]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/evp_extra_test.c
projects / thirdparty / openssl.git / blob
? search:


2c604daae99a59b6e05b28aee4e88db08f13f972
[thirdparty/openssl.git] / test / evp_extra_test.c
1 /*
2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
34 #include "testutil.h"
35 #include "internal/nelem.h"
36 #include "internal/sizes.h"
37 #include "crypto/evp.h"
38 #include "../e_os.h" /* strcasecmp */
39
40 static OSSL_LIB_CTX *testctx = NULL;
41 static char *testpropq = NULL;
42
43 static OSSL_PROVIDER *nullprov = NULL;
44 static OSSL_PROVIDER *deflprov = NULL;
45 static OSSL_PROVIDER *lgcyprov = NULL;
46
47 /*
48 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
49 * should never use this key anywhere but in an example.
50 */
51 static const unsigned char kExampleRSAKeyDER[] = {
52 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
53 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
54 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
55 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
56 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
57 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
58 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
59 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
60 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
61 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
62 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
63 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
64 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
65 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
66 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
67 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
68 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
69 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
70 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
71 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
72 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
73 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
74 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
75 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
76 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
77 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
78 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
79 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
80 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
81 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
82 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
83 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
84 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
85 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
86 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
87 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
88 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
89 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
90 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
91 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
92 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
93 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
94 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
95 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
96 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
97 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
98 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
99 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
100 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
101 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
102 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
103 };
104
105 /*
106 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
107 * should never use this key anywhere but in an example.
108 */
109 #ifndef OPENSSL_NO_DSA
110 static const unsigned char kExampleDSAKeyDER[] = {
111 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
112 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
113 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
114 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
115 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
116 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
117 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
118 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
119 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
120 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
121 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
122 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
123 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
124 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
125 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
126 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
127 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
128 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
129 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
130 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
131 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
132 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
133 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
134 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
135 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
136 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
137 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
138 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
139 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
140 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
141 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
142 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
143 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
144 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
145 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
146 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
147 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
148 0x40, 0x48
149 };
150 #endif
151
152 /*
153 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
154 * components are not correct.
155 */
156 static const unsigned char kExampleBadRSAKeyDER[] = {
157 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
158 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
159 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
160 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
161 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
162 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
163 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
164 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
165 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
166 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
167 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
168 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
169 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
170 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
171 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
172 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
173 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
174 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
175 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
176 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
177 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
178 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
179 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
180 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
181 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
182 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
183 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
184 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
185 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
186 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
187 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
188 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
189 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
190 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
191 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
192 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
193 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
194 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
195 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
196 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
197 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
198 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
199 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
200 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
201 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
202 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
203 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
204 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
205 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
206 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
207 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
208 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
209 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
210 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
211 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
212 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
213 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
214 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
215 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
216 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
217 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
218 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
219 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
220 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
221 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
222 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
223 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
224 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
225 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
226 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
227 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
228 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
229 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
230 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
231 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
232 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
233 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
234 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
235 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
236 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
237 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
238 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
239 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
240 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
241 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
242 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
243 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
244 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
245 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
246 };
247
248 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
249
250 static const unsigned char kSignature[] = {
251 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
252 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
253 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
254 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
255 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
256 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
257 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
258 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
259 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
260 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
261 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
262 };
263
264 /*
265 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
266 * PrivateKeyInfo.
267 */
268 static const unsigned char kExampleRSAKeyPKCS8[] = {
269 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
270 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
271 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
272 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
273 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
274 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
275 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
276 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
277 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
278 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
279 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
280 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
281 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
282 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
283 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
284 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
285 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
286 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
287 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
288 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
289 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
290 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
291 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
292 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
293 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
294 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
295 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
296 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
297 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
298 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
299 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
300 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
301 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
302 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
303 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
304 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
305 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
306 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
307 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
308 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
309 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
310 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
311 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
312 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
313 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
314 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
315 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
316 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
317 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
318 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
319 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
320 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
321 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
322 };
323
324 #ifndef OPENSSL_NO_EC
325 /*
326 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
327 * structure.
328 */
329 static const unsigned char kExampleECKeyDER[] = {
330 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
331 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
332 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
333 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
334 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
335 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
336 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
337 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
338 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
339 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
340 0xc1,
341 };
342
343 /*
344 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
345 * structure. The private key is equal to the order and will fail to import
346 */
347 static const unsigned char kExampleBadECKeyDER[] = {
348 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
349 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
350 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
351 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
352 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
353 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
354 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
355 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
356 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
357 };
358
359 /* prime256v1 */
360 static const unsigned char kExampleECPubKeyDER[] = {
361 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
362 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
363 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
364 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
365 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
366 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
367 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
368 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
369 };
370
371 /*
372 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
373 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
374 */
375 static const unsigned char kExampleBadECPubKeyDER[] = {
376 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
377 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
378 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
379 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
380 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
381 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
382 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
383 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
384 };
385
386 static const unsigned char pExampleECParamDER[] = {
387 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
388 };
389
390 static const unsigned char kExampleED25519KeyDER[] = {
391 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
392 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
393 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
394 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
395 };
396
397 static const unsigned char kExampleED25519PubKeyDER[] = {
398 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
399 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
400 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
401 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
402 };
403
404 # ifndef OPENSSL_NO_DEPRECATED_3_0
405 static const unsigned char kExampleX25519KeyDER[] = {
406 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
407 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
408 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
409 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
410 };
411 # endif
412 #endif
413
414 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
415 #ifndef OPENSSL_NO_DEPRECATED_3_0
416 # ifndef OPENSSL_NO_DH
417 static const unsigned char kExampleDHKeyDER[] = {
418 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
419 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
420 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
421 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
422 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
423 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
424 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
425 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
426 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
427 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
428 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
429 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
430 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
431 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
432 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
433 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
434 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
435 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
436 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
437 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
438 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
439 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
440 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
441 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
442 0x2e, 0x87, 0x2a, 0x0b, 0x7a
443 };
444 # endif
445 #endif
446
447 static const unsigned char kCFBDefaultKey[] = {
448 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
449 0x09, 0xCF, 0x4F, 0x3C
450 };
451
452 static const unsigned char kGCMDefaultKey[32] = { 0 };
453
454 static const unsigned char kGCMResetKey[] = {
455 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
456 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
457 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
458 };
459
460 static const unsigned char iCFBIV[] = {
461 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
462 0x0C, 0x0D, 0x0E, 0x0F
463 };
464
465 static const unsigned char iGCMDefaultIV[12] = { 0 };
466
467 static const unsigned char iGCMResetIV1[] = {
468 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
469 };
470
471 static const unsigned char iGCMResetIV2[] = {
472 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
473 };
474
475 static const unsigned char cfbPlaintext[] = {
476 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
477 0x73, 0x93, 0x17, 0x2A
478 };
479
480 static const unsigned char gcmDefaultPlaintext[16] = { 0 };
481
482 static const unsigned char gcmResetPlaintext[] = {
483 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
484 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
485 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
486 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
487 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
488 };
489
490 static const unsigned char cfbCiphertext[] = {
491 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
492 0xE8, 0x3C, 0xFB, 0x4A
493 };
494
495 static const unsigned char gcmDefaultCiphertext[] = {
496 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
497 0xba, 0xf3, 0x9d, 0x18
498 };
499
500 static const unsigned char gcmResetCiphertext1[] = {
501 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
502 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
503 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
504 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
505 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
506 };
507
508 static const unsigned char gcmResetCiphertext2[] = {
509 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
510 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
511 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
512 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
513 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
514 };
515
516 static const unsigned char gcmAAD[] = {
517 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
518 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
519 };
520
521 static const unsigned char gcmDefaultTag[] = {
522 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
523 0xd4, 0x8a, 0xb9, 0x19
524 };
525
526 static const unsigned char gcmResetTag1[] = {
527 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
528 0xfe, 0x2e, 0xa8, 0xf2
529 };
530
531 static const unsigned char gcmResetTag2[] = {
532 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
533 0xbb, 0x2d, 0x55, 0x1b
534 };
535
536 typedef struct APK_DATA_st {
537 const unsigned char *kder;
538 size_t size;
539 const char *keytype;
540 int evptype;
541 int check;
542 int pub_check;
543 int param_check;
544 int type; /* 0 for private, 1 for public, 2 for params */
545 } APK_DATA;
546
547 static APK_DATA keydata[] = {
548 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
549 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
550 #ifndef OPENSSL_NO_EC
551 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
552 #endif
553 };
554
555 static APK_DATA keycheckdata[] = {
556 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
557 0},
558 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
559 0, 1, 1, 0},
560 #ifndef OPENSSL_NO_EC
561 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
562 /* group is also associated in our pub key */
563 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
564 1, 1},
565 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
566 2},
567 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
568 EVP_PKEY_ED25519, 1, 1, 1, 0},
569 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
570 EVP_PKEY_ED25519, 0, 1, 1, 1},
571 #endif
572 };
573
574 static EVP_PKEY *load_example_key(const char *keytype,
575 const unsigned char *data, size_t data_len)
576 {
577 const unsigned char **pdata = &data;
578 EVP_PKEY *pkey = NULL;
579 OSSL_DECODER_CTX *dctx =
580 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
581 testctx, testpropq);
582
583 /* |pkey| will be NULL on error */
584 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
585 OSSL_DECODER_CTX_free(dctx);
586 return pkey;
587 }
588
589 static EVP_PKEY *load_example_rsa_key(void)
590 {
591 return load_example_key("RSA", kExampleRSAKeyDER,
592 sizeof(kExampleRSAKeyDER));
593 }
594
595 #ifndef OPENSSL_NO_DSA
596 static EVP_PKEY *load_example_dsa_key(void)
597 {
598 return load_example_key("DSA", kExampleDSAKeyDER,
599 sizeof(kExampleDSAKeyDER));
600 }
601 #endif
602
603 #ifndef OPENSSL_NO_EC
604 static EVP_PKEY *load_example_ec_key(void)
605 {
606 return load_example_key("EC", kExampleECKeyDER,
607 sizeof(kExampleECKeyDER));
608 }
609 #endif
610
611 #ifndef OPENSSL_NO_DEPRECATED_3_0
612 # ifndef OPENSSL_NO_DH
613 static EVP_PKEY *load_example_dh_key(void)
614 {
615 return load_example_key("DH", kExampleDHKeyDER,
616 sizeof(kExampleDHKeyDER));
617 }
618 # endif
619
620 # ifndef OPENSSL_NO_EC
621 static EVP_PKEY *load_example_ed25519_key(void)
622 {
623 return load_example_key("ED25519", kExampleED25519KeyDER,
624 sizeof(kExampleED25519KeyDER));
625 }
626
627 static EVP_PKEY *load_example_x25519_key(void)
628 {
629 return load_example_key("X25519", kExampleX25519KeyDER,
630 sizeof(kExampleX25519KeyDER));
631 }
632 # endif
633 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
634
635 static EVP_PKEY *load_example_hmac_key(void)
636 {
637 EVP_PKEY *pkey = NULL;
638 unsigned char key[] = {
639 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
640 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
641 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
642 };
643
644 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
645 NULL, key, sizeof(key));
646 if (!TEST_ptr(pkey))
647 return NULL;
648
649 return pkey;
650 }
651
652 static int test_EVP_set_default_properties(void)
653 {
654 OSSL_LIB_CTX *ctx;
655 EVP_MD *md = NULL;
656 int res = 0;
657
658 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
659 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
660 goto err;
661 EVP_MD_free(md);
662 md = NULL;
663
664 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
665 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
666 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
667 goto err;
668 EVP_MD_free(md);
669 md = NULL;
670
671 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
672 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
673 goto err;
674 res = 1;
675 err:
676 EVP_MD_free(md);
677 OSSL_LIB_CTX_free(ctx);
678 return res;
679 }
680
681 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
682 static int test_fromdata(char *keytype, OSSL_PARAM *params)
683 {
684 EVP_PKEY_CTX *pctx = NULL;
685 EVP_PKEY *pkey = NULL;
686 int testresult = 0;
687
688 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
689 goto err;
690 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
691 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
692 params), 0))
693 goto err;
694
695 if (!TEST_ptr(pkey))
696 goto err;
697
698 testresult = 1;
699 err:
700 EVP_PKEY_free(pkey);
701 EVP_PKEY_CTX_free(pctx);
702
703 return testresult;
704 }
705 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
706
707 /*
708 * Test combinations of private, public, missing and private + public key
709 * params to ensure they are all accepted
710 */
711 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
712 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
713 {
714 OSSL_PARAM_BLD *bld = NULL;
715 OSSL_PARAM *params = NULL;
716 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
717 int ret = 0;
718
719 /*
720 * Setup the parameters for our pkey object. For our purposes they don't
721 * have to actually be *valid* parameters. We just need to set something.
