]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/evp_extra_test.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Check for private key existence before calling eddsa sign functions
[thirdparty/openssl.git] / test / evp_extra_test.c
CommitLineData
440e5d80 1/*
fecb3aae 2 * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
71ea6b48 3 *
909f1a2e 4 * Licensed under the Apache License 2.0 (the "License"). You may not use
440e5d80
RS		 5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
71ea6b48
MC		 8 */
9
41bbba53
P		 10/* We need to use some deprecated APIs */
11#define OPENSSL_SUPPRESS_DEPRECATED
12
71ea6b48
MC		 13#include <stdio.h>
14#include <stdlib.h>
bb5f281a 15#include <string.h>
71ea6b48 16#include <openssl/bio.h>
7bb82f92 17#include <openssl/conf.h>
71ea6b48
MC		 18#include <openssl/crypto.h>
19#include <openssl/err.h>
20#include <openssl/evp.h>
71ea6b48 21#include <openssl/x509.h>
4803717f 22#include <openssl/pem.h>
10d5b415 23#include <openssl/kdf.h>
847d0f81 24#include <openssl/provider.h>
9c45222d 25#include <openssl/core_names.h>
f54a4101 26#include <openssl/params.h>
d7e498ac 27#include <openssl/param_build.h>
9c45222d 28#include <openssl/dsa.h>
e295de1d 29#include <openssl/dh.h>
e5bc0ce2 30#include <openssl/aes.h>
d7e498ac 31#include <openssl/decoder.h>
e947a064 32#include <openssl/rsa.h>
0299094c 33#include <openssl/engine.h>
f5a10d5c 34#include <openssl/proverr.h>
adcd8e37 35#include "testutil.h"
176db6dc 36#include "internal/nelem.h"
00bc1ad9 37#include "internal/sizes.h"
25f2138b 38#include "crypto/evp.h"
71ea6b48 39
b4250010 40static OSSL_LIB_CTX *testctx = NULL;
062490db
JS		 41static char *testpropq = NULL;
42
43static OSSL_PROVIDER *nullprov = NULL;
44static OSSL_PROVIDER *deflprov = NULL;
45static OSSL_PROVIDER *lgcyprov = NULL;
86dc26ba 46
71ea6b48
MC		 47/*
48 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
49 * should never use this key anywhere but in an example.
50 */
51static const unsigned char kExampleRSAKeyDER[] = {
52 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
53 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
54 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
55 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
56 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
57 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
58 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
59 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
60 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
61 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
62 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
63 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
64 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
65 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
66 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
67 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
68 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
69 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
70 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
71 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
72 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
73 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
74 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
75 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
76 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
77 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
78 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
79 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
80 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
81 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
82 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
83 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
84 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
85 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
86 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
87 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
88 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
89 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
90 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
91 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
92 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
93 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
94 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
95 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
96 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
97 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
98 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
99 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
100 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
101 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
102 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
103};
104
59d0e6c8
MC		 105/*
106* kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
107 * should never use this key anywhere but in an example.
108 */
f650ab47 109#ifndef OPENSSL_NO_DSA
59d0e6c8
MC		 110static const unsigned char kExampleDSAKeyDER[] = {
111 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
112 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
113 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
114 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
115 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
116 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
117 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
118 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
119 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
120 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
121 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
122 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
123 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
124 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
125 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
126 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
127 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
128 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
129 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
130 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
131 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
132 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
133 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
134 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
135 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
136 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
137 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
138 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
139 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
140 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
141 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
142 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
143 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
144 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
145 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
146 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
147 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
148 0x40, 0x48
149};
f650ab47 150#endif
59d0e6c8 151
2aee35d3
PY		 152/*
153 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
154 * components are not correct.
155 */
156static const unsigned char kExampleBadRSAKeyDER[] = {
157 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
158 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
159 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
160 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
161 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
162 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
163 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
164 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
165 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
166 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
167 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
168 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
169 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
170 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
171 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
172 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
173 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
174 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
175 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
176 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
177 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
178 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
179 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
180 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
181 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
182 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
183 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
184 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
185 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
186 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
187 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
188 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
189 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
190 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
191 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
192 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
193 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
194 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
195 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
196 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
197 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
198 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
199 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
200 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
201 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
202 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
203 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
204 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
205 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
206 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
207 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
208 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
209 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
210 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
211 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
212 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
213 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
214 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
215 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
216 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
217 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
218 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
219 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
220 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
221 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
222 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
223 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
224 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
225 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
226 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
227 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
228 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
229 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
230 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
231 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
232 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
233 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
234 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
235 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
236 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
237 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
238 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
239 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
240 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
241 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
242 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
243 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
244 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
245 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
246};
247
995eccb6
MC		 248/*
249 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All
250 * values are 0.
251 */
252static const unsigned char kExampleBad2RSAKeyDER[] = {
253 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
254 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
255 0x01, 0x00, 0x02, 0x01, 0x00
256};
257
71ea6b48
MC		 258static const unsigned char kMsg[] = { 1, 2, 3, 4 };
259
260static const unsigned char kSignature[] = {
261 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
262 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
263 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
264 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
265 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
266 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
267 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
268 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
269 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
270 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
271 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
272};
273
274/*
275 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
276 * PrivateKeyInfo.
277 */
278static const unsigned char kExampleRSAKeyPKCS8[] = {
279 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
280 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
281 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
282 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
283 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
284 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
285 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
286 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
287 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
288 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
289 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
290 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
291 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
292 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
293 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
294 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
295 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
296 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
297 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
298 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
299 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
300 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
301 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
302 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
303 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
304 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
305 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
306 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
307 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
308 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
309 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
310 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
311 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
312 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
313 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
314 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
315 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
316 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
317 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
318 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
319 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
320 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
321 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
322 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
323 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
324 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
325 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
326 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
327 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
328 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
329 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
330 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
331 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
332};
333
a9880362 334#ifndef OPENSSL_NO_EC
71ea6b48
MC		 335/*
336 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
337 * structure.
338 */
339static const unsigned char kExampleECKeyDER[] = {
340 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
341 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
342 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
343 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
344 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
345 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
346 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
347 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
348 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
349 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
350 0xc1,
351};
352
353/*
354 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
355 * structure. The private key is equal to the order and will fail to import
356 */
357static const unsigned char kExampleBadECKeyDER[] = {
358 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
359 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
360 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
361 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
362 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
363 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
364 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
365 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
366 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
367};
b0004708
PY		 368
369/* prime256v1 */
370static const unsigned char kExampleECPubKeyDER[] = {
371 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
372 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
373 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
374 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
375 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
376 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
377 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
378 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
379};
380
5dc40a83 381/*
87762939 382 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
5dc40a83
BE		 383 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
384 */
385static const unsigned char kExampleBadECPubKeyDER[] = {
386 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
387 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
388 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
389 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
390 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
391 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
392 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
393 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
394};
395
b0004708
PY		 396static const unsigned char pExampleECParamDER[] = {
397 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
398};
2cf8bb46
MC		 399
400static const unsigned char kExampleED25519KeyDER[] = {
401 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
402 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
403 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
404 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
405};
406
407static const unsigned char kExampleED25519PubKeyDER[] = {
408 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
409 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
410 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
411 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
412};
413
a983764e
MC		 414# ifndef OPENSSL_NO_DEPRECATED_3_0
415static const unsigned char kExampleX25519KeyDER[] = {
416 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
417 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
418 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
419 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
420};
421# endif
422#endif
423
424/* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
425#ifndef OPENSSL_NO_DEPRECATED_3_0
426# ifndef OPENSSL_NO_DH
427static const unsigned char kExampleDHKeyDER[] = {
428 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
429 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
430 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
431 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
432 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
433 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
434 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
435 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
436 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
437 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
438 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
439 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
440 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
441 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
442 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
443 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
444 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
445 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
446 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
447 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
448 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
449 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
450 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
451 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
452 0x2e, 0x87, 0x2a, 0x0b, 0x7a
453};
454# endif
a9880362 455#endif
71ea6b48 456
063e0197
JC		 457static const unsigned char kCFBDefaultKey[] = {
458 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
459 0x09, 0xCF, 0x4F, 0x3C
460};
461
462static const unsigned char kGCMDefaultKey[32] = { 0 };
463
464static const unsigned char kGCMResetKey[] = {
465 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
466 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
467 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
468};
469
470static const unsigned char iCFBIV[] = {
471 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
472 0x0C, 0x0D, 0x0E, 0x0F
473};
474
475static const unsigned char iGCMDefaultIV[12] = { 0 };
476
477static const unsigned char iGCMResetIV1[] = {
478 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
479};
480
481static const unsigned char iGCMResetIV2[] = {
482 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
483};
484
485static const unsigned char cfbPlaintext[] = {
486 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
487 0x73, 0x93, 0x17, 0x2A
488};
489
490static const unsigned char gcmDefaultPlaintext[16] = { 0 };
491
492static const unsigned char gcmResetPlaintext[] = {
493 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
494 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
495 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
496 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
497 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
498};
499
500static const unsigned char cfbCiphertext[] = {
501 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
502 0xE8, 0x3C, 0xFB, 0x4A
503};
504
505static const unsigned char gcmDefaultCiphertext[] = {
506 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
507 0xba, 0xf3, 0x9d, 0x18
508};
509
510static const unsigned char gcmResetCiphertext1[] = {
511 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
512 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
513 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
514 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
515 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
516};
517
518static const unsigned char gcmResetCiphertext2[] = {
519 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
520 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
521 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
522 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
523 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
524};
525
526static const unsigned char gcmAAD[] = {
527 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
528 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
529};
530
531static const unsigned char gcmDefaultTag[] = {
532 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
533 0xd4, 0x8a, 0xb9, 0x19
534};
535
536static const unsigned char gcmResetTag1[] = {
537 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
538 0xfe, 0x2e, 0xa8, 0xf2
539};
540
541static const unsigned char gcmResetTag2[] = {
542 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
543 0xbb, 0x2d, 0x55, 0x1b
544};
545
adcd8e37
RS		 546typedef struct APK_DATA_st {
547 const unsigned char *kder;
548 size_t size;
5b5eea4b 549 const char *keytype;
adcd8e37 550 int evptype;
2aee35d3 551 int check;
b0004708
PY		 552 int pub_check;
553 int param_check;
554 int type; /* 0 for private, 1 for public, 2 for params */
adcd8e37
RS		 555} APK_DATA;
556
557static APK_DATA keydata[] = {
5b5eea4b
SL		 558 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
559 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
aa24cd1b 560#ifndef OPENSSL_NO_EC
5b5eea4b 561 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
aa24cd1b 562#endif
adcd8e37
RS		 563};
564
2aee35d3 565static APK_DATA keycheckdata[] = {
2cf8bb46
MC		 566 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
567 0},
5b5eea4b 568 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
e6774a72 569 0, 1, 1, 0},
995eccb6
MC		 570 {kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA,
571 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0},
2aee35d3 572#ifndef OPENSSL_NO_EC
5b5eea4b 573 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
b0004708 574 /* group is also associated in our pub key */
2cf8bb46
MC		 575 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
576 1, 1},
577 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
578 2},
579 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
580 EVP_PKEY_ED25519, 1, 1, 1, 0},
581 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
582 EVP_PKEY_ED25519, 0, 1, 1, 1},
2aee35d3
PY		 583#endif
584};
585
d7e498ac
RL		 586static EVP_PKEY *load_example_key(const char *keytype,
587 const unsigned char *data, size_t data_len)
71ea6b48 588{
d7e498ac 589 const unsigned char **pdata = &data;
71ea6b48 590 EVP_PKEY *pkey = NULL;
d7e498ac 591 OSSL_DECODER_CTX *dctx =
fe75766c 592 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
062490db 593 testctx, testpropq);
71ea6b48 594
d7e498ac
RL		 595 /* |pkey| will be NULL on error */
596 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
597 OSSL_DECODER_CTX_free(dctx);
598 return pkey;
599}
71ea6b48 600
d7e498ac
RL		 601static EVP_PKEY *load_example_rsa_key(void)
602{
603 return load_example_key("RSA", kExampleRSAKeyDER,
604 sizeof(kExampleRSAKeyDER));
71ea6b48
MC		 605}
606
f650ab47 607#ifndef OPENSSL_NO_DSA
59d0e6c8
MC		 608static EVP_PKEY *load_example_dsa_key(void)
609{
6ed4022c
RL		 610 return load_example_key("DSA", kExampleDSAKeyDER,
611 sizeof(kExampleDSAKeyDER));
59d0e6c8 612}
f650ab47 613#endif
59d0e6c8 614
15ff7d7c
MC		 615#ifndef OPENSSL_NO_EC
616static EVP_PKEY *load_example_ec_key(void)
617{
618 return load_example_key("EC", kExampleECKeyDER,
619 sizeof(kExampleECKeyDER));
620}
621#endif
622
a983764e
MC		 623#ifndef OPENSSL_NO_DEPRECATED_3_0
624# ifndef OPENSSL_NO_DH
625static EVP_PKEY *load_example_dh_key(void)
626{
627 return load_example_key("DH", kExampleDHKeyDER,
628 sizeof(kExampleDHKeyDER));
629}
630# endif
631
632# ifndef OPENSSL_NO_EC
a983764e
MC		 633static EVP_PKEY *load_example_ed25519_key(void)
634{
635 return load_example_key("ED25519", kExampleED25519KeyDER,
636 sizeof(kExampleED25519KeyDER));
637}
638
639static EVP_PKEY *load_example_x25519_key(void)
640{
641 return load_example_key("X25519", kExampleX25519KeyDER,
642 sizeof(kExampleX25519KeyDER));
643}
644# endif
645#endif /* OPENSSL_NO_DEPRECATED_3_0 */
646
6d242fa5
MC		 647static EVP_PKEY *load_example_hmac_key(void)
648{
649 EVP_PKEY *pkey = NULL;
650 unsigned char key[] = {
651 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
652 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
653 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
654 };
655
5af6e154
TM		 656 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
657 NULL, key, sizeof(key));
6d242fa5
MC		 658 if (!TEST_ptr(pkey))
659 return NULL;
660
661 return pkey;
662}
663
f9e504e8
P		 664static int test_EVP_set_default_properties(void)
665{
b4250010 666 OSSL_LIB_CTX *ctx;
f9e504e8
P		 667 EVP_MD *md = NULL;
668 int res = 0;
669
b4250010 670 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
f9e504e8
P		 671 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
672 goto err;
673 EVP_MD_free(md);
674 md = NULL;
675
676 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
677 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
678 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
679 goto err;
680 EVP_MD_free(md);
681 md = NULL;
682
683 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
684 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
685 goto err;
686 res = 1;
687err:
688 EVP_MD_free(md);
b4250010 689 OSSL_LIB_CTX_free(ctx);
f9e504e8
P		 690 return res;
691}
692
b8a1272d 693#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
5fbe15fd 694static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
b8a1272d
MC		 695{
696 EVP_PKEY_CTX *pctx = NULL;
5fbe15fd 697 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL;
b8a1272d 698
062490db 699 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
b8a1272d 700 goto err;
2db985b7 701 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
5fbe15fd 702 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
2db985b7 703 params), 0))
b8a1272d
MC		 704 goto err;
705
5fbe15fd 706 if (!TEST_ptr(tmp_pkey))
b8a1272d
MC		 707 goto err;
708
5fbe15fd
RL		 709 pkey = tmp_pkey;
710 tmp_pkey = NULL;
711 err:
712 EVP_PKEY_free(tmp_pkey);
713 EVP_PKEY_CTX_free(pctx);
714 return pkey;
715}
716
717static int test_selection(EVP_PKEY *pkey, int selection)
718{
719 int testresult = 0;
720 int ret;
721 BIO *bio = BIO_new(BIO_s_mem());
722
fd19fc4c
MC		 723 ret = PEM_write_bio_PUBKEY(bio, pkey);
724 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
725 if (!TEST_true(ret))
726 goto err;
727 } else {
728 if (!TEST_false(ret))
729 goto err;
730 }
731 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
732 testctx, NULL);
733 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
734 if (!TEST_true(ret))
735 goto err;
736 } else {
737 if (!TEST_false(ret))
738 goto err;
739 }
740
b8a1272d
MC		 741 testresult = 1;
742 err:
fd19fc4c 743 BIO_free(bio);
b8a1272d
MC		 744
745 return testresult;
746}
747#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
748
2c04b341 749/*
8a9394c1 750 * Test combinations of private, public, missing and private + public key
2c04b341
JS		 751 * params to ensure they are all accepted
752 */
b8a1272d 753#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
2c04b341
JS		 754static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
755{
756 OSSL_PARAM_BLD *bld = NULL;
757 OSSL_PARAM *params = NULL;
5fbe15fd
RL		 758 EVP_PKEY *just_params = NULL;
759 EVP_PKEY *params_and_priv = NULL;
760 EVP_PKEY *params_and_pub = NULL;
761 EVP_PKEY *params_and_keypair = NULL;
2c04b341 762 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2c04b341
JS		 763 int ret = 0;
764
765 /*
766 * Setup the parameters for our pkey object. For our purposes they don't
767 * have to actually be *valid* parameters. We just need to set something.
