEY_CTX *pctx;
1786 unsigned char out[20];
1787 size_t outlen;
1788 int i, ret = 0;
1789 unsigned char salt[] = "0123456789";
1790 unsigned char key[] = "012345678901234567890123456789";
1791 unsigned char info[] = "infostring";
1792 const unsigned char expected[] = {
1793 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1794 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1795 };
1796 size_t expectedlen = sizeof(expected);
1797
062490db 1798 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
10d5b415
MC		 1799 goto done;
1800
1801 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1802 for (i = 0; i < 2; i++) {
1803 outlen = sizeof(out);
1804 memset(out, 0, outlen);
1805
1806 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1807 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1808 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1809 sizeof(salt) - 1), 0)
1810 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1811 sizeof(key) - 1), 0)
1812 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1813 sizeof(info) - 1), 0)
1814 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1815 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1816 goto done;
1817 }
1818
1819 ret = 1;
1820
1821 done:
1822 EVP_PKEY_CTX_free(pctx);
1823
1824 return ret;
1825}
1826
2cd3ebc7
BK		 1827static int test_emptyikm_HKDF(void)
1828{
1829 EVP_PKEY_CTX *pctx;
1830 unsigned char out[20];
1831 size_t outlen;
1832 int ret = 0;
1833 unsigned char salt[] = "9876543210";
1834 unsigned char key[] = "";
1835 unsigned char info[] = "stringinfo";
1836 const unsigned char expected[] = {
1837 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
1838 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
1839 };
1840 size_t expectedlen = sizeof(expected);
1841
062490db 1842 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2cd3ebc7
BK		 1843 goto done;
1844
1845 outlen = sizeof(out);
1846 memset(out, 0, outlen);
1847
1848 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1849 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1850 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1851 sizeof(salt) - 1), 0)
1852 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1853 sizeof(key) - 1), 0)
1854 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1855 sizeof(info) - 1), 0)
1856 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1857 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1858 goto done;
1859
1860 ret = 1;
1861
1862 done:
1863 EVP_PKEY_CTX_free(pctx);
1864
1865 return ret;
1866}
1867
5dc40a83
BE		 1868#ifndef OPENSSL_NO_EC
1869static int test_X509_PUBKEY_inplace(void)
1870{
808c63c5
P		 1871 int ret = 0;
1872 X509_PUBKEY *xp = NULL;
1873 const unsigned char *p = kExampleECPubKeyDER;
1874 size_t input_len = sizeof(kExampleECPubKeyDER);
5dc40a83 1875
808c63c5
P		 1876 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1877 goto done;
5dc40a83 1878
808c63c5
P		 1879 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1880 goto done;
5dc40a83 1881
808c63c5
P		 1882 p = kExampleBadECPubKeyDER;
1883 input_len = sizeof(kExampleBadECPubKeyDER);
5dc40a83 1884
808c63c5
P		 1885 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1886 goto done;
5dc40a83 1887
808c63c5
P		 1888 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1889 goto done;
5dc40a83 1890
808c63c5 1891 ret = 1;
5dc40a83 1892
808c63c5
P		 1893 done:
1894 X509_PUBKEY_free(xp);
1895 return ret;
1896}
1897
1898static int test_X509_PUBKEY_dup(void)
1899{
1900 int ret = 0;
1901 X509_PUBKEY *xp = NULL, *xq = NULL;
1902 const unsigned char *p = kExampleECPubKeyDER;
1903 size_t input_len = sizeof(kExampleECPubKeyDER);
1904
1905 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len))
1906 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
1907 || !TEST_ptr_ne(xp, xq))
1908 goto done;
1909
1910 if (!TEST_ptr(X509_PUBKEY_get0(xq))
1911 || !TEST_ptr(X509_PUBKEY_get0(xp))
1912 || !TEST_ptr_eq(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
1913 goto done;
1914
1915 X509_PUBKEY_free(xq);
1916 xq = NULL;
1917 p = kExampleBadECPubKeyDER;
1918 input_len = sizeof(kExampleBadECPubKeyDER);
1919
1920 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
1921 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
1922 goto done;
1923
1924 X509_PUBKEY_free(xp);
1925 xp = NULL;
1926 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
1927 goto done;
1928
1929 ret = 1;
1930
1931 done:
1932 X509_PUBKEY_free(xp);
1933 X509_PUBKEY_free(xq);
1934 return ret;
5dc40a83 1935}
7bb82f92 1936#endif /* OPENSSL_NO_EC */
784883fc 1937
9c45222d 1938/* Test getting and setting parameters on an EVP_PKEY_CTX */
f54a4101 1939static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
9c45222d 1940{
9a071fef 1941 EVP_MD_CTX *mdctx = NULL;
9c45222d 1942 EVP_PKEY_CTX *ctx = NULL;
9c45222d 1943 const OSSL_PARAM *params;
00bc1ad9 1944 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
9c45222d
MC		 1945 int ret = 0;
1946 const EVP_MD *md;
00bc1ad9 1947 char mdname[OSSL_MAX_NAME_SIZE];
9a071fef 1948 char ssl3ms[48];
9c45222d 1949
9c45222d 1950 /* Initialise a sign operation */
062490db 1951 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
9c45222d 1952 if (!TEST_ptr(ctx)
c9c4a356 1953 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
9c45222d
MC		 1954 goto err;
1955
1956 /*
f54a4101 1957 * We should be able to query the parameters now.