722 */
723 if (!TEST_ptr(p = BN_new())
724 || !TEST_ptr(q = BN_new())
725 || !TEST_ptr(g = BN_new())
726 || !TEST_ptr(pub = BN_new())
727 || !TEST_ptr(priv = BN_new()))
728 goto err;
729
730 /* Test !priv and !pub */
731 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
732 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
733 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
734 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
735 goto err;
736 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
737 goto err;
738
739 if (!test_fromdata(keytype, params))
740 goto err;
741 OSSL_PARAM_free(params);
742 params = NULL;
743 OSSL_PARAM_BLD_free(bld);
744
745 /* Test priv and !pub */
746 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
747 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
748 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
749 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
750 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
751 priv)))
752 goto err;
753 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
754 goto err;
755
756 if (!test_fromdata(keytype, params))
757 goto err;
758 OSSL_PARAM_free(params);
759 params = NULL;
760 OSSL_PARAM_BLD_free(bld);
761
762 /* Test !priv and pub */
763 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
764 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
765 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
766 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
767 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
768 pub)))
769 goto err;
770 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
771 goto err;
772
773 if (!test_fromdata(keytype, params))
774 goto err;
775 OSSL_PARAM_free(params);
776 params = NULL;
777 OSSL_PARAM_BLD_free(bld);
778
779 /* Test priv and pub */
780 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
781 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
782 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
783 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
784 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
785 pub))
786 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
787 priv)))
788 goto err;
789 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
790 goto err;
791
792 if (!test_fromdata(keytype, params))
793 goto err;
794
795 ret = 1;
796 err:
797 OSSL_PARAM_free(params);
798 OSSL_PARAM_BLD_free(bld);
799 BN_free(p);
800 BN_free(q);
801 BN_free(g);
802 BN_free(pub);
803 BN_free(priv);
804
805 return ret;
806 }
807 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
808
809 /*
810 * Test combinations of private, public, missing and private + public key
811 * params to ensure they are all accepted for EC keys
812 */
813 #ifndef OPENSSL_NO_EC
814 static unsigned char ec_priv[] = {
815 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
816 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
817 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
818 };
819 static unsigned char ec_pub[] = {
820 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
821 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
822 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
823 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
824 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
825 0x08, 0x09, 0xb8, 0xdb, 0x03
826 };
827
828 static int test_EC_priv_pub(void)
829 {
830 OSSL_PARAM_BLD *bld = NULL;
831 OSSL_PARAM *params = NULL;
832 BIGNUM *priv = NULL;
833 int ret = 0;
834
835 /*
836 * Setup the parameters for our pkey object. For our purposes they don't
837 * have to actually be *valid* parameters. We just need to set something.
838 */
839 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
840 goto err;
841
842 /* Test !priv and !pub */
843 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
844 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
845 OSSL_PKEY_PARAM_GROUP_NAME,
846 "P-256", 0)))
847 goto err;
848 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
849 goto err;
850
851 if (!test_fromdata("EC", params))
852 goto err;
853 OSSL_PARAM_free(params);
854 params = NULL;
855 OSSL_PARAM_BLD_free(bld);
856
857 /* Test priv and !pub */
858 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
859 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
860 OSSL_PKEY_PARAM_GROUP_NAME,
861 "P-256", 0))
862 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
863 priv)))
864 goto err;
865 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
866 goto err;
867
868 if (!test_fromdata("EC", params))
869 goto err;
870 OSSL_PARAM_free(params);
871 params = NULL;
872 OSSL_PARAM_BLD_free(bld);
873
874 /* Test !priv and pub */
875 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
876 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
877 OSSL_PKEY_PARAM_GROUP_NAME,
878 "P-256", 0))
879 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
880 OSSL_PKEY_PARAM_PUB_KEY,
881 ec_pub, sizeof(ec_pub))))
882 goto err;
883 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
884 goto err;
885
886 if (!test_fromdata("EC", params))
887 goto err;
888 OSSL_PARAM_free(params);
889 params = NULL;
890 OSSL_PARAM_BLD_free(bld);
891
892 /* Test priv and pub */
893 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
894 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
895 OSSL_PKEY_PARAM_GROUP_NAME,
896 "P-256", 0))
897 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
898 OSSL_PKEY_PARAM_PUB_KEY,
899 ec_pub, sizeof(ec_pub)))
900 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
901 priv)))
902 goto err;
903 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
904 goto err;
905
906 if (!test_fromdata("EC", params))
907 goto err;
908
909 ret = 1;
910 err:
911 OSSL_PARAM_free(params);
912 OSSL_PARAM_BLD_free(bld);
913 BN_free(priv);
914
915 return ret;
916 }
917
918 /* Test that using a legacy EC key with only a private key in it works */
919 # ifndef OPENSSL_NO_DEPRECATED_3_0
920 static int test_EC_priv_only_legacy(void)
921 {
922 BIGNUM *priv = NULL;
923 int ret = 0;
924 EC_KEY *eckey = NULL;
925 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
926 EVP_MD_CTX *ctx = NULL;
927
928 /* Create the low level EC_KEY */
929 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
930 goto err;
931
932 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
933 if (!TEST_ptr(eckey))
934 goto err;
935
936 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
937 goto err;
938
939 pkey = EVP_PKEY_new();
940 if (!TEST_ptr(pkey))
941 goto err;
942
943 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
944 goto err;
945 eckey = NULL;
946
947 while (dup_pk == NULL) {
948 ret = 0;
949 ctx = EVP_MD_CTX_new();
950 if (!TEST_ptr(ctx))
951 goto err;
952
953 /*
954 * The EVP_DigestSignInit function should create the key on the
955 * provider side which is sufficient for this test.
956 */
957 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
958 testpropq, pkey, NULL)))
959 goto err;
960 EVP_MD_CTX_free(ctx);
961 ctx = NULL;
962
963 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
964 goto err;
965 /* EVP_PKEY_eq() returns -2 with missing public keys */
966 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
967 EVP_PKEY_free(pkey);
968 pkey = dup_pk;
969 if (!ret)
970 goto err;
971 }
972
973 err:
974 EVP_MD_CTX_free(ctx);
975 EVP_PKEY_free(pkey);
976 EC_KEY_free(eckey);
977 BN_free(priv);
978
979 return ret;
980 }
981 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
982 #endif /* OPENSSL_NO_EC */
983
984 static int test_EVP_PKEY_sign(int tst)
985 {
986 int ret = 0;
987 EVP_PKEY *pkey = NULL;
988 unsigned char *sig = NULL;
989 size_t sig_len = 0, shortsig_len = 1;
990 EVP_PKEY_CTX *ctx = NULL;
991 unsigned char tbs[] = {
992 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
993 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
994 };
995
996 if (tst == 0 ) {
997 if (!TEST_ptr(pkey = load_example_rsa_key()))
998 goto out;
999 } else if (tst == 1) {
1000 #ifndef OPENSSL_NO_DSA
1001 if (!TEST_ptr(pkey = load_example_dsa_key()))
1002 goto out;
1003 #else
1004 ret = 1;
1005 goto out;
1006 #endif
1007 } else {
1008 #ifndef OPENSSL_NO_EC
1009 if (!TEST_ptr(pkey = load_example_ec_key()))
1010 goto out;
1011 #else
1012 ret = 1;
1013 goto out;
1014 #endif
1015 }
1016
1017 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1018 if (!TEST_ptr(ctx)
1019 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1020 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1021 sizeof(tbs)), 0))
1022 goto out;
1023 sig = OPENSSL_malloc(sig_len);
1024 if (!TEST_ptr(sig)
1025 /* Test sending a signature buffer that is too short is rejected */
1026 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1027 sizeof(tbs)), 0)
1028 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1029 0)
1030 /* Test the signature round-trips */
1031 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1032 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1033 0))
1034 goto out;
1035
1036 ret = 1;
1037 out:
1038 EVP_PKEY_CTX_free(ctx);
1039 OPENSSL_free(sig);
1040 EVP_PKEY_free(pkey);
1041 return ret;
1042 }
1043
1044 /*
1045 * n = 0 => test using legacy cipher
1046 * n = 1 => test using fetched cipher
1047 */
1048 static int test_EVP_Enveloped(int n)
1049 {
1050 int ret = 0;
1051 EVP_CIPHER_CTX *ctx = NULL;
1052 EVP_PKEY *keypair = NULL;
1053 unsigned char *kek = NULL;
1054 unsigned char iv[EVP_MAX_IV_LENGTH];
1055 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1056 int len, kek_len, ciphertext_len, plaintext_len;
1057 unsigned char ciphertext[32], plaintext[16];
1058 EVP_CIPHER *type = NULL;
1059
1060 if (nullprov != NULL)
1061 return TEST_skip("Test does not support a non-default library context");
1062
1063 if (n == 0)
1064 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1065 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1066 testpropq)))
1067 goto err;
1068
1069 if (!TEST_ptr(keypair = load_example_rsa_key())
1070 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
1071 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1072 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1073 &keypair, 1))
1074 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1075 msg, sizeof(msg)))
1076 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1077 &len)))
1078 goto err;
1079
1080 ciphertext_len += len;
1081
1082 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1083 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1084 ciphertext, ciphertext_len))
1085 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1086 goto err;
1087
1088 plaintext_len += len;
1089 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1090 goto err;
1091
1092 ret = 1;
1093 err:
1094 if (n != 0)
1095 EVP_CIPHER_free(type);
1096 OPENSSL_free(kek);
1097 EVP_PKEY_free(keypair);
1098 EVP_CIPHER_CTX_free(ctx);
1099 return ret;
1100 }
1101
1102 /*
1103 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1104 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1105 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1106 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1107 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1108 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1109 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1110 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1111 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1112 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1113 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1114 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1115 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1116 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1117 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1118 */
1119 static int test_EVP_DigestSignInit(int tst)
1120 {
1121 int ret = 0;
1122 EVP_PKEY *pkey = NULL;
1123 unsigned char *sig = NULL, *sig2 = NULL;
1124 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
1125 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1126 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1127 BIO *mdbio = NULL, *membio = NULL;
1128 size_t written;
1129 const EVP_MD *md;
1130 EVP_MD *mdexp = NULL;
1131
1132 if (nullprov != NULL)
1133 return TEST_skip("Test does not support a non-default library context");
1134
1135 if (tst >= 6 && tst <= 8) {
1136 membio = BIO_new(BIO_s_mem());
1137 mdbio = BIO_new(BIO_f_md());
1138 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1139 goto out;
1140 BIO_push(mdbio, membio);
1141 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1142 goto out;
1143 } else {
1144 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1145 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1146 goto out;
1147 }
1148
1149 if (tst % 3 == 0) {
1150 if (!TEST_ptr(pkey = load_example_rsa_key()))
1151 goto out;
1152 } else if (tst % 3 == 1) {
1153 #ifndef OPENSSL_NO_DSA
1154 if (!TEST_ptr(pkey = load_example_dsa_key()))
1155 goto out;
1156 #else
1157 ret = 1;
1158 goto out;
1159 #endif
1160 } else {
1161 if (!TEST_ptr(pkey = load_example_hmac_key()))
1162 goto out;
1163 }
1164
1165 if (tst >= 3 && tst <= 5)
1166 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1167 else
1168 md = EVP_sha256();
1169
1170 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1171 goto out;
1172
1173 if (tst >= 6 && tst <= 8) {
1174 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1175 goto out;
1176 } else if (tst < 6) {
1177 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1178 goto out;
1179 }
1180
1181 if (tst >= 9) {
1182 /* Determine the size of the signature. */
1183 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1184 sizeof(kMsg)))
1185 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1186 goto out;
1187 if (tst <= 11) {
1188 /* Test that supply a short sig buffer fails */
1189 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1190 sizeof(kMsg))))
1191 goto out;
1192 /*
1193 * We end here because once EVP_DigestSign() has failed you should
1194 * not call it again without re-initing the ctx
1195 */
1196 ret = 1;
1197 goto out;
1198 }
1199 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1200 sizeof(kMsg))))
1201 goto out;
1202 } else {
1203 /* Determine the size of the signature. */
1204 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1205 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1206 /*
1207 * Trying to create a signature with a deliberately short
1208 * buffer should fail.
1209 */
1210 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1211 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1212 goto out;
1213 }
1214
1215 /*
1216 * Ensure that the signature round-trips (Verification isn't supported for
1217 * HMAC via EVP_DigestVerify*)
1218 */
1219 if (tst % 3 != 2) {
1220 if (tst >= 6 && tst <= 8) {
1221 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1222 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1223 goto out;
1224 }
1225
1226 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1227 NULL, pkey)))
1228 goto out;
1229
1230 if (tst >= 6 && tst <= 8) {
1231 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1232 goto out;
1233 } else {
1234 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1235 sizeof(kMsg))))
1236 goto out;
1237 }
1238 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1239 goto out;
1240
1241 /* Multiple calls to EVP_DigestVerifyFinal should work */
1242 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1243 goto out;
1244 } else {
1245 /*
1246 * For HMAC a doubled call to DigestSignFinal should produce the same
1247 * value as finalization should not happen.