768 */
b8a1272d 769 if (!TEST_ptr(p = BN_new())
2c04b341
JS		 770 || !TEST_ptr(q = BN_new())
771 || !TEST_ptr(g = BN_new())
772 || !TEST_ptr(pub = BN_new())
773 || !TEST_ptr(priv = BN_new()))
774 goto err;
775
776 /* Test !priv and !pub */
777 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
778 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
779 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
780 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
781 goto err;
5fbe15fd
RL		 782 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
783 || !TEST_ptr(just_params = make_key_fromdata(keytype, params)))
2c04b341
JS		 784 goto err;
785
3f883c7c 786 OSSL_PARAM_free(params);
2c04b341 787 OSSL_PARAM_BLD_free(bld);
5fbe15fd
RL		 788 params = NULL;
789 bld = NULL;
790
791 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
792 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
793 goto err;
2c04b341
JS		 794
795 /* Test priv and !pub */
796 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
797 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
798 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
799 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
800 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
801 priv)))
802 goto err;
5fbe15fd
RL		 803 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
804 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params)))
2c04b341
JS		 805 goto err;
806
3f883c7c 807 OSSL_PARAM_free(params);
2c04b341 808 OSSL_PARAM_BLD_free(bld);
5fbe15fd
RL		 809 params = NULL;
810 bld = NULL;
811
812 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
813 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
814 goto err;
2c04b341
JS		 815
816 /* Test !priv and pub */
817 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
818 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
819 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
820 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
821 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
822 pub)))
823 goto err;
5fbe15fd
RL		 824 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
825 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params)))
2c04b341
JS		 826 goto err;
827
3f883c7c 828 OSSL_PARAM_free(params);
2c04b341 829 OSSL_PARAM_BLD_free(bld);
5fbe15fd
RL		 830 params = NULL;
831 bld = NULL;
832
833 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
834 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
835 goto err;
2c04b341
JS		 836
837 /* Test priv and pub */
838 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
839 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
840 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
841 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
842 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
843 pub))
844 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
845 priv)))
846 goto err;
5fbe15fd
RL		 847 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
848 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params)))
2c04b341
JS		 849 goto err;
850
5fbe15fd 851 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
2c04b341
JS		 852 goto err;
853
854 ret = 1;
855 err:
3f883c7c 856 OSSL_PARAM_free(params);
2c04b341 857 OSSL_PARAM_BLD_free(bld);
5fbe15fd
RL		 858 EVP_PKEY_free(just_params);
859 EVP_PKEY_free(params_and_priv);
860 EVP_PKEY_free(params_and_pub);
861 EVP_PKEY_free(params_and_keypair);
2c04b341
JS		 862 BN_free(p);
863 BN_free(q);
864 BN_free(g);
865 BN_free(pub);
866 BN_free(priv);
867
868 return ret;
869}
8a9394c1 870#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
2c04b341 871
b8a1272d
MC		 872/*
873 * Test combinations of private, public, missing and private + public key
874 * params to ensure they are all accepted for EC keys
875 */
876#ifndef OPENSSL_NO_EC
877static unsigned char ec_priv[] = {
878 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
879 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
880 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
881};
882static unsigned char ec_pub[] = {
883 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
884 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
885 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
886 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
887 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
888 0x08, 0x09, 0xb8, 0xdb, 0x03
889};
890
891static int test_EC_priv_pub(void)
892{
893 OSSL_PARAM_BLD *bld = NULL;
894 OSSL_PARAM *params = NULL;
5fbe15fd
RL		 895 EVP_PKEY *just_params = NULL;
896 EVP_PKEY *params_and_priv = NULL;
897 EVP_PKEY *params_and_pub = NULL;
898 EVP_PKEY *params_and_keypair = NULL;
b8a1272d
MC		 899 BIGNUM *priv = NULL;
900 int ret = 0;
3a1596f4 901 unsigned char *encoded = NULL;
b8a1272d
MC		 902
903 /*
904 * Setup the parameters for our pkey object. For our purposes they don't
905 * have to actually be *valid* parameters. We just need to set something.
906 */
907 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
908 goto err;
909
910 /* Test !priv and !pub */
911 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
912 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
913 OSSL_PKEY_PARAM_GROUP_NAME,
914 "P-256", 0)))
915 goto err;
5fbe15fd
RL		 916 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
917 || !TEST_ptr(just_params = make_key_fromdata("EC", params)))
b8a1272d
MC		 918 goto err;
919
3f883c7c 920 OSSL_PARAM_free(params);
b8a1272d 921 OSSL_PARAM_BLD_free(bld);
5fbe15fd
RL		 922 params = NULL;
923 bld = NULL;
924
925 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
926 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
927 goto err;
b8a1272d
MC		 928
929 /* Test priv and !pub */
930 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
931 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
932 OSSL_PKEY_PARAM_GROUP_NAME,
933 "P-256", 0))
934 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
935 priv)))
936 goto err;
5fbe15fd
RL		 937 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
938 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params)))
b8a1272d
MC		 939 goto err;
940
5fbe15fd
RL		 941 OSSL_PARAM_free(params);
942 OSSL_PARAM_BLD_free(bld);
943 params = NULL;
944 bld = NULL;
945
fd19fc4c 946 /*
5fbe15fd
RL		 947 * We indicate only parameters here, in spite of having built a key that
948 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
949 * expected to fail because it does not support exporting a private EC
950 * key without a corresponding public key
fd19fc4c 951 */
5fbe15fd
RL		 952 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
953 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
b8a1272d 954 goto err;
b8a1272d
MC		 955
956 /* Test !priv and pub */
957 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
958 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
959 OSSL_PKEY_PARAM_GROUP_NAME,
960 "P-256", 0))
961 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
962 OSSL_PKEY_PARAM_PUB_KEY,
963 ec_pub, sizeof(ec_pub))))
964 goto err;
5fbe15fd
RL		 965 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
966 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params)))
b8a1272d
MC		 967 goto err;
968
3f883c7c 969 OSSL_PARAM_free(params);
b8a1272d 970 OSSL_PARAM_BLD_free(bld);
5fbe15fd
RL		 971 params = NULL;
972 bld = NULL;
973
974 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
975 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
976 goto err;
b8a1272d
MC		 977
978 /* Test priv and pub */
979 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
980 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
981 OSSL_PKEY_PARAM_GROUP_NAME,
982 "P-256", 0))
983 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
984 OSSL_PKEY_PARAM_PUB_KEY,
985 ec_pub, sizeof(ec_pub)))
d36a5dd0
MC		 986 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
987 priv)))
b8a1272d 988 goto err;
5fbe15fd
RL		 989 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
990 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params)))
b8a1272d
MC		 991 goto err;
992
5fbe15fd 993 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
b8a1272d
MC		 994 goto err;
995
edc8566f
RL		 996 /* Try key equality */
997 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0)
998 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub),
999 0)
1000 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv),
1001 0)
1002 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair),
1003 0)
1004 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0)
1005 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0)
1006 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0)
1007 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0))
1008 goto err;
1009
3a1596f4
TM		 1010 /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */
1011 if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0))
1012 goto err;
1013 OPENSSL_free(encoded);
1014 encoded = NULL;
1015 if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) {
1016 OPENSSL_free(encoded);
1017 encoded = NULL;
1018 goto err;
1019 }
1020
b8a1272d
MC		 1021 ret = 1;
1022 err:
3f883c7c 1023 OSSL_PARAM_free(params);
b8a1272d 1024 OSSL_PARAM_BLD_free(bld);
5fbe15fd
RL		 1025 EVP_PKEY_free(just_params);
1026 EVP_PKEY_free(params_and_priv);
1027 EVP_PKEY_free(params_and_pub);
1028 EVP_PKEY_free(params_and_keypair);
b8a1272d
MC		 1029 BN_free(priv);
1030
1031 return ret;
1032}
1033
1034/* Test that using a legacy EC key with only a private key in it works */
1035# ifndef OPENSSL_NO_DEPRECATED_3_0
1036static int test_EC_priv_only_legacy(void)
1037{
1038 BIGNUM *priv = NULL;
1039 int ret = 0;
1040 EC_KEY *eckey = NULL;
2145ba5e 1041 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
b8a1272d
MC		 1042 EVP_MD_CTX *ctx = NULL;
1043
1044 /* Create the low level EC_KEY */
1045 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1046 goto err;
1047
1048 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1049 if (!TEST_ptr(eckey))
1050 goto err;
1051
1052 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1053 goto err;
1054
1055 pkey = EVP_PKEY_new();
1056 if (!TEST_ptr(pkey))
1057 goto err;
1058
1059 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1060 goto err;
1061 eckey = NULL;
1062
2145ba5e
TM		 1063 while (dup_pk == NULL) {
1064 ret = 0;
1065 ctx = EVP_MD_CTX_new();
1066 if (!TEST_ptr(ctx))
1067 goto err;
1068
1069 /*
1070 * The EVP_DigestSignInit function should create the key on the
1071 * provider side which is sufficient for this test.
1072 */
1073 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
1074 testpropq, pkey, NULL)))
1075 goto err;
1076 EVP_MD_CTX_free(ctx);
1077 ctx = NULL;
1078
1079 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
1080 goto err;
1081 /* EVP_PKEY_eq() returns -2 with missing public keys */
1082 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
1083 EVP_PKEY_free(pkey);
1084 pkey = dup_pk;
1085 if (!ret)
1086 goto err;
1087 }
b8a1272d
MC		 1088
1089 err:
1090 EVP_MD_CTX_free(ctx);
1091 EVP_PKEY_free(pkey);
1092 EC_KEY_free(eckey);
1093 BN_free(priv);
1094
1095 return ret;
1096}
1097# endif /* OPENSSL_NO_DEPRECATED_3_0 */
1098#endif /* OPENSSL_NO_EC */
1099
15ff7d7c
MC		 1100static int test_EVP_PKEY_sign(int tst)
1101{
1102 int ret = 0;
1103 EVP_PKEY *pkey = NULL;
1104 unsigned char *sig = NULL;
1105 size_t sig_len = 0, shortsig_len = 1;
1106 EVP_PKEY_CTX *ctx = NULL;
1107 unsigned char tbs[] = {
1108 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1109 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1110 };
1111
1287dabd 1112 if (tst == 0) {
15ff7d7c
MC		 1113 if (!TEST_ptr(pkey = load_example_rsa_key()))
1114 goto out;
1115 } else if (tst == 1) {
1116#ifndef OPENSSL_NO_DSA
1117 if (!TEST_ptr(pkey = load_example_dsa_key()))
1118 goto out;
1119#else
1120 ret = 1;
1121 goto out;
1122#endif
1123 } else {
1124#ifndef OPENSSL_NO_EC
1125 if (!TEST_ptr(pkey = load_example_ec_key()))
1126 goto out;
1127#else
1128 ret = 1;
1129 goto out;
1130#endif
1131 }
1132
1133 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1134 if (!TEST_ptr(ctx)
1135 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1136 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1137 sizeof(tbs)), 0))
1138 goto out;
1139 sig = OPENSSL_malloc(sig_len);
1140 if (!TEST_ptr(sig)
1141 /* Test sending a signature buffer that is too short is rejected */
1142 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1143 sizeof(tbs)), 0)
1144 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1145 0)
1146 /* Test the signature round-trips */
1147 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1148 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1149 0))
1150 goto out;
1151
1152 ret = 1;
1153 out:
1154 EVP_PKEY_CTX_free(ctx);
1155 OPENSSL_free(sig);
1156 EVP_PKEY_free(pkey);
1157 return ret;
1158}
1159
4547a719
P		 1160/*
1161 * n = 0 => test using legacy cipher
1162 * n = 1 => test using fetched cipher
1163 */
1164static int test_EVP_Enveloped(int n)
2eb2b4f3
SL		 1165{
1166 int ret = 0;
1167 EVP_CIPHER_CTX *ctx = NULL;
1168 EVP_PKEY *keypair = NULL;
1169 unsigned char *kek = NULL;
1170 unsigned char iv[EVP_MAX_IV_LENGTH];
1171 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1172 int len, kek_len, ciphertext_len, plaintext_len;
1173 unsigned char ciphertext[32], plaintext[16];
4547a719 1174 EVP_CIPHER *type = NULL;
062490db
JS		 1175
1176 if (nullprov != NULL)
1177 return TEST_skip("Test does not support a non-default library context");
1178
4547a719
P		 1179 if (n == 0)
1180 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1181 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1182 testpropq)))
1183 goto err;
2eb2b4f3
SL		 1184
1185 if (!TEST_ptr(keypair = load_example_rsa_key())
ed576acd 1186 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
2eb2b4f3
SL		 1187 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1188 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1189 &keypair, 1))
1190 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1191 msg, sizeof(msg)))
1192 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1193 &len)))
1194 goto err;
1195
1196 ciphertext_len += len;
1197
1198 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1199 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1200 ciphertext, ciphertext_len))
1201 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1202 goto err;
1203
1204 plaintext_len += len;
1205 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1206 goto err;
1207
1208 ret = 1;
1209err:
4547a719
P		 1210 if (n != 0)
1211 EVP_CIPHER_free(type);
2eb2b4f3
SL		 1212 OPENSSL_free(kek);
1213 EVP_PKEY_free(keypair);
1214 EVP_CIPHER_CTX_free(ctx);
1215 return ret;
1216}
1217
59d0e6c8 1218/*
6d242fa5
MC		 1219 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1220 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1221 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1222 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1223 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1224 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1225 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1226 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1227 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
15ff7d7c
MC		 1228 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1229 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1230 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1231 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1232 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1233 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
816f72d0 1234 * Test 15-29: Same as above with reinitialization
59d0e6c8
MC		 1235 */
1236static int test_EVP_DigestSignInit(int tst)
71ea6b48
MC		 1237{
1238 int ret = 0;
1239 EVP_PKEY *pkey = NULL;
78539b25 1240 unsigned char *sig = NULL, *sig2 = NULL;
15ff7d7c 1241 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
59d0e6c8
MC		 1242 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1243 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1244 BIO *mdbio = NULL, *membio = NULL;
1245 size_t written;
6d242fa5
MC		 1246 const EVP_MD *md;
1247 EVP_MD *mdexp = NULL;
816f72d0 1248 int reinit = 0;
59d0e6c8 1249
062490db
JS		 1250 if (nullprov != NULL)
1251 return TEST_skip("Test does not support a non-default library context");
1252
816f72d0
TM		 1253 if (tst >= 15) {
1254 reinit = 1;
1255 tst -= 15;
1256 }
1257
15ff7d7c 1258 if (tst >= 6 && tst <= 8) {
59d0e6c8
MC		 1259 membio = BIO_new(BIO_s_mem());
1260 mdbio = BIO_new(BIO_f_md());
1261 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1262 goto out;
1263 BIO_push(mdbio, membio);
1264 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1265 goto out;
1266 } else {
1267 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1268 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1269 goto out;
1270 }
71ea6b48 1271
15ff7d7c 1272 if (tst % 3 == 0) {
59d0e6c8
MC		 1273 if (!TEST_ptr(pkey = load_example_rsa_key()))
1274 goto out;
15ff7d7c 1275 } else if (tst % 3 == 1) {
f650ab47 1276#ifndef OPENSSL_NO_DSA
59d0e6c8
MC		 1277 if (!TEST_ptr(pkey = load_example_dsa_key()))
1278 goto out;
f650ab47
MC		 1279#else
1280 ret = 1;
1281 goto out;
1282#endif
6d242fa5
MC		 1283 } else {
1284 if (!TEST_ptr(pkey = load_example_hmac_key()))
1285 goto out;
59d0e6c8 1286 }
71ea6b48 1287
6d242fa5
MC		 1288 if (tst >= 3 && tst <= 5)
1289 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1290 else
1291 md = EVP_sha256();
1292
1293 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
71ea6b48 1294 goto out;
adcd8e37 1295
816f72d0
TM		 1296 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
1297 goto out;
1298
15ff7d7c 1299 if (tst >= 6 && tst <= 8) {
59d0e6c8
MC		 1300 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1301 goto out;
15ff7d7c 1302 } else if (tst < 6) {
59d0e6c8
MC		 1303 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1304 goto out;
1305 }
1306
15ff7d7c
MC		 1307 if (tst >= 9) {
1308 /* Determine the size of the signature. */
1309 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1310 sizeof(kMsg)))
1311 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1312 goto out;
1313 if (tst <= 11) {
1314 /* Test that supply a short sig buffer fails */
1315 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1316 sizeof(kMsg))))
1317 goto out;
1318 /*
1319 * We end here because once EVP_DigestSign() has failed you should
1320 * not call it again without re-initing the ctx
1321 */
1322 ret = 1;
1323 goto out;
1324 }
1325 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1326 sizeof(kMsg))))
1327 goto out;
1328 } else {
1329 /* Determine the size of the signature. */
1330 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1331 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1332 /*
1333 * Trying to create a signature with a deliberately short
1334 * buffer should fail.
1335 */
1336 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1337 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1338 goto out;
1339 }
71ea6b48 1340
6d242fa5
MC		 1341 /*
1342 * Ensure that the signature round-trips (Verification isn't supported for
1343 * HMAC via EVP_DigestVerify*)
1344 */
15ff7d7c
MC		 1345 if (tst % 3 != 2) {
1346 if (tst >= 6 && tst <= 8) {
78539b25
TM		 1347 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1348 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1349 goto out;
1350 }
1351
6d242fa5
MC		 1352 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1353 NULL, pkey)))
59d0e6c8 1354 goto out;
6d242fa5 1355
15ff7d7c 1356 if (tst >= 6 && tst <= 8) {
6d242fa5
MC		 1357 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1358 goto out;
1359 } else {
1360 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1361 sizeof(kMsg))))
1362 goto out;
1363 }
e2e5e72d 1364 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
59d0e6c8 1365 goto out;
78539b25
TM		 1366
1367 /* Multiple calls to EVP_DigestVerifyFinal should work */
e2e5e72d 1368 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
78539b25
TM		 1369 goto out;
1370 } else {
1371 /*
1372 * For HMAC a doubled call to DigestSignFinal should produce the same
1373 * value as finalization should not happen.