9c45222d
MC		 1958 */
1959 params = EVP_PKEY_CTX_settable_params(ctx);
1960 if (!TEST_ptr(params)
0cb3f4f9
RL		 1961 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1962 OSSL_SIGNATURE_PARAM_DIGEST)))
9c45222d
MC		 1963 goto err;
1964
9c45222d
MC		 1965 params = EVP_PKEY_CTX_gettable_params(ctx);
1966 if (!TEST_ptr(params)
0cb3f4f9
RL		 1967 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1968 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
0cb3f4f9
RL		 1969 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1970 OSSL_SIGNATURE_PARAM_DIGEST)))
9c45222d
MC		 1971 goto err;
1972
1973 /*
1974 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1975 * EVP_PKEY_CTX_get_params()
1976 */
00bc1ad9
RL		 1977 strcpy(mdname, "SHA512");
1978 param_md = param;
1979 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1980 mdname, 0);
9c45222d
MC		 1981 *param++ = OSSL_PARAM_construct_end();
1982
1983 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
1984 goto err;
1985
00bc1ad9
RL		 1986 mdname[0] = '\0';
1987 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1988 mdname, sizeof(mdname));
9c45222d 1989 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
00bc1ad9 1990 || !TEST_str_eq(mdname, "SHA512"))
9c45222d
MC		 1991 goto err;
1992
1993 /*
1994 * Test the TEST_PKEY_CTX_set_signature_md() and
1995 * TEST_PKEY_CTX_get_signature_md() functions
1996 */
1997 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
1998 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
1999 || !TEST_ptr_eq(md, EVP_sha256()))
2000 goto err;
2001
9a071fef
MC		 2002 /*
2003 * Test getting MD parameters via an associated EVP_PKEY_CTX
2004 */
2005 mdctx = EVP_MD_CTX_new();
2006 if (!TEST_ptr(mdctx)
062490db 2007 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
af6171b3 2008 pkey, NULL)))
9a071fef
MC		 2009 goto err;
2010
2011 /*
2012 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2013 * able to obtain the digest's settable parameters from the provider.
2014 */
2015 params = EVP_MD_CTX_settable_params(mdctx);
2016 if (!TEST_ptr(params)
2017 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2018 /* The final key should be NULL */
2019 || !TEST_ptr_null(params[1].key))
2020 goto err;
2021
2022 param = ourparams;
2023 memset(ssl3ms, 0, sizeof(ssl3ms));
2024 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2025 ssl3ms, sizeof(ssl3ms));
2026 *param++ = OSSL_PARAM_construct_end();
2027
2028 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2029 goto err;
2030
9c45222d
MC		 2031 ret = 1;
2032
2033 err:
9a071fef 2034 EVP_MD_CTX_free(mdctx);
9c45222d 2035 EVP_PKEY_CTX_free(ctx);
f54a4101
RL		 2036
2037 return ret;
2038}
2039
2040#ifndef OPENSSL_NO_DSA
2041static int test_DSA_get_set_params(void)
2042{
6ed4022c
RL		 2043 OSSL_PARAM_BLD *bld = NULL;
2044 OSSL_PARAM *params = NULL;
f54a4101 2045 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
6ed4022c 2046 EVP_PKEY_CTX *pctx = NULL;
f54a4101
RL		 2047 EVP_PKEY *pkey = NULL;
2048 int ret = 0;
2049
2050 /*
2051 * Setup the parameters for our DSA object. For our purposes they don't
2052 * have to actually be *valid* parameters. We just need to set something.
