]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/evp_extra_test.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
rsa: Accept NULL OAEP label for backward compatibility
[thirdparty/openssl.git] / test / evp_extra_test.c
1 /*
2 * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
34 #include <openssl/proverr.h>
35 #include "testutil.h"
36 #include "internal/nelem.h"
37 #include "internal/sizes.h"
38 #include "crypto/evp.h"
39 #include "fake_rsaprov.h"
40
41 static OSSL_LIB_CTX *testctx = NULL;
42 static char *testpropq = NULL;
43
44 static OSSL_PROVIDER *nullprov = NULL;
45 static OSSL_PROVIDER *deflprov = NULL;
46 static OSSL_PROVIDER *lgcyprov = NULL;
47
48 /*
49 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
50 * should never use this key anywhere but in an example.
51 */
52 static const unsigned char kExampleRSAKeyDER[] = {
53 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
54 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
55 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
56 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
57 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
58 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
59 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
60 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
61 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
62 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
63 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
64 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
65 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
66 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
67 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
68 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
69 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
70 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
71 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
72 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
73 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
74 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
75 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
76 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
77 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
78 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
79 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
80 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
81 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
82 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
83 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
84 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
85 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
86 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
87 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
88 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
89 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
90 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
91 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
92 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
93 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
94 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
95 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
96 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
97 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
98 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
99 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
100 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
101 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
102 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
103 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
104 };
105
106 /*
107 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
108 * should never use this key anywhere but in an example.
109 */
110 #ifndef OPENSSL_NO_DSA
111 static const unsigned char kExampleDSAKeyDER[] = {
112 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
113 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
114 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
115 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
116 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
117 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
118 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
119 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
120 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
121 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
122 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
123 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
124 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
125 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
126 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
127 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
128 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
129 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
130 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
131 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
132 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
133 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
134 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
135 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
136 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
137 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
138 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
139 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
140 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
141 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
142 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
143 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
144 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
145 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
146 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
147 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
148 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
149 0x40, 0x48
150 };
151 #endif
152
153 /*
154 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
155 * components are not correct.
156 */
157 static const unsigned char kExampleBadRSAKeyDER[] = {
158 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
159 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
160 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
161 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
162 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
163 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
164 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
165 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
166 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
167 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
168 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
169 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
170 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
171 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
172 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
173 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
174 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
175 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
176 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
177 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
178 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
179 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
180 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
181 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
182 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
183 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
184 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
185 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
186 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
187 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
188 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
189 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
190 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
191 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
192 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
193 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
194 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
195 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
196 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
197 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
198 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
199 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
200 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
201 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
202 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
203 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
204 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
205 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
206 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
207 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
208 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
209 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
210 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
211 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
212 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
213 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
214 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
215 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
216 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
217 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
218 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
219 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
220 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
221 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
222 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
223 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
224 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
225 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
226 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
227 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
228 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
229 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
230 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
231 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
232 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
233 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
234 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
235 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
236 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
237 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
238 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
239 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
240 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
241 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
242 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
243 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
244 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
245 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
246 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
247 };
248
249 /*
250 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All
251 * values are 0.
252 */
253 static const unsigned char kExampleBad2RSAKeyDER[] = {
254 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
255 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
256 0x01, 0x00, 0x02, 0x01, 0x00
257 };
258
259 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
260
261 static const unsigned char kSignature[] = {
262 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
263 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
264 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
265 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
266 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
267 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
268 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
269 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
270 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
271 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
272 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
273 };
274
275 /*
276 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
277 * PrivateKeyInfo.
278 */
279 static const unsigned char kExampleRSAKeyPKCS8[] = {
280 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
281 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
282 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
283 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
284 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
285 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
286 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
287 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
288 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
289 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
290 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
291 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
292 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
293 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
294 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
295 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
296 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
297 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
298 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
299 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
300 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
301 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
302 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
303 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
304 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
305 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
306 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
307 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
308 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
309 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
310 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
311 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
312 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
313 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
314 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
315 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
316 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
317 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
318 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
319 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
320 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
321 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
322 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
323 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
324 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
325 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
326 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
327 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
328 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
329 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
330 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
331 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
332 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
333 };
334
335 #ifndef OPENSSL_NO_EC
336 /*
337 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
338 * structure.
339 */
340 static const unsigned char kExampleECKeyDER[] = {
341 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
342 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
343 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
344 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
345 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
346 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
347 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
348 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
349 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
350 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
351 0xc1,
352 };
353
354 /*
355 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
356 * structure. The private key is equal to the order and will fail to import
357 */
358 static const unsigned char kExampleBadECKeyDER[] = {
359 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
360 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
361 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
362 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
363 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
364 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
365 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
366 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
367 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
368 };
369
370 /* prime256v1 */
371 static const unsigned char kExampleECPubKeyDER[] = {
372 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
373 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
374 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
375 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
376 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
377 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
378 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
379 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
380 };
381
382 /*
383 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
384 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
385 */
386 static const unsigned char kExampleBadECPubKeyDER[] = {
387 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
388 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
389 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
390 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
391 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
392 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
393 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
394 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
395 };
396
397 static const unsigned char pExampleECParamDER[] = {
398 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
399 };
400
401 # ifndef OPENSSL_NO_ECX
402 static const unsigned char kExampleED25519KeyDER[] = {
403 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
404 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
405 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
406 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
407 };
408
409 static const unsigned char kExampleED25519PubKeyDER[] = {
410 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
411 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
412 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
413 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
414 };
415
416 # ifndef OPENSSL_NO_DEPRECATED_3_0
417 static const unsigned char kExampleX25519KeyDER[] = {
418 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
419 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
420 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
421 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
422 };
423 # endif
424 # endif
425 #endif
426
427 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
428 #ifndef OPENSSL_NO_DEPRECATED_3_0
429 # ifndef OPENSSL_NO_DH
430 static const unsigned char kExampleDHKeyDER[] = {
431 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
432 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
433 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
434 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
435 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
436 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
437 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
438 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
439 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
440 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
441 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
442 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
443 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
444 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
445 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
446 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
447 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
448 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
449 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
450 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
451 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
452 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
453 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
454 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
455 0x2e, 0x87, 0x2a, 0x0b, 0x7a
456 };
457 # endif
458 #endif
459
460 static const unsigned char kCFBDefaultKey[] = {
461 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
462 0x09, 0xCF, 0x4F, 0x3C
463 };
464
465 static const unsigned char kGCMDefaultKey[32] = { 0 };
466
467 static const unsigned char kGCMResetKey[] = {
468 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
469 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
470 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
471 };
472
473 static const unsigned char iCFBIV[] = {
474 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
475 0x0C, 0x0D, 0x0E, 0x0F
476 };
477
478 static const unsigned char iGCMDefaultIV[12] = { 0 };
479
480 static const unsigned char iGCMResetIV1[] = {
481 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
482 };
483
484 static const unsigned char iGCMResetIV2[] = {
485 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
486 };
487
488 static const unsigned char cfbPlaintext[] = {
489 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
490 0x73, 0x93, 0x17, 0x2A
491 };
492
493 static const unsigned char gcmDefaultPlaintext[16] = { 0 };
494
495 static const unsigned char gcmResetPlaintext[] = {
496 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
497 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
498 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
499 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
500 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
501 };
502
503 static const unsigned char cfbCiphertext[] = {
504 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
505 0xE8, 0x3C, 0xFB, 0x4A
506 };
507
508 static const unsigned char gcmDefaultCiphertext[] = {
509 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
510 0xba, 0xf3, 0x9d, 0x18
511 };
512
513 static const unsigned char gcmResetCiphertext1[] = {
514 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
515 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
516 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
517 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
518 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
519 };
520
521 static const unsigned char gcmResetCiphertext2[] = {
522 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
523 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
524 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
525 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
526 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
527 };
528
529 static const unsigned char gcmAAD[] = {
530 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
531 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
532 };
533
534 static const unsigned char gcmDefaultTag[] = {
535 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
536 0xd4, 0x8a, 0xb9, 0x19
537 };
538
539 static const unsigned char gcmResetTag1[] = {
540 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
541 0xfe, 0x2e, 0xa8, 0xf2
542 };
543
544 static const unsigned char gcmResetTag2[] = {
545 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
546 0xbb, 0x2d, 0x55, 0x1b
547 };
548
549 typedef struct APK_DATA_st {
550 const unsigned char *kder;
551 size_t size;
552 const char *keytype;
553 int evptype;
554 int check;
555 int pub_check;
556 int param_check;
557 int type; /* 0 for private, 1 for public, 2 for params */
558 } APK_DATA;
559
560 static APK_DATA keydata[] = {
561 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
562 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
563 #ifndef OPENSSL_NO_EC
564 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
565 #endif
566 };
567
568 static APK_DATA keycheckdata[] = {
569 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
570 0},
571 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
572 0, 1, 1, 0},
573 {kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA,
574 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0},
575 #ifndef OPENSSL_NO_EC
576 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
577 /* group is also associated in our pub key */
578 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
579 1, 1},
580 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
581 2},
582 # ifndef OPENSSL_NO_ECX
583 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
584 EVP_PKEY_ED25519, 1, 1, 1, 0},
585 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
586 EVP_PKEY_ED25519, 0, 1, 1, 1},
587 # endif
588 #endif
589 };
590
591 static EVP_PKEY *load_example_key(const char *keytype,
592 const unsigned char *data, size_t data_len)
593 {
594 const unsigned char **pdata = &data;
595 EVP_PKEY *pkey = NULL;
596 OSSL_DECODER_CTX *dctx =
597 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
598 testctx, testpropq);
599
600 /* |pkey| will be NULL on error */
601 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
602 OSSL_DECODER_CTX_free(dctx);
603 return pkey;
604 }
605
606 static EVP_PKEY *load_example_rsa_key(void)
607 {
608 return load_example_key("RSA", kExampleRSAKeyDER,
609 sizeof(kExampleRSAKeyDER));
610 }
611
612 #ifndef OPENSSL_NO_DSA
613 static EVP_PKEY *load_example_dsa_key(void)
614 {
615 return load_example_key("DSA", kExampleDSAKeyDER,
616 sizeof(kExampleDSAKeyDER));
617 }
618 #endif
619
620 #ifndef OPENSSL_NO_EC
621 static EVP_PKEY *load_example_ec_key(void)
622 {
623 return load_example_key("EC", kExampleECKeyDER,
624 sizeof(kExampleECKeyDER));
625 }
626 #endif
627
628 #ifndef OPENSSL_NO_DEPRECATED_3_0
629 # ifndef OPENSSL_NO_DH
630 static EVP_PKEY *load_example_dh_key(void)
631 {
632 return load_example_key("DH", kExampleDHKeyDER,
633 sizeof(kExampleDHKeyDER));
634 }
635 # endif
636
637 # ifndef OPENSSL_NO_ECX
638 static EVP_PKEY *load_example_ed25519_key(void)
639 {
640 return load_example_key("ED25519", kExampleED25519KeyDER,
641 sizeof(kExampleED25519KeyDER));
642 }
643
644 static EVP_PKEY *load_example_x25519_key(void)
645 {
646 return load_example_key("X25519", kExampleX25519KeyDER,
647 sizeof(kExampleX25519KeyDER));
648 }
649 # endif
650 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
651
652 static EVP_PKEY *load_example_hmac_key(void)
653 {
654 EVP_PKEY *pkey = NULL;
655 unsigned char key[] = {
656 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
657 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
658 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
659 };
660
661 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
662 NULL, key, sizeof(key));
663 if (!TEST_ptr(pkey))
664 return NULL;
665
666 return pkey;
667 }
668
669 static int test_EVP_set_default_properties(void)
670 {
671 OSSL_LIB_CTX *ctx;
672 EVP_MD *md = NULL;
673 int res = 0;
674
675 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
676 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
677 goto err;
678 EVP_MD_free(md);
679 md = NULL;
680
681 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
682 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
683 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
684 goto err;
685 EVP_MD_free(md);
686 md = NULL;
687
688 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
689 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
690 goto err;
691 res = 1;
692 err:
693 EVP_MD_free(md);
694 OSSL_LIB_CTX_free(ctx);
695 return res;
696 }
697
698 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
699 static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
700 {
701 EVP_PKEY_CTX *pctx = NULL;
702 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL;
703
704 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
705 goto err;
706 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
707 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
708 params), 0))
709 goto err;
710
711 if (!TEST_ptr(tmp_pkey))
712 goto err;
713
714 pkey = tmp_pkey;
715 tmp_pkey = NULL;
716 err:
717 EVP_PKEY_free(tmp_pkey);
718 EVP_PKEY_CTX_free(pctx);
719 return pkey;
720 }
721
722 static int test_selection(EVP_PKEY *pkey, int selection)
723 {
724 int testresult = 0;
725 int ret;
726 BIO *bio = BIO_new(BIO_s_mem());
727
728 ret = PEM_write_bio_PUBKEY(bio, pkey);
729 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
730 if (!TEST_true(ret))
731 goto err;
732 } else {
733 if (!TEST_false(ret))
734 goto err;
735 }
736 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
737 testctx, NULL);
738 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
739 if (!TEST_true(ret))
740 goto err;
741 } else {
742 if (!TEST_false(ret))
743 goto err;
744 }
745
746 testresult = 1;
747 err:
748 BIO_free(bio);
749
750 return testresult;
751 }
752 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
753
754 /*
755 * Test combinations of private, public, missing and private + public key
756 * params to ensure they are all accepted
757 */
758 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
759 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
760 {
761 OSSL_PARAM_BLD *bld = NULL;
762 OSSL_PARAM *params = NULL;
763 EVP_PKEY *just_params = NULL;
764 EVP_PKEY *params_and_priv = NULL;
765 EVP_PKEY *params_and_pub = NULL;
766 EVP_PKEY *params_and_keypair = NULL;
767 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
768 int ret = 0;
769
770 /*
771 * Setup the parameters for our pkey object. For our purposes they don't
772 * have to actually be *valid* parameters. We just need to set something.