1374 */
1375 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1376 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1377 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1378 goto out;
1379
1380 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1381 goto out;
59d0e6c8 1382 }
71ea6b48
MC		 1383
1384 ret = 1;
1385
1386 out:
59d0e6c8
MC		 1387 BIO_free(membio);
1388 BIO_free(mdbio);
1389 EVP_MD_CTX_free(a_md_ctx);
1390 EVP_MD_CTX_free(a_md_ctx_verify);
c5ba2d99 1391 EVP_PKEY_free(pkey);
b548a1f1 1392 OPENSSL_free(sig);
78539b25 1393 OPENSSL_free(sig2);
6d242fa5 1394 EVP_MD_free(mdexp);
71ea6b48
MC		 1395
1396 return ret;
1397}
1398
1399static int test_EVP_DigestVerifyInit(void)
1400{
1401 int ret = 0;
1402 EVP_PKEY *pkey = NULL;
adcd8e37 1403 EVP_MD_CTX *md_ctx = NULL;
71ea6b48 1404
062490db
JS		 1405 if (nullprov != NULL)
1406 return TEST_skip("Test does not support a non-default library context");
1407
adcd8e37
RS		 1408 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1409 || !TEST_ptr(pkey = load_example_rsa_key()))
1410 goto out;
71ea6b48 1411
adcd8e37
RS		 1412 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1413 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
e2e5e72d
PH		 1414 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1415 sizeof(kSignature)), 0))
71ea6b48 1416 goto out;
ae6b68b7
TM		 1417
1418 /* test with reinitialization */
1419 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
1420 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
e2e5e72d
PH		 1421 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1422 sizeof(kSignature)), 0))
ae6b68b7 1423 goto out;
71ea6b48
MC		 1424 ret = 1;
1425
1426 out:
bfb0641f 1427 EVP_MD_CTX_free(md_ctx);
c5ba2d99 1428 EVP_PKEY_free(pkey);
71ea6b48
MC		 1429 return ret;
1430}
1431
8cbfc4f6
TM		 1432#ifndef OPENSSL_NO_SIPHASH
1433/* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
1434static int test_siphash_digestsign(void)
1435{
1436 unsigned char key[16];
1437 unsigned char buf[8], digest[8];
1438 unsigned char expected[8] = {
1439 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1440 };
1441 EVP_PKEY *pkey = NULL;
1442 EVP_MD_CTX *mdctx = NULL;
1443 EVP_PKEY_CTX *ctx = NULL;
1444 int ret = 0;
1445 size_t len = 8;
1446
1447 if (nullprov != NULL)
1448 return TEST_skip("Test does not support a non-default library context");
1449
1450 memset(buf, 0, 8);
1451 memset(key, 1, 16);
1452 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
1453 key, 16)))
1454 goto out;
1455
1456 if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
1457 goto out;
1458
1459 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
1460 goto out;
1461 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
1462 EVP_PKEY_CTRL_SET_DIGEST_SIZE,
1463 8, NULL), 1))
1464 goto out;
1465 /* reinitialize */
1466 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
1467 goto out;
1468 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
1469 goto out;
1470 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
1471 goto out;
1472 if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
1473 goto out;
1474
1475 ret = 1;
1476 out:
1477 EVP_PKEY_free(pkey);
1478 EVP_MD_CTX_free(mdctx);
1479 return ret;
1480}
1481#endif
1482
8d8dd09b
TM		 1483/*
1484 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1485 */
1486static int test_EVP_Digest(void)
1487{
1488 int ret = 0;
1489 EVP_MD_CTX *md_ctx = NULL;
1490 unsigned char md[EVP_MAX_MD_SIZE];
062490db
JS		 1491 EVP_MD *sha256 = NULL;
1492 EVP_MD *shake256 = NULL;
8d8dd09b
TM		 1493
1494 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1495 goto out;
1496
062490db
JS		 1497 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1498 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1499 goto out;
1500
1501 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
8d8dd09b
TM		 1502 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1503 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1504 /* EVP_DigestFinal resets the EVP_MD_CTX. */
f6c95e46 1505 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
8d8dd09b
TM		 1506 goto out;
1507
062490db 1508 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
8d8dd09b
TM		 1509 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1510 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1511 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
f6c95e46 1512 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
8d8dd09b
TM		 1513 /*
1514 * EVP_DigestInit_ex with NULL type should work on
1515 * pre-initialized context.
1516 */
1517 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1518 goto out;
1519
062490db 1520 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
8d8dd09b
TM		 1521 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1522 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1523 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
f6c95e46 1524 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
8d8dd09b
TM		 1525 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1526 goto out;
1527 ret = 1;
1528
1529 out:
1530 EVP_MD_CTX_free(md_ctx);
062490db
JS		 1531 EVP_MD_free(sha256);
1532 EVP_MD_free(shake256);
8d8dd09b
TM		 1533 return ret;
1534}
1535
bef9b48e
TM		 1536static int test_EVP_md_null(void)
1537{
1538 int ret = 0;
1539 EVP_MD_CTX *md_ctx = NULL;
1540 const EVP_MD *md_null = EVP_md_null();
1541 unsigned char md_value[EVP_MAX_MD_SIZE];
1542 unsigned int md_len = sizeof(md_value);
1543
1544 if (nullprov != NULL)
1545 return TEST_skip("Test does not support a non-default library context");
1546
1547 if (!TEST_ptr(md_null)
1548 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1549 goto out;
1550
1551 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
1552 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
1553 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
1554 goto out;
1555
1556 if (!TEST_uint_eq(md_len, 0))
1557 goto out;
1558
1559 ret = 1;
1560 out:
1561 EVP_MD_CTX_free(md_ctx);
1562 return ret;
1563}
1564
adcd8e37 1565static int test_d2i_AutoPrivateKey(int i)
71ea6b48
MC		 1566{
1567 int ret = 0;
1568 const unsigned char *p;
1569 EVP_PKEY *pkey = NULL;
adcd8e37
RS		 1570 const APK_DATA *ak = &keydata[i];
1571 const unsigned char *input = ak->kder;
1572 size_t input_len = ak->size;
1573 int expected_id = ak->evptype;
71ea6b48
MC		 1574
1575 p = input;
adcd8e37
RS		 1576 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1577 || !TEST_ptr_eq(p, input + input_len)
ed576acd 1578 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
71ea6b48 1579 goto done;
71ea6b48
MC		 1580
1581 ret = 1;
1582
1583 done:
c5ba2d99 1584 EVP_PKEY_free(pkey);
71ea6b48
MC		 1585 return ret;
1586}
1587
a9880362 1588#ifndef OPENSSL_NO_EC
cad8347b
SL		 1589
1590static const unsigned char ec_public_sect163k1_validxy[] = {
1591 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1592 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1593 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1594 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1595 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1596 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1597};
1598
1599static const unsigned char ec_public_sect163k1_badx[] = {
1600 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1601 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1602 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1603 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1604 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1605 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1606};
1607
1608static const unsigned char ec_public_sect163k1_bady[] = {
1609 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1610 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1611 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1612 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1613 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1614 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1615};
1616
1617static struct ec_der_pub_keys_st {
1618 const unsigned char *der;
1619 size_t len;
1620 int valid;
1621} ec_der_pub_keys[] = {
1622 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1623 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1624 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1625};
1626
1627/*
1628 * Tests the range of the decoded EC char2 public point.
1629 * See ec_GF2m_simple_oct2point().
1630 */
1631static int test_invalide_ec_char2_pub_range_decode(int id)
1632{
1633 int ret = 0;
5b5eea4b 1634 EVP_PKEY *pkey;
cad8347b 1635
5b5eea4b
SL		 1636 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1637 ec_der_pub_keys[id].len);
1638
1639 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1640 || TEST_ptr_null(pkey);
1641 EVP_PKEY_free(pkey);
cad8347b
SL		 1642 return ret;
1643}
1644
71ea6b48
MC		 1645/* Tests loading a bad key in PKCS8 format */
1646static int test_EVP_PKCS82PKEY(void)
1647{
1648 int ret = 0;
1649 const unsigned char *derp = kExampleBadECKeyDER;
1650 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1651 EVP_PKEY *pkey = NULL;
1652
adcd8e37
RS		 1653 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1654 sizeof(kExampleBadECKeyDER))))
1655 goto done;
71ea6b48 1656
adcd8e37
RS		 1657 if (!TEST_ptr_eq(derp,
1658 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
71ea6b48 1659 goto done;
71ea6b48 1660
adcd8e37 1661 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
71ea6b48 1662 goto done;
71ea6b48
MC		 1663
1664 ret = 1;
1665
1666 done:
e0e920b1 1667 PKCS8_PRIV_KEY_INFO_free(p8inf);
c5ba2d99 1668 EVP_PKEY_free(pkey);
71ea6b48
MC		 1669
1670 return ret;
1671}
8be513ae 1672
a9880362 1673#endif
8be513ae
DB		 1674static int test_EVP_PKCS82PKEY_wrong_tag(void)
1675{
1676 EVP_PKEY *pkey = NULL;
1677 EVP_PKEY *pkey2 = NULL;
1678 BIO *membio = NULL;
1679 char *membuf = NULL;
1680 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1681 int ok = 0;
1682
1683 if (testctx != NULL)
1684 /* test not supported with non-default context */
1685 return 1;
1686
1687 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1688 || !TEST_ptr(pkey = load_example_rsa_key())
1689 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1690 NULL, 0, NULL, NULL),
1691 0)
1692 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1693 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1694 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
5d8ad7d3 1695 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
8be513ae
DB		 1696 goto done;
1697 }
1698
1699 ok = 1;
1700 done:
1701 EVP_PKEY_free(pkey);
1702 EVP_PKEY_free(pkey2);
1703 PKCS8_PRIV_KEY_INFO_free(p8inf);
1704 BIO_free_all(membio);
1705 return ok;
1706}
71ea6b48 1707
29c49b25
RL		 1708/* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1709static int test_privatekey_to_pkcs8(void)
1710{
1711 EVP_PKEY *pkey = NULL;
1712 BIO *membio = NULL;
1713 char *membuf = NULL;
e2cc68c8 1714 long membuf_len = 0;
29c49b25
RL		 1715 int ok = 0;
1716
1717 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1718 || !TEST_ptr(pkey = load_example_rsa_key())
1719 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1720 NULL, 0, NULL, NULL),
1721 0)
e2cc68c8
SL		 1722 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1723 || !TEST_ptr(membuf)
1724 || !TEST_mem_eq(membuf, (size_t)membuf_len,
29c49b25
RL		 1725 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1726 /*
1727 * We try to write PEM as well, just to see that it doesn't err, but
1728 * assume that the result is correct.
1729 */
1730 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1731 NULL, 0, NULL, NULL),
1732 0))
1733 goto done;
1734
1735 ok = 1;
1736 done:
1737 EVP_PKEY_free(pkey);
1738 BIO_free_all(membio);
1739 return ok;
1740}
1741
f0c62c53
RL		 1742#ifndef OPENSSL_NO_EC
1743static const struct {
1744 int encoding;
1745 const char *encoding_name;
1746} ec_encodings[] = {
1747 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1748 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1749};
1750
1751static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1752{
1753 const OSSL_PARAM *p;
1754 const char *enc_name = NULL;
1755 int *enc = arg;
1756 size_t i;
1757
1758 *enc = -1;
1759
1760 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1761 OSSL_PKEY_PARAM_EC_ENCODING))
1762 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1763 return 0;
1764
1765 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
fba140c7 1766 if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
f0c62c53
RL		 1767 *enc = ec_encodings[i].encoding;
1768 break;
1769 }
1770 }
1771
1772 return (*enc != -1);
1773}
1774
1775static int test_EC_keygen_with_enc(int idx)
1776{
1777 EVP_PKEY *params = NULL, *key = NULL;
1778 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1779 int enc;
1780 int ret = 0;
1781
1782 enc = ec_encodings[idx].encoding;
1783
1784 /* Create key parameters */
1785 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
6e0b05f3 1786 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
56876ae9 1787 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0)
2cba2e16 1788 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0)
f0c62c53
RL		 1789 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
1790 || !TEST_ptr(params))
1791 goto done;
1792
1793 /* Create key */
1794 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
bf4ceede 1795 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
f0c62c53
RL		 1796 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1797 || !TEST_ptr(key))
1798 goto done;
1799
1800 /* Check that the encoding got all the way into the key */
1801 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1802 ec_export_get_encoding_cb, &enc))
1803 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1804 goto done;
1805
1806 ret = 1;
1807 done:
1808 EVP_PKEY_free(key);
1809 EVP_PKEY_free(params);
1810 EVP_PKEY_CTX_free(kctx);
1811 EVP_PKEY_CTX_free(pctx);
1812 return ret;
1813}
1814#endif
1815
919adfcf 1816#if !defined(OPENSSL_NO_SM2)
ddb634fe 1817
a6c4cb84
JL		 1818static int test_EVP_SM2_verify(void)
1819{
a6c4cb84 1820 const char *pubkey =
d0b79f86
PY		 1821 "-----BEGIN PUBLIC KEY-----\n"
1822 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1823 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1824 "-----END PUBLIC KEY-----\n";
a6c4cb84
JL		 1825
1826 const char *msg = "message digest";
1827 const char *id = "ALICE123@YAHOO.COM";
1828
1829 const uint8_t signature[] = {
d0b79f86
PY		 1830 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1831 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1832 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1833 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1834 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1835 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1836 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
a6c4cb84
JL		 1837 };
1838
1839 int rc = 0;
1840 BIO *bio = NULL;
1841 EVP_PKEY *pkey = NULL;
1842 EVP_MD_CTX *mctx = NULL;
1843 EVP_PKEY_CTX *pctx = NULL;
062490db 1844 EVP_MD *sm3 = NULL;
a6c4cb84
JL		 1845
1846 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1847 if (!TEST_true(bio != NULL))
1848 goto done;
1849
062490db 1850 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
a6c4cb84
JL		 1851 if (!TEST_true(pkey != NULL))
1852 goto done;
1853
8a288609 1854 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
a6c4cb84
JL		 1855 goto done;
1856
1857 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1858 goto done;
1859
062490db 1860 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
a6c4cb84
JL		 1861 goto done;
1862
a6c4cb84
JL		 1863 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1864
062490db
JS		 1865 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1866 goto done;
1867
1868 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
a6c4cb84
JL		 1869 goto done;
1870
d0b79f86
PY		 1871 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1872 goto done;
1873
a6c4cb84
JL		 1874 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1875 goto done;
1876
e2e5e72d 1877 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
a6c4cb84
JL		 1878 goto done;
1879 rc = 1;
1880
1881 done:
1882 BIO_free(bio);
1883 EVP_PKEY_free(pkey);
1884 EVP_PKEY_CTX_free(pctx);
1885 EVP_MD_CTX_free(mctx);
062490db 1886 EVP_MD_free(sm3);
a6c4cb84
JL		 1887 return rc;
1888}
1889
ddb634fe
JL		 1890static int test_EVP_SM2(void)
1891{
1892 int ret = 0;
1893 EVP_PKEY *pkey = NULL;
bfb56a97 1894 EVP_PKEY *pkeyparams = NULL;
ddb634fe
JL		 1895 EVP_PKEY_CTX *pctx = NULL;
1896 EVP_PKEY_CTX *kctx = NULL;
4803717f 1897 EVP_PKEY_CTX *sctx = NULL;
ddb634fe
JL		 1898 size_t sig_len = 0;
1899 unsigned char *sig = NULL;
1900 EVP_MD_CTX *md_ctx = NULL;
1901 EVP_MD_CTX *md_ctx_verify = NULL;
1902 EVP_PKEY_CTX *cctx = NULL;
42423ac9 1903 EVP_MD *check_md = NULL;
ddb634fe
JL		 1904
1905 uint8_t ciphertext[128];
1906 size_t ctext_len = sizeof(ciphertext);
1907
1908 uint8_t plaintext[8];
1909 size_t ptext_len = sizeof(plaintext);
1910
4803717f
PY		 1911 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1912
bfb56a97
MC		 1913 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1914 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1915 int i;
a0fff549 1916 char mdname[OSSL_MAX_NAME_SIZE];
bfb56a97 1917
42423ac9
RL		 1918 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
1919 "SM2", testpropq)))
ddb634fe
JL		 1920 goto done;
1921
1922 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1923 goto done;
1924
2cba2e16 1925 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0))
ddb634fe
JL		 1926 goto done;
1927
bfb56a97 1928 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
ddb634fe
JL		 1929 goto done;
1930
42423ac9
RL		 1931 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1932 pkeyparams, testpropq)))
ddb634fe
JL		 1933 goto done;
1934
bf4ceede 1935 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0))
ddb634fe
JL		 1936 goto done;
1937
1938 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1939 goto done;
1940
ddb634fe
JL		 1941 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1942 goto done;
1943
1944 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1945 goto done;
1946
062490db 1947 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
4803717f
PY		 1948 goto done;
1949
1950 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1951 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1952
42423ac9 1953 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
062490db
JS		 1954 goto done;
1955
42423ac9 1956 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
4803717f
PY		 1957 goto done;
1958
d0b79f86 1959 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
ddb634fe
JL		 1960 goto done;
1961
42423ac9 1962 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
ddb634fe
JL		 1963 goto done;
1964
1965 /* Determine the size of the signature. */
1966 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1967 goto done;
1968
ddb634fe
JL		 1969 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1970 goto done;
1971
1972 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1973 goto done;
1974
1975 /* Ensure that the signature round-trips. */
1976
42423ac9
RL		 1977 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1978 pkey)))
ddb634fe
JL		 1979 goto done;
1980
d0b79f86
PY		 1981 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1982 goto done;
1983
ddb634fe
JL		 1984 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1985 goto done;
1986
e2e5e72d 1987 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
ddb634fe
JL		 1988 goto done;
1989
707d4e06
TM		 1990 /*
1991 * Try verify again with non-matching 0 length id but ensure that it can
1992 * be set on the context and overrides the previous value.