1248 */
1249 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1250 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1251 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1252 goto out;
1253
1254 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1255 goto out;
1256 }
1257
1258 ret = 1;
1259
1260 out:
1261 BIO_free(membio);
1262 BIO_free(mdbio);
1263 EVP_MD_CTX_free(a_md_ctx);
1264 EVP_MD_CTX_free(a_md_ctx_verify);
1265 EVP_PKEY_free(pkey);
1266 OPENSSL_free(sig);
1267 OPENSSL_free(sig2);
1268 EVP_MD_free(mdexp);
1269
1270 return ret;
1271 }
1272
1273 static int test_EVP_DigestVerifyInit(void)
1274 {
1275 int ret = 0;
1276 EVP_PKEY *pkey = NULL;
1277 EVP_MD_CTX *md_ctx = NULL;
1278
1279 if (nullprov != NULL)
1280 return TEST_skip("Test does not support a non-default library context");
1281
1282 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1283 || !TEST_ptr(pkey = load_example_rsa_key()))
1284 goto out;
1285
1286 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1287 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1288 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
1289 sizeof(kSignature))))
1290 goto out;
1291 ret = 1;
1292
1293 out:
1294 EVP_MD_CTX_free(md_ctx);
1295 EVP_PKEY_free(pkey);
1296 return ret;
1297 }
1298
1299 /*
1300 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1301 */
1302 static int test_EVP_Digest(void)
1303 {
1304 int ret = 0;
1305 EVP_MD_CTX *md_ctx = NULL;
1306 unsigned char md[EVP_MAX_MD_SIZE];
1307 EVP_MD *sha256 = NULL;
1308 EVP_MD *shake256 = NULL;
1309
1310 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1311 goto out;
1312
1313 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1314 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1315 goto out;
1316
1317 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1318 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1319 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1320 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1321 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1322 goto out;
1323
1324 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1325 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1326 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1327 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1328 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1329 /*
1330 * EVP_DigestInit_ex with NULL type should work on
1331 * pre-initialized context.
1332 */
1333 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1334 goto out;
1335
1336 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1337 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1338 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1339 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1340 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1341 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1342 goto out;
1343 ret = 1;
1344
1345 out:
1346 EVP_MD_CTX_free(md_ctx);
1347 EVP_MD_free(sha256);
1348 EVP_MD_free(shake256);
1349 return ret;
1350 }
1351
1352 static int test_d2i_AutoPrivateKey(int i)
1353 {
1354 int ret = 0;
1355 const unsigned char *p;
1356 EVP_PKEY *pkey = NULL;
1357 const APK_DATA *ak = &keydata[i];
1358 const unsigned char *input = ak->kder;
1359 size_t input_len = ak->size;
1360 int expected_id = ak->evptype;
1361
1362 p = input;
1363 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1364 || !TEST_ptr_eq(p, input + input_len)
1365 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
1366 goto done;
1367
1368 ret = 1;
1369
1370 done:
1371 EVP_PKEY_free(pkey);
1372 return ret;
1373 }
1374
1375 #ifndef OPENSSL_NO_EC
1376
1377 static const unsigned char ec_public_sect163k1_validxy[] = {
1378 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1379 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1380 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1381 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1382 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1383 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1384 };
1385
1386 static const unsigned char ec_public_sect163k1_badx[] = {
1387 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1388 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1389 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1390 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1391 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1392 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1393 };
1394
1395 static const unsigned char ec_public_sect163k1_bady[] = {
1396 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1397 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1398 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1399 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1400 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1401 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1402 };
1403
1404 static struct ec_der_pub_keys_st {
1405 const unsigned char *der;
1406 size_t len;
1407 int valid;
1408 } ec_der_pub_keys[] = {
1409 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1410 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1411 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1412 };
1413
1414 /*
1415 * Tests the range of the decoded EC char2 public point.
1416 * See ec_GF2m_simple_oct2point().
1417 */
1418 static int test_invalide_ec_char2_pub_range_decode(int id)
1419 {
1420 int ret = 0;
1421 EVP_PKEY *pkey;
1422
1423 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1424 ec_der_pub_keys[id].len);
1425
1426 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1427 || TEST_ptr_null(pkey);
1428 EVP_PKEY_free(pkey);
1429 return ret;
1430 }
1431
1432 /* Tests loading a bad key in PKCS8 format */
1433 static int test_EVP_PKCS82PKEY(void)
1434 {
1435 int ret = 0;
1436 const unsigned char *derp = kExampleBadECKeyDER;
1437 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1438 EVP_PKEY *pkey = NULL;
1439
1440 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1441 sizeof(kExampleBadECKeyDER))))
1442 goto done;
1443
1444 if (!TEST_ptr_eq(derp,
1445 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1446 goto done;
1447
1448 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1449 goto done;
1450
1451 ret = 1;
1452
1453 done:
1454 PKCS8_PRIV_KEY_INFO_free(p8inf);
1455 EVP_PKEY_free(pkey);
1456
1457 return ret;
1458 }
1459
1460 #endif
1461 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1462 {
1463 EVP_PKEY *pkey = NULL;
1464 EVP_PKEY *pkey2 = NULL;
1465 BIO *membio = NULL;
1466 char *membuf = NULL;
1467 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1468 int ok = 0;
1469
1470 if (testctx != NULL)
1471 /* test not supported with non-default context */
1472 return 1;
1473
1474 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1475 || !TEST_ptr(pkey = load_example_rsa_key())
1476 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1477 NULL, 0, NULL, NULL),
1478 0)
1479 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1480 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1481 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
1482 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1483 goto done;
1484 }
1485
1486 ok = 1;
1487 done:
1488 EVP_PKEY_free(pkey);
1489 EVP_PKEY_free(pkey2);
1490 PKCS8_PRIV_KEY_INFO_free(p8inf);
1491 BIO_free_all(membio);
1492 return ok;
1493 }
1494
1495 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1496 static int test_privatekey_to_pkcs8(void)
1497 {
1498 EVP_PKEY *pkey = NULL;
1499 BIO *membio = NULL;
1500 char *membuf = NULL;
1501 long membuf_len = 0;
1502 int ok = 0;
1503
1504 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1505 || !TEST_ptr(pkey = load_example_rsa_key())
1506 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1507 NULL, 0, NULL, NULL),
1508 0)
1509 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1510 || !TEST_ptr(membuf)
1511 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1512 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1513 /*
1514 * We try to write PEM as well, just to see that it doesn't err, but
1515 * assume that the result is correct.
1516 */
1517 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1518 NULL, 0, NULL, NULL),
1519 0))
1520 goto done;
1521
1522 ok = 1;
1523 done:
1524 EVP_PKEY_free(pkey);
1525 BIO_free_all(membio);
1526 return ok;
1527 }
1528
1529 #ifndef OPENSSL_NO_EC
1530 static const struct {
1531 int encoding;
1532 const char *encoding_name;
1533 } ec_encodings[] = {
1534 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1535 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1536 };
1537
1538 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1539 {
1540 const OSSL_PARAM *p;
1541 const char *enc_name = NULL;
1542 int *enc = arg;
1543 size_t i;
1544
1545 *enc = -1;
1546
1547 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1548 OSSL_PKEY_PARAM_EC_ENCODING))
1549 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1550 return 0;
1551
1552 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1553 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1554 *enc = ec_encodings[i].encoding;
1555 break;
1556 }
1557 }
1558
1559 return (*enc != -1);
1560 }
1561
1562 static int test_EC_keygen_with_enc(int idx)
1563 {
1564 EVP_PKEY *params = NULL, *key = NULL;
1565 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1566 int enc;
1567 int ret = 0;
1568
1569 enc = ec_encodings[idx].encoding;
1570
1571 /* Create key parameters */
1572 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1573 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
1574 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
1575 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1576 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
1577 || !TEST_ptr(params))
1578 goto done;
1579
1580 /* Create key */
1581 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1582 || !TEST_true(EVP_PKEY_keygen_init(kctx))
1583 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1584 || !TEST_ptr(key))
1585 goto done;
1586
1587 /* Check that the encoding got all the way into the key */
1588 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1589 ec_export_get_encoding_cb, &enc))
1590 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1591 goto done;
1592
1593 ret = 1;
1594 done:
1595 EVP_PKEY_free(key);
1596 EVP_PKEY_free(params);
1597 EVP_PKEY_CTX_free(kctx);
1598 EVP_PKEY_CTX_free(pctx);
1599 return ret;
1600 }
1601 #endif
1602
1603 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1604
1605 static int test_EVP_SM2_verify(void)
1606 {
1607 const char *pubkey =
1608 "-----BEGIN PUBLIC KEY-----\n"
1609 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1610 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1611 "-----END PUBLIC KEY-----\n";
1612
1613 const char *msg = "message digest";
1614 const char *id = "ALICE123@YAHOO.COM";
1615
1616 const uint8_t signature[] = {
1617 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1618 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1619 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1620 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1621 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1622 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1623 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1624 };
1625
1626 int rc = 0;
1627 BIO *bio = NULL;
1628 EVP_PKEY *pkey = NULL;
1629 EVP_MD_CTX *mctx = NULL;
1630 EVP_PKEY_CTX *pctx = NULL;
1631 EVP_MD *sm3 = NULL;
1632
1633 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1634 if (!TEST_true(bio != NULL))
1635 goto done;
1636
1637 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
1638 if (!TEST_true(pkey != NULL))
1639 goto done;
1640
1641 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1642 goto done;
1643
1644 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1645 goto done;
1646
1647 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1648 goto done;
1649
1650 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1651
1652 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1653 goto done;
1654
1655 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
1656 goto done;
1657
1658 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1659 goto done;
1660
1661 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1662 goto done;
1663
1664 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
1665 goto done;
1666 rc = 1;
1667
1668 done:
1669 BIO_free(bio);
1670 EVP_PKEY_free(pkey);
1671 EVP_PKEY_CTX_free(pctx);
1672 EVP_MD_CTX_free(mctx);
1673 EVP_MD_free(sm3);
1674 return rc;
1675 }
1676
1677 static int test_EVP_SM2(void)
1678 {
1679 int ret = 0;
1680 EVP_PKEY *pkey = NULL;
1681 EVP_PKEY *pkeyparams = NULL;
1682 EVP_PKEY_CTX *pctx = NULL;
1683 EVP_PKEY_CTX *kctx = NULL;
1684 EVP_PKEY_CTX *sctx = NULL;
1685 size_t sig_len = 0;
1686 unsigned char *sig = NULL;
1687 EVP_MD_CTX *md_ctx = NULL;
1688 EVP_MD_CTX *md_ctx_verify = NULL;
1689 EVP_PKEY_CTX *cctx = NULL;
1690 EVP_MD *check_md = NULL;
1691
1692 uint8_t ciphertext[128];
1693 size_t ctext_len = sizeof(ciphertext);
1694
1695 uint8_t plaintext[8];
1696 size_t ptext_len = sizeof(plaintext);
1697
1698 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1699
1700 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1701 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1702 int i;
1703 char mdname[OSSL_MAX_NAME_SIZE];
1704
1705 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
1706 "SM2", testpropq)))
1707 goto done;
1708
1709 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1710 goto done;
1711
1712 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1713 goto done;
1714
1715 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1716 goto done;
1717
1718 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1719 pkeyparams, testpropq)))
1720 goto done;
1721
1722 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1723 goto done;
1724
1725 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1726 goto done;
1727
1728 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1729 goto done;
1730
1731 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1732 goto done;
1733
1734 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1735 goto done;
1736
1737 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1738 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1739
1740 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
1741 goto done;
1742
1743 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
1744 goto done;
1745
1746 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1747 goto done;
1748
1749 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1750 goto done;
1751
1752 /* Determine the size of the signature. */
1753 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1754 goto done;
1755
1756 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1757 goto done;
1758
1759 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1760 goto done;
1761
1762 /* Ensure that the signature round-trips. */
1763
1764 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1765 pkey)))
1766 goto done;
1767
1768 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1769 goto done;
1770
1771 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1772 goto done;
1773
1774 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1775 goto done;
1776
1777 /* now check encryption/decryption */
1778
1779 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1780 mdname, sizeof(mdname));
1781 for (i = 0; i < 2; i++) {
1782 const char *mdnames[] = {
1783 #ifndef OPENSSL_NO_SM3
1784 "SM3",
1785 #else
1786 NULL,
1787 #endif
1788 "SHA2-256" };
1789 EVP_PKEY_CTX_free(cctx);
1790
1791 if (mdnames[i] == NULL)
1792 continue;
1793
1794 sparams[0] =
1795 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1796 (char *)mdnames[i], 0);
1797
1798 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1799 pkey, testpropq)))
1800 goto done;
1801
1802 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1803 goto done;
1804
1805 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1806 goto done;
1807
1808 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1809 sizeof(kMsg))))
1810 goto done;
1811
1812 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1813 goto done;
1814
1815 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1816 goto done;
1817
1818 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1819 ctext_len)))
1820 goto done;
1821
1822 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1823 goto done;
1824
1825 /*
1826 * Test we're still using the digest we think we are.
1827 * Because of aliases, the easiest is to fetch the digest and
1828 * check the name with EVP_MD_is_a().