773 */
774 if (!TEST_ptr(p = BN_new())
775 || !TEST_ptr(q = BN_new())
776 || !TEST_ptr(g = BN_new())
777 || !TEST_ptr(pub = BN_new())
778 || !TEST_ptr(priv = BN_new()))
779 goto err;
780
781 /* Test !priv and !pub */
782 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
783 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
784 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
785 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
786 goto err;
787 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
788 || !TEST_ptr(just_params = make_key_fromdata(keytype, params)))
789 goto err;
790
791 OSSL_PARAM_free(params);
792 OSSL_PARAM_BLD_free(bld);
793 params = NULL;
794 bld = NULL;
795
796 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
797 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
798 goto err;
799
800 /* Test priv and !pub */
801 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
802 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
803 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
804 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
805 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
806 priv)))
807 goto err;
808 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
809 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params)))
810 goto err;
811
812 OSSL_PARAM_free(params);
813 OSSL_PARAM_BLD_free(bld);
814 params = NULL;
815 bld = NULL;
816
817 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
818 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
819 goto err;
820
821 /* Test !priv and pub */
822 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
823 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
824 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
825 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
826 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
827 pub)))
828 goto err;
829 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
830 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params)))
831 goto err;
832
833 OSSL_PARAM_free(params);
834 OSSL_PARAM_BLD_free(bld);
835 params = NULL;
836 bld = NULL;
837
838 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
839 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
840 goto err;
841
842 /* Test priv and pub */
843 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
844 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
845 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
846 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
847 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
848 pub))
849 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
850 priv)))
851 goto err;
852 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
853 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params)))
854 goto err;
855
856 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
857 goto err;
858
859 ret = 1;
860 err:
861 OSSL_PARAM_free(params);
862 OSSL_PARAM_BLD_free(bld);
863 EVP_PKEY_free(just_params);
864 EVP_PKEY_free(params_and_priv);
865 EVP_PKEY_free(params_and_pub);
866 EVP_PKEY_free(params_and_keypair);
867 BN_free(p);
868 BN_free(q);
869 BN_free(g);
870 BN_free(pub);
871 BN_free(priv);
872
873 return ret;
874 }
875 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
876
877 /*
878 * Test combinations of private, public, missing and private + public key
879 * params to ensure they are all accepted for EC keys
880 */
881 #ifndef OPENSSL_NO_EC
882 static unsigned char ec_priv[] = {
883 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
884 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
885 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
886 };
887 static unsigned char ec_pub[] = {
888 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
889 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
890 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
891 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
892 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
893 0x08, 0x09, 0xb8, 0xdb, 0x03
894 };
895
896 static int test_EC_priv_pub(void)
897 {
898 OSSL_PARAM_BLD *bld = NULL;
899 OSSL_PARAM *params = NULL;
900 EVP_PKEY *just_params = NULL;
901 EVP_PKEY *params_and_priv = NULL;
902 EVP_PKEY *params_and_pub = NULL;
903 EVP_PKEY *params_and_keypair = NULL;
904 BIGNUM *priv = NULL;
905 int ret = 0;
906 unsigned char *encoded = NULL;
907 size_t len = 0;
908 unsigned char buffer[128];
909
910 /*
911 * Setup the parameters for our pkey object. For our purposes they don't
912 * have to actually be *valid* parameters. We just need to set something.
913 */
914 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
915 goto err;
916
917 /* Test !priv and !pub */
918 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
919 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
920 OSSL_PKEY_PARAM_GROUP_NAME,
921 "P-256", 0)))
922 goto err;
923 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
924 || !TEST_ptr(just_params = make_key_fromdata("EC", params)))
925 goto err;
926
927 OSSL_PARAM_free(params);
928 OSSL_PARAM_BLD_free(bld);
929 params = NULL;
930 bld = NULL;
931
932 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
933 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
934 goto err;
935
936 /* Test priv and !pub */
937 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
938 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
939 OSSL_PKEY_PARAM_GROUP_NAME,
940 "P-256", 0))
941 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
942 priv)))
943 goto err;
944 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
945 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params)))
946 goto err;
947
948 OSSL_PARAM_free(params);
949 OSSL_PARAM_BLD_free(bld);
950 params = NULL;
951 bld = NULL;
952
953 /*
954 * We indicate only parameters here, in spite of having built a key that
955 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
956 * expected to fail because it does not support exporting a private EC
957 * key without a corresponding public key
958 */
959 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
960 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
961 goto err;
962
963 /* Test !priv and pub */
964 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
965 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
966 OSSL_PKEY_PARAM_GROUP_NAME,
967 "P-256", 0))
968 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
969 OSSL_PKEY_PARAM_PUB_KEY,
970 ec_pub, sizeof(ec_pub))))
971 goto err;
972 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
973 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params)))
974 goto err;
975
976 OSSL_PARAM_free(params);
977 OSSL_PARAM_BLD_free(bld);
978 params = NULL;
979 bld = NULL;
980
981 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
982 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
983 goto err;
984
985 /* Test priv and pub */
986 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
987 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
988 OSSL_PKEY_PARAM_GROUP_NAME,
989 "P-256", 0))
990 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
991 OSSL_PKEY_PARAM_PUB_KEY,
992 ec_pub, sizeof(ec_pub)))
993 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
994 priv)))
995 goto err;
996 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
997 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params)))
998 goto err;
999
1000 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
1001 goto err;
1002
1003 /* Try key equality */
1004 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0)
1005 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub),
1006 0)
1007 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv),
1008 0)
1009 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair),
1010 0)
1011 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0)
1012 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0)
1013 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0)
1014 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0))
1015 goto err;
1016
1017 /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */
1018 if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0))
1019 goto err;
1020 OPENSSL_free(encoded);
1021 encoded = NULL;
1022 if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) {
1023 OPENSSL_free(encoded);
1024 encoded = NULL;
1025 goto err;
1026 }
1027
1028 /* Positive and negative testcase for EVP_PKEY_get_octet_string_param */
1029 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1030 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1031 buffer, sizeof(buffer), &len), 1)
1032 || !TEST_int_eq(len, 65))
1033 goto err;
1034
1035 len = 0;
1036 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1037 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1038 NULL, 0, &len), 1)
1039 || !TEST_int_eq(len, 65))
1040 goto err;
1041
1042 /* too-short buffer len*/
1043 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1044 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1045 buffer, 10, &len), 0))
1046 goto err;
1047
1048 ret = 1;
1049 err:
1050 OSSL_PARAM_free(params);
1051 OSSL_PARAM_BLD_free(bld);
1052 EVP_PKEY_free(just_params);
1053 EVP_PKEY_free(params_and_priv);
1054 EVP_PKEY_free(params_and_pub);
1055 EVP_PKEY_free(params_and_keypair);
1056 BN_free(priv);
1057
1058 return ret;
1059 }
1060
1061 /* Also test that we can read the EC PUB affine coordinates */
1062 static int test_evp_get_ec_pub(void)
1063 {
1064 OSSL_PARAM_BLD *bld = NULL;
1065 OSSL_PARAM *params = NULL;
1066 unsigned char *pad = NULL;
1067 EVP_PKEY *keypair = NULL;
1068 BIGNUM *priv = NULL;
1069 BIGNUM *x = NULL;
1070 BIGNUM *y = NULL;
1071 int ret = 0;
1072
1073 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1074 goto err;
1075
1076 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1077 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1078 OSSL_PKEY_PARAM_GROUP_NAME,
1079 "P-256", 0))
1080 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1081 OSSL_PKEY_PARAM_PUB_KEY,
1082 ec_pub, sizeof(ec_pub)))
1083 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1084 priv)))
1085 goto err;
1086
1087 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1088 || !TEST_ptr(keypair = make_key_fromdata("EC", params)))
1089 goto err;
1090
1091 if (!test_selection(keypair, EVP_PKEY_KEYPAIR))
1092 goto err;
1093
1094 if (!EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_X, &x)
1095 || !EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_Y, &y))
1096 goto err;
1097
1098 if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub))))
1099 goto err;
1100
1101 pad[0] = ec_pub[0];
1102 BN_bn2bin(x, &pad[1]);
1103 BN_bn2bin(y, &pad[33]);
1104 if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0))
1105 goto err;
1106
1107 ret = 1;
1108
1109 err:
1110 OSSL_PARAM_free(params);
1111 OSSL_PARAM_BLD_free(bld);
1112 EVP_PKEY_free(keypair);
1113 OPENSSL_free(pad);
1114 BN_free(priv);
1115 BN_free(x);
1116 BN_free(y);
1117 return ret;
1118 }
1119
1120 /* Test that using a legacy EC key with only a private key in it works */
1121 # ifndef OPENSSL_NO_DEPRECATED_3_0
1122 static int test_EC_priv_only_legacy(void)
1123 {
1124 BIGNUM *priv = NULL;
1125 int ret = 0;
1126 EC_KEY *eckey = NULL;
1127 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
1128 EVP_MD_CTX *ctx = NULL;
1129
1130 /* Create the low level EC_KEY */
1131 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1132 goto err;
1133
1134 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1135 if (!TEST_ptr(eckey))
1136 goto err;
1137
1138 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1139 goto err;
1140
1141 pkey = EVP_PKEY_new();
1142 if (!TEST_ptr(pkey))
1143 goto err;
1144
1145 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1146 goto err;
1147 eckey = NULL;
1148
1149 while (dup_pk == NULL) {
1150 ret = 0;
1151 ctx = EVP_MD_CTX_new();
1152 if (!TEST_ptr(ctx))
1153 goto err;
1154
1155 /*
1156 * The EVP_DigestSignInit function should create the key on the
1157 * provider side which is sufficient for this test.