2053 */
6ed4022c
RL		 2054 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2055 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2056 || !TEST_ptr(p = BN_new())
2057 || !TEST_ptr(q = BN_new())
2058 || !TEST_ptr(g = BN_new())
2059 || !TEST_ptr(pub = BN_new())
2060 || !TEST_ptr(priv = BN_new()))
2061 goto err;
2062 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2063 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2064 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2065 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2066 pub))
2067 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2068 priv)))
2069 goto err;
2070 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
f54a4101 2071 goto err;
f54a4101 2072
2db985b7
SL		 2073 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2074 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2075 params), 0))
f54a4101
RL		 2076 goto err;
2077
6ed4022c
RL		 2078 if (!TEST_ptr(pkey))
2079 goto err;
f54a4101
RL		 2080
2081 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2082
2083 err:
9c45222d 2084 EVP_PKEY_free(pkey);
6ed4022c
RL		 2085 EVP_PKEY_CTX_free(pctx);
2086 OSSL_PARAM_BLD_free_params(params);
2087 OSSL_PARAM_BLD_free(bld);
9c45222d
MC		 2088 BN_free(p);
2089 BN_free(q);
2090 BN_free(g);
cd32a0f5
RL		 2091 BN_free(pub);
2092 BN_free(priv);
9c45222d
MC		 2093
2094 return ret;
2095}
2c04b341
JS		 2096
2097/*
8a9394c1 2098 * Test combinations of private, public, missing and private + public key
2c04b341
JS		 2099 * params to ensure they are all accepted
2100 */
2101static int test_DSA_priv_pub(void)
2102{
2103 return test_EVP_PKEY_ffc_priv_pub("DSA");
2104}
2105
2106#endif /* !OPENSSL_NO_DSA */
9c45222d 2107
f54a4101
RL		 2108static int test_RSA_get_set_params(void)
2109{
d7e498ac
RL		 2110 OSSL_PARAM_BLD *bld = NULL;
2111 OSSL_PARAM *params = NULL;
f54a4101 2112 BIGNUM *n = NULL, *e = NULL, *d = NULL;
d7e498ac 2113 EVP_PKEY_CTX *pctx = NULL;
f54a4101
RL		 2114 EVP_PKEY *pkey = NULL;
2115 int ret = 0;
2116
2117 /*
2118 * Setup the parameters for our RSA object. For our purposes they don't
2119 * have to actually be *valid* parameters. We just need to set something.
2120 */
d7e498ac
RL		 2121 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2122 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2123 || !TEST_ptr(n = BN_new())
2124 || !TEST_ptr(e = BN_new())
2125 || !TEST_ptr(d = BN_new()))
2126 goto err;
2127 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2128 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2129 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2130 goto err;
2131 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
f54a4101 2132 goto err;
f54a4101 2133
2db985b7
SL		 2134 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2135 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2136 params), 0))
f54a4101
RL		 2137 goto err;
2138
d7e498ac
RL		 2139 if (!TEST_ptr(pkey))
2140 goto err;
f54a4101
RL		 2141
2142 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2143
2144 err:
2145 EVP_PKEY_free(pkey);
d7e498ac
RL		 2146 EVP_PKEY_CTX_free(pctx);
2147 OSSL_PARAM_BLD_free_params(params);
2148 OSSL_PARAM_BLD_free(bld);
f54a4101
RL		 2149 BN_free(n);
2150 BN_free(e);
2151 BN_free(d);
2152
2153 return ret;
2154}
2155
b4be6937
MC		 2156#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2157static int test_decrypt_null_chunks(void)
2158{
2159 EVP_CIPHER_CTX* ctx = NULL;
062490db 2160 EVP_CIPHER *cipher = NULL;
b4be6937
MC		 2161 const unsigned char key[32] = {
2162 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2163 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2164 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2165 };
2166 unsigned char iv[12] = {
2167 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2168 };
2169 unsigned char msg[] = "It was the best of times, it was the worst of times";
2170 unsigned char ciphertext[80];
2171 unsigned char plaintext[80];
2172 /* We initialise tmp to a non zero value on purpose */
2173 int ctlen, ptlen, tmp = 99;
2174 int ret = 0;
2175 const int enc_offset = 10, dec_offset = 20;
2176
062490db
JS		 2177 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2178 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2179 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
b4be6937
MC		 2180 key, iv))
2181 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2182 enc_offset))
2183 /* Deliberate add a zero length update */
2184 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2185 0))
2186 || !TEST_int_eq(tmp, 0)
2187 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2188 msg + enc_offset,
2189 sizeof(msg) - enc_offset))
2190 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2191 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2192 || !TEST_int_eq(tmp, 0))
2193 goto err;
2194
2195 /* Deliberately initialise tmp to a non zero value */
2196 tmp = 99;
062490db 2197 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
b4be6937
MC		 2198 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2199 dec_offset))
2200 /*
2201 * Deliberately add a zero length update. We also deliberately do
2202 * this at a different offset than for encryption.