1829 */
1830 EVP_MD_free(check_md);
1831 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
1832 goto done;
1833 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
1834 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
1835 goto done;
1836 }
1837
1838 if (!TEST_true(ptext_len == sizeof(kMsg)))
1839 goto done;
1840
1841 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1842 goto done;
1843 }
1844
1845 ret = 1;
1846 done:
1847 EVP_PKEY_CTX_free(pctx);
1848 EVP_PKEY_CTX_free(kctx);
1849 EVP_PKEY_CTX_free(sctx);
1850 EVP_PKEY_CTX_free(cctx);
1851 EVP_PKEY_free(pkey);
1852 EVP_PKEY_free(pkeyparams);
1853 EVP_MD_CTX_free(md_ctx);
1854 EVP_MD_CTX_free(md_ctx_verify);
1855 EVP_MD_free(check_md);
1856 OPENSSL_free(sig);
1857 return ret;
1858 }
1859
1860 #endif
1861
1862 static struct keys_st {
1863 int type;
1864 char *priv;
1865 char *pub;
1866 } keys[] = {
1867 {
1868 EVP_PKEY_HMAC, "0123456789", NULL
1869 },
1870 {
1871 EVP_PKEY_HMAC, "", NULL
1872 #ifndef OPENSSL_NO_POLY1305
1873 }, {
1874 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1875 #endif
1876 #ifndef OPENSSL_NO_SIPHASH
1877 }, {
1878 EVP_PKEY_SIPHASH, "0123456789012345", NULL
1879 #endif
1880 },
1881 #ifndef OPENSSL_NO_EC
1882 {
1883 EVP_PKEY_X25519, "01234567890123456789012345678901",
1884 "abcdefghijklmnopqrstuvwxyzabcdef"
1885 }, {
1886 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1887 "abcdefghijklmnopqrstuvwxyzabcdef"
1888 }, {
1889 EVP_PKEY_X448,
1890 "01234567890123456789012345678901234567890123456789012345",
1891 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1892 }, {
1893 EVP_PKEY_ED448,
1894 "012345678901234567890123456789012345678901234567890123456",
1895 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1896 }
1897 #endif
1898 };
1899
1900 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
1901 {
1902 int ret = 0;
1903 unsigned char buf[80];
1904 unsigned char *in;
1905 size_t inlen, len = 0, shortlen = 1;
1906 EVP_PKEY *pkey;
1907
1908 /* Check if this algorithm supports public keys */
1909 if (pub && keys[tst].pub == NULL)
1910 return 1;
1911
1912 memset(buf, 0, sizeof(buf));
1913
1914 if (pub) {
1915 #ifndef OPENSSL_NO_EC
1916 inlen = strlen(keys[tst].pub);
1917 in = (unsigned char *)keys[tst].pub;
1918 if (uselibctx) {
1919 pkey = EVP_PKEY_new_raw_public_key_ex(
1920 testctx,
1921 OBJ_nid2sn(keys[tst].type),
1922 NULL,
1923 in,
1924 inlen);
1925 } else {
1926 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1927 NULL,
1928 in,
1929 inlen);
1930 }
1931 #else
1932 return 1;
1933 #endif
1934 } else {
1935 inlen = strlen(keys[tst].priv);
1936 in = (unsigned char *)keys[tst].priv;
1937 if (uselibctx) {
1938 pkey = EVP_PKEY_new_raw_private_key_ex(
1939 testctx, OBJ_nid2sn(keys[tst].type),
1940 NULL,
1941 in,
1942 inlen);
1943 } else {
1944 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1945 NULL,
1946 in,
1947 inlen);
1948 }
1949 }
1950
1951 if (!TEST_ptr(pkey)
1952 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
1953 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1954 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1955 || !TEST_true(len == inlen))
1956 goto done;
1957 if (tst != 1) {
1958 /*
1959 * Test that supplying a buffer that is too small fails. Doesn't apply
1960 * to HMAC with a zero length key
1961 */
1962 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
1963 &shortlen)))
1964 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
1965 &shortlen))))
1966 goto done;
1967 }
1968 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1969 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1970 || !TEST_mem_eq(in, inlen, buf, len))
1971 goto done;
1972
1973 ret = 1;
1974 done:
1975 EVP_PKEY_free(pkey);
1976 return ret;
1977 }
1978
1979 static int test_set_get_raw_keys(int tst)
1980 {
1981 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
1982 && test_set_get_raw_keys_int(tst, 0, 1)
1983 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
1984 && test_set_get_raw_keys_int(tst, 1, 1);
1985 }
1986
1987 #ifndef OPENSSL_NO_DEPRECATED_3_0
1988 static int pkey_custom_check(EVP_PKEY *pkey)
1989 {
1990 return 0xbeef;
1991 }
1992
1993 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1994 {
1995 return 0xbeef;
1996 }
1997
1998 static int pkey_custom_param_check(EVP_PKEY *pkey)
1999 {
2000 return 0xbeef;
2001 }
2002
2003 static EVP_PKEY_METHOD *custom_pmeth;
2004 #endif
2005
2006 static int test_EVP_PKEY_check(int i)
2007 {
2008 int ret = 0;
2009 EVP_PKEY *pkey = NULL;
2010 EVP_PKEY_CTX *ctx = NULL;
2011 #ifndef OPENSSL_NO_DEPRECATED_3_0
2012 EVP_PKEY_CTX *ctx2 = NULL;
2013 #endif
2014 const APK_DATA *ak = &keycheckdata[i];
2015 const unsigned char *input = ak->kder;
2016 size_t input_len = ak->size;
2017 int expected_id = ak->evptype;
2018 int expected_check = ak->check;
2019 int expected_pub_check = ak->pub_check;
2020 int expected_param_check = ak->param_check;
2021 int type = ak->type;
2022
2023 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
2024 goto done;
2025 if (type == 0
2026 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2027 goto done;
2028
2029 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2030 goto done;
2031
2032 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
2033 goto done;
2034
2035 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
2036 goto done;
2037
2038 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
2039 goto done;
2040
2041 #ifndef OPENSSL_NO_DEPRECATED_3_0
2042 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
2043 /* assign the pkey directly, as an internal test */
2044 EVP_PKEY_up_ref(pkey);
2045 ctx2->pkey = pkey;
2046
2047 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
2048 goto done;
2049
2050 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
2051 goto done;
2052
2053 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
2054 goto done;
2055 #endif
2056
2057 ret = 1;
2058
2059 done:
2060 EVP_PKEY_CTX_free(ctx);
2061 #ifndef OPENSSL_NO_DEPRECATED_3_0
2062 EVP_PKEY_CTX_free(ctx2);
2063 #endif
2064 EVP_PKEY_free(pkey);
2065 return ret;
2066 }
2067
2068 #ifndef OPENSSL_NO_CMAC
2069 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
2070 {
2071 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
2072 const char msg[] = "Hello World";
2073 size_t maclen = AES_BLOCK_SIZE;
2074 int ret = 1;
2075
2076 if (!TEST_ptr(mdctx)
2077 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
2078 testpropq, pkey, NULL))
2079 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
2080 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
2081 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
2082 ret = 0;
2083
2084 EVP_MD_CTX_free(mdctx);
2085
2086 return ret;
2087 }
2088 static int test_CMAC_keygen(void)
2089 {
2090 static unsigned char key[] = {
2091 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2092 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2093 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2094 };
2095 EVP_PKEY_CTX *kctx = NULL;
2096 int ret = 0;
2097 EVP_PKEY *pkey = NULL;
2098 unsigned char mac[AES_BLOCK_SIZE];
2099 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2100 unsigned char mac2[AES_BLOCK_SIZE];
2101 # endif
2102
2103 if (nullprov != NULL)
2104 return TEST_skip("Test does not support a non-default library context");
2105
2106 /*
2107 * This is a legacy method for CMACs, but should still work.
2108 * This verifies that it works without an ENGINE.
2109 */
2110 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2111
2112 /* Test a CMAC key created using the "generated" method */
2113 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2114 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2115 EVP_PKEY_CTRL_CIPHER,
2116 0, (void *)EVP_aes_256_ecb()), 0)
2117 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2118 EVP_PKEY_CTRL_SET_MAC_KEY,
2119 sizeof(key), (void *)key), 0)
2120 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2121 || !TEST_ptr(pkey)
2122 || !TEST_true(get_cmac_val(pkey, mac)))
2123 goto done;
2124
2125 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2126 EVP_PKEY_free(pkey);
2127
2128 /*
2129 * Test a CMAC key using the direct method, and compare with the mac
2130 * created above.
2131 */
2132 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
2133 if (!TEST_ptr(pkey)
2134 || !TEST_true(get_cmac_val(pkey, mac2))
2135 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
2136 goto done;
2137 # endif
2138
2139 ret = 1;
2140
2141 done:
2142 EVP_PKEY_free(pkey);
2143 EVP_PKEY_CTX_free(kctx);
2144 return ret;
2145 }
2146 #endif
2147
2148 static int test_HKDF(void)
2149 {
2150 EVP_PKEY_CTX *pctx;
2151 unsigned char out[20];
2152 size_t outlen;
2153 int i, ret = 0;
2154 unsigned char salt[] = "0123456789";
2155 unsigned char key[] = "012345678901234567890123456789";
2156 unsigned char info[] = "infostring";
2157 const unsigned char expected[] = {
2158 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2159 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2160 };
2161 size_t expectedlen = sizeof(expected);
2162
2163 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2164 goto done;
2165
2166 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2167 for (i = 0; i < 2; i++) {
2168 outlen = sizeof(out);
2169 memset(out, 0, outlen);
2170
2171 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2172 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2173 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2174 sizeof(salt) - 1), 0)
2175 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2176 sizeof(key) - 1), 0)
2177 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2178 sizeof(info) - 1), 0)
2179 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2180 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2181 goto done;
2182 }
2183
2184 ret = 1;
2185
2186 done:
2187 EVP_PKEY_CTX_free(pctx);
2188
2189 return ret;
2190 }
2191
2192 static int test_emptyikm_HKDF(void)
2193 {
2194 EVP_PKEY_CTX *pctx;
2195 unsigned char out[20];
2196 size_t outlen;
2197 int ret = 0;
2198 unsigned char salt[] = "9876543210";
2199 unsigned char key[] = "";
2200 unsigned char info[] = "stringinfo";
2201 const unsigned char expected[] = {
2202 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2203 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2204 };
2205 size_t expectedlen = sizeof(expected);
2206
2207 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2208 goto done;
2209
2210 outlen = sizeof(out);
2211 memset(out, 0, outlen);
2212
2213 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2214 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2215 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2216 sizeof(salt) - 1), 0)
2217 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2218 sizeof(key) - 1), 0)
2219 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2220 sizeof(info) - 1), 0)
2221 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2222 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2223 goto done;
2224
2225 ret = 1;
2226
2227 done:
2228 EVP_PKEY_CTX_free(pctx);
2229
2230 return ret;
2231 }
2232
2233 #ifndef OPENSSL_NO_EC
2234 static int test_X509_PUBKEY_inplace(void)
2235 {
2236 int ret = 0;
2237 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
2238 const unsigned char *p = kExampleECPubKeyDER;
2239 size_t input_len = sizeof(kExampleECPubKeyDER);
2240
2241 if (!TEST_ptr(xp))
2242 goto done;
2243 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
2244 goto done;
2245
2246 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2247 goto done;
2248
2249 p = kExampleBadECPubKeyDER;
2250 input_len = sizeof(kExampleBadECPubKeyDER);
2251
2252 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2253 goto done;
2254
2255 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2256 goto done;
2257
2258 ret = 1;
2259
2260 done:
2261 X509_PUBKEY_free(xp);
2262 return ret;
2263 }
2264
2265 static int test_X509_PUBKEY_dup(void)
2266 {
2267 int ret = 0;
2268 X509_PUBKEY *xp = NULL, *xq = NULL;
2269 const unsigned char *p = kExampleECPubKeyDER;
2270 size_t input_len = sizeof(kExampleECPubKeyDER);
2271
2272 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2273 if (!TEST_ptr(xp)
2274 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
2275 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2276 || !TEST_ptr_ne(xp, xq))
2277 goto done;
2278
2279 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2280 || !TEST_ptr(X509_PUBKEY_get0(xp))
2281 || !TEST_ptr_eq(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
2282 goto done;
2283
2284 X509_PUBKEY_free(xq);
2285 xq = NULL;
2286 p = kExampleBadECPubKeyDER;
2287 input_len = sizeof(kExampleBadECPubKeyDER);
2288
2289 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2290 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2291 goto done;
2292
2293 X509_PUBKEY_free(xp);
2294 xp = NULL;
2295 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2296 goto done;
2297
2298 ret = 1;
2299
2300 done:
2301 X509_PUBKEY_free(xp);
2302 X509_PUBKEY_free(xq);
2303 return ret;
2304 }
2305 #endif /* OPENSSL_NO_EC */
2306
2307 /* Test getting and setting parameters on an EVP_PKEY_CTX */
2308 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
2309 {
2310 EVP_MD_CTX *mdctx = NULL;
2311 EVP_PKEY_CTX *ctx = NULL;
2312 const OSSL_PARAM *params;
2313 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
2314 int ret = 0;
2315 const EVP_MD *md;
2316 char mdname[OSSL_MAX_NAME_SIZE];
2317 char ssl3ms[48];
2318
2319 /* Initialise a sign operation */
2320 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
2321 if (!TEST_ptr(ctx)
2322 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
2323 goto err;
2324
2325 /*
2326 * We should be able to query the parameters now.