1993 */
1994
1995 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1996 pkey)))
1997 goto done;
1998
1999 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0))
2000 goto done;
2001
2002 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2003 goto done;
2004
2005 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2006 goto done;
2007
ddb634fe
JL		 2008 /* now check encryption/decryption */
2009
bfb56a97
MC		 2010 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2011 mdname, sizeof(mdname));
2012 for (i = 0; i < 2; i++) {
42423ac9
RL		 2013 const char *mdnames[] = {
2014#ifndef OPENSSL_NO_SM3
2015 "SM3",
2016#else
2017 NULL,
2018#endif
2019 "SHA2-256" };
bfb56a97 2020 EVP_PKEY_CTX_free(cctx);
ddb634fe 2021
42423ac9
RL		 2022 if (mdnames[i] == NULL)
2023 continue;
2024
2025 sparams[0] =
2026 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2027 (char *)mdnames[i], 0);
ddb634fe 2028
42423ac9
RL		 2029 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2030 pkey, testpropq)))
bfb56a97 2031 goto done;
ddb634fe 2032
bfb56a97
MC		 2033 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
2034 goto done;
ddb634fe 2035
bfb56a97
MC		 2036 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2037 goto done;
ddb634fe 2038
bfb56a97
MC		 2039 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
2040 sizeof(kMsg))))
2041 goto done;
ddb634fe 2042
bfb56a97
MC		 2043 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
2044 goto done;
2045
2046 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2047 goto done;
2048
0650ac43
PH		 2049 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
2050 ctext_len), 0))
bfb56a97
MC		 2051 goto done;
2052
2053 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
2054 goto done;
2055
42423ac9
RL		 2056 /*
2057 * Test we're still using the digest we think we are.
2058 * Because of aliases, the easiest is to fetch the digest and
2059 * check the name with EVP_MD_is_a().
2060 */
2061 EVP_MD_free(check_md);
2062 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
bfb56a97 2063 goto done;
42423ac9
RL		 2064 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
2065 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
bfb56a97 2066 goto done;
42423ac9 2067 }
bfb56a97
MC		 2068
2069 if (!TEST_true(ptext_len == sizeof(kMsg)))
2070 goto done;
2071
2072 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
2073 goto done;
2074 }
ddb634fe
JL		 2075
2076 ret = 1;
2077done:
2078 EVP_PKEY_CTX_free(pctx);
2079 EVP_PKEY_CTX_free(kctx);
4803717f 2080 EVP_PKEY_CTX_free(sctx);
ddb634fe
JL		 2081 EVP_PKEY_CTX_free(cctx);
2082 EVP_PKEY_free(pkey);
bfb56a97 2083 EVP_PKEY_free(pkeyparams);
ddb634fe
JL		 2084 EVP_MD_CTX_free(md_ctx);
2085 EVP_MD_CTX_free(md_ctx_verify);
42423ac9 2086 EVP_MD_free(check_md);
ddb634fe
JL		 2087 OPENSSL_free(sig);
2088 return ret;
2089}
2090
2091#endif
2092
bb5f281a
MC		 2093static struct keys_st {
2094 int type;
2095 char *priv;
2096 char *pub;
2097} keys[] = {
2098 {
2099 EVP_PKEY_HMAC, "0123456789", NULL
92b83537
TM		 2100 },
2101 {
2102 EVP_PKEY_HMAC, "", NULL
5af6e154 2103#ifndef OPENSSL_NO_POLY1305
bb5f281a
MC		 2104 }, {
2105 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
5af6e154
TM		 2106#endif
2107#ifndef OPENSSL_NO_SIPHASH
bb5f281a
MC		 2108 }, {
2109 EVP_PKEY_SIPHASH, "0123456789012345", NULL
5af6e154 2110#endif
896dcb80
MC		 2111 },
2112#ifndef OPENSSL_NO_EC
2113 {
bb5f281a
MC		 2114 EVP_PKEY_X25519, "01234567890123456789012345678901",
2115 "abcdefghijklmnopqrstuvwxyzabcdef"
2116 }, {
2117 EVP_PKEY_ED25519, "01234567890123456789012345678901",
2118 "abcdefghijklmnopqrstuvwxyzabcdef"
2119 }, {
2120 EVP_PKEY_X448,
2121 "01234567890123456789012345678901234567890123456789012345",
2122 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2123 }, {
2124 EVP_PKEY_ED448,
2125 "012345678901234567890123456789012345678901234567890123456",
2126 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2127 }
896dcb80 2128#endif
bb5f281a
MC		 2129};
2130
86dc26ba 2131static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
bb5f281a
MC		 2132{
2133 int ret = 0;
2134 unsigned char buf[80];
2135 unsigned char *in;
15ff7d7c 2136 size_t inlen, len = 0, shortlen = 1;
bb5f281a
MC		 2137 EVP_PKEY *pkey;
2138
2139 /* Check if this algorithm supports public keys */
5af6e154 2140 if (pub && keys[tst].pub == NULL)
bb5f281a
MC		 2141 return 1;
2142
2143 memset(buf, 0, sizeof(buf));
2144
2145 if (pub) {
5af6e154 2146#ifndef OPENSSL_NO_EC
bb5f281a
MC		 2147 inlen = strlen(keys[tst].pub);
2148 in = (unsigned char *)keys[tst].pub;
86dc26ba 2149 if (uselibctx) {
d8652be0 2150 pkey = EVP_PKEY_new_raw_public_key_ex(
86dc26ba
MC		 2151 testctx,
2152 OBJ_nid2sn(keys[tst].type),
2153 NULL,
2154 in,
2155 inlen);
2156 } else {
2157 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
2158 NULL,
2159 in,
2160 inlen);
2161 }
5af6e154
TM		 2162#else
2163 return 1;
2164#endif
bb5f281a
MC		 2165 } else {
2166 inlen = strlen(keys[tst].priv);
2167 in = (unsigned char *)keys[tst].priv;
86dc26ba 2168 if (uselibctx) {
d8652be0 2169 pkey = EVP_PKEY_new_raw_private_key_ex(
86dc26ba
MC		 2170 testctx, OBJ_nid2sn(keys[tst].type),
2171 NULL,
2172 in,
2173 inlen);
2174 } else {
2175 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
2176 NULL,
2177 in,
2178 inlen);
2179 }
bb5f281a
MC		 2180 }
2181
2182 if (!TEST_ptr(pkey)
5af6e154 2183 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
bb5f281a
MC		 2184 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
2185 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
15ff7d7c
MC		 2186 || !TEST_true(len == inlen))
2187 goto done;
2188 if (tst != 1) {
2189 /*
2190 * Test that supplying a buffer that is too small fails. Doesn't apply
2191 * to HMAC with a zero length key
2192 */
2193 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
2194 &shortlen)))
2195 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
2196 &shortlen))))
2197 goto done;
2198 }
2199 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
bb5f281a
MC		 2200 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
2201 || !TEST_mem_eq(in, inlen, buf, len))
2202 goto done;
2203
2204 ret = 1;
2205 done:
2206 EVP_PKEY_free(pkey);
2207 return ret;
2208}
2209
2210static int test_set_get_raw_keys(int tst)
2211{
5af6e154 2212 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
86dc26ba 2213 && test_set_get_raw_keys_int(tst, 0, 1)
5af6e154 2214 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
86dc26ba 2215 && test_set_get_raw_keys_int(tst, 1, 1);
bb5f281a
MC		 2216}
2217
41bbba53 2218#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3
PY		 2219static int pkey_custom_check(EVP_PKEY *pkey)
2220{
2221 return 0xbeef;
2222}
2223
b0004708
PY		 2224static int pkey_custom_pub_check(EVP_PKEY *pkey)
2225{
2226 return 0xbeef;
2227}
2228
2229static int pkey_custom_param_check(EVP_PKEY *pkey)
2230{
2231 return 0xbeef;
2232}
2233
2aee35d3 2234static EVP_PKEY_METHOD *custom_pmeth;
41bbba53 2235#endif
2aee35d3
PY		 2236
2237static int test_EVP_PKEY_check(int i)
2238{
2239 int ret = 0;
2aee35d3
PY		 2240 EVP_PKEY *pkey = NULL;
2241 EVP_PKEY_CTX *ctx = NULL;
41bbba53 2242#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3 2243 EVP_PKEY_CTX *ctx2 = NULL;
41bbba53 2244#endif
2aee35d3
PY		 2245 const APK_DATA *ak = &keycheckdata[i];
2246 const unsigned char *input = ak->kder;
2247 size_t input_len = ak->size;
2248 int expected_id = ak->evptype;
2249 int expected_check = ak->check;
b0004708
PY		 2250 int expected_pub_check = ak->pub_check;
2251 int expected_param_check = ak->param_check;
2252 int type = ak->type;
b0004708 2253
5b5eea4b
SL		 2254 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
2255 goto done;
2256 if (type == 0
ed576acd 2257 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
5b5eea4b 2258 goto done;
2aee35d3 2259
062490db 2260 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2aee35d3
PY		 2261 goto done;
2262
b0004708
PY		 2263 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
2264 goto done;
2265
2266 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
2267 goto done;
2268
2269 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
2270 goto done;
2aee35d3 2271
41bbba53 2272#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3
PY		 2273 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
2274 /* assign the pkey directly, as an internal test */
2275 EVP_PKEY_up_ref(pkey);
2276 ctx2->pkey = pkey;
2277
2278 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
2279 goto done;
2280
b0004708
PY		 2281 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
2282 goto done;
2283
2284 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
2285 goto done;
41bbba53 2286#endif
b0004708 2287
2aee35d3
PY		 2288 ret = 1;
2289
2290 done:
2291 EVP_PKEY_CTX_free(ctx);
41bbba53 2292#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3 2293 EVP_PKEY_CTX_free(ctx2);
41bbba53 2294#endif
2aee35d3
PY		 2295 EVP_PKEY_free(pkey);
2296 return ret;
2297}
2298
fab8fde3 2299#ifndef OPENSSL_NO_CMAC
e5bc0ce2
MC		 2300static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
2301{
2302 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
2303 const char msg[] = "Hello World";
cff7d58e 2304 size_t maclen = AES_BLOCK_SIZE;
e5bc0ce2
MC		 2305 int ret = 1;
2306
2307 if (!TEST_ptr(mdctx)
062490db
JS		 2308 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
2309 testpropq, pkey, NULL))
e5bc0ce2
MC		 2310 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
2311 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
2312 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
2313 ret = 0;
2314
2315 EVP_MD_CTX_free(mdctx);
2316
2317 return ret;
2318}
a87820e1
RL		 2319static int test_CMAC_keygen(void)
2320{
e5bc0ce2
MC		 2321 static unsigned char key[] = {
2322 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2323 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2324 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2325 };
062490db 2326 EVP_PKEY_CTX *kctx = NULL;
a87820e1 2327 int ret = 0;
e5bc0ce2 2328 EVP_PKEY *pkey = NULL;
a3d267f1
RS		 2329 unsigned char mac[AES_BLOCK_SIZE];
2330# if !defined(OPENSSL_NO_DEPRECATED_3_0)
2331 unsigned char mac2[AES_BLOCK_SIZE];
2332# endif
e5bc0ce2 2333
062490db
JS		 2334 if (nullprov != NULL)
2335 return TEST_skip("Test does not support a non-default library context");
2336
2337 /*
2338 * This is a legacy method for CMACs, but should still work.
2339 * This verifies that it works without an ENGINE.
2340 */
2341 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2342
e5bc0ce2
MC		 2343 /* Test a CMAC key created using the "generated" method */
2344 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2345 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2346 EVP_PKEY_CTRL_CIPHER,
2347 0, (void *)EVP_aes_256_ecb()), 0)
2348 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2349 EVP_PKEY_CTRL_SET_MAC_KEY,
2350 sizeof(key), (void *)key), 0)
2351 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2352 || !TEST_ptr(pkey)
2353 || !TEST_true(get_cmac_val(pkey, mac)))
2354 goto done;
a87820e1 2355
a3d267f1 2356# if !defined(OPENSSL_NO_DEPRECATED_3_0)
e5bc0ce2
MC		 2357 EVP_PKEY_free(pkey);
2358
2359 /*
2360 * Test a CMAC key using the direct method, and compare with the mac
2361 * created above.
2362 */
2363 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
2364 if (!TEST_ptr(pkey)
2365 || !TEST_true(get_cmac_val(pkey, mac2))
2366 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
a87820e1 2367 goto done;
a3d267f1 2368# endif
e5bc0ce2 2369
a87820e1
RL		 2370 ret = 1;
2371
2372 done:
e5bc0ce2 2373 EVP_PKEY_free(pkey);
a87820e1
RL		 2374 EVP_PKEY_CTX_free(kctx);
2375 return ret;
2376}
fab8fde3 2377#endif
a87820e1 2378
10d5b415
MC		 2379static int test_HKDF(void)
2380{
2381 EVP_PKEY_CTX *pctx;
2382 unsigned char out[20];
2383 size_t outlen;
2384 int i, ret = 0;
2385 unsigned char salt[] = "0123456789";
2386 unsigned char key[] = "012345678901234567890123456789";
2387 unsigned char info[] = "infostring";
2388 const unsigned char expected[] = {
2389 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2390 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2391 };
2392 size_t expectedlen = sizeof(expected);
2393
062490db 2394 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
10d5b415
MC		 2395 goto done;
2396
2397 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2398 for (i = 0; i < 2; i++) {
2399 outlen = sizeof(out);
2400 memset(out, 0, outlen);
2401
2402 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2403 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2404 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2405 sizeof(salt) - 1), 0)
2406 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2407 sizeof(key) - 1), 0)
2408 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2409 sizeof(info) - 1), 0)
2410 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2411 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2412 goto done;
2413 }
2414
2415 ret = 1;
2416
2417 done:
2418 EVP_PKEY_CTX_free(pctx);
2419
2420 return ret;
2421}
2422
2cd3ebc7
BK		 2423static int test_emptyikm_HKDF(void)
2424{
2425 EVP_PKEY_CTX *pctx;
2426 unsigned char out[20];
2427 size_t outlen;
2428 int ret = 0;
2429 unsigned char salt[] = "9876543210";
2430 unsigned char key[] = "";
2431 unsigned char info[] = "stringinfo";
2432 const unsigned char expected[] = {
2433 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2434 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2435 };
2436 size_t expectedlen = sizeof(expected);
2437
062490db 2438 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2cd3ebc7
BK		 2439 goto done;
2440
2441 outlen = sizeof(out);
2442 memset(out, 0, outlen);
2443
2444 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2445 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2446 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2447 sizeof(salt) - 1), 0)
2448 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2449 sizeof(key) - 1), 0)
2450 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2451 sizeof(info) - 1), 0)
2452 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2453 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2454 goto done;
2455
2456 ret = 1;
2457
2458 done:
2459 EVP_PKEY_CTX_free(pctx);
2460
2461 return ret;
2462}
2463
5dc40a83
BE		 2464#ifndef OPENSSL_NO_EC
2465static int test_X509_PUBKEY_inplace(void)
2466{
808c63c5 2467 int ret = 0;
62653483 2468 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
808c63c5
P		 2469 const unsigned char *p = kExampleECPubKeyDER;
2470 size_t input_len = sizeof(kExampleECPubKeyDER);
5dc40a83 2471
62653483
MC		 2472 if (!TEST_ptr(xp))
2473 goto done;
2474 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
808c63c5 2475 goto done;
5dc40a83 2476
808c63c5
P		 2477 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2478 goto done;
5dc40a83 2479
808c63c5
P		 2480 p = kExampleBadECPubKeyDER;
2481 input_len = sizeof(kExampleBadECPubKeyDER);
5dc40a83 2482
808c63c5
P		 2483 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2484 goto done;
5dc40a83 2485
808c63c5
P		 2486 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2487 goto done;
5dc40a83 2488
808c63c5 2489 ret = 1;
5dc40a83 2490
808c63c5
P		 2491 done:
2492 X509_PUBKEY_free(xp);
2493 return ret;
2494}
2495
2496static int test_X509_PUBKEY_dup(void)
2497{
2498 int ret = 0;
2499 X509_PUBKEY *xp = NULL, *xq = NULL;
2500 const unsigned char *p = kExampleECPubKeyDER;
2501 size_t input_len = sizeof(kExampleECPubKeyDER);
2502
62653483
MC		 2503 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2504 if (!TEST_ptr(xp)
2505 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
808c63c5
P		 2506 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2507 || !TEST_ptr_ne(xp, xq))
2508 goto done;
2509
2510 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2511 || !TEST_ptr(X509_PUBKEY_get0(xp))
7e35458b 2512 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
808c63c5
P		 2513 goto done;
2514
2515 X509_PUBKEY_free(xq);
2516 xq = NULL;
2517 p = kExampleBadECPubKeyDER;
2518 input_len = sizeof(kExampleBadECPubKeyDER);
2519
2520 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2521 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2522 goto done;
2523
2524 X509_PUBKEY_free(xp);
2525 xp = NULL;
2526 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2527 goto done;
2528
2529 ret = 1;
2530
2531 done:
2532 X509_PUBKEY_free(xp);
2533 X509_PUBKEY_free(xq);
2534 return ret;
5dc40a83 2535}
7bb82f92 2536#endif /* OPENSSL_NO_EC */
784883fc 2537
9c45222d 2538/* Test getting and setting parameters on an EVP_PKEY_CTX */
f54a4101 2539static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
9c45222d 2540{
9a071fef 2541 EVP_MD_CTX *mdctx = NULL;
9c45222d 2542 EVP_PKEY_CTX *ctx = NULL;
9c45222d 2543 const OSSL_PARAM *params;
00bc1ad9 2544 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
9c45222d
MC		 2545 int ret = 0;
2546 const EVP_MD *md;
00bc1ad9 2547 char mdname[OSSL_MAX_NAME_SIZE];
9a071fef 2548 char ssl3ms[48];
9c45222d 2549
9c45222d 2550 /* Initialise a sign operation */
062490db 2551 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
9c45222d 2552 if (!TEST_ptr(ctx)
c9c4a356 2553 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
9c45222d
MC		 2554 goto err;
2555
2556 /*
f54a4101 2557 * We should be able to query the parameters now.