1158 */
1159 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
1160 testpropq, pkey, NULL)))
1161 goto err;
1162 EVP_MD_CTX_free(ctx);
1163 ctx = NULL;
1164
1165 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
1166 goto err;
1167 /* EVP_PKEY_eq() returns -2 with missing public keys */
1168 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
1169 EVP_PKEY_free(pkey);
1170 pkey = dup_pk;
1171 if (!ret)
1172 goto err;
1173 }
1174
1175 err:
1176 EVP_MD_CTX_free(ctx);
1177 EVP_PKEY_free(pkey);
1178 EC_KEY_free(eckey);
1179 BN_free(priv);
1180
1181 return ret;
1182 }
1183
1184 static int test_evp_get_ec_pub_legacy(void)
1185 {
1186 OSSL_LIB_CTX *libctx = NULL;
1187 unsigned char *pad = NULL;
1188 EVP_PKEY *pkey = NULL;
1189 EC_KEY *eckey = NULL;
1190 BIGNUM *priv = NULL;
1191 BIGNUM *x = NULL;
1192 BIGNUM *y = NULL;
1193 int ret = 0;
1194
1195 if (!TEST_ptr(libctx = OSSL_LIB_CTX_new()))
1196 goto err;
1197
1198 /* Create the legacy key */
1199 if (!TEST_ptr(eckey = EC_KEY_new_by_curve_name_ex(libctx, NULL,
1200 NID_X9_62_prime256v1)))
1201 goto err;
1202
1203 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1204 goto err;
1205
1206 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1207 goto err;
1208
1209 if (!TEST_ptr(x = BN_bin2bn(&ec_pub[1], 32, NULL)))
1210 goto err;
1211
1212 if (!TEST_ptr(y = BN_bin2bn(&ec_pub[33], 32, NULL)))
1213 goto err;
1214
1215 if (!TEST_true(EC_KEY_set_public_key_affine_coordinates(eckey, x, y)))
1216 goto err;
1217
1218 if (!TEST_ptr(pkey = EVP_PKEY_new()))
1219 goto err;
1220
1221 /* Transfer the legacy key */
1222 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1223 goto err;
1224 eckey = NULL;
1225
1226 if (!TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &x))
1227 || !TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &y)))
1228 goto err;
1229
1230 if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub))))
1231 goto err;
1232
1233 pad[0] = ec_pub[0];
1234 BN_bn2bin(x, &pad[1]);
1235 BN_bn2bin(y, &pad[33]);
1236
1237 if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0))
1238 goto err;
1239
1240 ret = 1;
1241
1242 err:
1243 OSSL_LIB_CTX_free(libctx);
1244 EVP_PKEY_free(pkey);
1245 EC_KEY_free(eckey);
1246 OPENSSL_free(pad);
1247 BN_free(priv);
1248 BN_free(x);
1249 BN_free(y);
1250
1251 return ret;
1252 }
1253 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
1254 #endif /* OPENSSL_NO_EC */
1255
1256 static int test_EVP_PKEY_sign(int tst)
1257 {
1258 int ret = 0;
1259 EVP_PKEY *pkey = NULL;
1260 unsigned char *sig = NULL;
1261 size_t sig_len = 0, shortsig_len = 1;
1262 EVP_PKEY_CTX *ctx = NULL;
1263 unsigned char tbs[] = {
1264 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1265 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1266 };
1267
1268 if (tst == 0) {
1269 if (!TEST_ptr(pkey = load_example_rsa_key()))
1270 goto out;
1271 } else if (tst == 1) {
1272 #ifndef OPENSSL_NO_DSA
1273 if (!TEST_ptr(pkey = load_example_dsa_key()))
1274 goto out;
1275 #else
1276 ret = 1;
1277 goto out;
1278 #endif
1279 } else {
1280 #ifndef OPENSSL_NO_EC
1281 if (!TEST_ptr(pkey = load_example_ec_key()))
1282 goto out;
1283 #else
1284 ret = 1;
1285 goto out;
1286 #endif
1287 }
1288
1289 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1290 if (!TEST_ptr(ctx)
1291 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1292 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1293 sizeof(tbs)), 0))
1294 goto out;
1295 sig = OPENSSL_malloc(sig_len);
1296 if (!TEST_ptr(sig)
1297 /* Test sending a signature buffer that is too short is rejected */
1298 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1299 sizeof(tbs)), 0)
1300 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1301 0)
1302 /* Test the signature round-trips */
1303 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1304 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1305 0))
1306 goto out;
1307
1308 ret = 1;
1309 out:
1310 EVP_PKEY_CTX_free(ctx);
1311 OPENSSL_free(sig);
1312 EVP_PKEY_free(pkey);
1313 return ret;
1314 }
1315
1316 #ifndef OPENSSL_NO_DEPRECATED_3_0
1317 static int test_EVP_PKEY_sign_with_app_method(int tst)
1318 {
1319 int ret = 0;
1320 EVP_PKEY *pkey = NULL;
1321 RSA *rsa = NULL;
1322 RSA_METHOD *rsa_meth = NULL;
1323 #ifndef OPENSSL_NO_DSA
1324 DSA *dsa = NULL;
1325 DSA_METHOD *dsa_meth = NULL;
1326 #endif
1327 unsigned char *sig = NULL;
1328 size_t sig_len = 0, shortsig_len = 1;
1329 EVP_PKEY_CTX *ctx = NULL;
1330 unsigned char tbs[] = {
1331 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1332 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1333 };
1334
1335 if (tst == 0) {
1336 if (!TEST_ptr(pkey = load_example_rsa_key()))
1337 goto out;
1338 if (!TEST_ptr(rsa_meth = RSA_meth_dup(RSA_get_default_method())))
1339 goto out;
1340
1341 if (!TEST_ptr(rsa = EVP_PKEY_get1_RSA(pkey))
1342 || !TEST_int_gt(RSA_set_method(rsa, rsa_meth), 0)
1343 || !TEST_int_gt(EVP_PKEY_assign_RSA(pkey, rsa), 0))
1344 goto out;
1345 rsa = NULL; /* now owned by the pkey */
1346 } else {
1347 #ifndef OPENSSL_NO_DSA
1348 if (!TEST_ptr(pkey = load_example_dsa_key()))
1349 goto out;
1350 if (!TEST_ptr(dsa_meth = DSA_meth_dup(DSA_get_default_method())))
1351 goto out;
1352
1353 if (!TEST_ptr(dsa = EVP_PKEY_get1_DSA(pkey))
1354 || !TEST_int_gt(DSA_set_method(dsa, dsa_meth), 0)
1355 || !TEST_int_gt(EVP_PKEY_assign_DSA(pkey, dsa), 0))
1356 goto out;
1357 dsa = NULL; /* now owned by the pkey */
1358 #else
1359 ret = 1;
1360 goto out;
1361 #endif
1362 }
1363
1364 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1365 if (!TEST_ptr(ctx)
1366 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1367 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1368 sizeof(tbs)), 0))
1369 goto out;
1370 sig = OPENSSL_malloc(sig_len);
1371 if (!TEST_ptr(sig)
1372 /* Test sending a signature buffer that is too short is rejected */
1373 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1374 sizeof(tbs)), 0)
1375 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1376 0)
1377 /* Test the signature round-trips */
1378 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1379 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1380 0))
1381 goto out;
1382
1383 ret = 1;
1384 out:
1385 EVP_PKEY_CTX_free(ctx);
1386 OPENSSL_free(sig);
1387 EVP_PKEY_free(pkey);
1388 RSA_free(rsa);
1389 RSA_meth_free(rsa_meth);
1390 #ifndef OPENSSL_NO_DSA
1391 DSA_free(dsa);
1392 DSA_meth_free(dsa_meth);
1393 #endif
1394 return ret;
1395 }
1396 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */
1397
1398 /*
1399 * n = 0 => test using legacy cipher
1400 * n = 1 => test using fetched cipher
1401 */
1402 static int test_EVP_Enveloped(int n)
1403 {
1404 int ret = 0;
1405 EVP_CIPHER_CTX *ctx = NULL;
1406 EVP_PKEY *keypair = NULL;
1407 unsigned char *kek = NULL;
1408 unsigned char iv[EVP_MAX_IV_LENGTH];
1409 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1410 int len, kek_len, ciphertext_len, plaintext_len;
1411 unsigned char ciphertext[32], plaintext[16];
1412 EVP_CIPHER *type = NULL;
1413
1414 if (nullprov != NULL)
1415 return TEST_skip("Test does not support a non-default library context");
1416
1417 if (n == 0)
1418 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1419 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1420 testpropq)))
1421 goto err;
1422
1423 if (!TEST_ptr(keypair = load_example_rsa_key())
1424 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
1425 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1426 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1427 &keypair, 1))
1428 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1429 msg, sizeof(msg)))
1430 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1431 &len)))
1432 goto err;
1433
1434 ciphertext_len += len;
1435
1436 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1437 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1438 ciphertext, ciphertext_len))
1439 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1440 goto err;
1441
1442 plaintext_len += len;
1443 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1444 goto err;
1445
1446 ret = 1;
1447 err:
1448 if (n != 0)
1449 EVP_CIPHER_free(type);
1450 OPENSSL_free(kek);
1451 EVP_PKEY_free(keypair);
1452 EVP_CIPHER_CTX_free(ctx);
1453 return ret;
1454 }
1455
1456 /*
1457 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1458 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1459 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1460 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1461 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1462 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1463 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1464 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1465 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1466 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1467 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1468 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1469 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1470 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1471 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1472 * Test 15-29: Same as above with reinitialization
1473 */
1474 static int test_EVP_DigestSignInit(int tst)
1475 {
1476 int ret = 0;
1477 EVP_PKEY *pkey = NULL;
1478 unsigned char *sig = NULL, *sig2 = NULL;
1479 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
1480 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1481 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1482 BIO *mdbio = NULL, *membio = NULL;
1483 size_t written;
1484 const EVP_MD *md;
1485 EVP_MD *mdexp = NULL;
1486 int reinit = 0;
1487
1488 if (nullprov != NULL)
1489 return TEST_skip("Test does not support a non-default library context");
1490
1491 if (tst >= 15) {
1492 reinit = 1;
1493 tst -= 15;
1494 }
1495
1496 if (tst >= 6 && tst <= 8) {
1497 membio = BIO_new(BIO_s_mem());
1498 mdbio = BIO_new(BIO_f_md());
1499 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1500 goto out;
1501 BIO_push(mdbio, membio);
1502 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1503 goto out;
1504 } else {
1505 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1506 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1507 goto out;
1508 }
1509
1510 if (tst % 3 == 0) {
1511 if (!TEST_ptr(pkey = load_example_rsa_key()))
1512 goto out;
1513 } else if (tst % 3 == 1) {
1514 #ifndef OPENSSL_NO_DSA
1515 if (!TEST_ptr(pkey = load_example_dsa_key()))
1516 goto out;
1517 #else
1518 ret = 1;
1519 goto out;
1520 #endif
1521 } else {
1522 if (!TEST_ptr(pkey = load_example_hmac_key()))
1523 goto out;
1524 }
1525
1526 if (tst >= 3 && tst <= 5)
1527 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1528 else
1529 md = EVP_sha256();
1530
1531 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1532 goto out;
1533
1534 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
1535 goto out;
1536
1537 if (tst >= 6 && tst <= 8) {
1538 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1539 goto out;
1540 } else if (tst < 6) {
1541 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1542 goto out;
1543 }
1544
1545 if (tst >= 9) {
1546 /* Determine the size of the signature. */
1547 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1548 sizeof(kMsg)))
1549 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1550 goto out;
1551 if (tst <= 11) {
1552 /* Test that supply a short sig buffer fails */
1553 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1554 sizeof(kMsg))))
1555 goto out;
1556 /*
1557 * We end here because once EVP_DigestSign() has failed you should
1558 * not call it again without re-initing the ctx
1559 */
1560 ret = 1;
1561 goto out;
1562 }
1563 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1564 sizeof(kMsg))))
1565 goto out;
1566 } else {
1567 /* Determine the size of the signature. */
1568 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1569 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1570 /*
1571 * Trying to create a signature with a deliberately short
1572 * buffer should fail.
1573 */
1574 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1575 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1576 goto out;
1577 }
1578
1579 /*
1580 * Ensure that the signature round-trips (Verification isn't supported for
1581 * HMAC via EVP_DigestVerify*)
1582 */
1583 if (tst % 3 != 2) {
1584 if (tst >= 6 && tst <= 8) {
1585 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1586 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1587 goto out;
1588 }
1589
1590 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1591 NULL, pkey)))
1592 goto out;
1593
1594 if (tst >= 6 && tst <= 8) {
1595 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1596 goto out;
1597 } else {
1598 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1599 sizeof(kMsg))))
1600 goto out;
1601 }
1602 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1603 goto out;
1604
1605 /* Multiple calls to EVP_DigestVerifyFinal should work */
1606 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1607 goto out;
1608 } else {
1609 /*
1610 * For HMAC a doubled call to DigestSignFinal should produce the same
1611 * value as finalization should not happen.
1612 */
1613 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1614 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1615 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1616 goto out;
1617
1618 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1619 goto out;
1620 }
1621
1622 ret = 1;
1623
1624 out:
1625 BIO_free(membio);
1626 BIO_free(mdbio);
1627 EVP_MD_CTX_free(a_md_ctx);
1628 EVP_MD_CTX_free(a_md_ctx_verify);
1629 EVP_PKEY_free(pkey);
1630 OPENSSL_free(sig);
1631 OPENSSL_free(sig2);
1632 EVP_MD_free(mdexp);
1633
1634 return ret;
1635 }
1636
1637 static int test_EVP_DigestVerifyInit(void)
1638 {
1639 int ret = 0;
1640 EVP_PKEY *pkey = NULL;
1641 EVP_MD_CTX *md_ctx = NULL;
1642
1643 if (nullprov != NULL)
1644 return TEST_skip("Test does not support a non-default library context");
1645
1646 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1647 || !TEST_ptr(pkey = load_example_rsa_key()))
1648 goto out;
1649
1650 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1651 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1652 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1653 sizeof(kSignature)), 0))
1654 goto out;
1655
1656 /* test with reinitialization */
1657 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
1658 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1659 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1660 sizeof(kSignature)), 0))
1661 goto out;
1662 ret = 1;
1663
1664 out:
1665 EVP_MD_CTX_free(md_ctx);
1666 EVP_PKEY_free(pkey);
1667 return ret;
1668 }
1669
1670 #ifndef OPENSSL_NO_SIPHASH
1671 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
1672 static int test_siphash_digestsign(void)
1673 {
1674 unsigned char key[16];
1675 unsigned char buf[8], digest[8];
1676 unsigned char expected[8] = {
1677 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1678 };
1679 EVP_PKEY *pkey = NULL;
1680 EVP_MD_CTX *mdctx = NULL;
1681 EVP_PKEY_CTX *ctx = NULL;
1682 int ret = 0;
1683 size_t len = 8;
1684
1685 if (nullprov != NULL)
1686 return TEST_skip("Test does not support a non-default library context");
1687
1688 memset(buf, 0, 8);
1689 memset(key, 1, 16);
1690 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
1691 key, 16)))
1692 goto out;
1693
1694 if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
1695 goto out;
1696
1697 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
1698 goto out;
1699 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
1700 EVP_PKEY_CTRL_SET_DIGEST_SIZE,
1701 8, NULL), 1))
1702 goto out;
1703 /* reinitialize */
1704 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
1705 goto out;
1706 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
1707 goto out;
1708 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
1709 goto out;
1710 if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
1711 goto out;
1712
1713 ret = 1;
1714 out:
1715 EVP_PKEY_free(pkey);
1716 EVP_MD_CTX_free(mdctx);
1717 return ret;
1718 }
1719 #endif
1720
1721 /*
1722 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1723 */
1724 static int test_EVP_Digest(void)
1725 {
1726 int ret = 0;
1727 EVP_MD_CTX *md_ctx = NULL;
1728 unsigned char md[EVP_MAX_MD_SIZE];
1729 EVP_MD *sha256 = NULL;
1730 EVP_MD *shake256 = NULL;
1731
1732 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1733 goto out;
1734
1735 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1736 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1737 goto out;
1738
1739 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1740 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1741 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1742 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1743 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1744 goto out;
1745
1746 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1747 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1748 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1749 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1750 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1751 /*
1752 * EVP_DigestInit_ex with NULL type should work on
1753 * pre-initialized context.