2327 */
2328 params = EVP_PKEY_CTX_settable_params(ctx);
2329 if (!TEST_ptr(params)
2330 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2331 OSSL_SIGNATURE_PARAM_DIGEST)))
2332 goto err;
2333
2334 params = EVP_PKEY_CTX_gettable_params(ctx);
2335 if (!TEST_ptr(params)
2336 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2337 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
2338 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2339 OSSL_SIGNATURE_PARAM_DIGEST)))
2340 goto err;
2341
2342 /*
2343 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2344 * EVP_PKEY_CTX_get_params()
2345 */
2346 strcpy(mdname, "SHA512");
2347 param_md = param;
2348 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2349 mdname, 0);
2350 *param++ = OSSL_PARAM_construct_end();
2351
2352 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2353 goto err;
2354
2355 mdname[0] = '\0';
2356 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2357 mdname, sizeof(mdname));
2358 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
2359 || !TEST_str_eq(mdname, "SHA512"))
2360 goto err;
2361
2362 /*
2363 * Test the TEST_PKEY_CTX_set_signature_md() and
2364 * TEST_PKEY_CTX_get_signature_md() functions
2365 */
2366 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2367 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2368 || !TEST_ptr_eq(md, EVP_sha256()))
2369 goto err;
2370
2371 /*
2372 * Test getting MD parameters via an associated EVP_PKEY_CTX
2373 */
2374 mdctx = EVP_MD_CTX_new();
2375 if (!TEST_ptr(mdctx)
2376 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2377 pkey, NULL)))
2378 goto err;
2379
2380 /*
2381 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2382 * able to obtain the digest's settable parameters from the provider.
2383 */
2384 params = EVP_MD_CTX_settable_params(mdctx);
2385 if (!TEST_ptr(params)
2386 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2387 /* The final key should be NULL */
2388 || !TEST_ptr_null(params[1].key))
2389 goto err;
2390
2391 param = ourparams;
2392 memset(ssl3ms, 0, sizeof(ssl3ms));
2393 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2394 ssl3ms, sizeof(ssl3ms));
2395 *param++ = OSSL_PARAM_construct_end();
2396
2397 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2398 goto err;
2399
2400 ret = 1;
2401
2402 err:
2403 EVP_MD_CTX_free(mdctx);
2404 EVP_PKEY_CTX_free(ctx);
2405
2406 return ret;
2407 }
2408
2409 #ifndef OPENSSL_NO_DSA
2410 static int test_DSA_get_set_params(void)
2411 {
2412 OSSL_PARAM_BLD *bld = NULL;
2413 OSSL_PARAM *params = NULL;
2414 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2415 EVP_PKEY_CTX *pctx = NULL;
2416 EVP_PKEY *pkey = NULL;
2417 int ret = 0;
2418
2419 /*
2420 * Setup the parameters for our DSA object. For our purposes they don't
2421 * have to actually be *valid* parameters. We just need to set something.
2422 */
2423 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2424 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2425 || !TEST_ptr(p = BN_new())
2426 || !TEST_ptr(q = BN_new())
2427 || !TEST_ptr(g = BN_new())
2428 || !TEST_ptr(pub = BN_new())
2429 || !TEST_ptr(priv = BN_new()))
2430 goto err;
2431 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2432 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2433 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2434 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2435 pub))
2436 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2437 priv)))
2438 goto err;
2439 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2440 goto err;
2441
2442 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2443 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2444 params), 0))
2445 goto err;
2446
2447 if (!TEST_ptr(pkey))
2448 goto err;
2449
2450 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2451
2452 err:
2453 EVP_PKEY_free(pkey);
2454 EVP_PKEY_CTX_free(pctx);
2455 OSSL_PARAM_free(params);
2456 OSSL_PARAM_BLD_free(bld);
2457 BN_free(p);
2458 BN_free(q);
2459 BN_free(g);
2460 BN_free(pub);
2461 BN_free(priv);
2462
2463 return ret;
2464 }
2465
2466 /*
2467 * Test combinations of private, public, missing and private + public key
2468 * params to ensure they are all accepted
2469 */
2470 static int test_DSA_priv_pub(void)
2471 {
2472 return test_EVP_PKEY_ffc_priv_pub("DSA");
2473 }
2474
2475 #endif /* !OPENSSL_NO_DSA */
2476
2477 static int test_RSA_get_set_params(void)
2478 {
2479 OSSL_PARAM_BLD *bld = NULL;
2480 OSSL_PARAM *params = NULL;
2481 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2482 EVP_PKEY_CTX *pctx = NULL;
2483 EVP_PKEY *pkey = NULL;
2484 int ret = 0;
2485
2486 /*
2487 * Setup the parameters for our RSA object. For our purposes they don't
2488 * have to actually be *valid* parameters. We just need to set something.
2489 */
2490 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2491 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2492 || !TEST_ptr(n = BN_new())
2493 || !TEST_ptr(e = BN_new())
2494 || !TEST_ptr(d = BN_new()))
2495 goto err;
2496 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2497 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2498 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2499 goto err;
2500 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2501 goto err;
2502
2503 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2504 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2505 params), 0))
2506 goto err;
2507
2508 if (!TEST_ptr(pkey))
2509 goto err;
2510
2511 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2512
2513 err:
2514 EVP_PKEY_free(pkey);
2515 EVP_PKEY_CTX_free(pctx);
2516 OSSL_PARAM_free(params);
2517 OSSL_PARAM_BLD_free(bld);
2518 BN_free(n);
2519 BN_free(e);
2520 BN_free(d);
2521
2522 return ret;
2523 }
2524
2525 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2526 static int test_decrypt_null_chunks(void)
2527 {
2528 EVP_CIPHER_CTX* ctx = NULL;
2529 EVP_CIPHER *cipher = NULL;
2530 const unsigned char key[32] = {
2531 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2532 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2533 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2534 };
2535 unsigned char iv[12] = {
2536 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2537 };
2538 unsigned char msg[] = "It was the best of times, it was the worst of times";
2539 unsigned char ciphertext[80];
2540 unsigned char plaintext[80];
2541 /* We initialise tmp to a non zero value on purpose */
2542 int ctlen, ptlen, tmp = 99;
2543 int ret = 0;
2544 const int enc_offset = 10, dec_offset = 20;
2545
2546 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2547 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2548 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
2549 key, iv))
2550 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2551 enc_offset))
2552 /* Deliberate add a zero length update */
2553 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2554 0))
2555 || !TEST_int_eq(tmp, 0)
2556 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2557 msg + enc_offset,
2558 sizeof(msg) - enc_offset))
2559 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2560 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2561 || !TEST_int_eq(tmp, 0))
2562 goto err;
2563
2564 /* Deliberately initialise tmp to a non zero value */
2565 tmp = 99;
2566 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
2567 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2568 dec_offset))
2569 /*
2570 * Deliberately add a zero length update. We also deliberately do
2571 * this at a different offset than for encryption.
2572 */
2573 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2574 0))
2575 || !TEST_int_eq(tmp, 0)
2576 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2577 ciphertext + dec_offset,
2578 ctlen - dec_offset))
2579 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2580 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2581 || !TEST_int_eq(tmp, 0)
2582 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2583 goto err;
2584
2585 ret = 1;
2586 err:
2587 EVP_CIPHER_CTX_free(ctx);
2588 EVP_CIPHER_free(cipher);
2589 return ret;
2590 }
2591 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2592
2593 #ifndef OPENSSL_NO_DH
2594 /*
2595 * Test combinations of private, public, missing and private + public key
2596 * params to ensure they are all accepted
2597 */
2598 static int test_DH_priv_pub(void)
2599 {
2600 return test_EVP_PKEY_ffc_priv_pub("DH");
2601 }
2602
2603 # ifndef OPENSSL_NO_DEPRECATED_3_0
2604 static int test_EVP_PKEY_set1_DH(void)
2605 {
2606 DH *x942dh = NULL, *noqdh = NULL;
2607 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
2608 int ret = 0;
2609 BIGNUM *p, *g = NULL;
2610 BIGNUM *pubkey = NULL;
2611 unsigned char pub[2048 / 8];
2612 size_t len = 0;
2613
2614 if (!TEST_ptr(p = BN_new())
2615 || !TEST_ptr(g = BN_new())
2616 || !TEST_ptr(pubkey = BN_new())
2617 || !TEST_true(BN_set_word(p, 9999))
2618 || !TEST_true(BN_set_word(g, 2))
2619 || !TEST_true(BN_set_word(pubkey, 4321))
2620 || !TEST_ptr(noqdh = DH_new())
2621 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
2622 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
2623 || !TEST_ptr(pubkey = BN_new())
2624 || !TEST_true(BN_set_word(pubkey, 4321)))
2625 goto err;
2626 p = g = NULL;
2627
2628 x942dh = DH_get_2048_256();
2629 pkey1 = EVP_PKEY_new();
2630 pkey2 = EVP_PKEY_new();
2631 if (!TEST_ptr(x942dh)
2632 || !TEST_ptr(noqdh)
2633 || !TEST_ptr(pkey1)
2634 || !TEST_ptr(pkey2)
2635 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
2636 goto err;
2637 pubkey = NULL;
2638
2639 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2640 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
2641 goto err;
2642
2643 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
2644 &pubkey))
2645 || !TEST_ptr(pubkey))
2646 goto err;
2647
2648 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
2649 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
2650 goto err;
2651
2652 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
2653 OSSL_PKEY_PARAM_PUB_KEY,
2654 pub, sizeof(pub), &len))
2655 || !TEST_size_t_ne(len, 0))
2656 goto err;
2657
2658 ret = 1;
2659 err:
2660 BN_free(p);
2661 BN_free(g);
2662 BN_free(pubkey);
2663 EVP_PKEY_free(pkey1);
2664 EVP_PKEY_free(pkey2);
2665 DH_free(x942dh);
2666 DH_free(noqdh);
2667
2668 return ret;
2669 }
2670 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2671 #endif /* !OPENSSL_NO_DH */
2672
2673 /*
2674 * We test what happens with an empty template. For the sake of this test,
2675 * the template must be ignored, and we know that's the case for RSA keys
2676 * (this might arguably be a misfeature, but that's what we currently do,
2677 * even in provider code, since that's how the legacy RSA implementation
2678 * does things)
2679 */
2680 static int test_keygen_with_empty_template(int n)
2681 {
2682 EVP_PKEY_CTX *ctx = NULL;
2683 EVP_PKEY *pkey = NULL;
2684 EVP_PKEY *tkey = NULL;
2685 int ret = 0;
2686
2687 if (nullprov != NULL)
2688 return TEST_skip("Test does not support a non-default library context");
2689
2690 switch (n) {
2691 case 0:
2692 /* We do test with no template at all as well */
2693 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2694 goto err;
2695 break;
2696 case 1:
2697 /* Here we create an empty RSA key that serves as our template */
2698 if (!TEST_ptr(tkey = EVP_PKEY_new())
2699 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2700 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2701 goto err;
2702 break;
2703 }
2704
2705 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2706 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2707 goto err;
2708
2709 ret = 1;
2710 err:
2711 EVP_PKEY_CTX_free(ctx);
2712 EVP_PKEY_free(pkey);
2713 EVP_PKEY_free(tkey);
2714 return ret;
2715 }
2716
2717 /*
2718 * Test that we fail if we attempt to use an algorithm that is not available
2719 * in the current library context (unless we are using an algorithm that
2720 * should be made available via legacy codepaths).
2721 *
2722 * 0: RSA
2723 * 1: SM2
2724 */
2725 static int test_pkey_ctx_fail_without_provider(int tst)
2726 {
2727 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
2728 OSSL_PROVIDER *tmpnullprov = NULL;
2729 EVP_PKEY_CTX *pctx = NULL;
2730 const char *keytype = NULL;
2731 int expect_null = 0;
2732 int ret = 0;
2733
2734 if (!TEST_ptr(tmpctx))
2735 goto err;
2736
2737 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
2738 if (!TEST_ptr(tmpnullprov))
2739 goto err;
2740
2741 /*
2742 * We check for certain algos in the null provider.
2743 * If an algo is expected to have a provider keymgmt, contructing an
2744 * EVP_PKEY_CTX is expected to fail (return NULL).
2745 * Otherwise, if it's expected to have legacy support, contructing an
2746 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2747 */
2748 switch (tst) {
2749 case 0:
2750 keytype = "RSA";
2751 expect_null = 1;
2752 break;
2753 case 1:
2754 keytype = "SM2";
2755 expect_null = 1;
2756 #ifdef OPENSSL_NO_EC
2757 TEST_info("EC disable, skipping SM2 check...");
2758 goto end;
2759 #endif
2760 #ifdef OPENSSL_NO_SM2
2761 TEST_info("SM2 disable, skipping SM2 check...");
2762 goto end;
2763 #endif
2764 break;
2765 default:
2766 TEST_error("No test for case %d", tst);
2767 goto err;
2768 }
2769
2770 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2771 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
2772 goto err;
2773
2774 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2775 end:
2776 #endif
2777 ret = 1;
2778
2779 err:
2780 EVP_PKEY_CTX_free(pctx);
2781 OSSL_PROVIDER_unload(tmpnullprov);
2782 OSSL_LIB_CTX_free(tmpctx);
2783 return ret;
2784 }
2785
2786 static int test_rand_agglomeration(void)
2787 {
2788 EVP_RAND *rand;
2789 EVP_RAND_CTX *ctx;
2790 OSSL_PARAM params[3], *p = params;
2791 int res;
2792 unsigned int step = 7;
2793 static unsigned char seed[] = "It does not matter how slowly you go "
2794 "as long as you do not stop.";
2795 unsigned char out[sizeof(seed)];
2796
2797 if (!TEST_int_ne(sizeof(seed) % step, 0)
2798 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
2799 return 0;
2800 ctx = EVP_RAND_CTX_new(rand, NULL);
2801 EVP_RAND_free(rand);
2802 if (!TEST_ptr(ctx))
2803 return 0;
2804
2805 memset(out, 0, sizeof(out));
2806 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2807 seed, sizeof(seed));
2808 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
2809 *p = OSSL_PARAM_construct_end();
2810 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
2811 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
2812 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
2813 EVP_RAND_CTX_free(ctx);
2814 return res;
2815 }
2816
2817 /*
2818 * Test that we correctly return the original or "running" IV after
2819 * an encryption operation.