9c45222d
MC		 2558 */
2559 params = EVP_PKEY_CTX_settable_params(ctx);
2560 if (!TEST_ptr(params)
0cb3f4f9
RL		 2561 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2562 OSSL_SIGNATURE_PARAM_DIGEST)))
9c45222d
MC		 2563 goto err;
2564
9c45222d
MC		 2565 params = EVP_PKEY_CTX_gettable_params(ctx);
2566 if (!TEST_ptr(params)
0cb3f4f9
RL		 2567 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2568 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
0cb3f4f9
RL		 2569 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2570 OSSL_SIGNATURE_PARAM_DIGEST)))
9c45222d
MC		 2571 goto err;
2572
2573 /*
2574 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2575 * EVP_PKEY_CTX_get_params()
2576 */
00bc1ad9
RL		 2577 strcpy(mdname, "SHA512");
2578 param_md = param;
2579 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2580 mdname, 0);
9c45222d
MC		 2581 *param++ = OSSL_PARAM_construct_end();
2582
2583 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2584 goto err;
2585
00bc1ad9
RL		 2586 mdname[0] = '\0';
2587 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2588 mdname, sizeof(mdname));
9c45222d 2589 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
00bc1ad9 2590 || !TEST_str_eq(mdname, "SHA512"))
9c45222d
MC		 2591 goto err;
2592
2593 /*
2594 * Test the TEST_PKEY_CTX_set_signature_md() and
2595 * TEST_PKEY_CTX_get_signature_md() functions
2596 */
2597 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2598 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2599 || !TEST_ptr_eq(md, EVP_sha256()))
2600 goto err;
2601
9a071fef
MC		 2602 /*
2603 * Test getting MD parameters via an associated EVP_PKEY_CTX
2604 */
2605 mdctx = EVP_MD_CTX_new();
2606 if (!TEST_ptr(mdctx)
062490db 2607 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
af6171b3 2608 pkey, NULL)))
9a071fef
MC		 2609 goto err;
2610
2611 /*
2612 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2613 * able to obtain the digest's settable parameters from the provider.
2614 */
2615 params = EVP_MD_CTX_settable_params(mdctx);
2616 if (!TEST_ptr(params)
2617 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2618 /* The final key should be NULL */
2619 || !TEST_ptr_null(params[1].key))
2620 goto err;
2621
2622 param = ourparams;
2623 memset(ssl3ms, 0, sizeof(ssl3ms));
2624 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2625 ssl3ms, sizeof(ssl3ms));
2626 *param++ = OSSL_PARAM_construct_end();
2627
2628 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2629 goto err;
2630
9c45222d
MC		 2631 ret = 1;
2632
2633 err:
9a071fef 2634 EVP_MD_CTX_free(mdctx);
9c45222d 2635 EVP_PKEY_CTX_free(ctx);
f54a4101
RL		 2636
2637 return ret;
2638}
2639
2640#ifndef OPENSSL_NO_DSA
2641static int test_DSA_get_set_params(void)
2642{
6ed4022c
RL		 2643 OSSL_PARAM_BLD *bld = NULL;
2644 OSSL_PARAM *params = NULL;
f54a4101 2645 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
6ed4022c 2646 EVP_PKEY_CTX *pctx = NULL;
f54a4101
RL		 2647 EVP_PKEY *pkey = NULL;
2648 int ret = 0;
2649
2650 /*
2651 * Setup the parameters for our DSA object. For our purposes they don't
2652 * have to actually be *valid* parameters. We just need to set something.
2653 */
6ed4022c
RL		 2654 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2655 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2656 || !TEST_ptr(p = BN_new())
2657 || !TEST_ptr(q = BN_new())
2658 || !TEST_ptr(g = BN_new())
2659 || !TEST_ptr(pub = BN_new())
2660 || !TEST_ptr(priv = BN_new()))
2661 goto err;
2662 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2663 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2664 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2665 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2666 pub))
2667 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2668 priv)))
2669 goto err;
2670 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
f54a4101 2671 goto err;
f54a4101 2672
2db985b7
SL		 2673 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2674 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2675 params), 0))
f54a4101
RL		 2676 goto err;
2677
6ed4022c
RL		 2678 if (!TEST_ptr(pkey))
2679 goto err;
f54a4101
RL		 2680
2681 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2682
2683 err:
9c45222d 2684 EVP_PKEY_free(pkey);
6ed4022c 2685 EVP_PKEY_CTX_free(pctx);
3f883c7c 2686 OSSL_PARAM_free(params);
6ed4022c 2687 OSSL_PARAM_BLD_free(bld);
9c45222d
MC		 2688 BN_free(p);
2689 BN_free(q);
2690 BN_free(g);
cd32a0f5
RL		 2691 BN_free(pub);
2692 BN_free(priv);
9c45222d
MC		 2693
2694 return ret;
2695}
2c04b341
JS		 2696
2697/*
8a9394c1 2698 * Test combinations of private, public, missing and private + public key
2c04b341
JS		 2699 * params to ensure they are all accepted
2700 */
2701static int test_DSA_priv_pub(void)
2702{
2703 return test_EVP_PKEY_ffc_priv_pub("DSA");
2704}
2705
2706#endif /* !OPENSSL_NO_DSA */
9c45222d 2707
f54a4101
RL		 2708static int test_RSA_get_set_params(void)
2709{
d7e498ac
RL		 2710 OSSL_PARAM_BLD *bld = NULL;
2711 OSSL_PARAM *params = NULL;
f54a4101 2712 BIGNUM *n = NULL, *e = NULL, *d = NULL;
d7e498ac 2713 EVP_PKEY_CTX *pctx = NULL;
f54a4101
RL		 2714 EVP_PKEY *pkey = NULL;
2715 int ret = 0;
2716
2717 /*
2718 * Setup the parameters for our RSA object. For our purposes they don't
2719 * have to actually be *valid* parameters. We just need to set something.
2720 */
d7e498ac
RL		 2721 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2722 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2723 || !TEST_ptr(n = BN_new())
2724 || !TEST_ptr(e = BN_new())
2725 || !TEST_ptr(d = BN_new()))
2726 goto err;
2727 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2728 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2729 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2730 goto err;
2731 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
f54a4101 2732 goto err;
f54a4101 2733
2db985b7
SL		 2734 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2735 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2736 params), 0))
f54a4101
RL		 2737 goto err;
2738
d7e498ac
RL		 2739 if (!TEST_ptr(pkey))
2740 goto err;
f54a4101
RL		 2741
2742 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2743
2744 err:
2745 EVP_PKEY_free(pkey);
d7e498ac 2746 EVP_PKEY_CTX_free(pctx);
3f883c7c 2747 OSSL_PARAM_free(params);
d7e498ac 2748 OSSL_PARAM_BLD_free(bld);
f54a4101
RL		 2749 BN_free(n);
2750 BN_free(e);
2751 BN_free(d);
2752
2753 return ret;
2754}
2755
e5a7536e
JM		 2756static int test_RSA_OAEP_set_get_params(void)
2757{
2758 int ret = 0;
2759 EVP_PKEY *key = NULL;
2760 EVP_PKEY_CTX *key_ctx = NULL;
2761
2762 if (nullprov != NULL)
2763 return TEST_skip("Test does not support a non-default library context");
2764
2765 if (!TEST_ptr(key = load_example_rsa_key())
2766 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(0, key, 0)))
2767 goto err;
2768
2769 {
2770 int padding = RSA_PKCS1_OAEP_PADDING;
2771 OSSL_PARAM params[4];
2772
2773 params[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE, &padding);
2774 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
2775 OSSL_DIGEST_NAME_SHA2_256, 0);
2776 params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
2777 OSSL_DIGEST_NAME_SHA1, 0);
2778 params[3] = OSSL_PARAM_construct_end();
2779
2780 if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params),0))
2781 goto err;
2782 }
2783 {
2784 OSSL_PARAM params[3];
2785 char oaepmd[30] = { '\0' };
2786 char mgf1md[30] = { '\0' };
2787
2788 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
2789 oaepmd, sizeof(oaepmd));
2790 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
2791 mgf1md, sizeof(mgf1md));
2792 params[2] = OSSL_PARAM_construct_end();
2793
2794 if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx, params)))
2795 goto err;
2796
2797 if (!TEST_str_eq(oaepmd, OSSL_DIGEST_NAME_SHA2_256)
2798 || !TEST_str_eq(mgf1md, OSSL_DIGEST_NAME_SHA1))
2799 goto err;
2800 }
2801
2802 ret = 1;
2803
2804 err:
2805 EVP_PKEY_free(key);
2806 EVP_PKEY_CTX_free(key_ctx);
2807
2808 return ret;
2809}
2810
b4be6937
MC		 2811#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2812static int test_decrypt_null_chunks(void)
2813{
2814 EVP_CIPHER_CTX* ctx = NULL;
062490db 2815 EVP_CIPHER *cipher = NULL;
b4be6937
MC		 2816 const unsigned char key[32] = {
2817 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2818 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2819 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2820 };
2821 unsigned char iv[12] = {
2822 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2823 };
2824 unsigned char msg[] = "It was the best of times, it was the worst of times";
2825 unsigned char ciphertext[80];
2826 unsigned char plaintext[80];
2827 /* We initialise tmp to a non zero value on purpose */
2828 int ctlen, ptlen, tmp = 99;
2829 int ret = 0;
2830 const int enc_offset = 10, dec_offset = 20;
2831
062490db
JS		 2832 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2833 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2834 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
b4be6937
MC		 2835 key, iv))
2836 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2837 enc_offset))
2838 /* Deliberate add a zero length update */
2839 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2840 0))
2841 || !TEST_int_eq(tmp, 0)
2842 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2843 msg + enc_offset,
2844 sizeof(msg) - enc_offset))
2845 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2846 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2847 || !TEST_int_eq(tmp, 0))
2848 goto err;
2849
2850 /* Deliberately initialise tmp to a non zero value */
2851 tmp = 99;
062490db 2852 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
b4be6937
MC		 2853 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2854 dec_offset))
2855 /*
2856 * Deliberately add a zero length update. We also deliberately do
2857 * this at a different offset than for encryption.
2858 */
2859 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2860 0))
2861 || !TEST_int_eq(tmp, 0)
2862 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2863 ciphertext + dec_offset,
2864 ctlen - dec_offset))
2865 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2866 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2867 || !TEST_int_eq(tmp, 0)
2868 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2869 goto err;
2870
2871 ret = 1;
2872 err:
2873 EVP_CIPHER_CTX_free(ctx);
062490db 2874 EVP_CIPHER_free(cipher);
b4be6937
MC		 2875 return ret;
2876}
2877#endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2878
2c04b341
JS		 2879#ifndef OPENSSL_NO_DH
2880/*
8a9394c1 2881 * Test combinations of private, public, missing and private + public key
2c04b341
JS		 2882 * params to ensure they are all accepted
2883 */
2884static int test_DH_priv_pub(void)
2885{
2886 return test_EVP_PKEY_ffc_priv_pub("DH");
2887}
2888
2889# ifndef OPENSSL_NO_DEPRECATED_3_0
e295de1d
MC		 2890static int test_EVP_PKEY_set1_DH(void)
2891{
ca2bf555
SL		 2892 DH *x942dh = NULL, *noqdh = NULL;
2893 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
e295de1d 2894 int ret = 0;
ca2bf555 2895 BIGNUM *p, *g = NULL;
0ec73843
TM		 2896 BIGNUM *pubkey = NULL;
2897 unsigned char pub[2048 / 8];
2898 size_t len = 0;
ca2bf555
SL		 2899
2900 if (!TEST_ptr(p = BN_new())
2901 || !TEST_ptr(g = BN_new())
0ec73843
TM		 2902 || !TEST_ptr(pubkey = BN_new())
2903 || !TEST_true(BN_set_word(p, 9999))
2904 || !TEST_true(BN_set_word(g, 2))
2905 || !TEST_true(BN_set_word(pubkey, 4321))
ca2bf555 2906 || !TEST_ptr(noqdh = DH_new())
0ec73843
TM		 2907 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
2908 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
2909 || !TEST_ptr(pubkey = BN_new())
2910 || !TEST_true(BN_set_word(pubkey, 4321)))
ca2bf555
SL		 2911 goto err;
2912 p = g = NULL;
e295de1d
MC		 2913
2914 x942dh = DH_get_2048_256();
e295de1d
MC		 2915 pkey1 = EVP_PKEY_new();
2916 pkey2 = EVP_PKEY_new();
2917 if (!TEST_ptr(x942dh)
ca2bf555 2918 || !TEST_ptr(noqdh)
e295de1d 2919 || !TEST_ptr(pkey1)
0ec73843
TM		 2920 || !TEST_ptr(pkey2)
2921 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
e295de1d 2922 goto err;
0ec73843 2923 pubkey = NULL;
e295de1d 2924
0ec73843 2925 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
ed576acd 2926 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
e295de1d
MC		 2927 goto err;
2928
0ec73843
TM		 2929 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
2930 &pubkey))
2931 || !TEST_ptr(pubkey))
2932 goto err;
2933
2934 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
ed576acd 2935 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
e295de1d
MC		 2936 goto err;
2937
0ec73843
TM		 2938 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
2939 OSSL_PKEY_PARAM_PUB_KEY,
2940 pub, sizeof(pub), &len))
2941 || !TEST_size_t_ne(len, 0))
2942 goto err;
2943
e295de1d
MC		 2944 ret = 1;
2945 err:
ca2bf555
SL		 2946 BN_free(p);
2947 BN_free(g);
0ec73843 2948 BN_free(pubkey);
e295de1d
MC		 2949 EVP_PKEY_free(pkey1);
2950 EVP_PKEY_free(pkey2);
2951 DH_free(x942dh);
ca2bf555 2952 DH_free(noqdh);
e295de1d
MC		 2953
2954 return ret;
2955}
2c04b341
JS		 2956# endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2957#endif /* !OPENSSL_NO_DH */
e295de1d 2958
8a5cb596
RL		 2959/*
2960 * We test what happens with an empty template. For the sake of this test,
2961 * the template must be ignored, and we know that's the case for RSA keys
2962 * (this might arguably be a misfeature, but that's what we currently do,
2963 * even in provider code, since that's how the legacy RSA implementation
2964 * does things)
2965 */
2966static int test_keygen_with_empty_template(int n)
2967{
2968 EVP_PKEY_CTX *ctx = NULL;
2969 EVP_PKEY *pkey = NULL;
2970 EVP_PKEY *tkey = NULL;
2971 int ret = 0;
2972
062490db
JS		 2973 if (nullprov != NULL)
2974 return TEST_skip("Test does not support a non-default library context");
2975
8a5cb596
RL		 2976 switch (n) {
2977 case 0:
2978 /* We do test with no template at all as well */
2979 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2980 goto err;
2981 break;
2982 case 1:
2983 /* Here we create an empty RSA key that serves as our template */
2984 if (!TEST_ptr(tkey = EVP_PKEY_new())
2985 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2986 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2987 goto err;
2988 break;
2989 }
2990
2991 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2992 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2993 goto err;
2994
2995 ret = 1;
2996 err:
2997 EVP_PKEY_CTX_free(ctx);
2998 EVP_PKEY_free(pkey);
2999 EVP_PKEY_free(tkey);
3000 return ret;
3001}
3002
5ddec6a7
MC		 3003/*
3004 * Test that we fail if we attempt to use an algorithm that is not available
08497fc6
RL		 3005 * in the current library context (unless we are using an algorithm that
3006 * should be made available via legacy codepaths).
3007 *
3008 * 0: RSA
3009 * 1: SM2
5ddec6a7
MC		 3010 */
3011static int test_pkey_ctx_fail_without_provider(int tst)
3012{
b4250010 3013 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
062490db 3014 OSSL_PROVIDER *tmpnullprov = NULL;
5ddec6a7 3015 EVP_PKEY_CTX *pctx = NULL;
08497fc6
RL		 3016 const char *keytype = NULL;
3017 int expect_null = 0;
5ddec6a7
MC		 3018 int ret = 0;
3019
3020 if (!TEST_ptr(tmpctx))
3021 goto err;
3022
062490db
JS		 3023 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
3024 if (!TEST_ptr(tmpnullprov))
5ddec6a7
MC		 3025 goto err;
3026
5ddec6a7 3027 /*
08497fc6 3028 * We check for certain algos in the null provider.
e304aa87 3029 * If an algo is expected to have a provider keymgmt, constructing an
08497fc6 3030 * EVP_PKEY_CTX is expected to fail (return NULL).
e304aa87 3031 * Otherwise, if it's expected to have legacy support, constructing an
08497fc6 3032 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
5ddec6a7 3033 */
08497fc6
RL		 3034 switch (tst) {
3035 case 0:
3036 keytype = "RSA";
3037 expect_null = 1;
3038 break;
3039 case 1:
3040 keytype = "SM2";
d0b79f86 3041 expect_null = 1;
08497fc6
RL		 3042#ifdef OPENSSL_NO_EC
3043 TEST_info("EC disable, skipping SM2 check...");
3044 goto end;
3045#endif
3046#ifdef OPENSSL_NO_SM2
3047 TEST_info("SM2 disable, skipping SM2 check...");
3048 goto end;
3049#endif
3050 break;
3051 default:
3052 TEST_error("No test for case %d", tst);
3053 goto err;
3054 }
3055
3056 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
3057 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
5ddec6a7
MC		 3058 goto err;
3059
08497fc6
RL		 3060#if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
3061 end:
3062#endif
5ddec6a7
MC		 3063 ret = 1;
3064
3065 err:
3066 EVP_PKEY_CTX_free(pctx);
062490db 3067 OSSL_PROVIDER_unload(tmpnullprov);
b4250010 3068 OSSL_LIB_CTX_free(tmpctx);
5ddec6a7
MC		 3069 return ret;
3070}
3071
1c19ff3c
P		 3072static int test_rand_agglomeration(void)
3073{
3074 EVP_RAND *rand;
3075 EVP_RAND_CTX *ctx;
3076 OSSL_PARAM params[3], *p = params;
3077 int res;
3078 unsigned int step = 7;
3079 static unsigned char seed[] = "It does not matter how slowly you go "
3080 "as long as you do not stop.";
3081 unsigned char out[sizeof(seed)];
3082
3083 if (!TEST_int_ne(sizeof(seed) % step, 0)
062490db 3084 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
1c19ff3c
P		 3085 return 0;
3086 ctx = EVP_RAND_CTX_new(rand, NULL);
3087 EVP_RAND_free(rand);
3088 if (!TEST_ptr(ctx))
3089 return 0;
3090
3091 memset(out, 0, sizeof(out));
3092 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
3093 seed, sizeof(seed));
0d4460d2 3094 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
1c19ff3c 3095 *p = OSSL_PARAM_construct_end();
e494fac7 3096 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
1c19ff3c
P		 3097 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
3098 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
3099 EVP_RAND_CTX_free(ctx);
3100 return res;
3101}
3102
440b852a
BK		 3103/*
3104 * Test that we correctly return the original or "running" IV after
3105 * an encryption operation.