1754 */
1755 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1756 goto out;
1757
1758 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1759 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1760 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1761 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1762 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1763 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1764 goto out;
1765 ret = 1;
1766
1767 out:
1768 EVP_MD_CTX_free(md_ctx);
1769 EVP_MD_free(sha256);
1770 EVP_MD_free(shake256);
1771 return ret;
1772 }
1773
1774 static int test_EVP_md_null(void)
1775 {
1776 int ret = 0;
1777 EVP_MD_CTX *md_ctx = NULL;
1778 const EVP_MD *md_null = EVP_md_null();
1779 unsigned char md_value[EVP_MAX_MD_SIZE];
1780 unsigned int md_len = sizeof(md_value);
1781
1782 if (nullprov != NULL)
1783 return TEST_skip("Test does not support a non-default library context");
1784
1785 if (!TEST_ptr(md_null)
1786 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1787 goto out;
1788
1789 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
1790 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
1791 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
1792 goto out;
1793
1794 if (!TEST_uint_eq(md_len, 0))
1795 goto out;
1796
1797 ret = 1;
1798 out:
1799 EVP_MD_CTX_free(md_ctx);
1800 return ret;
1801 }
1802
1803 static int test_d2i_AutoPrivateKey(int i)
1804 {
1805 int ret = 0;
1806 const unsigned char *p;
1807 EVP_PKEY *pkey = NULL;
1808 const APK_DATA *ak = &keydata[i];
1809 const unsigned char *input = ak->kder;
1810 size_t input_len = ak->size;
1811 int expected_id = ak->evptype;
1812
1813 p = input;
1814 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1815 || !TEST_ptr_eq(p, input + input_len)
1816 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
1817 goto done;
1818
1819 ret = 1;
1820
1821 done:
1822 EVP_PKEY_free(pkey);
1823 return ret;
1824 }
1825
1826 #ifndef OPENSSL_NO_EC
1827
1828 static const unsigned char ec_public_sect163k1_validxy[] = {
1829 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1830 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1831 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1832 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1833 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1834 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1835 };
1836
1837 static const unsigned char ec_public_sect163k1_badx[] = {
1838 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1839 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1840 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1841 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1842 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1843 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1844 };
1845
1846 static const unsigned char ec_public_sect163k1_bady[] = {
1847 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1848 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1849 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1850 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1851 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1852 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1853 };
1854
1855 static struct ec_der_pub_keys_st {
1856 const unsigned char *der;
1857 size_t len;
1858 int valid;
1859 } ec_der_pub_keys[] = {
1860 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1861 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1862 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1863 };
1864
1865 /*
1866 * Tests the range of the decoded EC char2 public point.
1867 * See ec_GF2m_simple_oct2point().
1868 */
1869 static int test_invalide_ec_char2_pub_range_decode(int id)
1870 {
1871 int ret = 0;
1872 EVP_PKEY *pkey;
1873
1874 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1875 ec_der_pub_keys[id].len);
1876
1877 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1878 || TEST_ptr_null(pkey);
1879 EVP_PKEY_free(pkey);
1880 return ret;
1881 }
1882
1883 /* Tests loading a bad key in PKCS8 format */
1884 static int test_EVP_PKCS82PKEY(void)
1885 {
1886 int ret = 0;
1887 const unsigned char *derp = kExampleBadECKeyDER;
1888 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1889 EVP_PKEY *pkey = NULL;
1890
1891 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1892 sizeof(kExampleBadECKeyDER))))
1893 goto done;
1894
1895 if (!TEST_ptr_eq(derp,
1896 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1897 goto done;
1898
1899 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1900 goto done;
1901
1902 ret = 1;
1903
1904 done:
1905 PKCS8_PRIV_KEY_INFO_free(p8inf);
1906 EVP_PKEY_free(pkey);
1907
1908 return ret;
1909 }
1910
1911 #endif
1912 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1913 {
1914 EVP_PKEY *pkey = NULL;
1915 EVP_PKEY *pkey2 = NULL;
1916 BIO *membio = NULL;
1917 char *membuf = NULL;
1918 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1919 int ok = 0;
1920
1921 if (testctx != NULL)
1922 /* test not supported with non-default context */
1923 return 1;
1924
1925 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1926 || !TEST_ptr(pkey = load_example_rsa_key())
1927 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1928 NULL, 0, NULL, NULL),
1929 0)
1930 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1931 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1932 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
1933 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1934 goto done;
1935 }
1936
1937 ok = 1;
1938 done:
1939 EVP_PKEY_free(pkey);
1940 EVP_PKEY_free(pkey2);
1941 PKCS8_PRIV_KEY_INFO_free(p8inf);
1942 BIO_free_all(membio);
1943 return ok;
1944 }
1945
1946 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1947 static int test_privatekey_to_pkcs8(void)
1948 {
1949 EVP_PKEY *pkey = NULL;
1950 BIO *membio = NULL;
1951 char *membuf = NULL;
1952 long membuf_len = 0;
1953 int ok = 0;
1954
1955 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1956 || !TEST_ptr(pkey = load_example_rsa_key())
1957 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1958 NULL, 0, NULL, NULL),
1959 0)
1960 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1961 || !TEST_ptr(membuf)
1962 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1963 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1964 /*
1965 * We try to write PEM as well, just to see that it doesn't err, but
1966 * assume that the result is correct.
1967 */
1968 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1969 NULL, 0, NULL, NULL),
1970 0))
1971 goto done;
1972
1973 ok = 1;
1974 done:
1975 EVP_PKEY_free(pkey);
1976 BIO_free_all(membio);
1977 return ok;
1978 }
1979
1980 #ifndef OPENSSL_NO_EC
1981 static const struct {
1982 int encoding;
1983 const char *encoding_name;
1984 } ec_encodings[] = {
1985 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1986 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1987 };
1988
1989 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1990 {
1991 const OSSL_PARAM *p;
1992 const char *enc_name = NULL;
1993 int *enc = arg;
1994 size_t i;
1995
1996 *enc = -1;
1997
1998 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1999 OSSL_PKEY_PARAM_EC_ENCODING))
2000 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
2001 return 0;
2002
2003 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
2004 if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
2005 *enc = ec_encodings[i].encoding;
2006 break;
2007 }
2008 }
2009
2010 return (*enc != -1);
2011 }
2012
2013 static int test_EC_keygen_with_enc(int idx)
2014 {
2015 EVP_PKEY *params = NULL, *key = NULL;
2016 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
2017 int enc;
2018 int ret = 0;
2019
2020 enc = ec_encodings[idx].encoding;
2021
2022 /* Create key parameters */
2023 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
2024 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
2025 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0)
2026 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0)
2027 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
2028 || !TEST_ptr(params))
2029 goto done;
2030
2031 /* Create key */
2032 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
2033 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2034 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
2035 || !TEST_ptr(key))
2036 goto done;
2037
2038 /* Check that the encoding got all the way into the key */
2039 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
2040 ec_export_get_encoding_cb, &enc))
2041 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
2042 goto done;
2043
2044 ret = 1;
2045 done:
2046 EVP_PKEY_free(key);
2047 EVP_PKEY_free(params);
2048 EVP_PKEY_CTX_free(kctx);
2049 EVP_PKEY_CTX_free(pctx);
2050 return ret;
2051 }
2052 #endif
2053
2054 #if !defined(OPENSSL_NO_SM2)
2055
2056 static int test_EVP_SM2_verify(void)
2057 {
2058 const char *pubkey =
2059 "-----BEGIN PUBLIC KEY-----\n"
2060 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
2061 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
2062 "-----END PUBLIC KEY-----\n";
2063
2064 const char *msg = "message digest";
2065 const char *id = "ALICE123@YAHOO.COM";
2066
2067 const uint8_t signature[] = {
2068 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
2069 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
2070 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
2071 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
2072 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
2073 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
2074 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
2075 };
2076
2077 int rc = 0;
2078 BIO *bio = NULL;
2079 EVP_PKEY *pkey = NULL;
2080 EVP_MD_CTX *mctx = NULL;
2081 EVP_PKEY_CTX *pctx = NULL;
2082 EVP_MD *sm3 = NULL;
2083
2084 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
2085 if (!TEST_true(bio != NULL))
2086 goto done;
2087
2088 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
2089 if (!TEST_true(pkey != NULL))
2090 goto done;
2091
2092 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
2093 goto done;
2094
2095 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
2096 goto done;
2097
2098 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2099 goto done;
2100
2101 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
2102
2103 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
2104 goto done;
2105
2106 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
2107 goto done;
2108
2109 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
2110 goto done;
2111
2112 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
2113 goto done;
2114
2115 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
2116 goto done;
2117 rc = 1;
2118
2119 done:
2120 BIO_free(bio);
2121 EVP_PKEY_free(pkey);
2122 EVP_PKEY_CTX_free(pctx);
2123 EVP_MD_CTX_free(mctx);
2124 EVP_MD_free(sm3);
2125 return rc;
2126 }
2127
2128 static int test_EVP_SM2(void)
2129 {
2130 int ret = 0;
2131 EVP_PKEY *pkey = NULL;
2132 EVP_PKEY *pkeyparams = NULL;
2133 EVP_PKEY_CTX *pctx = NULL;
2134 EVP_PKEY_CTX *kctx = NULL;
2135 EVP_PKEY_CTX *sctx = NULL;
2136 size_t sig_len = 0;
2137 unsigned char *sig = NULL;
2138 EVP_MD_CTX *md_ctx = NULL;
2139 EVP_MD_CTX *md_ctx_verify = NULL;
2140 EVP_PKEY_CTX *cctx = NULL;
2141 EVP_MD *check_md = NULL;
2142
2143 uint8_t ciphertext[128];
2144 size_t ctext_len = sizeof(ciphertext);
2145
2146 uint8_t plaintext[8];
2147 size_t ptext_len = sizeof(plaintext);
2148
2149 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
2150
2151 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
2152 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
2153 int i;
2154 char mdname[OSSL_MAX_NAME_SIZE];
2155
2156 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
2157 "SM2", testpropq)))
2158 goto done;
2159
2160 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
2161 goto done;
2162
2163 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0))
2164 goto done;
2165
2166 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
2167 goto done;
2168
2169 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2170 pkeyparams, testpropq)))
2171 goto done;
2172
2173 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0))
2174 goto done;
2175
2176 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
2177 goto done;
2178
2179 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
2180 goto done;
2181
2182 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
2183 goto done;
2184
2185 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2186 goto done;
2187
2188 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
2189 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
2190
2191 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
2192 goto done;
2193
2194 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
2195 goto done;
2196
2197 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
2198 goto done;
2199
2200 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
2201 goto done;
2202
2203 /* Determine the size of the signature. */
2204 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
2205 goto done;
2206
2207 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
2208 goto done;
2209
2210 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
2211 goto done;
2212
2213 /* Ensure that the signature round-trips. */
2214
2215 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
2216 pkey)))
2217 goto done;
2218
2219 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
2220 goto done;
2221
2222 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2223 goto done;
2224
2225 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2226 goto done;
2227
2228 /*
2229 * Try verify again with non-matching 0 length id but ensure that it can
2230 * be set on the context and overrides the previous value.
2231 */
2232
2233 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
2234 pkey)))
2235 goto done;
2236
2237 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0))
2238 goto done;
2239
2240 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2241 goto done;
2242
2243 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2244 goto done;
2245
2246 /* now check encryption/decryption */
2247
2248 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2249 mdname, sizeof(mdname));
2250 for (i = 0; i < 2; i++) {
2251 const char *mdnames[] = {
2252 #ifndef OPENSSL_NO_SM3
2253 "SM3",
2254 #else
2255 NULL,
2256 #endif
2257 "SHA2-256" };
2258 EVP_PKEY_CTX_free(cctx);
2259
2260 if (mdnames[i] == NULL)
2261 continue;
2262
2263 sparams[0] =
2264 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2265 (char *)mdnames[i], 0);
2266
2267 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2268 pkey, testpropq)))
2269 goto done;
2270
2271 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
2272 goto done;
2273
2274 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2275 goto done;
2276
2277 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
2278 sizeof(kMsg))))
2279 goto done;
2280
2281 if (!TEST_int_gt(EVP_PKEY_decrypt_init(cctx), 0))
2282 goto done;
2283
2284 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2285 goto done;
2286
2287 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
2288 ctext_len), 0))
2289 goto done;
2290
2291 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
2292 goto done;
2293
2294 /*
2295 * Test we're still using the digest we think we are.
2296 * Because of aliases, the easiest is to fetch the digest and
2297 * check the name with EVP_MD_is_a().