2820 * Run multiple times for some different relevant algorithms/modes.
2821 */
2822 static int test_evp_iv_aes(int idx)
2823 {
2824 int ret = 0;
2825 EVP_CIPHER_CTX *ctx = NULL;
2826 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2827 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2828 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
2829 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2830 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2831 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2832 9, 10, 11, 12, 13, 14, 15, 16 };
2833 unsigned char ciphertext[32], oiv[16], iv[16];
2834 unsigned char *ref_iv;
2835 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2836 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2837
2838 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2839 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2840 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
2841 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
2842 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2843 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2844 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2845 #ifndef OPENSSL_NO_OCB
2846 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2847 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2848 #endif
2849 int len = sizeof(ciphertext);
2850 size_t ivlen, ref_len;
2851 const EVP_CIPHER *type = NULL;
2852 int iv_reset = 0;
2853
2854 if (nullprov != NULL && idx < 6)
2855 return TEST_skip("Test does not support a non-default library context");
2856
2857 switch(idx) {
2858 case 0:
2859 type = EVP_aes_128_cbc();
2860 /* FALLTHROUGH */
2861 case 6:
2862 type = (type != NULL) ? type :
2863 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
2864 ref_iv = cbc_state;
2865 ref_len = sizeof(cbc_state);
2866 iv_reset = 1;
2867 break;
2868 case 1:
2869 type = EVP_aes_128_ofb();
2870 /* FALLTHROUGH */
2871 case 7:
2872 type = (type != NULL) ? type :
2873 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
2874 ref_iv = ofb_state;
2875 ref_len = sizeof(ofb_state);
2876 iv_reset = 1;
2877 break;
2878 case 2:
2879 type = EVP_aes_128_cfb();
2880 /* FALLTHROUGH */
2881 case 8:
2882 type = (type != NULL) ? type :
2883 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
2884 ref_iv = cfb_state;
2885 ref_len = sizeof(cfb_state);
2886 iv_reset = 1;
2887 break;
2888 case 3:
2889 type = EVP_aes_128_gcm();
2890 /* FALLTHROUGH */
2891 case 9:
2892 type = (type != NULL) ? type :
2893 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
2894 ref_iv = gcm_state;
2895 ref_len = sizeof(gcm_state);
2896 break;
2897 case 4:
2898 type = EVP_aes_128_ccm();
2899 /* FALLTHROUGH */
2900 case 10:
2901 type = (type != NULL) ? type :
2902 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
2903 ref_iv = ccm_state;
2904 ref_len = sizeof(ccm_state);
2905 break;
2906 #ifdef OPENSSL_NO_OCB
2907 case 5:
2908 case 11:
2909 return 1;
2910 #else
2911 case 5:
2912 type = EVP_aes_128_ocb();
2913 /* FALLTHROUGH */
2914 case 11:
2915 type = (type != NULL) ? type :
2916 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
2917 ref_iv = ocb_state;
2918 ref_len = sizeof(ocb_state);
2919 break;
2920 #endif
2921 default:
2922 return 0;
2923 }
2924
2925 if (!TEST_ptr(type)
2926 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2927 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2928 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2929 (int)sizeof(msg)))
2930 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2931 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
2932 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2933 goto err;
2934 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
2935 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2936 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2937 goto err;
2938
2939 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
2940 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
2941 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
2942 goto err;
2943 if (iv_reset) {
2944 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
2945 goto err;
2946 } else {
2947 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
2948 goto err;
2949 }
2950
2951 ret = 1;
2952 err:
2953 EVP_CIPHER_CTX_free(ctx);
2954 if (idx >= 6)
2955 EVP_CIPHER_free((EVP_CIPHER *)type);
2956 return ret;
2957 }
2958
2959 #ifndef OPENSSL_NO_DES
2960 static int test_evp_iv_des(int idx)
2961 {
2962 int ret = 0;
2963 EVP_CIPHER_CTX *ctx = NULL;
2964 static const unsigned char key[24] = {
2965 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
2966 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
2967 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2968 };
2969 static const unsigned char init_iv[8] = {
2970 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2971 };
2972 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2973 9, 10, 11, 12, 13, 14, 15, 16 };
2974 unsigned char ciphertext[32], oiv[8], iv[8];
2975 unsigned const char *ref_iv;
2976 static const unsigned char cbc_state_des[8] = {
2977 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
2978 };
2979 static const unsigned char cbc_state_3des[8] = {
2980 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
2981 };
2982 static const unsigned char ofb_state_des[8] = {
2983 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
2984 };
2985 static const unsigned char ofb_state_3des[8] = {
2986 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
2987 };
2988 static const unsigned char cfb_state_des[8] = {
2989 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
2990 };
2991 static const unsigned char cfb_state_3des[8] = {
2992 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
2993 };
2994 int len = sizeof(ciphertext);
2995 size_t ivlen, ref_len;
2996 EVP_CIPHER *type = NULL;
2997
2998 if (lgcyprov == NULL && idx < 3)
2999 return TEST_skip("Test requires legacy provider to be loaded");
3000
3001 switch(idx) {
3002 case 0:
3003 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
3004 ref_iv = cbc_state_des;
3005 ref_len = sizeof(cbc_state_des);
3006 break;
3007 case 1:
3008 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
3009 ref_iv = ofb_state_des;
3010 ref_len = sizeof(ofb_state_des);
3011 break;
3012 case 2:
3013 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
3014 ref_iv = cfb_state_des;
3015 ref_len = sizeof(cfb_state_des);
3016 break;
3017 case 3:
3018 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
3019 ref_iv = cbc_state_3des;
3020 ref_len = sizeof(cbc_state_3des);
3021 break;
3022 case 4:
3023 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
3024 ref_iv = ofb_state_3des;
3025 ref_len = sizeof(ofb_state_3des);
3026 break;
3027 case 5:
3028 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
3029 ref_iv = cfb_state_3des;
3030 ref_len = sizeof(cfb_state_3des);
3031 break;
3032 default:
3033 return 0;
3034 }
3035
3036 if (!TEST_ptr(type)
3037 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3038 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3039 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3040 (int)sizeof(msg)))
3041 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3042 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3043 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3044 goto err;
3045 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3046 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3047 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3048 goto err;
3049
3050 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3051 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3052 goto err;
3053 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3054 goto err;
3055
3056 ret = 1;
3057 err:
3058 EVP_CIPHER_CTX_free(ctx);
3059 EVP_CIPHER_free(type);
3060 return ret;
3061 }
3062 #endif
3063
3064 #ifndef OPENSSL_NO_EC
3065 static int ecpub_nids[] = {
3066 NID_brainpoolP256r1, NID_X9_62_prime256v1,
3067 NID_secp384r1, NID_secp521r1,
3068 # ifndef OPENSSL_NO_EC2M
3069 NID_sect233k1, NID_sect233r1, NID_sect283r1,
3070 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
3071 # endif
3072 NID_brainpoolP384r1, NID_brainpoolP512r1
3073 };
3074
3075 static int test_ecpub(int idx)
3076 {
3077 int ret = 0, len, savelen;
3078 int nid;
3079 unsigned char buf[1024];
3080 unsigned char *p;
3081 EVP_PKEY *pkey = NULL;
3082 EVP_PKEY_CTX *ctx = NULL;
3083 # ifndef OPENSSL_NO_DEPRECATED_3_0
3084 const unsigned char *q;
3085 EVP_PKEY *pkey2 = NULL;
3086 EC_KEY *ec = NULL;
3087 # endif
3088
3089 if (nullprov != NULL)
3090 return TEST_skip("Test does not support a non-default library context");
3091
3092 nid = ecpub_nids[idx];
3093
3094 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
3095 if (!TEST_ptr(ctx)
3096 || !TEST_true(EVP_PKEY_keygen_init(ctx))
3097 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid))
3098 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
3099 goto done;
3100 len = i2d_PublicKey(pkey, NULL);
3101 savelen = len;
3102 if (!TEST_int_ge(len, 1)
3103 || !TEST_int_lt(len, 1024))
3104 goto done;
3105 p = buf;
3106 len = i2d_PublicKey(pkey, &p);
3107 if (!TEST_int_ge(len, 1)
3108 || !TEST_int_eq(len, savelen))
3109 goto done;
3110
3111 # ifndef OPENSSL_NO_DEPRECATED_3_0
3112 /* Now try to decode the just-created DER. */
3113 q = buf;
3114 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
3115 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
3116 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
3117 goto done;
3118 /* EC_KEY ownership transferred */
3119 ec = NULL;
3120 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
3121 goto done;
3122 /* The keys should match. */
3123 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
3124 goto done;
3125 # endif
3126
3127 ret = 1;
3128
3129 done:
3130 EVP_PKEY_CTX_free(ctx);
3131 EVP_PKEY_free(pkey);
3132 # ifndef OPENSSL_NO_DEPRECATED_3_0
3133 EVP_PKEY_free(pkey2);
3134 EC_KEY_free(ec);
3135 # endif
3136 return ret;
3137 }
3138 #endif
3139
3140 static int test_EVP_rsa_pss_with_keygen_bits(void)
3141 {
3142 int ret = 0;
3143 EVP_PKEY_CTX *ctx = NULL;
3144 EVP_PKEY *pkey = NULL;
3145 EVP_MD *md;
3146
3147 md = EVP_MD_fetch(testctx, "sha256", testpropq);
3148 ret = TEST_ptr(md)
3149 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", testpropq)))
3150 && TEST_true(EVP_PKEY_keygen_init(ctx))
3151 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
3152 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
3153 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
3154
3155 EVP_MD_free(md);
3156 EVP_PKEY_free(pkey);
3157 EVP_PKEY_CTX_free(ctx);
3158 return ret;
3159 }
3160
3161 static int success = 1;
3162 static void md_names(const char *name, void *vctx)
3163 {
3164 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
3165 /* Force a namemap update */
3166 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
3167
3168 if (!TEST_ptr(aes128))
3169 success = 0;
3170
3171 EVP_CIPHER_free(aes128);
3172 }
3173
3174 /*
3175 * Test that changing the namemap in a user callback works in a names_do_all
3176 * function.
3177 */
3178 static int test_names_do_all(void)
3179 {
3180 /* We use a custom libctx so that we know the state of the namemap */
3181 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
3182 EVP_MD *sha256 = NULL;
3183 int testresult = 0;
3184
3185 if (!TEST_ptr(ctx))
3186 goto err;
3187
3188 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
3189 if (!TEST_ptr(sha256))
3190 goto err;
3191
3192 /*
3193 * We loop through all the names for a given digest. This should still work
3194 * even if the namemap changes part way through.
3195 */
3196 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
3197 goto err;
3198
3199 if (!TEST_true(success))
3200 goto err;
3201
3202 testresult = 1;
3203 err:
3204 EVP_MD_free(sha256);
3205 OSSL_LIB_CTX_free(ctx);
3206 return testresult;
3207 }
3208
3209 typedef struct {
3210 const char *cipher;
3211 const unsigned char *key;
3212 const unsigned char *iv;
3213 const unsigned char *input;
3214 const unsigned char *expected;
3215 const unsigned char *tag;
3216 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3217 size_t inlen;
3218 size_t expectedlen;
3219 size_t taglen;
3220 int keyfirst;
3221 int initenc;
3222 int finalenc;
3223 } EVP_INIT_TEST_st;
3224
3225 static const EVP_INIT_TEST_st evp_init_tests[] = {
3226 {
3227 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3228 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3229 0, 1, 0, 1
3230 },
3231 {
3232 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3233 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3234 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3235 sizeof(gcmDefaultTag), 1, 0, 1
3236 },
3237 {
3238 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3239 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3240 0, 0, 0, 1
3241 },
3242 {
3243 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3244 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3245 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3246 sizeof(gcmDefaultTag), 0, 0, 1
3247 },
3248 {
3249 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3250 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3251 0, 1, 1, 0
3252 },
3253 {
3254 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3255 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3256 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3257 sizeof(gcmDefaultTag), 1, 1, 0
3258 },
3259 {
3260 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3261 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3262 0, 0, 1, 0
3263 },
3264 {
3265 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3266 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3267 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3268 sizeof(gcmDefaultTag), 0, 1, 0
3269 }
3270 };
3271
3272 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
3273 {
3274 int res = 0;
3275
3276 if (t->ivlen != 0) {
3277 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL)))
3278 goto err;
3279 }
3280 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
3281 goto err;
3282 res = 1;
3283 err:
3284 return res;
3285 }
3286
3287 /*
3288 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3289 * arguments are given one at a time and a final adjustment to the enc
3290 * parameter sets the correct operation.