2203 */
2204 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2205 0))
2206 || !TEST_int_eq(tmp, 0)
2207 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2208 ciphertext + dec_offset,
2209 ctlen - dec_offset))
2210 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2211 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2212 || !TEST_int_eq(tmp, 0)
2213 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2214 goto err;
2215
2216 ret = 1;
2217 err:
2218 EVP_CIPHER_CTX_free(ctx);
062490db 2219 EVP_CIPHER_free(cipher);
b4be6937
MC		 2220 return ret;
2221}
2222#endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2223
2c04b341
JS		 2224#ifndef OPENSSL_NO_DH
2225/*
8a9394c1 2226 * Test combinations of private, public, missing and private + public key
2c04b341
JS		 2227 * params to ensure they are all accepted
2228 */
2229static int test_DH_priv_pub(void)
2230{
2231 return test_EVP_PKEY_ffc_priv_pub("DH");
2232}
2233
2234# ifndef OPENSSL_NO_DEPRECATED_3_0
e295de1d
MC		 2235static int test_EVP_PKEY_set1_DH(void)
2236{
ca2bf555
SL		 2237 DH *x942dh = NULL, *noqdh = NULL;
2238 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
e295de1d 2239 int ret = 0;
ca2bf555
SL		 2240 BIGNUM *p, *g = NULL;
2241
2242 if (!TEST_ptr(p = BN_new())
2243 || !TEST_ptr(g = BN_new())
2244 || !BN_set_word(p, 9999)
2245 || !BN_set_word(g, 2)
2246 || !TEST_ptr(noqdh = DH_new())
2247 || !DH_set0_pqg(noqdh, p, NULL, g))
2248 goto err;
2249 p = g = NULL;
e295de1d
MC		 2250
2251 x942dh = DH_get_2048_256();
e295de1d
MC		 2252 pkey1 = EVP_PKEY_new();
2253 pkey2 = EVP_PKEY_new();
2254 if (!TEST_ptr(x942dh)
ca2bf555 2255 || !TEST_ptr(noqdh)
e295de1d
MC		 2256 || !TEST_ptr(pkey1)
2257 || !TEST_ptr(pkey2))
2258 goto err;
2259
2260 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2261 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
2262 goto err;
2263
ca2bf555 2264 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
e295de1d
MC		 2265 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
2266 goto err;
2267
2268 ret = 1;
2269 err:
ca2bf555
SL		 2270 BN_free(p);
2271 BN_free(g);
e295de1d
MC		 2272 EVP_PKEY_free(pkey1);
2273 EVP_PKEY_free(pkey2);
2274 DH_free(x942dh);
ca2bf555 2275 DH_free(noqdh);
e295de1d
MC		 2276
2277 return ret;
2278}
2c04b341
JS		 2279# endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2280#endif /* !OPENSSL_NO_DH */
e295de1d 2281
8a5cb596
RL		 2282/*
2283 * We test what happens with an empty template. For the sake of this test,
2284 * the template must be ignored, and we know that's the case for RSA keys
2285 * (this might arguably be a misfeature, but that's what we currently do,
2286 * even in provider code, since that's how the legacy RSA implementation
2287 * does things)
2288 */
2289static int test_keygen_with_empty_template(int n)
2290{
2291 EVP_PKEY_CTX *ctx = NULL;
2292 EVP_PKEY *pkey = NULL;
2293 EVP_PKEY *tkey = NULL;
2294 int ret = 0;
2295
062490db
JS		 2296 if (nullprov != NULL)
2297 return TEST_skip("Test does not support a non-default library context");
2298
8a5cb596
RL		 2299 switch (n) {
2300 case 0:
2301 /* We do test with no template at all as well */
2302 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2303 goto err;
2304 break;
2305 case 1:
2306 /* Here we create an empty RSA key that serves as our template */
2307 if (!TEST_ptr(tkey = EVP_PKEY_new())
2308 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2309 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2310 goto err;
2311 break;
2312 }
2313
2314 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2315 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2316 goto err;
2317
2318 ret = 1;
2319 err:
2320 EVP_PKEY_CTX_free(ctx);
2321 EVP_PKEY_free(pkey);
2322 EVP_PKEY_free(tkey);
2323 return ret;
2324}
2325
5ddec6a7
MC		 2326/*
2327 * Test that we fail if we attempt to use an algorithm that is not available
08497fc6
RL		 2328 * in the current library context (unless we are using an algorithm that
2329 * should be made available via legacy codepaths).