3106 * Run multiple times for some different relevant algorithms/modes.
3107 */
a4afa6c1 3108static int test_evp_iv_aes(int idx)
440b852a
BK		 3109{
3110 int ret = 0;
3111 EVP_CIPHER_CTX *ctx = NULL;
3112 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
3113 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
3114 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
3115 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
3116 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
3117 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3118 9, 10, 11, 12, 13, 14, 15, 16 };
3119 unsigned char ciphertext[32], oiv[16], iv[16];
3120 unsigned char *ref_iv;
3121 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
3122 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
3123
3124 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
3125 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
4ec4b063
TM		 3126 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
3127 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
440b852a
BK		 3128 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3129 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3130 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
3131#ifndef OPENSSL_NO_OCB
3132 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3133 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3134#endif
3135 int len = sizeof(ciphertext);
3136 size_t ivlen, ref_len;
3137 const EVP_CIPHER *type = NULL;
4ec4b063 3138 int iv_reset = 0;
440b852a 3139
4ec4b063 3140 if (nullprov != NULL && idx < 6)
062490db
JS		 3141 return TEST_skip("Test does not support a non-default library context");
3142
1287dabd 3143 switch (idx) {
440b852a
BK		 3144 case 0:
3145 type = EVP_aes_128_cbc();
3146 /* FALLTHROUGH */
4ec4b063 3147 case 6:
440b852a 3148 type = (type != NULL) ? type :
062490db 3149 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
440b852a
BK		 3150 ref_iv = cbc_state;
3151 ref_len = sizeof(cbc_state);
4ec4b063 3152 iv_reset = 1;
440b852a
BK		 3153 break;
3154 case 1:
3155 type = EVP_aes_128_ofb();
3156 /* FALLTHROUGH */
4ec4b063 3157 case 7:
440b852a 3158 type = (type != NULL) ? type :
062490db 3159 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
440b852a
BK		 3160 ref_iv = ofb_state;
3161 ref_len = sizeof(ofb_state);
4ec4b063 3162 iv_reset = 1;
440b852a
BK		 3163 break;
3164 case 2:
4ec4b063
TM		 3165 type = EVP_aes_128_cfb();
3166 /* FALLTHROUGH */
3167 case 8:
3168 type = (type != NULL) ? type :
3169 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
3170 ref_iv = cfb_state;
3171 ref_len = sizeof(cfb_state);
3172 iv_reset = 1;
3173 break;
3174 case 3:
440b852a
BK		 3175 type = EVP_aes_128_gcm();
3176 /* FALLTHROUGH */
4ec4b063 3177 case 9:
440b852a 3178 type = (type != NULL) ? type :
062490db 3179 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
440b852a
BK		 3180 ref_iv = gcm_state;
3181 ref_len = sizeof(gcm_state);
3182 break;
4ec4b063 3183 case 4:
440b852a
BK		 3184 type = EVP_aes_128_ccm();
3185 /* FALLTHROUGH */
4ec4b063 3186 case 10:
440b852a 3187 type = (type != NULL) ? type :
062490db 3188 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
440b852a
BK		 3189 ref_iv = ccm_state;
3190 ref_len = sizeof(ccm_state);
3191 break;
3192#ifdef OPENSSL_NO_OCB
4ec4b063
TM		 3193 case 5:
3194 case 11:
440b852a
BK		 3195 return 1;
3196#else
4ec4b063 3197 case 5:
440b852a
BK		 3198 type = EVP_aes_128_ocb();
3199 /* FALLTHROUGH */
4ec4b063 3200 case 11:
440b852a 3201 type = (type != NULL) ? type :
062490db 3202 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
440b852a
BK		 3203 ref_iv = ocb_state;
3204 ref_len = sizeof(ocb_state);
3205 break;
3206#endif
3207 default:
3208 return 0;
3209 }
3210
3211 if (!TEST_ptr(type)
3212 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3213 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3214 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3215 (int)sizeof(msg)))
0d83b7b9
TM		 3216 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3217 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
440b852a
BK		 3218 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3219 goto err;
ed576acd 3220 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
440b852a
BK		 3221 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3222 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3223 goto err;
3224
4ec4b063
TM		 3225 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3226 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3227 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3228 goto err;
3229 if (iv_reset) {
3230 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3231 goto err;
3232 } else {
3233 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
3234 goto err;
3235 }
3236
440b852a
BK		 3237 ret = 1;
3238err:
3239 EVP_CIPHER_CTX_free(ctx);
4ec4b063 3240 if (idx >= 6)
440b852a
BK		 3241 EVP_CIPHER_free((EVP_CIPHER *)type);
3242 return ret;
3243}
3244
a4afa6c1
TM		 3245#ifndef OPENSSL_NO_DES
3246static int test_evp_iv_des(int idx)
3247{
3248 int ret = 0;
3249 EVP_CIPHER_CTX *ctx = NULL;
3250 static const unsigned char key[24] = {
3251 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3252 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3253 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3254 };
3255 static const unsigned char init_iv[8] = {
3256 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3257 };
3258 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3259 9, 10, 11, 12, 13, 14, 15, 16 };
3260 unsigned char ciphertext[32], oiv[8], iv[8];
3261 unsigned const char *ref_iv;
3262 static const unsigned char cbc_state_des[8] = {
3263 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3264 };
3265 static const unsigned char cbc_state_3des[8] = {
3266 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3267 };
3268 static const unsigned char ofb_state_des[8] = {
3269 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3270 };
3271 static const unsigned char ofb_state_3des[8] = {
3272 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3273 };
3274 static const unsigned char cfb_state_des[8] = {
3275 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3276 };
3277 static const unsigned char cfb_state_3des[8] = {
3278 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3279 };
3280 int len = sizeof(ciphertext);
3281 size_t ivlen, ref_len;
3282 EVP_CIPHER *type = NULL;
3283
3284 if (lgcyprov == NULL && idx < 3)
3285 return TEST_skip("Test requires legacy provider to be loaded");
3286
1287dabd 3287 switch (idx) {
a4afa6c1
TM		 3288 case 0:
3289 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
3290 ref_iv = cbc_state_des;
3291 ref_len = sizeof(cbc_state_des);
3292 break;
3293 case 1:
3294 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
3295 ref_iv = ofb_state_des;
3296 ref_len = sizeof(ofb_state_des);
3297 break;
3298 case 2:
3299 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
3300 ref_iv = cfb_state_des;
3301 ref_len = sizeof(cfb_state_des);
3302 break;
3303 case 3:
3304 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
3305 ref_iv = cbc_state_3des;
3306 ref_len = sizeof(cbc_state_3des);
3307 break;
3308 case 4:
3309 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
3310 ref_iv = ofb_state_3des;
3311 ref_len = sizeof(ofb_state_3des);
3312 break;
3313 case 5:
3314 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
3315 ref_iv = cfb_state_3des;
3316 ref_len = sizeof(cfb_state_3des);
3317 break;
3318 default:
3319 return 0;
3320 }
3321
3322 if (!TEST_ptr(type)
3323 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3324 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3325 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3326 (int)sizeof(msg)))
3327 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3328 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3329 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3330 goto err;
ed576acd 3331 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
a4afa6c1
TM		 3332 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3333 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3334 goto err;
3335
3336 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3337 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3338 goto err;
3339 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3340 goto err;
3341
3342 ret = 1;
3343err:
3344 EVP_CIPHER_CTX_free(ctx);
3345 EVP_CIPHER_free(type);
3346 return ret;
3347}
3348#endif
3349
091e60c4
TM		 3350#ifndef OPENSSL_NO_BF
3351static int test_evp_bf_default_keylen(int idx)
3352{
3353 int ret = 0;
3354 static const char *algos[4] = {
3355 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb"
3356 };
3357 int ivlen[4] = { 0, 8, 8, 8 };
3358 EVP_CIPHER *cipher = NULL;
3359
3360 if (lgcyprov == NULL)
3361 return TEST_skip("Test requires legacy provider to be loaded");
3362
3363 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq))
3364 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16)
3365 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx]))
3366 goto err;
3367
3368 ret = 1;
3369err:
3370 EVP_CIPHER_free(cipher);
3371 return ret;
3372}
3373#endif
3374
c0ff1932 3375#ifndef OPENSSL_NO_EC
da671c41
P		 3376static int ecpub_nids[] = {
3377 NID_brainpoolP256r1, NID_X9_62_prime256v1,
3378 NID_secp384r1, NID_secp521r1,
3379# ifndef OPENSSL_NO_EC2M
3380 NID_sect233k1, NID_sect233r1, NID_sect283r1,
c0ff1932 3381 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
da671c41
P		 3382# endif
3383 NID_brainpoolP384r1, NID_brainpoolP512r1
3384};
c0ff1932
BK		 3385
3386static int test_ecpub(int idx)
3387{
ad7cb0bf 3388 int ret = 0, len, savelen;
c0ff1932
BK		 3389 int nid;
3390 unsigned char buf[1024];
3391 unsigned char *p;
3392 EVP_PKEY *pkey = NULL;
3393 EVP_PKEY_CTX *ctx = NULL;
3d364726
BK		 3394# ifndef OPENSSL_NO_DEPRECATED_3_0
3395 const unsigned char *q;
3396 EVP_PKEY *pkey2 = NULL;
3397 EC_KEY *ec = NULL;
3398# endif
c0ff1932 3399
062490db
JS		 3400 if (nullprov != NULL)
3401 return TEST_skip("Test does not support a non-default library context");
3402
c0ff1932
BK		 3403 nid = ecpub_nids[idx];
3404
3405 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
3406 if (!TEST_ptr(ctx)
bf4ceede 3407 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2cba2e16 3408 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0)
c0ff1932
BK		 3409 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
3410 goto done;
3411 len = i2d_PublicKey(pkey, NULL);
ad7cb0bf 3412 savelen = len;
c0ff1932
BK		 3413 if (!TEST_int_ge(len, 1)
3414 || !TEST_int_lt(len, 1024))
3415 goto done;
3416 p = buf;
3417 len = i2d_PublicKey(pkey, &p);
ad7cb0bf
BK		 3418 if (!TEST_int_ge(len, 1)
3419 || !TEST_int_eq(len, savelen))
c0ff1932
BK		 3420 goto done;
3421
3d364726
BK		 3422# ifndef OPENSSL_NO_DEPRECATED_3_0
3423 /* Now try to decode the just-created DER. */
3424 q = buf;
3425 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
3426 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
3427 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
3428 goto done;
3429 /* EC_KEY ownership transferred */
3430 ec = NULL;
3431 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
3432 goto done;
3433 /* The keys should match. */
c85c5e1a 3434 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
3d364726
BK		 3435 goto done;
3436# endif
3437
c0ff1932
BK		 3438 ret = 1;
3439
3440 done:
3441 EVP_PKEY_CTX_free(ctx);
3442 EVP_PKEY_free(pkey);
3d364726
BK		 3443# ifndef OPENSSL_NO_DEPRECATED_3_0
3444 EVP_PKEY_free(pkey2);
3445 EC_KEY_free(ec);
3446# endif
c0ff1932
BK		 3447 return ret;
3448}
3449#endif
3450
e947a064
DB		 3451static int test_EVP_rsa_pss_with_keygen_bits(void)
3452{
062490db
JS		 3453 int ret = 0;
3454 EVP_PKEY_CTX *ctx = NULL;
3455 EVP_PKEY *pkey = NULL;
3456 EVP_MD *md;
e947a064 3457
062490db
JS		 3458 md = EVP_MD_fetch(testctx, "sha256", testpropq);
3459 ret = TEST_ptr(md)
2cba2e16 3460 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq)))
bf4ceede 3461 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
e947a064 3462 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
2cba2e16 3463 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0)
e947a064
DB		 3464 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
3465
062490db 3466 EVP_MD_free(md);
e947a064
DB		 3467 EVP_PKEY_free(pkey);
3468 EVP_PKEY_CTX_free(ctx);
e947a064
DB		 3469 return ret;
3470}
3471
6f87463b
TC		 3472static int test_EVP_rsa_pss_set_saltlen(void)
3473{
3474 int ret = 0;
3475 EVP_PKEY *pkey = NULL;
3476 EVP_PKEY_CTX *pkey_ctx = NULL;
3477 EVP_MD *sha256 = NULL;
3478 EVP_MD_CTX *sha256_ctx = NULL;
3479 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
3480 const int test_value = 32;
3481
3482 ret = TEST_ptr(pkey = load_example_rsa_key())
3483 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
3484 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
3485 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
3486 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
7263a7fc
PH		 3487 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0)
3488 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0)
6f87463b
TC		 3489 && TEST_int_eq(saltlen, test_value);
3490
3491 EVP_MD_CTX_free(sha256_ctx);
3492 EVP_PKEY_free(pkey);
3493 EVP_MD_free(sha256);
3494
3495 return ret;
3496}
3497
5eb73cfb
MC		 3498static int success = 1;
3499static void md_names(const char *name, void *vctx)
3500{
3501 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
3502 /* Force a namemap update */
3503 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
3504
3505 if (!TEST_ptr(aes128))
3506 success = 0;
3507
3508 EVP_CIPHER_free(aes128);
3509}
3510
3511/*
3512 * Test that changing the namemap in a user callback works in a names_do_all
3513 * function.
3514 */
3515static int test_names_do_all(void)
3516{
3517 /* We use a custom libctx so that we know the state of the namemap */
3518 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
3519 EVP_MD *sha256 = NULL;
3520 int testresult = 0;
3521
3522 if (!TEST_ptr(ctx))
3523 goto err;
3524
3525 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
3526 if (!TEST_ptr(sha256))
3527 goto err;
3528
3529 /*
3530 * We loop through all the names for a given digest. This should still work
3531 * even if the namemap changes part way through.
3532 */
3533 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
3534 goto err;
3535
3536 if (!TEST_true(success))
3537 goto err;
3538
3539 testresult = 1;
3540 err:
3541 EVP_MD_free(sha256);
3542 OSSL_LIB_CTX_free(ctx);
3543 return testresult;
3544}
e947a064 3545
063e0197
JC		 3546typedef struct {
3547 const char *cipher;
3548 const unsigned char *key;
3549 const unsigned char *iv;
3550 const unsigned char *input;
3551 const unsigned char *expected;
3552 const unsigned char *tag;
3553 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3554 size_t inlen;
3555 size_t expectedlen;
3556 size_t taglen;
3557 int keyfirst;
3558 int initenc;
3559 int finalenc;
3560} EVP_INIT_TEST_st;
3561
3562static const EVP_INIT_TEST_st evp_init_tests[] = {
3563 {
3564 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3565 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3566 0, 1, 0, 1
3567 },
3568 {
3569 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3570 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3571 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3572 sizeof(gcmDefaultTag), 1, 0, 1
3573 },
3574 {
3575 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3576 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3577 0, 0, 0, 1
3578 },
3579 {
3580 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3581 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3582 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3583 sizeof(gcmDefaultTag), 0, 0, 1
3584 },
3585 {
3586 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3587 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3588 0, 1, 1, 0
3589 },
3590 {
3591 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3592 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3593 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3594 sizeof(gcmDefaultTag), 1, 1, 0
3595 },
3596 {
3597 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3598 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3599 0, 0, 1, 0
3600 },
3601 {
3602 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3603 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3604 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3605 sizeof(gcmDefaultTag), 0, 1, 0
3606 }
3607};
3608
3609static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
3610{
3611 int res = 0;
1287dabd 3612
063e0197 3613 if (t->ivlen != 0) {
d649c51a 3614 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0))
063e0197
JC		 3615 goto err;
3616 }
3617 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
3618 goto err;
3619 res = 1;
3620 err:
3621 return res;
3622}
3623
3624/*
3625 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3626 * arguments are given one at a time and a final adjustment to the enc
3627 * parameter sets the correct operation.