3291 */
3292 static int test_evp_init_seq(int idx)
3293 {
3294 int outlen1, outlen2;
3295 int testresult = 0;
3296 unsigned char outbuf[1024];
3297 unsigned char tag[16];
3298 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
3299 EVP_CIPHER_CTX *ctx = NULL;
3300 EVP_CIPHER *type = NULL;
3301 size_t taglen = sizeof(tag);
3302 char *errmsg = NULL;
3303
3304 ctx = EVP_CIPHER_CTX_new();
3305 if (ctx == NULL) {
3306 errmsg = "CTX_ALLOC";
3307 goto err;
3308 }
3309 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
3310 errmsg = "CIPHER_FETCH";
3311 goto err;
3312 }
3313 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
3314 errmsg = "EMPTY_ENC_INIT";
3315 goto err;
3316 }
3317 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3318 errmsg = "PADDING";
3319 goto err;
3320 }
3321 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3322 errmsg = "KEY_INIT (before iv)";
3323 goto err;
3324 }
3325 if (!evp_init_seq_set_iv(ctx, t)) {
3326 errmsg = "IV_INIT";
3327 goto err;
3328 }
3329 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3330 errmsg = "KEY_INIT (after iv)";
3331 goto err;
3332 }
3333 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
3334 errmsg = "FINAL_ENC_INIT";
3335 goto err;
3336 }
3337 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3338 errmsg = "CIPHER_UPDATE";
3339 goto err;
3340 }
3341 if (t->finalenc == 0 && t->tag != NULL) {
3342 /* Set expected tag */
3343 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
3344 t->taglen, (void *)t->tag))) {
3345 errmsg = "SET_TAG";
3346 goto err;
3347 }
3348 }
3349 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3350 errmsg = "CIPHER_FINAL";
3351 goto err;
3352 }
3353 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3354 errmsg = "WRONG_RESULT";
3355 goto err;
3356 }
3357 if (t->finalenc != 0 && t->tag != NULL) {
3358 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3359 errmsg = "GET_TAG";
3360 goto err;
3361 }
3362 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
3363 errmsg = "TAG_ERROR";
3364 goto err;
3365 }
3366 }
3367 testresult = 1;
3368 err:
3369 if (errmsg != NULL)
3370 TEST_info("evp_init_test %d: %s", idx, errmsg);
3371 EVP_CIPHER_CTX_free(ctx);
3372 EVP_CIPHER_free(type);
3373 return testresult;
3374 }
3375
3376 typedef struct {
3377 const unsigned char *input;
3378 const unsigned char *expected;
3379 size_t inlen;
3380 size_t expectedlen;
3381 int enc;
3382 } EVP_RESET_TEST_st;
3383
3384 static const EVP_RESET_TEST_st evp_reset_tests[] = {
3385 {
3386 cfbPlaintext, cfbCiphertext,
3387 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
3388 },
3389 {
3390 cfbCiphertext, cfbPlaintext,
3391 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
3392 }
3393 };
3394
3395 /*
3396 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3397 * been used.
3398 */
3399 static int test_evp_reset(int idx)
3400 {
3401 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
3402 int outlen1, outlen2;
3403 int testresult = 0;
3404 unsigned char outbuf[1024];
3405 EVP_CIPHER_CTX *ctx = NULL;
3406 EVP_CIPHER *type = NULL;
3407 char *errmsg = NULL;
3408
3409 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3410 errmsg = "CTX_ALLOC";
3411 goto err;
3412 }
3413 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
3414 errmsg = "CIPHER_FETCH";
3415 goto err;
3416 }
3417 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3418 errmsg = "CIPHER_INIT";
3419 goto err;
3420 }
3421 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3422 errmsg = "PADDING";
3423 goto err;
3424 }
3425 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3426 errmsg = "CIPHER_UPDATE";
3427 goto err;
3428 }
3429 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3430 errmsg = "CIPHER_FINAL";
3431 goto err;
3432 }
3433 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3434 errmsg = "WRONG_RESULT";
3435 goto err;
3436 }
3437 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
3438 errmsg = "CIPHER_REINIT";
3439 goto err;
3440 }
3441 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3442 errmsg = "CIPHER_UPDATE (reinit)";
3443 goto err;
3444 }
3445 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3446 errmsg = "CIPHER_FINAL (reinit)";
3447 goto err;
3448 }
3449 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3450 errmsg = "WRONG_RESULT (reinit)";
3451 goto err;
3452 }
3453 testresult = 1;
3454 err:
3455 if (errmsg != NULL)
3456 TEST_info("test_evp_reset %d: %s", idx, errmsg);
3457 EVP_CIPHER_CTX_free(ctx);
3458 EVP_CIPHER_free(type);
3459 return testresult;
3460 }
3461
3462 typedef struct {
3463 const char *cipher;
3464 int enc;
3465 } EVP_UPDATED_IV_TEST_st;
3466
3467 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
3468 {
3469 "aes-128-cfb", 1
3470 },
3471 {
3472 "aes-128-cfb", 0
3473 },
3474 {
3475 "aes-128-cfb1", 1
3476 },
3477 {
3478 "aes-128-cfb1", 0
3479 },
3480 {
3481 "aes-128-cfb8", 1
3482 },
3483 {
3484 "aes-128-cfb8", 0
3485 },
3486 {
3487 "aes-128-ofb", 1
3488 },
3489 {
3490 "aes-128-ofb", 0
3491 },
3492 {
3493 "aes-128-ctr", 1
3494 },
3495 {
3496 "aes-128-ctr", 0
3497 },
3498 {
3499 "aes-128-cbc", 1
3500 },
3501 {
3502 "aes-128-cbc", 0
3503 }
3504 };
3505
3506 /*
3507 * Test that the IV in the context is updated during a crypto operation for CFB
3508 * and OFB.
3509 */
3510 static int test_evp_updated_iv(int idx)
3511 {
3512 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
3513 int outlen1, outlen2;
3514 int testresult = 0;
3515 unsigned char outbuf[1024];
3516 EVP_CIPHER_CTX *ctx = NULL;
3517 EVP_CIPHER *type = NULL;
3518 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
3519 int iv_len;
3520 char *errmsg = NULL;
3521
3522 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3523 errmsg = "CTX_ALLOC";
3524 goto err;
3525 }
3526 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
3527 TEST_info("cipher %s not supported, skipping", t->cipher);
3528 goto ok;
3529 }
3530
3531 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3532 errmsg = "CIPHER_INIT";
3533 goto err;
3534 }
3535 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3536 errmsg = "PADDING";
3537 goto err;
3538 }
3539 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
3540 errmsg = "CIPHER_UPDATE";
3541 goto err;
3542 }
3543 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
3544 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
3545 goto err;
3546 }
3547 if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) {
3548 errmsg = "CIPHER_CTX_GET_IV_LEN";
3549 goto err;
3550 }
3551 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
3552 errmsg = "IV_NOT_UPDATED";
3553 goto err;
3554 }
3555 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3556 errmsg = "CIPHER_FINAL";
3557 goto err;
3558 }
3559 ok:
3560 testresult = 1;
3561 err:
3562 if (errmsg != NULL)
3563 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
3564 EVP_CIPHER_CTX_free(ctx);
3565 EVP_CIPHER_free(type);
3566 return testresult;
3567 }
3568
3569 typedef struct {
3570 const unsigned char *iv1;
3571 const unsigned char *iv2;
3572 const unsigned char *expected1;
3573 const unsigned char *expected2;
3574 const unsigned char *tag1;
3575 const unsigned char *tag2;
3576 size_t ivlen1;
3577 size_t ivlen2;
3578 size_t expectedlen1;
3579 size_t expectedlen2;
3580 } TEST_GCM_IV_REINIT_st;
3581
3582 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
3583 {
3584 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
3585 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
3586 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
3587 },
3588 {
3589 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
3590 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
3591 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
3592 }
3593 };
3594
3595 static int test_gcm_reinit(int idx)
3596 {
3597 int outlen1, outlen2, outlen3;
3598 int testresult = 0;
3599 unsigned char outbuf[1024];
3600 unsigned char tag[16];
3601 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
3602 EVP_CIPHER_CTX *ctx = NULL;
3603 EVP_CIPHER *type = NULL;
3604 size_t taglen = sizeof(tag);
3605 char *errmsg = NULL;
3606
3607 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3608 errmsg = "CTX_ALLOC";
3609 goto err;
3610 }
3611 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
3612 errmsg = "CIPHER_FETCH";
3613 goto err;
3614 }
3615 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
3616 errmsg = "ENC_INIT";
3617 goto err;
3618 }
3619 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL))) {
3620 errmsg = "SET_IVLEN1";
3621 goto err;
3622 }
3623 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
3624 errmsg = "SET_IV1";
3625 goto err;
3626 }
3627 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3628 errmsg = "AAD1";
3629 goto err;
3630 }
3631 EVP_CIPHER_CTX_set_padding(ctx, 0);
3632 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3633 sizeof(gcmResetPlaintext)))) {
3634 errmsg = "CIPHER_UPDATE1";
3635 goto err;
3636 }
3637 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3638 errmsg = "CIPHER_FINAL1";
3639 goto err;
3640 }
3641 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
3642 errmsg = "WRONG_RESULT1";
3643 goto err;
3644 }
3645 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3646 errmsg = "GET_TAG1";
3647 goto err;
3648 }
3649 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
3650 errmsg = "TAG_ERROR1";
3651 goto err;
3652 }
3653 /* Now reinit */
3654 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL))) {
3655 errmsg = "SET_IVLEN2";
3656 goto err;
3657 }
3658 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
3659 errmsg = "SET_IV2";
3660 goto err;
3661 }
3662 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3663 errmsg = "AAD2";
3664 goto err;
3665 }
3666 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3667 sizeof(gcmResetPlaintext)))) {
3668 errmsg = "CIPHER_UPDATE2";
3669 goto err;
3670 }
3671 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3672 errmsg = "CIPHER_FINAL2";
3673 goto err;
3674 }
3675 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
3676 errmsg = "WRONG_RESULT2";
3677 goto err;
3678 }
3679 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3680 errmsg = "GET_TAG2";
3681 goto err;
3682 }
3683 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
3684 errmsg = "TAG_ERROR2";
3685 goto err;
3686 }
3687 testresult = 1;
3688 err:
3689 if (errmsg != NULL)
3690 TEST_info("evp_init_test %d: %s", idx, errmsg);
3691 EVP_CIPHER_CTX_free(ctx);
3692 EVP_CIPHER_free(type);
3693 return testresult;
3694 }
3695
3696 #ifndef OPENSSL_NO_DEPRECATED_3_0
3697 static EVP_PKEY_METHOD *custom_pmeth = NULL;
3698 static const EVP_PKEY_METHOD *orig_pmeth = NULL;
3699
3700 # define EVP_PKEY_CTRL_MY_COMMAND 9999
3701
3702 static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
3703 {
3704 int (*pinit)(EVP_PKEY_CTX *ctx);
3705
3706 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
3707 return pinit(ctx);
3708 }
3709
3710 static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
3711 {
3712 void (*pcleanup)(EVP_PKEY_CTX *ctx);
3713
3714 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
3715 pcleanup(ctx);
3716 }
3717
3718 static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
3719 size_t *outlen, const unsigned char *in,
3720 size_t inlen)
3721 {
3722 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
3723 const unsigned char *tbs, size_t tbslen);
3724
3725 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
3726 return psign(ctx, out, outlen, in, inlen);
3727 }
3728
3729 static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
3730 size_t *siglen, const unsigned char *tbs,
3731 size_t tbslen)
3732 {
3733 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
3734 const unsigned char *tbs, size_t tbslen);
3735
3736 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
3737 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
3738 }
3739
3740 static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
3741 size_t *keylen)
3742 {
3743 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
3744
3745 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
3746 return pderive(ctx, key, keylen);
3747 }
3748
3749 static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
3750 {
3751 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
3752
3753 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
3754 return pcopy(dst, src);
3755 }
3756
3757 static int ctrl_called;
3758
3759 static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
3760 {
3761 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
3762
3763 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
3764
3765 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
3766 ctrl_called = 1;
3767 return 1;
3768 }
3769
3770 return pctrl(ctx, type, p1, p2);
3771 }
3772
3773 static int test_custom_pmeth(int idx)
3774 {
3775 EVP_PKEY_CTX *pctx = NULL;
3776 EVP_MD_CTX *ctx = NULL;
3777 EVP_PKEY *pkey = NULL;
3778 int id, orig_id, orig_flags;
3779 int testresult = 0;
3780 size_t reslen;
3781 unsigned char *res = NULL;
3782 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
3783 const EVP_MD *md = EVP_sha256();
3784 int doderive = 0;
3785
3786 ctrl_called = 0;
3787