2330 *
2331 * 0: RSA
2332 * 1: SM2
5ddec6a7
MC		 2333 */
2334static int test_pkey_ctx_fail_without_provider(int tst)
2335{
b4250010 2336 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
062490db 2337 OSSL_PROVIDER *tmpnullprov = NULL;
5ddec6a7 2338 EVP_PKEY_CTX *pctx = NULL;
08497fc6
RL		 2339 const char *keytype = NULL;
2340 int expect_null = 0;
5ddec6a7
MC		 2341 int ret = 0;
2342
2343 if (!TEST_ptr(tmpctx))
2344 goto err;
2345
062490db
JS		 2346 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
2347 if (!TEST_ptr(tmpnullprov))
5ddec6a7
MC		 2348 goto err;
2349
5ddec6a7 2350 /*
08497fc6
RL		 2351 * We check for certain algos in the null provider.
2352 * If an algo is expected to have a provider keymgmt, contructing an
2353 * EVP_PKEY_CTX is expected to fail (return NULL).
2354 * Otherwise, if it's expected to have legacy support, contructing an
2355 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
5ddec6a7 2356 */
08497fc6
RL		 2357 switch (tst) {
2358 case 0:
2359 keytype = "RSA";
2360 expect_null = 1;
2361 break;
2362 case 1:
2363 keytype = "SM2";
d0b79f86 2364 expect_null = 1;
08497fc6
RL		 2365#ifdef OPENSSL_NO_EC
2366 TEST_info("EC disable, skipping SM2 check...");
2367 goto end;
2368#endif
2369#ifdef OPENSSL_NO_SM2
2370 TEST_info("SM2 disable, skipping SM2 check...");
2371 goto end;
2372#endif
2373 break;
2374 default:
2375 TEST_error("No test for case %d", tst);
2376 goto err;
2377 }
2378
2379 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2380 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
5ddec6a7
MC		 2381 goto err;
2382
08497fc6
RL		 2383#if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2384 end:
2385#endif
5ddec6a7
MC		 2386 ret = 1;
2387
2388 err:
2389 EVP_PKEY_CTX_free(pctx);
062490db 2390 OSSL_PROVIDER_unload(tmpnullprov);
b4250010 2391 OSSL_LIB_CTX_free(tmpctx);
5ddec6a7
MC		 2392 return ret;
2393}
2394
1c19ff3c
P		 2395static int test_rand_agglomeration(void)
2396{
2397 EVP_RAND *rand;
2398 EVP_RAND_CTX *ctx;
2399 OSSL_PARAM params[3], *p = params;
2400 int res;
2401 unsigned int step = 7;
2402 static unsigned char seed[] = "It does not matter how slowly you go "
2403 "as long as you do not stop.";
2404 unsigned char out[sizeof(seed)];
2405
2406 if (!TEST_int_ne(sizeof(seed) % step, 0)
062490db 2407 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
1c19ff3c
P		 2408 return 0;
2409 ctx = EVP_RAND_CTX_new(rand, NULL);
2410 EVP_RAND_free(rand);
2411 if (!TEST_ptr(ctx))
2412 return 0;
2413
2414 memset(out, 0, sizeof(out));
2415 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2416 seed, sizeof(seed));
0d4460d2 2417 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
1c19ff3c
P		 2418 *p = OSSL_PARAM_construct_end();
2419 res = TEST_true(EVP_RAND_set_ctx_params(ctx, params))
2420 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
2421 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
2422 EVP_RAND_CTX_free(ctx);
2423 return res;
2424}
2425
440b852a
BK		 2426/*
2427 * Test that we correctly return the original or "running" IV after
2428 * an encryption operation.
2429 * Run multiple times for some different relevant algorithms/modes.