3628 */
3629static int test_evp_init_seq(int idx)
3630{
3631 int outlen1, outlen2;
3632 int testresult = 0;
3633 unsigned char outbuf[1024];
3634 unsigned char tag[16];
3635 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
3636 EVP_CIPHER_CTX *ctx = NULL;
3637 EVP_CIPHER *type = NULL;
3638 size_t taglen = sizeof(tag);
3639 char *errmsg = NULL;
3640
3641 ctx = EVP_CIPHER_CTX_new();
3642 if (ctx == NULL) {
3643 errmsg = "CTX_ALLOC";
3644 goto err;
3645 }
3646 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
3647 errmsg = "CIPHER_FETCH";
3648 goto err;
3649 }
3650 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
3651 errmsg = "EMPTY_ENC_INIT";
3652 goto err;
3653 }
3654 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3655 errmsg = "PADDING";
3656 goto err;
3657 }
3658 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3659 errmsg = "KEY_INIT (before iv)";
3660 goto err;
3661 }
3662 if (!evp_init_seq_set_iv(ctx, t)) {
3663 errmsg = "IV_INIT";
3664 goto err;
3665 }
3666 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3667 errmsg = "KEY_INIT (after iv)";
3668 goto err;
3669 }
3670 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
3671 errmsg = "FINAL_ENC_INIT";
3672 goto err;
3673 }
3674 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3675 errmsg = "CIPHER_UPDATE";
3676 goto err;
3677 }
3678 if (t->finalenc == 0 && t->tag != NULL) {
3679 /* Set expected tag */
d649c51a
PH		 3680 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
3681 t->taglen, (void *)t->tag), 0)) {
063e0197
JC		 3682 errmsg = "SET_TAG";
3683 goto err;
3684 }
3685 }
3686 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3687 errmsg = "CIPHER_FINAL";
3688 goto err;
3689 }
3690 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3691 errmsg = "WRONG_RESULT";
3692 goto err;
3693 }
3694 if (t->finalenc != 0 && t->tag != NULL) {
d649c51a 3695 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
063e0197
JC		 3696 errmsg = "GET_TAG";
3697 goto err;
3698 }
3699 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
3700 errmsg = "TAG_ERROR";
3701 goto err;
3702 }
3703 }
3704 testresult = 1;
3705 err:
3706 if (errmsg != NULL)
3707 TEST_info("evp_init_test %d: %s", idx, errmsg);
3708 EVP_CIPHER_CTX_free(ctx);
3709 EVP_CIPHER_free(type);
3710 return testresult;
3711}
3712
3713typedef struct {
3714 const unsigned char *input;
3715 const unsigned char *expected;
3716 size_t inlen;
3717 size_t expectedlen;
3718 int enc;
3719} EVP_RESET_TEST_st;
3720
3721static const EVP_RESET_TEST_st evp_reset_tests[] = {
3722 {
3723 cfbPlaintext, cfbCiphertext,
3724 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
3725 },
3726 {
3727 cfbCiphertext, cfbPlaintext,
3728 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
3729 }
3730};
3731
3732/*
3733 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3734 * been used.
3735 */
3736static int test_evp_reset(int idx)
3737{
3738 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
3739 int outlen1, outlen2;
3740 int testresult = 0;
3741 unsigned char outbuf[1024];
3742 EVP_CIPHER_CTX *ctx = NULL;
3743 EVP_CIPHER *type = NULL;
3744 char *errmsg = NULL;
3745
3746 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3747 errmsg = "CTX_ALLOC";
3748 goto err;
3749 }
3750 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
3751 errmsg = "CIPHER_FETCH";
3752 goto err;
3753 }
3754 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3755 errmsg = "CIPHER_INIT";
3756 goto err;
3757 }
3758 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3759 errmsg = "PADDING";
3760 goto err;
3761 }
3762 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3763 errmsg = "CIPHER_UPDATE";
3764 goto err;
3765 }
3766 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3767 errmsg = "CIPHER_FINAL";
3768 goto err;
3769 }
3770 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3771 errmsg = "WRONG_RESULT";
3772 goto err;
3773 }
3774 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
3775 errmsg = "CIPHER_REINIT";
3776 goto err;
3777 }
3778 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3779 errmsg = "CIPHER_UPDATE (reinit)";
3780 goto err;
3781 }
3782 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3783 errmsg = "CIPHER_FINAL (reinit)";
3784 goto err;
3785 }
3786 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3787 errmsg = "WRONG_RESULT (reinit)";
3788 goto err;
3789 }
3790 testresult = 1;
3791 err:
3792 if (errmsg != NULL)
3793 TEST_info("test_evp_reset %d: %s", idx, errmsg);
3794 EVP_CIPHER_CTX_free(ctx);
3795 EVP_CIPHER_free(type);
3796 return testresult;
3797}
3798
f17e5277
IF		 3799typedef struct {
3800 const char *cipher;
3801 int enc;
3802} EVP_UPDATED_IV_TEST_st;
3803
3804static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
3805 {
3806 "aes-128-cfb", 1
3807 },
3808 {
3809 "aes-128-cfb", 0
3810 },
3811 {
3812 "aes-128-cfb1", 1
3813 },
3814 {
3815 "aes-128-cfb1", 0
3816 },
3817 {
3818 "aes-128-cfb8", 1
3819 },
3820 {
3821 "aes-128-cfb8", 0
3822 },
3823 {
3824 "aes-128-ofb", 1
3825 },
3826 {
3827 "aes-128-ofb", 0
3828 },
3829 {
3830 "aes-128-ctr", 1
3831 },
3832 {
3833 "aes-128-ctr", 0
3834 },
3835 {
3836 "aes-128-cbc", 1
3837 },
3838 {
3839 "aes-128-cbc", 0
3840 }
3841};
3842
3843/*
3844 * Test that the IV in the context is updated during a crypto operation for CFB
3845 * and OFB.
3846 */
3847static int test_evp_updated_iv(int idx)
3848{
3849 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
3850 int outlen1, outlen2;
3851 int testresult = 0;
3852 unsigned char outbuf[1024];
3853 EVP_CIPHER_CTX *ctx = NULL;
3854 EVP_CIPHER *type = NULL;
3855 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
3856 int iv_len;
3857 char *errmsg = NULL;
3858
3859 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3860 errmsg = "CTX_ALLOC";
3861 goto err;
3862 }
3863 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
3864 TEST_info("cipher %s not supported, skipping", t->cipher);
3865 goto ok;
3866 }
3867
3868 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3869 errmsg = "CIPHER_INIT";
3870 goto err;
3871 }
3872 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3873 errmsg = "PADDING";
3874 goto err;
3875 }
3876 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
3877 errmsg = "CIPHER_UPDATE";
3878 goto err;
3879 }
3880 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
3881 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
3882 goto err;
3883 }
3884 if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) {
3885 errmsg = "CIPHER_CTX_GET_IV_LEN";
3886 goto err;
3887 }
3888 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
3889 errmsg = "IV_NOT_UPDATED";
3890 goto err;
3891 }
3892 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3893 errmsg = "CIPHER_FINAL";
3894 goto err;
3895 }
3896 ok:
3897 testresult = 1;
3898 err:
3899 if (errmsg != NULL)
3900 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
3901 EVP_CIPHER_CTX_free(ctx);
3902 EVP_CIPHER_free(type);
3903 return testresult;
3904}
3905
063e0197
JC		 3906typedef struct {
3907 const unsigned char *iv1;
3908 const unsigned char *iv2;
3909 const unsigned char *expected1;
3910 const unsigned char *expected2;
3911 const unsigned char *tag1;
3912 const unsigned char *tag2;
3913 size_t ivlen1;
3914 size_t ivlen2;
3915 size_t expectedlen1;
3916 size_t expectedlen2;
3917} TEST_GCM_IV_REINIT_st;
3918
3919static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
3920 {
3921 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
3922 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
3923 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
3924 },
3925 {
3926 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
3927 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
3928 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
3929 }
3930};
3931
3932static int test_gcm_reinit(int idx)
3933{
3934 int outlen1, outlen2, outlen3;
3935 int testresult = 0;
3936 unsigned char outbuf[1024];
3937 unsigned char tag[16];
3938 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
3939 EVP_CIPHER_CTX *ctx = NULL;
3940 EVP_CIPHER *type = NULL;
3941 size_t taglen = sizeof(tag);
3942 char *errmsg = NULL;
3943
3944 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3945 errmsg = "CTX_ALLOC";
3946 goto err;
3947 }
3948 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
3949 errmsg = "CIPHER_FETCH";
3950 goto err;
3951 }
3952 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
3953 errmsg = "ENC_INIT";
3954 goto err;
3955 }
d649c51a 3956 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) {
063e0197
JC		 3957 errmsg = "SET_IVLEN1";
3958 goto err;
3959 }
3960 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
3961 errmsg = "SET_IV1";
3962 goto err;
3963 }
3964 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3965 errmsg = "AAD1";
3966 goto err;
3967 }
3968 EVP_CIPHER_CTX_set_padding(ctx, 0);
3969 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3970 sizeof(gcmResetPlaintext)))) {
3971 errmsg = "CIPHER_UPDATE1";
3972 goto err;
3973 }
3974 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3975 errmsg = "CIPHER_FINAL1";
3976 goto err;
3977 }
3978 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
3979 errmsg = "WRONG_RESULT1";
3980 goto err;
3981 }
d649c51a 3982 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
063e0197
JC		 3983 errmsg = "GET_TAG1";
3984 goto err;
3985 }
3986 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
3987 errmsg = "TAG_ERROR1";
3988 goto err;
3989 }
3990 /* Now reinit */
d649c51a 3991 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) {
063e0197
JC		 3992 errmsg = "SET_IVLEN2";
3993 goto err;
3994 }
3995 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
3996 errmsg = "SET_IV2";
3997 goto err;
3998 }
3999 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
4000 errmsg = "AAD2";
4001 goto err;
4002 }
4003 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
4004 sizeof(gcmResetPlaintext)))) {
4005 errmsg = "CIPHER_UPDATE2";
4006 goto err;
4007 }
4008 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4009 errmsg = "CIPHER_FINAL2";
4010 goto err;
4011 }
4012 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
4013 errmsg = "WRONG_RESULT2";
4014 goto err;
4015 }
d649c51a 4016 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
063e0197
JC		 4017 errmsg = "GET_TAG2";
4018 goto err;
4019 }
4020 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
4021 errmsg = "TAG_ERROR2";
4022 goto err;
4023 }
4024 testresult = 1;
4025 err:
4026 if (errmsg != NULL)
4027 TEST_info("evp_init_test %d: %s", idx, errmsg);
4028 EVP_CIPHER_CTX_free(ctx);
4029 EVP_CIPHER_free(type);
4030 return testresult;
4031}
4032
a983764e
MC		 4033#ifndef OPENSSL_NO_DEPRECATED_3_0
4034static EVP_PKEY_METHOD *custom_pmeth = NULL;
4035static const EVP_PKEY_METHOD *orig_pmeth = NULL;
4036
4037# define EVP_PKEY_CTRL_MY_COMMAND 9999
4038
4039static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
4040{
4041 int (*pinit)(EVP_PKEY_CTX *ctx);
4042
4043 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
4044 return pinit(ctx);
4045}
4046
4047static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
4048{
4049 void (*pcleanup)(EVP_PKEY_CTX *ctx);
4050
4051 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
4052 pcleanup(ctx);
4053}
4054
4055static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
4056 size_t *outlen, const unsigned char *in,
4057 size_t inlen)
4058{
4059 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
4060 const unsigned char *tbs, size_t tbslen);
4061
4062 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
4063 return psign(ctx, out, outlen, in, inlen);
4064}
4065
4066static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
4067 size_t *siglen, const unsigned char *tbs,
4068 size_t tbslen)
4069{
4070 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
4071 const unsigned char *tbs, size_t tbslen);
4072
c6fcd88f 4073 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
a983764e
MC		 4074 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
4075}
4076
4077static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
4078 size_t *keylen)
4079{
4080 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
4081
4082 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
4083 return pderive(ctx, key, keylen);
4084}
4085
4086static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
4087{
4088 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
4089
4090 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
4091 return pcopy(dst, src);
4092}
4093
4094static int ctrl_called;
4095
4096static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
4097{
4098 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
4099
4100 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
4101
4102 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
4103 ctrl_called = 1;
4104 return 1;
4105 }
4106
4107 return pctrl(ctx, type, p1, p2);
4108}
4109
4110static int test_custom_pmeth(int idx)
4111{
4112 EVP_PKEY_CTX *pctx = NULL;
4113 EVP_MD_CTX *ctx = NULL;
4114 EVP_PKEY *pkey = NULL;
4115 int id, orig_id, orig_flags;
4116 int testresult = 0;
4117 size_t reslen;
4118 unsigned char *res = NULL;
4119 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
4120 const EVP_MD *md = EVP_sha256();
4121 int doderive = 0;
4122
4123 ctrl_called = 0;
4124
4125 /* We call deprecated APIs so this test doesn't support a custom libctx */
4126 if (testctx != NULL)
4127 return 1;
4128
1287dabd 4129 switch (idx) {
a983764e
MC		 4130 case 0:
4131 case 6:
4132 id = EVP_PKEY_RSA;
4133 pkey = load_example_rsa_key();
4134 break;
4135 case 1:
4136 case 7:
4137# ifndef OPENSSL_NO_DSA
4138 id = EVP_PKEY_DSA;
4139 pkey = load_example_dsa_key();
4140 break;
4141# else
4142 return 1;
4143# endif
4144 case 2:
4145 case 8:
4146# ifndef OPENSSL_NO_EC
4147 id = EVP_PKEY_EC;
4148 pkey = load_example_ec_key();
4149 break;
4150# else
4151 return 1;
4152# endif
4153 case 3:
4154 case 9:
4155# ifndef OPENSSL_NO_EC
4156 id = EVP_PKEY_ED25519;
4157 md = NULL;
4158 pkey = load_example_ed25519_key();
4159 break;
4160# else
4161 return 1;
4162# endif
4163 case 4:
4164 case 10:
4165# ifndef OPENSSL_NO_DH
4166 id = EVP_PKEY_DH;
4167 doderive = 1;
4168 pkey = load_example_dh_key();
4169 break;
4170# else
4171 return 1;
4172# endif
4173 case 5:
4174 case 11:
4175# ifndef OPENSSL_NO_EC
4176 id = EVP_PKEY_X25519;
4177 doderive = 1;
4178 pkey = load_example_x25519_key();
4179 break;
4180# else
4181 return 1;
4182# endif
4183 default:
4184 TEST_error("Should not happen");
4185 goto err;
4186 }
4187
4188 if (!TEST_ptr(pkey))
4189 goto err;
4190
4191 if (idx < 6) {
4192 if (!TEST_true(evp_pkey_is_provided(pkey)))
4193 goto err;
4194 } else {
4195 EVP_PKEY *tmp = pkey;
4196
4197 /* Convert to a legacy key */
4198 pkey = EVP_PKEY_new();
4199 if (!TEST_ptr(pkey)) {
4200 pkey = tmp;
4201 goto err;
4202 }
4203 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
4204 EVP_PKEY_free(tmp);
4205 goto err;
4206 }
4207 EVP_PKEY_free(tmp);
4208 if (!TEST_true(evp_pkey_is_legacy(pkey)))
4209 goto err;
4210 }
4211
4212 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
4213 || !TEST_ptr(pkey))
4214 goto err;
4215
4216 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
4217 if (!TEST_int_eq(orig_id, id)
4218 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
4219 goto err;
4220
4221 if (id == EVP_PKEY_ED25519) {
4222 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
4223 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
4224 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
4225 } else {
4226 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
4227 }
4228 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
4229 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
4230 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
4231 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
4232 }
4233 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
4234 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
4235 goto err;
4236
4237 if (doderive) {
4238 pctx = EVP_PKEY_CTX_new(pkey, NULL);
4239 if (!TEST_ptr(pctx)
4240 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
4241 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4242 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4243 1)
4244 || !TEST_int_eq(ctrl_called, 1)
4245 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
4246 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
4247 || !TEST_ptr(res = OPENSSL_malloc(reslen))
4248 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
4249 goto err;
4250 } else {
4251 ctx = EVP_MD_CTX_new();
4252 reslen = EVP_PKEY_size(pkey);
4253 res = OPENSSL_malloc(reslen);
4254 if (!TEST_ptr(ctx)
4255 || !TEST_ptr(res)
4256 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
4257 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4258 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4259 1)
4260 || !TEST_int_eq(ctrl_called, 1))
4261 goto err;
4262
4263 if (id == EVP_PKEY_ED25519) {
4264 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
4265 goto err;
4266 } else {
4267 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
4268 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
4269 goto err;
4270 }
4271 }
4272
4273 testresult = 1;
4274 err:
4275 OPENSSL_free(res);
4276 EVP_MD_CTX_free(ctx);
4277 if (doderive)
4278 EVP_PKEY_CTX_free(pctx);
4279 EVP_PKEY_free(pkey);
4280 EVP_PKEY_meth_remove(custom_pmeth);
4281 EVP_PKEY_meth_free(custom_pmeth);
4282 custom_pmeth = NULL;
4283 return testresult;
4284}
03c2f21b
MC		 4285
4286static int test_evp_md_cipher_meth(void)
4287{
4288 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
4289 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
4290 int testresult = 0;
4291
4292 if (!TEST_ptr(md) || !TEST_ptr(ciph))
4293 goto err;
4294
4295 testresult = 1;
4296
4297 err:
4298 EVP_MD_meth_free(md);
4299 EVP_CIPHER_meth_free(ciph);
4300
4301 return testresult;
4302}
0299094c 4303
fbbe7202
MC		 4304typedef struct {
4305 int data;
4306} custom_dgst_ctx;
4307
4308static int custom_md_init_called = 0;
4309static int custom_md_cleanup_called = 0;
4310
4311static int custom_md_init(EVP_MD_CTX *ctx)
4312{
4313 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4314
4315 if (p == NULL)
4316 return 0;
4317
4318 custom_md_init_called++;
4319 return 1;
4320}
4321
4322static int custom_md_cleanup(EVP_MD_CTX *ctx)
4323{
4324 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4325
4326 if (p == NULL)
4327 /* Nothing to do */
4328 return 1;
4329
4330 custom_md_cleanup_called++;
4331 return 1;
4332}
4333
4334static int test_custom_md_meth(void)
4335{
4336 EVP_MD_CTX *mdctx = NULL;
4337 EVP_MD *tmp = NULL;
4338 char mess[] = "Test Message\n";
4339 unsigned char md_value[EVP_MAX_MD_SIZE];
4340 unsigned int md_len;
4341 int testresult = 0;
4342 int nid;
4343
4344 /*
4345 * We are testing deprecated functions. We don't support a non-default
4346 * library context in this test.