2298 */
2299 EVP_MD_free(check_md);
2300 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
2301 goto done;
2302 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
2303 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
2304 goto done;
2305 }
2306
2307 if (!TEST_true(ptext_len == sizeof(kMsg)))
2308 goto done;
2309
2310 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
2311 goto done;
2312 }
2313
2314 ret = 1;
2315 done:
2316 EVP_PKEY_CTX_free(pctx);
2317 EVP_PKEY_CTX_free(kctx);
2318 EVP_PKEY_CTX_free(sctx);
2319 EVP_PKEY_CTX_free(cctx);
2320 EVP_PKEY_free(pkey);
2321 EVP_PKEY_free(pkeyparams);
2322 EVP_MD_CTX_free(md_ctx);
2323 EVP_MD_CTX_free(md_ctx_verify);
2324 EVP_MD_free(check_md);
2325 OPENSSL_free(sig);
2326 return ret;
2327 }
2328
2329 #endif
2330
2331 static struct keys_st {
2332 int type;
2333 char *priv;
2334 char *pub;
2335 } keys[] = {
2336 {
2337 EVP_PKEY_HMAC, "0123456789", NULL
2338 },
2339 {
2340 EVP_PKEY_HMAC, "", NULL
2341 #ifndef OPENSSL_NO_POLY1305
2342 }, {
2343 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
2344 #endif
2345 #ifndef OPENSSL_NO_SIPHASH
2346 }, {
2347 EVP_PKEY_SIPHASH, "0123456789012345", NULL
2348 #endif
2349 },
2350 #ifndef OPENSSL_NO_ECX
2351 {
2352 EVP_PKEY_X25519, "01234567890123456789012345678901",
2353 "abcdefghijklmnopqrstuvwxyzabcdef"
2354 }, {
2355 EVP_PKEY_ED25519, "01234567890123456789012345678901",
2356 "abcdefghijklmnopqrstuvwxyzabcdef"
2357 }, {
2358 EVP_PKEY_X448,
2359 "01234567890123456789012345678901234567890123456789012345",
2360 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2361 }, {
2362 EVP_PKEY_ED448,
2363 "012345678901234567890123456789012345678901234567890123456",
2364 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2365 }
2366 #endif
2367 };
2368
2369 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
2370 {
2371 int ret = 0;
2372 unsigned char buf[80];
2373 unsigned char *in;
2374 size_t inlen, len = 0, shortlen = 1;
2375 EVP_PKEY *pkey;
2376
2377 /* Check if this algorithm supports public keys */
2378 if (pub && keys[tst].pub == NULL)
2379 return 1;
2380
2381 memset(buf, 0, sizeof(buf));
2382
2383 if (pub) {
2384 #ifndef OPENSSL_NO_EC
2385 inlen = strlen(keys[tst].pub);
2386 in = (unsigned char *)keys[tst].pub;
2387 if (uselibctx) {
2388 pkey = EVP_PKEY_new_raw_public_key_ex(
2389 testctx,
2390 OBJ_nid2sn(keys[tst].type),
2391 NULL,
2392 in,
2393 inlen);
2394 } else {
2395 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
2396 NULL,
2397 in,
2398 inlen);
2399 }
2400 #else
2401 return 1;
2402 #endif
2403 } else {
2404 inlen = strlen(keys[tst].priv);
2405 in = (unsigned char *)keys[tst].priv;
2406 if (uselibctx) {
2407 pkey = EVP_PKEY_new_raw_private_key_ex(
2408 testctx, OBJ_nid2sn(keys[tst].type),
2409 NULL,
2410 in,
2411 inlen);
2412 } else {
2413 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
2414 NULL,
2415 in,
2416 inlen);
2417 }
2418 }
2419
2420 if (!TEST_ptr(pkey)
2421 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
2422 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
2423 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
2424 || !TEST_true(len == inlen))
2425 goto done;
2426 if (tst != 1) {
2427 /*
2428 * Test that supplying a buffer that is too small fails. Doesn't apply
2429 * to HMAC with a zero length key
2430 */
2431 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
2432 &shortlen)))
2433 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
2434 &shortlen))))
2435 goto done;
2436 }
2437 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
2438 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
2439 || !TEST_mem_eq(in, inlen, buf, len))
2440 goto done;
2441
2442 ret = 1;
2443 done:
2444 EVP_PKEY_free(pkey);
2445 return ret;
2446 }
2447
2448 static int test_set_get_raw_keys(int tst)
2449 {
2450 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
2451 && test_set_get_raw_keys_int(tst, 0, 1)
2452 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
2453 && test_set_get_raw_keys_int(tst, 1, 1);
2454 }
2455
2456 #ifndef OPENSSL_NO_DEPRECATED_3_0
2457 static int pkey_custom_check(EVP_PKEY *pkey)
2458 {
2459 return 0xbeef;
2460 }
2461
2462 static int pkey_custom_pub_check(EVP_PKEY *pkey)
2463 {
2464 return 0xbeef;
2465 }
2466
2467 static int pkey_custom_param_check(EVP_PKEY *pkey)
2468 {
2469 return 0xbeef;
2470 }
2471
2472 static EVP_PKEY_METHOD *custom_pmeth;
2473 #endif
2474
2475 static int test_EVP_PKEY_check(int i)
2476 {
2477 int ret = 0;
2478 EVP_PKEY *pkey = NULL;
2479 EVP_PKEY_CTX *ctx = NULL;
2480 #ifndef OPENSSL_NO_DEPRECATED_3_0
2481 EVP_PKEY_CTX *ctx2 = NULL;
2482 #endif
2483 const APK_DATA *ak = &keycheckdata[i];
2484 const unsigned char *input = ak->kder;
2485 size_t input_len = ak->size;
2486 int expected_id = ak->evptype;
2487 int expected_check = ak->check;
2488 int expected_pub_check = ak->pub_check;
2489 int expected_param_check = ak->param_check;
2490 int type = ak->type;
2491
2492 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
2493 goto done;
2494 if (type == 0
2495 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2496 goto done;
2497
2498 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2499 goto done;
2500
2501 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
2502 goto done;
2503
2504 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
2505 goto done;
2506
2507 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
2508 goto done;
2509
2510 #ifndef OPENSSL_NO_DEPRECATED_3_0
2511 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
2512 /* assign the pkey directly, as an internal test */
2513 EVP_PKEY_up_ref(pkey);
2514 ctx2->pkey = pkey;
2515
2516 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
2517 goto done;
2518
2519 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
2520 goto done;
2521
2522 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
2523 goto done;
2524 #endif
2525
2526 ret = 1;
2527
2528 done:
2529 EVP_PKEY_CTX_free(ctx);
2530 #ifndef OPENSSL_NO_DEPRECATED_3_0
2531 EVP_PKEY_CTX_free(ctx2);
2532 #endif
2533 EVP_PKEY_free(pkey);
2534 return ret;
2535 }
2536
2537 #ifndef OPENSSL_NO_CMAC
2538 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
2539 {
2540 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
2541 const char msg[] = "Hello World";
2542 size_t maclen = AES_BLOCK_SIZE;
2543 int ret = 1;
2544
2545 if (!TEST_ptr(mdctx)
2546 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
2547 testpropq, pkey, NULL))
2548 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
2549 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
2550 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
2551 ret = 0;
2552
2553 EVP_MD_CTX_free(mdctx);
2554
2555 return ret;
2556 }
2557 static int test_CMAC_keygen(void)
2558 {
2559 static unsigned char key[] = {
2560 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2561 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2562 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2563 };
2564 EVP_PKEY_CTX *kctx = NULL;
2565 int ret = 0;
2566 EVP_PKEY *pkey = NULL;
2567 unsigned char mac[AES_BLOCK_SIZE];
2568 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2569 unsigned char mac2[AES_BLOCK_SIZE];
2570 # endif
2571
2572 if (nullprov != NULL)
2573 return TEST_skip("Test does not support a non-default library context");
2574
2575 /*
2576 * This is a legacy method for CMACs, but should still work.
2577 * This verifies that it works without an ENGINE.
2578 */
2579 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2580
2581 /* Test a CMAC key created using the "generated" method */
2582 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2583 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2584 EVP_PKEY_CTRL_CIPHER,
2585 0, (void *)EVP_aes_256_cbc()), 0)
2586 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2587 EVP_PKEY_CTRL_SET_MAC_KEY,
2588 sizeof(key), (void *)key), 0)
2589 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2590 || !TEST_ptr(pkey)
2591 || !TEST_true(get_cmac_val(pkey, mac)))
2592 goto done;
2593
2594 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2595 EVP_PKEY_free(pkey);
2596
2597 /*
2598 * Test a CMAC key using the direct method, and compare with the mac
2599 * created above.
2600 */
2601 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_cbc());
2602 if (!TEST_ptr(pkey)
2603 || !TEST_true(get_cmac_val(pkey, mac2))
2604 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
2605 goto done;
2606 # endif
2607
2608 ret = 1;
2609
2610 done:
2611 EVP_PKEY_free(pkey);
2612 EVP_PKEY_CTX_free(kctx);
2613 return ret;
2614 }
2615 #endif
2616
2617 static int test_HKDF(void)
2618 {
2619 EVP_PKEY_CTX *pctx;
2620 unsigned char out[20];
2621 size_t outlen;
2622 int i, ret = 0;
2623 unsigned char salt[] = "0123456789";
2624 unsigned char key[] = "012345678901234567890123456789";
2625 unsigned char info[] = "infostring";
2626 const unsigned char expected[] = {
2627 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2628 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2629 };
2630 size_t expectedlen = sizeof(expected);
2631
2632 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2633 goto done;
2634
2635 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2636 for (i = 0; i < 2; i++) {
2637 outlen = sizeof(out);
2638 memset(out, 0, outlen);
2639
2640 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2641 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2642 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2643 sizeof(salt) - 1), 0)
2644 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2645 sizeof(key) - 1), 0)
2646 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2647 sizeof(info) - 1), 0)
2648 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2649 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2650 goto done;
2651 }
2652
2653 ret = 1;
2654
2655 done:
2656 EVP_PKEY_CTX_free(pctx);
2657
2658 return ret;
2659 }
2660
2661 static int test_emptyikm_HKDF(void)
2662 {
2663 EVP_PKEY_CTX *pctx;
2664 unsigned char out[20];
2665 size_t outlen;
2666 int ret = 0;
2667 unsigned char salt[] = "9876543210";
2668 unsigned char key[] = "";
2669 unsigned char info[] = "stringinfo";
2670 const unsigned char expected[] = {
2671 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2672 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2673 };
2674 size_t expectedlen = sizeof(expected);
2675
2676 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2677 goto done;
2678
2679 outlen = sizeof(out);
2680 memset(out, 0, outlen);
2681
2682 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2683 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2684 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2685 sizeof(salt) - 1), 0)
2686 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2687 sizeof(key) - 1), 0)
2688 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2689 sizeof(info) - 1), 0)
2690 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2691 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2692 goto done;
2693
2694 ret = 1;
2695
2696 done:
2697 EVP_PKEY_CTX_free(pctx);
2698
2699 return ret;
2700 }
2701
2702 #ifndef OPENSSL_NO_EC
2703 static int test_X509_PUBKEY_inplace(void)
2704 {
2705 int ret = 0;
2706 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
2707 const unsigned char *p = kExampleECPubKeyDER;
2708 size_t input_len = sizeof(kExampleECPubKeyDER);
2709
2710 if (!TEST_ptr(xp))
2711 goto done;
2712 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
2713 goto done;
2714
2715 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2716 goto done;
2717
2718 p = kExampleBadECPubKeyDER;
2719 input_len = sizeof(kExampleBadECPubKeyDER);
2720
2721 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2722 goto done;
2723
2724 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2725 goto done;
2726
2727 ret = 1;
2728
2729 done:
2730 X509_PUBKEY_free(xp);
2731 return ret;
2732 }
2733
2734 static int test_X509_PUBKEY_dup(void)
2735 {
2736 int ret = 0;
2737 X509_PUBKEY *xp = NULL, *xq = NULL;
2738 const unsigned char *p = kExampleECPubKeyDER;
2739 size_t input_len = sizeof(kExampleECPubKeyDER);
2740
2741 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2742 if (!TEST_ptr(xp)
2743 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
2744 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2745 || !TEST_ptr_ne(xp, xq))
2746 goto done;
2747
2748 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2749 || !TEST_ptr(X509_PUBKEY_get0(xp))
2750 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
2751 goto done;
2752
2753 X509_PUBKEY_free(xq);
2754 xq = NULL;
2755 p = kExampleBadECPubKeyDER;
2756 input_len = sizeof(kExampleBadECPubKeyDER);
2757
2758 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2759 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2760 goto done;
2761
2762 X509_PUBKEY_free(xp);
2763 xp = NULL;
2764 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2765 goto done;
2766
2767 ret = 1;
2768
2769 done:
2770 X509_PUBKEY_free(xp);
2771 X509_PUBKEY_free(xq);
2772 return ret;
2773 }
2774 #endif /* OPENSSL_NO_EC */
2775
2776 /* Test getting and setting parameters on an EVP_PKEY_CTX */
2777 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
2778 {
2779 EVP_MD_CTX *mdctx = NULL;
2780 EVP_PKEY_CTX *ctx = NULL;
2781 const OSSL_PARAM *params;
2782 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
2783 int ret = 0;
2784 const EVP_MD *md;
2785 char mdname[OSSL_MAX_NAME_SIZE];
2786 char ssl3ms[48];
2787
2788 /* Initialise a sign operation */
2789 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
2790 if (!TEST_ptr(ctx)
2791 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
2792 goto err;
2793
2794 /*
2795 * We should be able to query the parameters now.
2796 */
2797 params = EVP_PKEY_CTX_settable_params(ctx);
2798 if (!TEST_ptr(params)
2799 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2800 OSSL_SIGNATURE_PARAM_DIGEST)))
2801 goto err;
2802
2803 params = EVP_PKEY_CTX_gettable_params(ctx);
2804 if (!TEST_ptr(params)
2805 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2806 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
2807 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2808 OSSL_SIGNATURE_PARAM_DIGEST)))
2809 goto err;
2810
2811 /*
2812 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2813 * EVP_PKEY_CTX_get_params()
2814 */
2815 strcpy(mdname, "SHA512");
2816 param_md = param;
2817 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2818 mdname, 0);
2819 *param++ = OSSL_PARAM_construct_end();
2820
2821 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2822 goto err;
2823
2824 mdname[0] = '\0';
2825 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2826 mdname, sizeof(mdname));
2827 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
2828 || !TEST_str_eq(mdname, "SHA512"))
2829 goto err;
2830
2831 /*
2832 * Test the TEST_PKEY_CTX_set_signature_md() and
2833 * TEST_PKEY_CTX_get_signature_md() functions
2834 */
2835 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2836 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2837 || !TEST_ptr_eq(md, EVP_sha256()))
2838 goto err;
2839
2840 /*
2841 * Test getting MD parameters via an associated EVP_PKEY_CTX
2842 */
2843 mdctx = EVP_MD_CTX_new();
2844 if (!TEST_ptr(mdctx)
2845 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2846 pkey, NULL)))
2847 goto err;
2848
2849 /*
2850 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2851 * able to obtain the digest's settable parameters from the provider.