2430 */
2431static int test_evp_iv(int idx)
2432{
2433 int ret = 0;
2434 EVP_CIPHER_CTX *ctx = NULL;
2435 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2436 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2437 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
2438 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2439 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2440 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2441 9, 10, 11, 12, 13, 14, 15, 16 };
2442 unsigned char ciphertext[32], oiv[16], iv[16];
2443 unsigned char *ref_iv;
2444 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2445 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2446
2447 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2448 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2449 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2450 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2451 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2452#ifndef OPENSSL_NO_OCB
2453 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2454 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2455#endif
2456 int len = sizeof(ciphertext);
2457 size_t ivlen, ref_len;
2458 const EVP_CIPHER *type = NULL;
2459
062490db
JS		 2460 if (nullprov != NULL && idx < 5)
2461 return TEST_skip("Test does not support a non-default library context");
2462
440b852a
BK		 2463 switch(idx) {
2464 case 0:
2465 type = EVP_aes_128_cbc();
2466 /* FALLTHROUGH */
2467 case 5:
2468 type = (type != NULL) ? type :
062490db 2469 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
440b852a
BK		 2470 ref_iv = cbc_state;
2471 ref_len = sizeof(cbc_state);
2472 break;
2473 case 1:
2474 type = EVP_aes_128_ofb();
2475 /* FALLTHROUGH */
2476 case 6:
2477 type = (type != NULL) ? type :
062490db 2478 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
440b852a
BK		 2479 ref_iv = ofb_state;
2480 ref_len = sizeof(ofb_state);
2481 break;
2482 case 2:
2483 type = EVP_aes_128_gcm();
2484 /* FALLTHROUGH */
2485 case 7:
2486 type = (type != NULL) ? type :
062490db 2487 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
440b852a
BK		 2488 ref_iv = gcm_state;
2489 ref_len = sizeof(gcm_state);
2490 break;
2491 case 3:
2492 type = EVP_aes_128_ccm();
2493 /* FALLTHROUGH */
2494 case 8:
2495 type = (type != NULL) ? type :
062490db 2496 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
440b852a
BK		 2497 ref_iv = ccm_state;
2498 ref_len = sizeof(ccm_state);
2499 break;
2500#ifdef OPENSSL_NO_OCB
2501 case 4:
2502 case 9:
2503 return 1;
2504#else
2505 case 4:
2506 type = EVP_aes_128_ocb();
2507 /* FALLTHROUGH */
2508 case 9:
2509 type = (type != NULL) ? type :
062490db 2510 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
440b852a
BK		 2511 ref_iv = ocb_state;
2512 ref_len = sizeof(ocb_state);
2513 break;
2514#endif
2515 default:
2516 return 0;
2517 }
2518
2519 if (!TEST_ptr(type)
2520 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2521 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2522 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2523 (int)sizeof(msg)))
0d83b7b9
TM		 2524 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2525 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
440b852a
BK		 2526 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2527 goto err;
2528 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
2529 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2530 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2531 goto err;
2532
2533 ret = 1;
2534err:
2535 EVP_CIPHER_CTX_free(ctx);
2536 if (idx >= 5)
2537 EVP_CIPHER_free((EVP_CIPHER *)type);
2538 return ret;
2539}
2540
c0ff1932
BK		 2541#ifndef OPENSSL_NO_EC
2542static int ecpub_nids[] = { NID_brainpoolP256r1, NID_X9_62_prime256v1,
2543 NID_secp384r1, NID_secp521r1, NID_sect233k1, NID_sect233r1, NID_sect283r1,