4347 */
4348 if (testctx != NULL)
8c7d847e 4349 return TEST_skip("Non-default libctx");
fbbe7202
MC		 4350
4351 custom_md_init_called = custom_md_cleanup_called = 0;
4352
4353 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
4354 if (!TEST_int_ne(nid, NID_undef))
4355 goto err;
4356 tmp = EVP_MD_meth_new(nid, NID_undef);
4357 if (!TEST_ptr(tmp))
4358 goto err;
4359
4360 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init))
4361 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup))
4362 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp,
4363 sizeof(custom_dgst_ctx))))
4364 goto err;
4365
4366 mdctx = EVP_MD_CTX_new();
4367 if (!TEST_ptr(mdctx)
4368 /*
4369 * Initing our custom md and then initing another md should
4370 * result in the init and cleanup functions of the custom md
8c7d847e 4371 * being called.
fbbe7202
MC		 4372 */
4373 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL))
4374 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
4375 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess)))
4376 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len))
4377 || !TEST_int_eq(custom_md_init_called, 1)
4378 || !TEST_int_eq(custom_md_cleanup_called, 1))
4379 goto err;
4380
4381 testresult = 1;
4382 err:
4383 EVP_MD_CTX_free(mdctx);
4384 EVP_MD_meth_free(tmp);
4385 return testresult;
4386}
4387
8c7d847e
MC		 4388typedef struct {
4389 int data;
4390} custom_ciph_ctx;
4391
4392static int custom_ciph_init_called = 0;
4393static int custom_ciph_cleanup_called = 0;
4394
4395static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
4396 const unsigned char *iv, int enc)
4397{
4398 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
4399
4400 if (p == NULL)
4401 return 0;
4402
4403 custom_ciph_init_called++;
4404 return 1;
4405}
4406
4407static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx)
4408{
4409 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
4410
4411 if (p == NULL)
4412 /* Nothing to do */
4413 return 1;
4414
4415 custom_ciph_cleanup_called++;
4416 return 1;
4417}
4418
4419static int test_custom_ciph_meth(void)
4420{
4421 EVP_CIPHER_CTX *ciphctx = NULL;
4422 EVP_CIPHER *tmp = NULL;
4423 int testresult = 0;
4424 int nid;
4425
4426 /*
4427 * We are testing deprecated functions. We don't support a non-default
4428 * library context in this test.
4429 */
4430 if (testctx != NULL)
4431 return TEST_skip("Non-default libctx");
4432
4433 custom_ciph_init_called = custom_ciph_cleanup_called = 0;
4434
4435 nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph");
4436 if (!TEST_int_ne(nid, NID_undef))
4437 goto err;
4438 tmp = EVP_CIPHER_meth_new(nid, 16, 16);
4439 if (!TEST_ptr(tmp))
4440 goto err;
4441
4442 if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init))
4443 || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT))
4444 || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup))
4445 || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp,
4446 sizeof(custom_ciph_ctx))))
4447 goto err;
4448
4449 ciphctx = EVP_CIPHER_CTX_new();
4450 if (!TEST_ptr(ciphctx)
4451 /*
4452 * Initing our custom cipher and then initing another cipher
4453 * should result in the init and cleanup functions of the custom
4454 * cipher being called.
4455 */
4456 || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1))
4457 || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL,
4458 NULL, NULL, 1))
4459 || !TEST_int_eq(custom_ciph_init_called, 1)
4460 || !TEST_int_eq(custom_ciph_cleanup_called, 1))
4461 goto err;
4462
4463 testresult = 1;
4464 err:
4465 EVP_CIPHER_CTX_free(ciphctx);
4466 EVP_CIPHER_meth_free(tmp);
4467 return testresult;
4468}
4469
0299094c
MC		 4470# ifndef OPENSSL_NO_DYNAMIC_ENGINE
4471/* Test we can create a signature keys with an associated ENGINE */
4472static int test_signatures_with_engine(int tst)
4473{
4474 ENGINE *e;
4475 const char *engine_id = "dasync";
4476 EVP_PKEY *pkey = NULL;
4477 const unsigned char badcmackey[] = { 0x00, 0x01 };
4478 const unsigned char cmackey[] = {
4479 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4480 0x0c, 0x0d, 0x0e, 0x0f
4481 };
4482 const unsigned char ed25519key[] = {
4483 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4484 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4485 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
4486 };
4487 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4488 int testresult = 0;
4489 EVP_MD_CTX *ctx = NULL;
4490 unsigned char *mac = NULL;
4491 size_t maclen = 0;
4492 int ret;
4493
ef2fb64f
MC		 4494# ifdef OPENSSL_NO_CMAC
4495 /* Skip CMAC tests in a no-cmac build */
4496 if (tst <= 1)
4497 return 1;
4498# endif
4499
0299094c
MC		 4500 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4501 return 0;
4502
4503 if (!TEST_true(ENGINE_init(e))) {
4504 ENGINE_free(e);
4505 return 0;
4506 }
4507
4508 switch (tst) {
4509 case 0:
4510 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
4511 EVP_aes_128_cbc());
4512 break;
4513 case 1:
4514 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
4515 EVP_aes_128_cbc());
4516 break;
4517 case 2:
4518 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
4519 sizeof(ed25519key));
4520 break;
4521 default:
4522 TEST_error("Invalid test case");
4523 goto err;
4524 }
4525 if (!TEST_ptr(pkey))
4526 goto err;
4527
4528 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
4529 goto err;
4530
4531 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
4532 pkey);
4533 if (tst == 0) {
4534 if (!TEST_true(ret))
4535 goto err;
4536
4537 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
4538 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
4539 goto err;
4540
4541 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
4542 goto err;
4543
4544 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
4545 goto err;
4546 } else {
4547 /* We used a bad key. We expect a failure here */
4548 if (!TEST_false(ret))
4549 goto err;
4550 }
4551
4552 testresult = 1;
4553 err:
4554 EVP_MD_CTX_free(ctx);
4555 OPENSSL_free(mac);
4556 EVP_PKEY_free(pkey);
4557 ENGINE_finish(e);
4558 ENGINE_free(e);
4559
4560 return testresult;
4561}
4562
4563static int test_cipher_with_engine(void)
4564{
4565 ENGINE *e;
4566 const char *engine_id = "dasync";
4567 const unsigned char keyiv[] = {
4568 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4569 0x0c, 0x0d, 0x0e, 0x0f
4570 };
4571 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4572 int testresult = 0;
4573 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
4574 unsigned char buf[AES_BLOCK_SIZE];
4575 int len = 0;
4576
4577 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4578 return 0;
4579
4580 if (!TEST_true(ENGINE_init(e))) {
4581 ENGINE_free(e);
4582 return 0;
4583 }
4584
4585 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4586 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
4587 goto err;
4588
4589 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
4590 goto err;
4591
4592 /* Copy the ctx, and complete the operation with the new ctx */
4593 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
4594 goto err;
4595
4596 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
4597 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
4598 goto err;
4599
4600 testresult = 1;
4601 err:
4602 EVP_CIPHER_CTX_free(ctx);
4603 EVP_CIPHER_CTX_free(ctx2);
4604 ENGINE_finish(e);
4605 ENGINE_free(e);
4606
4607 return testresult;
4608}
4609# endif /* OPENSSL_NO_DYNAMIC_ENGINE */
03c2f21b 4610#endif /* OPENSSL_NO_DEPRECATED_3_0 */
063e0197 4611
8c08c8b3
MC		 4612static int ecxnids[] = {
4613 NID_X25519,
4614 NID_X448,
4615 NID_ED25519,
4616 NID_ED448
4617};
4618
4619/* Test that creating ECX keys with a short private key fails as expected */
4620static int test_ecx_short_keys(int tst)
4621{
4622 unsigned char ecxkeydata = 1;
4623 EVP_PKEY *pkey;
4624
4625
f5a10d5c
WZ		 4626 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, OBJ_nid2sn(ecxnids[tst]),
4627 NULL, &ecxkeydata, 1);
8c08c8b3
MC		 4628 if (!TEST_ptr_null(pkey)) {
4629 EVP_PKEY_free(pkey);
4630 return 0;
4631 }
f5a10d5c 4632
8c08c8b3
MC		 4633 return 1;
4634}
4635
062490db
JS		 4636typedef enum OPTION_choice {
4637 OPT_ERR = -1,
4638 OPT_EOF = 0,
4639 OPT_CONTEXT,
4640 OPT_TEST_ENUM
4641} OPTION_CHOICE;
4642
4643const OPTIONS *test_get_options(void)
71ea6b48 4644{
062490db
JS		 4645 static const OPTIONS options[] = {
4646 OPT_TEST_OPTIONS_DEFAULT_USAGE,
4647 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
4648 { NULL }
4649 };
4650 return options;
4651}
86dc26ba 4652
f5a10d5c
WZ		 4653#ifndef OPENSSL_NO_EC
4654/* Test that trying to sign with a public key errors out gracefully */
4655static int test_ecx_not_private_key(int tst)
4656{
4657 EVP_PKEY *pkey = NULL;
4658
4659 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4660 int testresult = 0;
4661 EVP_MD_CTX *ctx = NULL;
4662 unsigned char *mac = NULL;
4663 size_t maclen = 0;
4664 unsigned char *pubkey;
4665 size_t pubkeylen;
4666
4667 switch (keys[tst].type) {
4668 case NID_X25519:
4669 case NID_X448:
4670 return TEST_skip("signing not supported for X25519/X448");
4671 }
4672
4673 /* Check if this algorithm supports public keys */
4674 if (keys[tst].pub == NULL)
4675 return TEST_skip("no public key present");
4676
4677 pubkey = (unsigned char *)keys[tst].pub;
4678 pubkeylen = strlen(keys[tst].pub);
4679
4680 pkey = EVP_PKEY_new_raw_public_key_ex(testctx, OBJ_nid2sn(keys[tst].type),
4681 NULL, pubkey, pubkeylen);
4682 if (!TEST_ptr(pkey))
4683 goto err;
4684
4685 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
4686 goto err;
4687
4688 if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey) != 1)
4689 goto check_err;
4690
4691 if (EVP_DigestSign(ctx, NULL, &maclen, msg, sizeof(msg)) != 1)
4692 goto check_err;
4693
4694 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
4695 goto err;
4696
4697 if (!TEST_int_eq(EVP_DigestSign(ctx, mac, &maclen, msg, sizeof(msg)), 0))
4698 goto err;
4699
4700 check_err:
4701 /*
4702 * Currently only EVP_DigestSign will throw PROV_R_NOT_A_PRIVATE_KEY,
4703 * but we relax the check to allow error also thrown by
4704 * EVP_DigestSignInit and EVP_DigestSign.
4705 */
4706 if (ERR_GET_REASON(ERR_peek_error()) == PROV_R_NOT_A_PRIVATE_KEY) {
4707 testresult = 1;
4708 ERR_clear_error();
4709 }
4710
4711 err:
4712 EVP_MD_CTX_free(ctx);
4713 OPENSSL_free(mac);
4714 EVP_PKEY_free(pkey);
4715
4716 return testresult;
4717}
4718#endif /* OPENSSL_NO_EC */
4719
062490db
JS		 4720int setup_tests(void)
4721{
4722 OPTION_CHOICE o;
4723
4724 while ((o = opt_next()) != OPT_EOF) {
4725 switch (o) {
4726 case OPT_CONTEXT:
4727 /* Set up an alternate library context */
4728 testctx = OSSL_LIB_CTX_new();
4729 if (!TEST_ptr(testctx))
4730 return 0;
4731 /* Swap the libctx to test non-default context only */
4732 nullprov = OSSL_PROVIDER_load(NULL, "null");
4733 deflprov = OSSL_PROVIDER_load(testctx, "default");
4734 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
4735 break;
4736 case OPT_TEST_CASES:
4737 break;
4738 default:
4739 return 0;
4740 }
4741 }
86dc26ba 4742
f9e504e8 4743 ADD_TEST(test_EVP_set_default_properties);
816f72d0 4744 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
adcd8e37 4745 ADD_TEST(test_EVP_DigestVerifyInit);
8cbfc4f6
TM		 4746#ifndef OPENSSL_NO_SIPHASH
4747 ADD_TEST(test_siphash_digestsign);
4748#endif
8d8dd09b 4749 ADD_TEST(test_EVP_Digest);
bef9b48e 4750 ADD_TEST(test_EVP_md_null);
15ff7d7c 4751 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
4547a719 4752 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
ad887416 4753 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
29c49b25 4754 ADD_TEST(test_privatekey_to_pkcs8);
8be513ae 4755 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
a9880362 4756#ifndef OPENSSL_NO_EC
adcd8e37 4757 ADD_TEST(test_EVP_PKCS82PKEY);
ddb634fe 4758#endif
f0c62c53
RL		 4759#ifndef OPENSSL_NO_EC
4760 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
4761#endif
919adfcf 4762#if !defined(OPENSSL_NO_SM2)
ddb634fe 4763 ADD_TEST(test_EVP_SM2);
a6c4cb84 4764 ADD_TEST(test_EVP_SM2_verify);
a9880362 4765#endif
bb5f281a 4766 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
41bbba53 4767#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3
PY		 4768 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
4769 if (!TEST_ptr(custom_pmeth))
4770 return 0;
4771 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
b0004708
PY		 4772 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
4773 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
2aee35d3
PY		 4774 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
4775 return 0;
41bbba53 4776#endif
2aee35d3 4777 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
fab8fde3 4778#ifndef OPENSSL_NO_CMAC
a87820e1 4779 ADD_TEST(test_CMAC_keygen);
fab8fde3 4780#endif
10d5b415 4781 ADD_TEST(test_HKDF);
2cd3ebc7 4782 ADD_TEST(test_emptyikm_HKDF);
5dc40a83
BE		 4783#ifndef OPENSSL_NO_EC
4784 ADD_TEST(test_X509_PUBKEY_inplace);
808c63c5 4785 ADD_TEST(test_X509_PUBKEY_dup);
cad8347b
SL		 4786 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
4787 OSSL_NELEM(ec_der_pub_keys));
5dc40a83 4788#endif
8d0f8c81 4789#ifndef OPENSSL_NO_DSA
f54a4101 4790 ADD_TEST(test_DSA_get_set_params);
2c04b341 4791 ADD_TEST(test_DSA_priv_pub);
b4be6937 4792#endif
f54a4101 4793 ADD_TEST(test_RSA_get_set_params);
e5a7536e 4794 ADD_TEST(test_RSA_OAEP_set_get_params);
b4be6937
MC		 4795#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
4796 ADD_TEST(test_decrypt_null_chunks);
8d0f8c81 4797#endif
2c04b341
JS		 4798#ifndef OPENSSL_NO_DH
4799 ADD_TEST(test_DH_priv_pub);
4800# ifndef OPENSSL_NO_DEPRECATED_3_0
e295de1d 4801 ADD_TEST(test_EVP_PKEY_set1_DH);
2c04b341 4802# endif
b8a1272d
MC		 4803#endif
4804#ifndef OPENSSL_NO_EC
4805 ADD_TEST(test_EC_priv_pub);
4806# ifndef OPENSSL_NO_DEPRECATED_3_0
4807 ADD_TEST(test_EC_priv_only_legacy);
4808# endif
501fcfb8 4809#endif
8a5cb596 4810 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
5ddec6a7 4811 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
e295de1d 4812
1c19ff3c 4813 ADD_TEST(test_rand_agglomeration);
a4afa6c1
TM		 4814 ADD_ALL_TESTS(test_evp_iv_aes, 12);
4815#ifndef OPENSSL_NO_DES
4816 ADD_ALL_TESTS(test_evp_iv_des, 6);
091e60c4
TM		 4817#endif
4818#ifndef OPENSSL_NO_BF
4819 ADD_ALL_TESTS(test_evp_bf_default_keylen, 4);
a4afa6c1 4820#endif
e947a064 4821 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
6f87463b 4822 ADD_TEST(test_EVP_rsa_pss_set_saltlen);
c0ff1932
BK		 4823#ifndef OPENSSL_NO_EC
4824 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
4825#endif
1c19ff3c 4826
5eb73cfb
MC		 4827 ADD_TEST(test_names_do_all);
4828
063e0197
JC		 4829 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
4830 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
4831 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
f17e5277 4832 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
063e0197 4833
a983764e
MC		 4834#ifndef OPENSSL_NO_DEPRECATED_3_0
4835 ADD_ALL_TESTS(test_custom_pmeth, 12);
03c2f21b 4836 ADD_TEST(test_evp_md_cipher_meth);
fbbe7202 4837 ADD_TEST(test_custom_md_meth);
8c7d847e 4838 ADD_TEST(test_custom_ciph_meth);
0299094c
MC		 4839
4840# ifndef OPENSSL_NO_DYNAMIC_ENGINE
4841 /* Tests only support the default libctx */
4842 if (testctx == NULL) {
4843# ifndef OPENSSL_NO_EC
4844 ADD_ALL_TESTS(test_signatures_with_engine, 3);
4845# else
4846 ADD_ALL_TESTS(test_signatures_with_engine, 2);
4847# endif
4848 ADD_TEST(test_cipher_with_engine);
4849 }
4850# endif
a983764e
MC		 4851#endif
4852
8c08c8b3
MC		 4853 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
4854
f5a10d5c
WZ		 4855#ifndef OPENSSL_NO_EC
4856 ADD_ALL_TESTS(test_ecx_not_private_key, OSSL_NELEM(keys));
4857#endif
4858
ad887416 4859 return 1;
71ea6b48 4860}
86dc26ba
MC		 4861
4862void cleanup_tests(void)
4863{
062490db
JS		 4864 OSSL_PROVIDER_unload(nullprov);
4865 OSSL_PROVIDER_unload(deflprov);
4866 OSSL_PROVIDER_unload(lgcyprov);
b4250010 4867 OSSL_LIB_CTX_free(testctx);
86dc26ba 4868}
A mirror of the official openssl repository