3788 /* We call deprecated APIs so this test doesn't support a custom libctx */
3789 if (testctx != NULL)
3790 return 1;
3791
3792 switch(idx) {
3793 case 0:
3794 case 6:
3795 id = EVP_PKEY_RSA;
3796 pkey = load_example_rsa_key();
3797 break;
3798 case 1:
3799 case 7:
3800 # ifndef OPENSSL_NO_DSA
3801 id = EVP_PKEY_DSA;
3802 pkey = load_example_dsa_key();
3803 break;
3804 # else
3805 return 1;
3806 # endif
3807 case 2:
3808 case 8:
3809 # ifndef OPENSSL_NO_EC
3810 id = EVP_PKEY_EC;
3811 pkey = load_example_ec_key();
3812 break;
3813 # else
3814 return 1;
3815 # endif
3816 case 3:
3817 case 9:
3818 # ifndef OPENSSL_NO_EC
3819 id = EVP_PKEY_ED25519;
3820 md = NULL;
3821 pkey = load_example_ed25519_key();
3822 break;
3823 # else
3824 return 1;
3825 # endif
3826 case 4:
3827 case 10:
3828 # ifndef OPENSSL_NO_DH
3829 id = EVP_PKEY_DH;
3830 doderive = 1;
3831 pkey = load_example_dh_key();
3832 break;
3833 # else
3834 return 1;
3835 # endif
3836 case 5:
3837 case 11:
3838 # ifndef OPENSSL_NO_EC
3839 id = EVP_PKEY_X25519;
3840 doderive = 1;
3841 pkey = load_example_x25519_key();
3842 break;
3843 # else
3844 return 1;
3845 # endif
3846 default:
3847 TEST_error("Should not happen");
3848 goto err;
3849 }
3850
3851 if (!TEST_ptr(pkey))
3852 goto err;
3853
3854 if (idx < 6) {
3855 if (!TEST_true(evp_pkey_is_provided(pkey)))
3856 goto err;
3857 } else {
3858 EVP_PKEY *tmp = pkey;
3859
3860 /* Convert to a legacy key */
3861 pkey = EVP_PKEY_new();
3862 if (!TEST_ptr(pkey)) {
3863 pkey = tmp;
3864 goto err;
3865 }
3866 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
3867 EVP_PKEY_free(tmp);
3868 goto err;
3869 }
3870 EVP_PKEY_free(tmp);
3871 if (!TEST_true(evp_pkey_is_legacy(pkey)))
3872 goto err;
3873 }
3874
3875 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
3876 || !TEST_ptr(pkey))
3877 goto err;
3878
3879 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
3880 if (!TEST_int_eq(orig_id, id)
3881 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
3882 goto err;
3883
3884 if (id == EVP_PKEY_ED25519) {
3885 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
3886 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
3887 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
3888 } else {
3889 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
3890 }
3891 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
3892 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
3893 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
3894 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
3895 }
3896 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
3897 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
3898 goto err;
3899
3900 if (doderive) {
3901 pctx = EVP_PKEY_CTX_new(pkey, NULL);
3902 if (!TEST_ptr(pctx)
3903 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
3904 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
3905 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
3906 1)
3907 || !TEST_int_eq(ctrl_called, 1)
3908 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
3909 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
3910 || !TEST_ptr(res = OPENSSL_malloc(reslen))
3911 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
3912 goto err;
3913 } else {
3914 ctx = EVP_MD_CTX_new();
3915 reslen = EVP_PKEY_size(pkey);
3916 res = OPENSSL_malloc(reslen);
3917 if (!TEST_ptr(ctx)
3918 || !TEST_ptr(res)
3919 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
3920 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
3921 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
3922 1)
3923 || !TEST_int_eq(ctrl_called, 1))
3924 goto err;
3925
3926 if (id == EVP_PKEY_ED25519) {
3927 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
3928 goto err;
3929 } else {
3930 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
3931 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
3932 goto err;
3933 }
3934 }
3935
3936 testresult = 1;
3937 err:
3938 OPENSSL_free(res);
3939 EVP_MD_CTX_free(ctx);
3940 if (doderive)
3941 EVP_PKEY_CTX_free(pctx);
3942 EVP_PKEY_free(pkey);
3943 EVP_PKEY_meth_remove(custom_pmeth);
3944 EVP_PKEY_meth_free(custom_pmeth);
3945 custom_pmeth = NULL;
3946 return testresult;
3947 }
3948
3949 static int test_evp_md_cipher_meth(void)
3950 {
3951 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
3952 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
3953 int testresult = 0;
3954
3955 if (!TEST_ptr(md) || !TEST_ptr(ciph))
3956 goto err;
3957
3958 testresult = 1;
3959
3960 err:
3961 EVP_MD_meth_free(md);
3962 EVP_CIPHER_meth_free(ciph);
3963
3964 return testresult;
3965 }
3966
3967 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
3968 /* Test we can create a signature keys with an associated ENGINE */
3969 static int test_signatures_with_engine(int tst)
3970 {
3971 ENGINE *e;
3972 const char *engine_id = "dasync";
3973 EVP_PKEY *pkey = NULL;
3974 const unsigned char badcmackey[] = { 0x00, 0x01 };
3975 const unsigned char cmackey[] = {
3976 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
3977 0x0c, 0x0d, 0x0e, 0x0f
3978 };
3979 const unsigned char ed25519key[] = {
3980 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
3981 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
3982 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
3983 };
3984 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
3985 int testresult = 0;
3986 EVP_MD_CTX *ctx = NULL;
3987 unsigned char *mac = NULL;
3988 size_t maclen = 0;
3989 int ret;
3990
3991 # ifdef OPENSSL_NO_CMAC
3992 /* Skip CMAC tests in a no-cmac build */
3993 if (tst <= 1)
3994 return 1;
3995 # endif
3996
3997 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
3998 return 0;
3999
4000 if (!TEST_true(ENGINE_init(e))) {
4001 ENGINE_free(e);
4002 return 0;
4003 }
4004
4005 switch (tst) {
4006 case 0:
4007 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
4008 EVP_aes_128_cbc());
4009 break;
4010 case 1:
4011 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
4012 EVP_aes_128_cbc());
4013 break;
4014 case 2:
4015 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
4016 sizeof(ed25519key));
4017 break;
4018 default:
4019 TEST_error("Invalid test case");
4020 goto err;
4021 }
4022 if (!TEST_ptr(pkey))
4023 goto err;
4024
4025 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
4026 goto err;
4027
4028 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
4029 pkey);
4030 if (tst == 0) {
4031 if (!TEST_true(ret))
4032 goto err;
4033
4034 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
4035 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
4036 goto err;
4037
4038 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
4039 goto err;
4040
4041 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
4042 goto err;
4043 } else {
4044 /* We used a bad key. We expect a failure here */
4045 if (!TEST_false(ret))
4046 goto err;
4047 }
4048
4049 testresult = 1;
4050 err:
4051 EVP_MD_CTX_free(ctx);
4052 OPENSSL_free(mac);
4053 EVP_PKEY_free(pkey);
4054 ENGINE_finish(e);
4055 ENGINE_free(e);
4056
4057 return testresult;
4058 }
4059
4060 static int test_cipher_with_engine(void)
4061 {
4062 ENGINE *e;
4063 const char *engine_id = "dasync";
4064 const unsigned char keyiv[] = {
4065 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4066 0x0c, 0x0d, 0x0e, 0x0f
4067 };
4068 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4069 int testresult = 0;
4070 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
4071 unsigned char buf[AES_BLOCK_SIZE];
4072 int len = 0;
4073
4074 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4075 return 0;
4076
4077 if (!TEST_true(ENGINE_init(e))) {
4078 ENGINE_free(e);
4079 return 0;
4080 }
4081
4082 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4083 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
4084 goto err;
4085
4086 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
4087 goto err;
4088
4089 /* Copy the ctx, and complete the operation with the new ctx */
4090 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
4091 goto err;
4092
4093 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
4094 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
4095 goto err;
4096
4097 testresult = 1;
4098 err:
4099 EVP_CIPHER_CTX_free(ctx);
4100 EVP_CIPHER_CTX_free(ctx2);
4101 ENGINE_finish(e);
4102 ENGINE_free(e);
4103
4104 return testresult;
4105 }
4106 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
4107 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
4108
4109 typedef enum OPTION_choice {
4110 OPT_ERR = -1,
4111 OPT_EOF = 0,
4112 OPT_CONTEXT,
4113 OPT_TEST_ENUM
4114 } OPTION_CHOICE;
4115
4116 const OPTIONS *test_get_options(void)
4117 {
4118 static const OPTIONS options[] = {
4119 OPT_TEST_OPTIONS_DEFAULT_USAGE,
4120 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
4121 { NULL }
4122 };
4123 return options;
4124 }
4125
4126 int setup_tests(void)
4127 {
4128 OPTION_CHOICE o;
4129
4130 while ((o = opt_next()) != OPT_EOF) {
4131 switch (o) {
4132 case OPT_CONTEXT:
4133 /* Set up an alternate library context */
4134 testctx = OSSL_LIB_CTX_new();
4135 if (!TEST_ptr(testctx))
4136 return 0;
4137 /* Swap the libctx to test non-default context only */
4138 nullprov = OSSL_PROVIDER_load(NULL, "null");
4139 deflprov = OSSL_PROVIDER_load(testctx, "default");
4140 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
4141 break;
4142 case OPT_TEST_CASES:
4143 break;
4144 default:
4145 return 0;
4146 }
4147 }
4148
4149 ADD_TEST(test_EVP_set_default_properties);
4150 ADD_ALL_TESTS(test_EVP_DigestSignInit, 15);
4151 ADD_TEST(test_EVP_DigestVerifyInit);
4152 ADD_TEST(test_EVP_Digest);
4153 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
4154 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
4155 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
4156 ADD_TEST(test_privatekey_to_pkcs8);
4157 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
4158 #ifndef OPENSSL_NO_EC
4159 ADD_TEST(test_EVP_PKCS82PKEY);
4160 #endif
4161 #ifndef OPENSSL_NO_EC
4162 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
4163 #endif
4164 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
4165 ADD_TEST(test_EVP_SM2);
4166 ADD_TEST(test_EVP_SM2_verify);
4167 #endif
4168 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
4169 #ifndef OPENSSL_NO_DEPRECATED_3_0
4170 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
4171 if (!TEST_ptr(custom_pmeth))
4172 return 0;
4173 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
4174 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
4175 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
4176 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
4177 return 0;
4178 #endif
4179 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
4180 #ifndef OPENSSL_NO_CMAC
4181 ADD_TEST(test_CMAC_keygen);
4182 #endif
4183 ADD_TEST(test_HKDF);
4184 ADD_TEST(test_emptyikm_HKDF);
4185 #ifndef OPENSSL_NO_EC
4186 ADD_TEST(test_X509_PUBKEY_inplace);
4187 ADD_TEST(test_X509_PUBKEY_dup);
4188 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
4189 OSSL_NELEM(ec_der_pub_keys));
4190 #endif
4191 #ifndef OPENSSL_NO_DSA
4192 ADD_TEST(test_DSA_get_set_params);
4193 ADD_TEST(test_DSA_priv_pub);
4194 #endif
4195 ADD_TEST(test_RSA_get_set_params);
4196 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
4197 ADD_TEST(test_decrypt_null_chunks);
4198 #endif
4199 #ifndef OPENSSL_NO_DH
4200 ADD_TEST(test_DH_priv_pub);
4201 # ifndef OPENSSL_NO_DEPRECATED_3_0
4202 ADD_TEST(test_EVP_PKEY_set1_DH);
4203 # endif
4204 #endif
4205 #ifndef OPENSSL_NO_EC
4206 ADD_TEST(test_EC_priv_pub);
4207 # ifndef OPENSSL_NO_DEPRECATED_3_0
4208 ADD_TEST(test_EC_priv_only_legacy);
4209 # endif
4210 #endif
4211 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
4212 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
4213
4214 ADD_TEST(test_rand_agglomeration);
4215 ADD_ALL_TESTS(test_evp_iv_aes, 12);
4216 #ifndef OPENSSL_NO_DES
4217 ADD_ALL_TESTS(test_evp_iv_des, 6);
4218 #endif
4219 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
4220 #ifndef OPENSSL_NO_EC
4221 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
4222 #endif
4223
4224 ADD_TEST(test_names_do_all);
4225
4226 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
4227 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
4228 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
4229 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
4230
4231 #ifndef OPENSSL_NO_DEPRECATED_3_0
4232 ADD_ALL_TESTS(test_custom_pmeth, 12);
4233 ADD_TEST(test_evp_md_cipher_meth);
4234
4235 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4236 /* Tests only support the default libctx */
4237 if (testctx == NULL) {
4238 # ifndef OPENSSL_NO_EC
4239 ADD_ALL_TESTS(test_signatures_with_engine, 3);
4240 # else
4241 ADD_ALL_TESTS(test_signatures_with_engine, 2);
4242 # endif
4243 ADD_TEST(test_cipher_with_engine);
4244 }
4245 # endif
4246 #endif
4247
4248 return 1;
4249 }
4250
4251 void cleanup_tests(void)
4252 {
4253 OSSL_PROVIDER_unload(nullprov);
4254 OSSL_PROVIDER_unload(deflprov);
4255 OSSL_PROVIDER_unload(lgcyprov);
4256 OSSL_LIB_CTX_free(testctx);
4257 }
A mirror of the official openssl repository