2544 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
2545 NID_brainpoolP384r1, NID_brainpoolP512r1};
2546
2547static int test_ecpub(int idx)
2548{
ad7cb0bf 2549 int ret = 0, len, savelen;
c0ff1932
BK		 2550 int nid;
2551 unsigned char buf[1024];
2552 unsigned char *p;
2553 EVP_PKEY *pkey = NULL;
2554 EVP_PKEY_CTX *ctx = NULL;
3d364726
BK		 2555# ifndef OPENSSL_NO_DEPRECATED_3_0
2556 const unsigned char *q;
2557 EVP_PKEY *pkey2 = NULL;
2558 EC_KEY *ec = NULL;
2559# endif
c0ff1932 2560
062490db
JS		 2561 if (nullprov != NULL)
2562 return TEST_skip("Test does not support a non-default library context");
2563
c0ff1932
BK		 2564 nid = ecpub_nids[idx];
2565
2566 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
2567 if (!TEST_ptr(ctx)
2568 || !TEST_true(EVP_PKEY_keygen_init(ctx))
2569 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid))
2570 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
2571 goto done;
2572 len = i2d_PublicKey(pkey, NULL);
ad7cb0bf 2573 savelen = len;
c0ff1932
BK		 2574 if (!TEST_int_ge(len, 1)
2575 || !TEST_int_lt(len, 1024))
2576 goto done;
2577 p = buf;
2578 len = i2d_PublicKey(pkey, &p);
ad7cb0bf
BK		 2579 if (!TEST_int_ge(len, 1)
2580 || !TEST_int_eq(len, savelen))
c0ff1932
BK		 2581 goto done;
2582
3d364726
BK		 2583# ifndef OPENSSL_NO_DEPRECATED_3_0
2584 /* Now try to decode the just-created DER. */
2585 q = buf;
2586 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
2587 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
2588 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
2589 goto done;
2590 /* EC_KEY ownership transferred */
2591 ec = NULL;
2592 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
2593 goto done;
2594 /* The keys should match. */
2595 if (!TEST_int_eq(EVP_PKEY_cmp(pkey, pkey2), 1))
2596 goto done;
2597# endif
2598
c0ff1932
BK		 2599 ret = 1;
2600
2601 done:
2602 EVP_PKEY_CTX_free(ctx);
2603 EVP_PKEY_free(pkey);
3d364726
BK		 2604# ifndef OPENSSL_NO_DEPRECATED_3_0
2605 EVP_PKEY_free(pkey2);
2606 EC_KEY_free(ec);
2607# endif
c0ff1932
BK		 2608 return ret;
2609}
2610#endif
2611
e947a064
DB		 2612static int test_EVP_rsa_pss_with_keygen_bits(void)
2613{
062490db
JS		 2614 int ret = 0;
2615 EVP_PKEY_CTX *ctx = NULL;
2616 EVP_PKEY *pkey = NULL;
2617 EVP_MD *md;
e947a064 2618
062490db
JS		 2619 md = EVP_MD_fetch(testctx, "sha256", testpropq);
2620 ret = TEST_ptr(md)
2621 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", testpropq)))
e947a064
DB		 2622 && TEST_true(EVP_PKEY_keygen_init(ctx))
2623 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
2624 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
2625 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
2626
062490db 2627 EVP_MD_free(md);
e947a064
DB		 2628 EVP_PKEY_free(pkey);
2629 EVP_PKEY_CTX_free(ctx);
e947a064
DB		 2630 return ret;
2631}
2632
5eb73cfb
MC		 2633static int success = 1;
2634static void md_names(const char *name, void *vctx)
2635{
2636 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
2637 /* Force a namemap update */
2638 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
2639
2640 if (!TEST_ptr(aes128))
2641 success = 0;
2642
2643 EVP_CIPHER_free(aes128);
2644}
2645
2646/*
2647 * Test that changing the namemap in a user callback works in a names_do_all
2648 * function.
2649 */
2650static int test_names_do_all(void)
2651{
2652 /* We use a custom libctx so that we know the state of the namemap */
2653 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
2654 EVP_MD *sha256 = NULL;
2655 int testresult = 0;
2656
2657 if (!TEST_ptr(ctx))
2658 goto err;
2659
2660 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
2661 if (!TEST_ptr(sha256))
2662 goto err;
2663
2664 /*
2665 * We loop through all the names for a given digest. This should still work
2666 * even if the namemap changes part way through.