2852 */
2853 params = EVP_MD_CTX_settable_params(mdctx);
2854 if (!TEST_ptr(params)
2855 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2856 /* The final key should be NULL */
2857 || !TEST_ptr_null(params[1].key))
2858 goto err;
2859
2860 param = ourparams;
2861 memset(ssl3ms, 0, sizeof(ssl3ms));
2862 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2863 ssl3ms, sizeof(ssl3ms));
2864 *param++ = OSSL_PARAM_construct_end();
2865
2866 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2867 goto err;
2868
2869 ret = 1;
2870
2871 err:
2872 EVP_MD_CTX_free(mdctx);
2873 EVP_PKEY_CTX_free(ctx);
2874
2875 return ret;
2876 }
2877
2878 #ifndef OPENSSL_NO_DSA
2879 static int test_DSA_get_set_params(void)
2880 {
2881 OSSL_PARAM_BLD *bld = NULL;
2882 OSSL_PARAM *params = NULL;
2883 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2884 EVP_PKEY_CTX *pctx = NULL;
2885 EVP_PKEY *pkey = NULL;
2886 int ret = 0;
2887
2888 /*
2889 * Setup the parameters for our DSA object. For our purposes they don't
2890 * have to actually be *valid* parameters. We just need to set something.
2891 */
2892 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2893 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2894 || !TEST_ptr(p = BN_new())
2895 || !TEST_ptr(q = BN_new())
2896 || !TEST_ptr(g = BN_new())
2897 || !TEST_ptr(pub = BN_new())
2898 || !TEST_ptr(priv = BN_new()))
2899 goto err;
2900 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2901 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2902 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2903 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2904 pub))
2905 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2906 priv)))
2907 goto err;
2908 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2909 goto err;
2910
2911 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2912 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2913 params), 0))
2914 goto err;
2915
2916 if (!TEST_ptr(pkey))
2917 goto err;
2918
2919 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2920
2921 err:
2922 EVP_PKEY_free(pkey);
2923 EVP_PKEY_CTX_free(pctx);
2924 OSSL_PARAM_free(params);
2925 OSSL_PARAM_BLD_free(bld);
2926 BN_free(p);
2927 BN_free(q);
2928 BN_free(g);
2929 BN_free(pub);
2930 BN_free(priv);
2931
2932 return ret;
2933 }
2934
2935 /*
2936 * Test combinations of private, public, missing and private + public key
2937 * params to ensure they are all accepted
2938 */
2939 static int test_DSA_priv_pub(void)
2940 {
2941 return test_EVP_PKEY_ffc_priv_pub("DSA");
2942 }
2943
2944 #endif /* !OPENSSL_NO_DSA */
2945
2946 static int test_RSA_get_set_params(void)
2947 {
2948 OSSL_PARAM_BLD *bld = NULL;
2949 OSSL_PARAM *params = NULL;
2950 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2951 EVP_PKEY_CTX *pctx = NULL;
2952 EVP_PKEY *pkey = NULL;
2953 int ret = 0;
2954
2955 /*
2956 * Setup the parameters for our RSA object. For our purposes they don't
2957 * have to actually be *valid* parameters. We just need to set something.
2958 */
2959 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2960 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2961 || !TEST_ptr(n = BN_new())
2962 || !TEST_ptr(e = BN_new())
2963 || !TEST_ptr(d = BN_new()))
2964 goto err;
2965 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2966 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2967 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2968 goto err;
2969 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2970 goto err;
2971
2972 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2973 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2974 params), 0))
2975 goto err;
2976
2977 if (!TEST_ptr(pkey))
2978 goto err;
2979
2980 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2981
2982 err:
2983 EVP_PKEY_free(pkey);
2984 EVP_PKEY_CTX_free(pctx);
2985 OSSL_PARAM_free(params);
2986 OSSL_PARAM_BLD_free(bld);
2987 BN_free(n);
2988 BN_free(e);
2989 BN_free(d);
2990
2991 return ret;
2992 }
2993
2994 static int test_RSA_OAEP_set_get_params(void)
2995 {
2996 int ret = 0;
2997 EVP_PKEY *key = NULL;
2998 EVP_PKEY_CTX *key_ctx = NULL;
2999
3000 if (nullprov != NULL)
3001 return TEST_skip("Test does not support a non-default library context");
3002
3003 if (!TEST_ptr(key = load_example_rsa_key())
3004 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(0, key, 0)))
3005 goto err;
3006
3007 {
3008 int padding = RSA_PKCS1_OAEP_PADDING;
3009 OSSL_PARAM params[4];
3010
3011 params[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE, &padding);
3012 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
3013 OSSL_DIGEST_NAME_SHA2_256, 0);
3014 params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
3015 OSSL_DIGEST_NAME_SHA1, 0);
3016 params[3] = OSSL_PARAM_construct_end();
3017
3018 if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params),0))
3019 goto err;
3020 }
3021 {
3022 OSSL_PARAM params[3];
3023 char oaepmd[30] = { '\0' };
3024 char mgf1md[30] = { '\0' };
3025
3026 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
3027 oaepmd, sizeof(oaepmd));
3028 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
3029 mgf1md, sizeof(mgf1md));
3030 params[2] = OSSL_PARAM_construct_end();
3031
3032 if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx, params)))
3033 goto err;
3034
3035 if (!TEST_str_eq(oaepmd, OSSL_DIGEST_NAME_SHA2_256)
3036 || !TEST_str_eq(mgf1md, OSSL_DIGEST_NAME_SHA1))
3037 goto err;
3038 }
3039
3040 ret = 1;
3041
3042 err:
3043 EVP_PKEY_free(key);
3044 EVP_PKEY_CTX_free(key_ctx);
3045
3046 return ret;
3047 }
3048
3049 /* https://github.com/openssl/openssl/issues/21288 */
3050 static int test_RSA_OAEP_set_null_label(void)
3051 {
3052 int ret = 0;
3053 EVP_PKEY *key = NULL;
3054 EVP_PKEY_CTX *key_ctx = NULL;
3055
3056 if (!TEST_ptr(key = load_example_rsa_key())
3057 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(testctx, key, NULL))
3058 || !TEST_true(EVP_PKEY_encrypt_init(key_ctx)))
3059 goto err;
3060
3061 if (!TEST_true(EVP_PKEY_CTX_set_rsa_padding(key_ctx, RSA_PKCS1_OAEP_PADDING)))
3062 goto err;
3063
3064 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, OPENSSL_strdup("foo"), 0)))
3065 goto err;
3066
3067 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, NULL, 0)))
3068 goto err;
3069
3070 ret = 1;
3071
3072 err:
3073 EVP_PKEY_free(key);
3074 EVP_PKEY_CTX_free(key_ctx);
3075
3076 return ret;
3077 }
3078
3079 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
3080 static int test_decrypt_null_chunks(void)
3081 {
3082 EVP_CIPHER_CTX* ctx = NULL;
3083 EVP_CIPHER *cipher = NULL;
3084 const unsigned char key[32] = {
3085 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
3086 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
3087 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
3088 };
3089 unsigned char iv[12] = {
3090 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
3091 };
3092 unsigned char msg[] = "It was the best of times, it was the worst of times";
3093 unsigned char ciphertext[80];
3094 unsigned char plaintext[80];
3095 /* We initialise tmp to a non zero value on purpose */
3096 int ctlen, ptlen, tmp = 99;
3097 int ret = 0;
3098 const int enc_offset = 10, dec_offset = 20;
3099
3100 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
3101 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
3102 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
3103 key, iv))
3104 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
3105 enc_offset))
3106 /* Deliberate add a zero length update */
3107 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
3108 0))
3109 || !TEST_int_eq(tmp, 0)
3110 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
3111 msg + enc_offset,
3112 sizeof(msg) - enc_offset))
3113 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
3114 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
3115 || !TEST_int_eq(tmp, 0))
3116 goto err;
3117
3118 /* Deliberately initialise tmp to a non zero value */
3119 tmp = 99;
3120 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
3121 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
3122 dec_offset))
3123 /*
3124 * Deliberately add a zero length update. We also deliberately do
3125 * this at a different offset than for encryption.
3126 */
3127 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
3128 0))
3129 || !TEST_int_eq(tmp, 0)
3130 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
3131 ciphertext + dec_offset,
3132 ctlen - dec_offset))
3133 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
3134 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
3135 || !TEST_int_eq(tmp, 0)
3136 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
3137 goto err;
3138
3139 ret = 1;
3140 err:
3141 EVP_CIPHER_CTX_free(ctx);
3142 EVP_CIPHER_free(cipher);
3143 return ret;
3144 }
3145 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
3146
3147 #ifndef OPENSSL_NO_DH
3148 /*
3149 * Test combinations of private, public, missing and private + public key
3150 * params to ensure they are all accepted
3151 */
3152 static int test_DH_priv_pub(void)
3153 {
3154 return test_EVP_PKEY_ffc_priv_pub("DH");
3155 }
3156
3157 # ifndef OPENSSL_NO_DEPRECATED_3_0
3158 static int test_EVP_PKEY_set1_DH(void)
3159 {
3160 DH *x942dh = NULL, *noqdh = NULL;
3161 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
3162 int ret = 0;
3163 BIGNUM *p, *g = NULL;
3164 BIGNUM *pubkey = NULL;
3165 unsigned char pub[2048 / 8];
3166 size_t len = 0;
3167
3168 if (!TEST_ptr(p = BN_new())
3169 || !TEST_ptr(g = BN_new())
3170 || !TEST_ptr(pubkey = BN_new())
3171 || !TEST_true(BN_set_word(p, 9999))
3172 || !TEST_true(BN_set_word(g, 2))
3173 || !TEST_true(BN_set_word(pubkey, 4321))
3174 || !TEST_ptr(noqdh = DH_new())
3175 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
3176 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
3177 || !TEST_ptr(pubkey = BN_new())
3178 || !TEST_true(BN_set_word(pubkey, 4321)))
3179 goto err;
3180 p = g = NULL;
3181
3182 x942dh = DH_get_2048_256();
3183 pkey1 = EVP_PKEY_new();
3184 pkey2 = EVP_PKEY_new();
3185 if (!TEST_ptr(x942dh)
3186 || !TEST_ptr(noqdh)
3187 || !TEST_ptr(pkey1)
3188 || !TEST_ptr(pkey2)
3189 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
3190 goto err;
3191 pubkey = NULL;
3192
3193 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
3194 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
3195 goto err;
3196
3197 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
3198 &pubkey))
3199 || !TEST_ptr(pubkey))
3200 goto err;
3201
3202 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
3203 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
3204 goto err;
3205
3206 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
3207 OSSL_PKEY_PARAM_PUB_KEY,
3208 pub, sizeof(pub), &len))
3209 || !TEST_size_t_ne(len, 0))
3210 goto err;
3211
3212 ret = 1;
3213 err:
3214 BN_free(p);
3215 BN_free(g);
3216 BN_free(pubkey);
3217 EVP_PKEY_free(pkey1);
3218 EVP_PKEY_free(pkey2);
3219 DH_free(x942dh);
3220 DH_free(noqdh);
3221
3222 return ret;
3223 }
3224 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
3225 #endif /* !OPENSSL_NO_DH */
3226
3227 /*
3228 * We test what happens with an empty template. For the sake of this test,
3229 * the template must be ignored, and we know that's the case for RSA keys
3230 * (this might arguably be a misfeature, but that's what we currently do,
3231 * even in provider code, since that's how the legacy RSA implementation
3232 * does things)
3233 */
3234 static int test_keygen_with_empty_template(int n)
3235 {
3236 EVP_PKEY_CTX *ctx = NULL;
3237 EVP_PKEY *pkey = NULL;
3238 EVP_PKEY *tkey = NULL;
3239 int ret = 0;
3240
3241 if (nullprov != NULL)
3242 return TEST_skip("Test does not support a non-default library context");
3243
3244 switch (n) {
3245 case 0:
3246 /* We do test with no template at all as well */
3247 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
3248 goto err;
3249 break;
3250 case 1:
3251 /* Here we create an empty RSA key that serves as our template */
3252 if (!TEST_ptr(tkey = EVP_PKEY_new())
3253 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
3254 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
3255 goto err;
3256 break;
3257 }
3258
3259 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3260 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
3261 goto err;
3262
3263 ret = 1;
3264 err:
3265 EVP_PKEY_CTX_free(ctx);
3266 EVP_PKEY_free(pkey);
3267 EVP_PKEY_free(tkey);
3268 return ret;
3269 }
3270
3271 /*
3272 * Test that we fail if we attempt to use an algorithm that is not available
3273 * in the current library context (unless we are using an algorithm that
3274 * should be made available via legacy codepaths).
3275 *
3276 * 0: RSA
3277 * 1: SM2
3278 */
3279 static int test_pkey_ctx_fail_without_provider(int tst)
3280 {
3281 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
3282 OSSL_PROVIDER *tmpnullprov = NULL;
3283 EVP_PKEY_CTX *pctx = NULL;
3284 const char *keytype = NULL;
3285 int expect_null = 0;
3286 int ret = 0;
3287
3288 if (!TEST_ptr(tmpctx))
3289 goto err;
3290
3291 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
3292 if (!TEST_ptr(tmpnullprov))
3293 goto err;
3294
3295 /*
3296 * We check for certain algos in the null provider.