2667 */
2668 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
2669 goto err;
2670
2671 if (!TEST_true(success))
2672 goto err;
2673
2674 testresult = 1;
2675 err:
2676 EVP_MD_free(sha256);
2677 OSSL_LIB_CTX_free(ctx);
2678 return testresult;
2679}
e947a064 2680
062490db
JS		 2681typedef enum OPTION_choice {
2682 OPT_ERR = -1,
2683 OPT_EOF = 0,
2684 OPT_CONTEXT,
2685 OPT_TEST_ENUM
2686} OPTION_CHOICE;
2687
2688const OPTIONS *test_get_options(void)
71ea6b48 2689{
062490db
JS		 2690 static const OPTIONS options[] = {
2691 OPT_TEST_OPTIONS_DEFAULT_USAGE,
2692 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
2693 { NULL }
2694 };
2695 return options;
2696}
86dc26ba 2697
062490db
JS		 2698int setup_tests(void)
2699{
2700 OPTION_CHOICE o;
2701
2702 while ((o = opt_next()) != OPT_EOF) {
2703 switch (o) {
2704 case OPT_CONTEXT:
2705 /* Set up an alternate library context */
2706 testctx = OSSL_LIB_CTX_new();
2707 if (!TEST_ptr(testctx))
2708 return 0;
2709 /* Swap the libctx to test non-default context only */
2710 nullprov = OSSL_PROVIDER_load(NULL, "null");
2711 deflprov = OSSL_PROVIDER_load(testctx, "default");
2712 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
2713 break;
2714 case OPT_TEST_CASES:
2715 break;
2716 default:
2717 return 0;
2718 }
2719 }
86dc26ba 2720
f9e504e8 2721 ADD_TEST(test_EVP_set_default_properties);
6d242fa5 2722 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
adcd8e37 2723 ADD_TEST(test_EVP_DigestVerifyInit);
8d8dd09b 2724 ADD_TEST(test_EVP_Digest);
2eb2b4f3 2725 ADD_TEST(test_EVP_Enveloped);
ad887416 2726 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
29c49b25 2727 ADD_TEST(test_privatekey_to_pkcs8);
a9880362 2728#ifndef OPENSSL_NO_EC
adcd8e37 2729 ADD_TEST(test_EVP_PKCS82PKEY);
ddb634fe 2730#endif
f0c62c53
RL		 2731#ifndef OPENSSL_NO_EC
2732 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
2733#endif
f844f9eb 2734#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
ddb634fe 2735 ADD_TEST(test_EVP_SM2);
a6c4cb84 2736 ADD_TEST(test_EVP_SM2_verify);
a9880362 2737#endif
bb5f281a 2738 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
41bbba53 2739#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3
PY		 2740 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
2741 if (!TEST_ptr(custom_pmeth))
2742 return 0;
2743 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
b0004708
PY		 2744 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
2745 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
2aee35d3
PY		 2746 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
2747 return 0;
41bbba53 2748#endif
2aee35d3 2749 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
fab8fde3 2750#ifndef OPENSSL_NO_CMAC
a87820e1 2751 ADD_TEST(test_CMAC_keygen);
fab8fde3 2752#endif
10d5b415 2753 ADD_TEST(test_HKDF);
2cd3ebc7 2754 ADD_TEST(test_emptyikm_HKDF);
5dc40a83
BE		 2755#ifndef OPENSSL_NO_EC
2756 ADD_TEST(test_X509_PUBKEY_inplace);
808c63c5 2757 ADD_TEST(test_X509_PUBKEY_dup);
cad8347b
SL		 2758 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
2759 OSSL_NELEM(ec_der_pub_keys));
5dc40a83 2760#endif
8d0f8c81 2761#ifndef OPENSSL_NO_DSA
f54a4101 2762 ADD_TEST(test_DSA_get_set_params);
2c04b341 2763 ADD_TEST(test_DSA_priv_pub);
b4be6937 2764#endif
f54a4101 2765 ADD_TEST(test_RSA_get_set_params);
b4be6937
MC		 2766#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2767 ADD_TEST(test_decrypt_null_chunks);
8d0f8c81 2768#endif
2c04b341
JS		 2769#ifndef OPENSSL_NO_DH
2770 ADD_TEST(test_DH_priv_pub);
2771# ifndef OPENSSL_NO_DEPRECATED_3_0
e295de1d 2772 ADD_TEST(test_EVP_PKEY_set1_DH);
2c04b341 2773# endif
b8a1272d
MC		 2774#endif
2775#ifndef OPENSSL_NO_EC
2776 ADD_TEST(test_EC_priv_pub);
2777# ifndef OPENSSL_NO_DEPRECATED_3_0
2778 ADD_TEST(test_EC_priv_only_legacy);
2779# endif
501fcfb8 2780#endif
8a5cb596 2781 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
5ddec6a7 2782 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
e295de1d 2783
1c19ff3c 2784 ADD_TEST(test_rand_agglomeration);
440b852a 2785 ADD_ALL_TESTS(test_evp_iv, 10);
e947a064 2786 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
c0ff1932
BK		 2787#ifndef OPENSSL_NO_EC
2788 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
2789#endif
1c19ff3c 2790
5eb73cfb
MC		 2791 ADD_TEST(test_names_do_all);
2792
ad887416 2793 return 1;
71ea6b48 2794}
86dc26ba
MC		 2795
2796void cleanup_tests(void)
2797{
062490db
JS		 2798 OSSL_PROVIDER_unload(nullprov);
2799 OSSL_PROVIDER_unload(deflprov);
2800 OSSL_PROVIDER_unload(lgcyprov);
b4250010 2801 OSSL_LIB_CTX_free(testctx);
86dc26ba 2802}
A mirror of the official openssl repository