3297 * If an algo is expected to have a provider keymgmt, constructing an
3298 * EVP_PKEY_CTX is expected to fail (return NULL).
3299 * Otherwise, if it's expected to have legacy support, constructing an
3300 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
3301 */
3302 switch (tst) {
3303 case 0:
3304 keytype = "RSA";
3305 expect_null = 1;
3306 break;
3307 case 1:
3308 keytype = "SM2";
3309 expect_null = 1;
3310 #ifdef OPENSSL_NO_EC
3311 TEST_info("EC disable, skipping SM2 check...");
3312 goto end;
3313 #endif
3314 #ifdef OPENSSL_NO_SM2
3315 TEST_info("SM2 disable, skipping SM2 check...");
3316 goto end;
3317 #endif
3318 break;
3319 default:
3320 TEST_error("No test for case %d", tst);
3321 goto err;
3322 }
3323
3324 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
3325 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
3326 goto err;
3327
3328 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
3329 end:
3330 #endif
3331 ret = 1;
3332
3333 err:
3334 EVP_PKEY_CTX_free(pctx);
3335 OSSL_PROVIDER_unload(tmpnullprov);
3336 OSSL_LIB_CTX_free(tmpctx);
3337 return ret;
3338 }
3339
3340 static int test_rand_agglomeration(void)
3341 {
3342 EVP_RAND *rand;
3343 EVP_RAND_CTX *ctx;
3344 OSSL_PARAM params[3], *p = params;
3345 int res;
3346 unsigned int step = 7;
3347 static unsigned char seed[] = "It does not matter how slowly you go "
3348 "as long as you do not stop.";
3349 unsigned char out[sizeof(seed)];
3350
3351 if (!TEST_int_ne(sizeof(seed) % step, 0)
3352 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
3353 return 0;
3354 ctx = EVP_RAND_CTX_new(rand, NULL);
3355 EVP_RAND_free(rand);
3356 if (!TEST_ptr(ctx))
3357 return 0;
3358
3359 memset(out, 0, sizeof(out));
3360 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
3361 seed, sizeof(seed));
3362 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
3363 *p = OSSL_PARAM_construct_end();
3364 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
3365 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
3366 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
3367 EVP_RAND_CTX_free(ctx);
3368 return res;
3369 }
3370
3371 /*
3372 * Test that we correctly return the original or "running" IV after
3373 * an encryption operation.
3374 * Run multiple times for some different relevant algorithms/modes.
3375 */
3376 static int test_evp_iv_aes(int idx)
3377 {
3378 int ret = 0;
3379 EVP_CIPHER_CTX *ctx = NULL;
3380 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
3381 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
3382 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
3383 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
3384 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
3385 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3386 9, 10, 11, 12, 13, 14, 15, 16 };
3387 unsigned char ciphertext[32], oiv[16], iv[16];
3388 unsigned char *ref_iv;
3389 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
3390 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
3391
3392 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
3393 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
3394 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
3395 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
3396 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3397 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3398 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
3399 #ifndef OPENSSL_NO_OCB
3400 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3401 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3402 #endif
3403 int len = sizeof(ciphertext);
3404 size_t ivlen, ref_len;
3405 const EVP_CIPHER *type = NULL;
3406 int iv_reset = 0;
3407
3408 if (nullprov != NULL && idx < 6)
3409 return TEST_skip("Test does not support a non-default library context");
3410
3411 switch (idx) {
3412 case 0:
3413 type = EVP_aes_128_cbc();
3414 /* FALLTHROUGH */
3415 case 6:
3416 type = (type != NULL) ? type :
3417 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
3418 ref_iv = cbc_state;
3419 ref_len = sizeof(cbc_state);
3420 iv_reset = 1;
3421 break;
3422 case 1:
3423 type = EVP_aes_128_ofb();
3424 /* FALLTHROUGH */
3425 case 7:
3426 type = (type != NULL) ? type :
3427 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
3428 ref_iv = ofb_state;
3429 ref_len = sizeof(ofb_state);
3430 iv_reset = 1;
3431 break;
3432 case 2:
3433 type = EVP_aes_128_cfb();
3434 /* FALLTHROUGH */
3435 case 8:
3436 type = (type != NULL) ? type :
3437 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
3438 ref_iv = cfb_state;
3439 ref_len = sizeof(cfb_state);
3440 iv_reset = 1;
3441 break;
3442 case 3:
3443 type = EVP_aes_128_gcm();
3444 /* FALLTHROUGH */
3445 case 9:
3446 type = (type != NULL) ? type :
3447 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
3448 ref_iv = gcm_state;
3449 ref_len = sizeof(gcm_state);
3450 break;
3451 case 4:
3452 type = EVP_aes_128_ccm();
3453 /* FALLTHROUGH */
3454 case 10:
3455 type = (type != NULL) ? type :
3456 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
3457 ref_iv = ccm_state;
3458 ref_len = sizeof(ccm_state);
3459 break;
3460 #ifdef OPENSSL_NO_OCB
3461 case 5:
3462 case 11:
3463 return 1;
3464 #else
3465 case 5:
3466 type = EVP_aes_128_ocb();
3467 /* FALLTHROUGH */
3468 case 11:
3469 type = (type != NULL) ? type :
3470 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
3471 ref_iv = ocb_state;
3472 ref_len = sizeof(ocb_state);
3473 break;
3474 #endif
3475 default:
3476 return 0;
3477 }
3478
3479 if (!TEST_ptr(type)
3480 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3481 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3482 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3483 (int)sizeof(msg)))
3484 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3485 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3486 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3487 goto err;
3488 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3489 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3490 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3491 goto err;
3492
3493 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3494 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3495 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3496 goto err;
3497 if (iv_reset) {
3498 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3499 goto err;
3500 } else {
3501 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
3502 goto err;
3503 }
3504
3505 ret = 1;
3506 err:
3507 EVP_CIPHER_CTX_free(ctx);
3508 if (idx >= 6)
3509 EVP_CIPHER_free((EVP_CIPHER *)type);
3510 return ret;
3511 }
3512
3513 #ifndef OPENSSL_NO_DES
3514 static int test_evp_iv_des(int idx)
3515 {
3516 int ret = 0;
3517 EVP_CIPHER_CTX *ctx = NULL;
3518 static const unsigned char key[24] = {
3519 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3520 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3521 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3522 };
3523 static const unsigned char init_iv[8] = {
3524 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3525 };
3526 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3527 9, 10, 11, 12, 13, 14, 15, 16 };
3528 unsigned char ciphertext[32], oiv[8], iv[8];
3529 unsigned const char *ref_iv;
3530 static const unsigned char cbc_state_des[8] = {
3531 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3532 };
3533 static const unsigned char cbc_state_3des[8] = {
3534 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3535 };
3536 static const unsigned char ofb_state_des[8] = {
3537 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3538 };
3539 static const unsigned char ofb_state_3des[8] = {
3540 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3541 };
3542 static const unsigned char cfb_state_des[8] = {
3543 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3544 };
3545 static const unsigned char cfb_state_3des[8] = {
3546 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3547 };
3548 int len = sizeof(ciphertext);
3549 size_t ivlen, ref_len;
3550 EVP_CIPHER *type = NULL;
3551
3552 if (lgcyprov == NULL && idx < 3)
3553 return TEST_skip("Test requires legacy provider to be loaded");
3554
3555 switch (idx) {
3556 case 0:
3557 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
3558 ref_iv = cbc_state_des;
3559 ref_len = sizeof(cbc_state_des);
3560 break;
3561 case 1:
3562 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
3563 ref_iv = ofb_state_des;
3564 ref_len = sizeof(ofb_state_des);
3565 break;
3566 case 2:
3567 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
3568 ref_iv = cfb_state_des;
3569 ref_len = sizeof(cfb_state_des);
3570 break;
3571 case 3:
3572 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
3573 ref_iv = cbc_state_3des;
3574 ref_len = sizeof(cbc_state_3des);
3575 break;
3576 case 4:
3577 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
3578 ref_iv = ofb_state_3des;
3579 ref_len = sizeof(ofb_state_3des);
3580 break;
3581 case 5:
3582 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
3583 ref_iv = cfb_state_3des;
3584 ref_len = sizeof(cfb_state_3des);
3585 break;
3586 default:
3587 return 0;
3588 }
3589
3590 if (!TEST_ptr(type)
3591 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3592 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3593 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3594 (int)sizeof(msg)))
3595 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3596 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3597 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3598 goto err;
3599 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3600 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3601 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3602 goto err;
3603
3604 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3605 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3606 goto err;
3607 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3608 goto err;
3609
3610 ret = 1;
3611 err:
3612 EVP_CIPHER_CTX_free(ctx);
3613 EVP_CIPHER_free(type);
3614 return ret;
3615 }
3616 #endif
3617
3618 #ifndef OPENSSL_NO_BF
3619 static int test_evp_bf_default_keylen(int idx)
3620 {
3621 int ret = 0;
3622 static const char *algos[4] = {
3623 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb"
3624 };
3625 int ivlen[4] = { 0, 8, 8, 8 };
3626 EVP_CIPHER *cipher = NULL;
3627
3628 if (lgcyprov == NULL)
3629 return TEST_skip("Test requires legacy provider to be loaded");
3630
3631 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq))
3632 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16)
3633 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx]))
3634 goto err;
3635
3636 ret = 1;
3637 err:
3638 EVP_CIPHER_free(cipher);
3639 return ret;
3640 }
3641 #endif
3642
3643 #ifndef OPENSSL_NO_EC
3644 static int ecpub_nids[] = {
3645 NID_brainpoolP256r1, NID_X9_62_prime256v1,
3646 NID_secp384r1, NID_secp521r1,
3647 # ifndef OPENSSL_NO_EC2M
3648 NID_sect233k1, NID_sect233r1, NID_sect283r1,
3649 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
3650 # endif
3651 NID_brainpoolP384r1, NID_brainpoolP512r1
3652 };
3653
3654 static int test_ecpub(int idx)
3655 {
3656 int ret = 0, len, savelen;
3657 int nid;
3658 unsigned char buf[1024];
3659 unsigned char *p;
3660 EVP_PKEY *pkey = NULL;
3661 EVP_PKEY_CTX *ctx = NULL;
3662 # ifndef OPENSSL_NO_DEPRECATED_3_0
3663 const unsigned char *q;
3664 EVP_PKEY *pkey2 = NULL;
3665 EC_KEY *ec = NULL;
3666 # endif
3667
3668 if (nullprov != NULL)
3669 return TEST_skip("Test does not support a non-default library context");
3670
3671 nid = ecpub_nids[idx];
3672
3673 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
3674 if (!TEST_ptr(ctx)
3675 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3676 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0)
3677 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
3678 goto done;
3679 len = i2d_PublicKey(pkey, NULL);
3680 savelen = len;
3681 if (!TEST_int_ge(len, 1)
3682 || !TEST_int_lt(len, 1024))
3683 goto done;
3684 p = buf;
3685 len = i2d_PublicKey(pkey, &p);
3686 if (!TEST_int_ge(len, 1)
3687 || !TEST_int_eq(len, savelen))
3688 goto done;
3689
3690 # ifndef OPENSSL_NO_DEPRECATED_3_0
3691 /* Now try to decode the just-created DER. */
3692 q = buf;
3693 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
3694 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
3695 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
3696 goto done;
3697 /* EC_KEY ownership transferred */
3698 ec = NULL;
3699 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
3700 goto done;
3701 /* The keys should match. */
3702 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
3703 goto done;
3704 # endif
3705
3706 ret = 1;
3707
3708 done:
3709 EVP_PKEY_CTX_free(ctx);
3710 EVP_PKEY_free(pkey);
3711 # ifndef OPENSSL_NO_DEPRECATED_3_0
3712 EVP_PKEY_free(pkey2);
3713 EC_KEY_free(ec);
3714 # endif
3715 return ret;
3716 }
3717 #endif
3718
3719 static int test_EVP_rsa_pss_with_keygen_bits(void)
3720 {
3721 int ret = 0;
3722 EVP_PKEY_CTX *ctx = NULL;
3723 EVP_PKEY *pkey = NULL;
3724 EVP_MD *md;
3725
3726 md = EVP_MD_fetch(testctx, "sha256", testpropq);
3727 ret = TEST_ptr(md)
3728 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq)))
3729 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3730 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
3731 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0)
3732 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
3733
3734 EVP_MD_free(md);
3735 EVP_PKEY_free(pkey);
3736 EVP_PKEY_CTX_free(ctx);
3737 return ret;
3738 }
3739
3740 static int test_EVP_rsa_pss_set_saltlen(void)
3741 {
3742 int ret = 0;
3743 EVP_PKEY *pkey = NULL;
3744 EVP_PKEY_CTX *pkey_ctx = NULL;
3745 EVP_MD *sha256 = NULL;
3746 EVP_MD_CTX *sha256_ctx = NULL;
3747 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
3748 const int test_value = 32;
3749
3750 ret = TEST_ptr(pkey = load_example_rsa_key())
3751 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
3752 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
3753 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
3754 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
3755 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0)
3756 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0)
3757 && TEST_int_eq(saltlen, test_value);
3758
3759 EVP_MD_CTX_free(sha256_ctx);
3760 EVP_PKEY_free(pkey);
3761 EVP_MD_free(sha256);
3762
3763 return ret;
3764 }
3765
3766 static int success = 1;
3767 static void md_names(const char *name, void *vctx)
3768 {
3769 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
3770 /* Force a namemap update */
3771 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
3772
3773 if (!TEST_ptr(aes128))
3774 success = 0;
3775
3776 EVP_CIPHER_free(aes128);
3777 }
3778
3779 /*
3780 * Test that changing the namemap in a user callback works in a names_do_all
3781 * function.
3782 */
3783 static int test_names_do_all(void)
3784 {
3785 /* We use a custom libctx so that we know the state of the namemap */
3786 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
3787 EVP_MD *sha256 = NULL;
3788 int testresult = 0;
3789
3790 if (!TEST_ptr(ctx))
3791 goto err;
3792
3793 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
3794 if (!TEST_ptr(sha256))
3795 goto err;
3796
3797 /*
3798 * We loop through all the names for a given digest. This should still work
3799 * even if the namemap changes part way through.
3800 */
3801 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
3802 goto err;
3803
3804 if (!TEST_true(success))
3805 goto err;
3806
3807 testresult = 1;
3808 err:
3809 EVP_MD_free(sha256);
3810 OSSL_LIB_CTX_free(ctx);
3811 return testresult;
3812 }
3813
3814 typedef struct {
3815 const char *cipher;
3816 const unsigned char *key;
3817 const unsigned char *iv;
3818 const unsigned char *input;
3819 const unsigned char *expected;
3820 const unsigned char *tag;
3821 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3822 size_t inlen;
3823 size_t expectedlen;
3824 size_t taglen;
3825 int keyfirst;
3826 int initenc;
3827 int finalenc;
3828 } EVP_INIT_TEST_st;
3829
3830 static const EVP_INIT_TEST_st evp_init_tests[] = {
3831 {
3832 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3833 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3834 0, 1, 0, 1
3835 },
3836 {
3837 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3838 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3839 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3840 sizeof(gcmDefaultTag), 1, 0, 1
3841 },
3842 {
3843 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3844 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3845 0, 0, 0, 1
3846 },
3847 {
3848 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3849 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3850 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3851 sizeof(gcmDefaultTag), 0, 0, 1
3852 },
3853 {
3854 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3855 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3856 0, 1, 1, 0
3857 },
3858 {
3859 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3860 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3861 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3862 sizeof(gcmDefaultTag), 1, 1, 0
3863 },
3864 {
3865 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3866 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3867 0, 0, 1, 0
3868 },
3869 {
3870 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3871 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3872 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3873 sizeof(gcmDefaultTag), 0, 1, 0
3874 }
3875 };
3876
3877 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
3878 {
3879 int res = 0;
3880
3881 if (t->ivlen != 0) {
3882 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0))
3883 goto err;
3884 }
3885 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
3886 goto err;
3887 res = 1;
3888 err:
3889 return res;
3890 }
3891
3892 /*
3893 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3894 * arguments are given one at a time and a final adjustment to the enc
3895 * parameter sets the correct operation.
3896 */
3897 static int test_evp_init_seq(int idx)
3898 {
3899 int outlen1, outlen2;
3900 int testresult = 0;
3901 unsigned char outbuf[1024];
3902 unsigned char tag[16];
3903 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
3904 EVP_CIPHER_CTX *ctx = NULL;
3905 EVP_CIPHER *type = NULL;
3906 size_t taglen = sizeof(tag);
3907 char *errmsg = NULL;
3908
3909 ctx = EVP_CIPHER_CTX_new();
3910 if (ctx == NULL) {
3911 errmsg = "CTX_ALLOC";
3912 goto err;
3913 }
3914 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
3915 errmsg = "CIPHER_FETCH";
3916 goto err;
3917 }
3918 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
3919 errmsg = "EMPTY_ENC_INIT";
3920 goto err;
3921 }
3922 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3923 errmsg = "PADDING";
3924 goto err;
3925 }
3926 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3927 errmsg = "KEY_INIT (before iv)";
3928 goto err;
3929 }
3930 if (!evp_init_seq_set_iv(ctx, t)) {
3931 errmsg = "IV_INIT";
3932 goto err;
3933 }
3934 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3935 errmsg = "KEY_INIT (after iv)";
3936 goto err;
3937 }
3938 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
3939 errmsg = "FINAL_ENC_INIT";
3940 goto err;
3941 }
3942 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3943 errmsg = "CIPHER_UPDATE";
3944 goto err;
3945 }
3946 if (t->finalenc == 0 && t->tag != NULL) {
3947 /* Set expected tag */
3948 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
3949 t->taglen, (void *)t->tag), 0)) {
3950 errmsg = "SET_TAG";
3951 goto err;
3952 }
3953 }
3954 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3955 errmsg = "CIPHER_FINAL";
3956 goto err;
3957 }
3958 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3959 errmsg = "WRONG_RESULT";
3960 goto err;
3961 }
3962 if (t->finalenc != 0 && t->tag != NULL) {
3963 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
3964 errmsg = "GET_TAG";
3965 goto err;
3966 }
3967 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
3968 errmsg = "TAG_ERROR";
3969 goto err;
3970 }
3971 }
3972 testresult = 1;
3973 err:
3974 if (errmsg != NULL)
3975 TEST_info("evp_init_test %d: %s", idx, errmsg);
3976 EVP_CIPHER_CTX_free(ctx);
3977 EVP_CIPHER_free(type);
3978 return testresult;
3979 }
3980
3981 typedef struct {
3982 const unsigned char *input;
3983 const unsigned char *expected;
3984 size_t inlen;
3985 size_t expectedlen;
3986 int enc;
3987 } EVP_RESET_TEST_st;
3988
3989 static const EVP_RESET_TEST_st evp_reset_tests[] = {
3990 {
3991 cfbPlaintext, cfbCiphertext,
3992 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
3993 },
3994 {
3995 cfbCiphertext, cfbPlaintext,
3996 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
3997 }
3998 };
3999
4000 /*
4001 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
4002 * been used.
4003 */
4004 static int test_evp_reset(int idx)
4005 {
4006 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
4007 int outlen1, outlen2;
4008 int testresult = 0;
4009 unsigned char outbuf[1024];
4010 EVP_CIPHER_CTX *ctx = NULL;
4011 EVP_CIPHER *type = NULL;
4012 char *errmsg = NULL;
4013
4014 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
4015 errmsg = "CTX_ALLOC";
4016 goto err;
4017 }
4018 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
4019 errmsg = "CIPHER_FETCH";
4020 goto err;
4021 }
4022 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
4023 errmsg = "CIPHER_INIT";
4024 goto err;
4025 }
4026 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
4027 errmsg = "PADDING";
4028 goto err;
4029 }
4030 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
4031 errmsg = "CIPHER_UPDATE";
4032 goto err;
4033 }
4034 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4035 errmsg = "CIPHER_FINAL";
4036 goto err;
4037 }
4038 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
4039 errmsg = "WRONG_RESULT";
4040 goto err;
4041 }
4042 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
4043 errmsg = "CIPHER_REINIT";
4044 goto err;
4045 }
4046 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
4047 errmsg = "CIPHER_UPDATE (reinit)";
4048 goto err;
4049 }
4050 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4051 errmsg = "CIPHER_FINAL (reinit)";
4052 goto err;
4053 }
4054 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
4055 errmsg = "WRONG_RESULT (reinit)";
4056 goto err;
4057 }
4058 testresult = 1;
4059 err:
4060 if (errmsg != NULL)
4061 TEST_info("test_evp_reset %d: %s", idx, errmsg);
4062 EVP_CIPHER_CTX_free(ctx);
4063 EVP_CIPHER_free(type);
4064 return testresult;
4065 }
4066
4067 typedef struct {
4068 const char *cipher;
4069 int enc;
4070 } EVP_UPDATED_IV_TEST_st;
4071
4072 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
4073 {
4074 "aes-128-cfb", 1
4075 },
4076 {
4077 "aes-128-cfb", 0
4078 },
4079 {
4080 "aes-128-cfb1", 1
4081 },
4082 {
4083 "aes-128-cfb1", 0
4084 },
4085 {
4086 "aes-128-cfb8", 1
4087 },
4088 {
4089 "aes-128-cfb8", 0
4090 },
4091 {
4092 "aes-128-ofb", 1
4093 },
4094 {
4095 "aes-128-ofb", 0
4096 },
4097 {
4098 "aes-128-ctr", 1
4099 },
4100 {
4101 "aes-128-ctr", 0
4102 },
4103 {
4104 "aes-128-cbc", 1
4105 },
4106 {
4107 "aes-128-cbc", 0
4108 }
4109 };
4110
4111 /*
4112 * Test that the IV in the context is updated during a crypto operation for CFB
4113 * and OFB.
4114 */
4115 static int test_evp_updated_iv(int idx)
4116 {
4117 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
4118 int outlen1, outlen2;
4119 int testresult = 0;
4120 unsigned char outbuf[1024];
4121 EVP_CIPHER_CTX *ctx = NULL;
4122 EVP_CIPHER *type = NULL;
4123 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
4124 int iv_len;
4125 char *errmsg = NULL;
4126
4127 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
4128 errmsg = "CTX_ALLOC";
4129 goto err;
4130 }
4131 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
4132 TEST_info("cipher %s not supported, skipping", t->cipher);
4133 goto ok;
4134 }
4135
4136 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
4137 errmsg = "CIPHER_INIT";
4138 goto err;
4139 }
4140 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
4141 errmsg = "PADDING";
4142 goto err;
4143 }
4144 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
4145 errmsg = "CIPHER_UPDATE";
4146 goto err;
4147 }
4148 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
4149 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
4150 goto err;
4151 }
4152 if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) {
4153 errmsg = "CIPHER_CTX_GET_IV_LEN";
4154 goto err;
4155 }
4156 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
4157 errmsg = "IV_NOT_UPDATED";
4158 goto err;
4159 }
4160 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4161 errmsg = "CIPHER_FINAL";
4162 goto err;
4163 }
4164 ok:
4165 testresult = 1;
4166 err:
4167 if (errmsg != NULL)
4168 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
4169 EVP_CIPHER_CTX_free(ctx);
4170 EVP_CIPHER_free(type);
4171 return testresult;
4172 }
4173
4174 typedef struct {
4175 const unsigned char *iv1;
4176 const unsigned char *iv2;
4177 const unsigned char *expected1;
4178 const unsigned char *expected2;
4179 const unsigned char *tag1;
4180 const unsigned char *tag2;
4181 size_t ivlen1;
4182 size_t ivlen2;
4183 size_t expectedlen1;
4184 size_t expectedlen2;
4185 } TEST_GCM_IV_REINIT_st;
4186
4187 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
4188 {
4189 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
4190 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
4191 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
4192 },
4193 {
4194 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
4195 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
4196 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
4197 }
4198 };
4199
4200 static int test_gcm_reinit(int idx)
4201 {
4202 int outlen1, outlen2, outlen3;
4203 int testresult = 0;
4204 unsigned char outbuf[1024];
4205 unsigned char tag[16];
4206 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
4207 EVP_CIPHER_CTX *ctx = NULL;
4208 EVP_CIPHER *type = NULL;
4209 size_t taglen = sizeof(tag);
4210 char *errmsg = NULL;
4211
4212 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
4213 errmsg = "CTX_ALLOC";
4214 goto err;
4215 }
4216 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
4217 errmsg = "CIPHER_FETCH";
4218 goto err;
4219 }
4220 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
4221 errmsg = "ENC_INIT";
4222 goto err;
4223 }
4224 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) {
4225 errmsg = "SET_IVLEN1";
4226 goto err;
4227 }
4228 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
4229 errmsg = "SET_IV1";
4230 goto err;
4231 }
4232 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
4233 errmsg = "AAD1";
4234 goto err;
4235 }
4236 EVP_CIPHER_CTX_set_padding(ctx, 0);
4237 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
4238 sizeof(gcmResetPlaintext)))) {
4239 errmsg = "CIPHER_UPDATE1";
4240 goto err;
4241 }
4242 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4243 errmsg = "CIPHER_FINAL1";
4244 goto err;
4245 }
4246 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
4247 errmsg = "WRONG_RESULT1";
4248 goto err;
4249 }
4250 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4251 errmsg = "GET_TAG1";
4252 goto err;
4253 }
4254 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
4255 errmsg = "TAG_ERROR1";
4256 goto err;
4257 }
4258 /* Now reinit */
4259 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) {
4260 errmsg = "SET_IVLEN2";
4261 goto err;
4262 }
4263 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
4264 errmsg = "SET_IV2";
4265 goto err;
4266 }
4267 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
4268 errmsg = "AAD2";
4269 goto err;
4270 }
4271 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
4272 sizeof(gcmResetPlaintext)))) {
4273 errmsg = "CIPHER_UPDATE2";
4274 goto err;
4275 }
4276 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4277 errmsg = "CIPHER_FINAL2";
4278 goto err;
4279 }
4280 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
4281 errmsg = "WRONG_RESULT2";
4282 goto err;
4283 }
4284 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4285 errmsg = "GET_TAG2";
4286 goto err;
4287 }
4288 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
4289 errmsg = "TAG_ERROR2";
4290 goto err;
4291 }
4292 testresult = 1;
4293 err:
4294 if (errmsg != NULL)
4295 TEST_info("evp_init_test %d: %s", idx, errmsg);
4296 EVP_CIPHER_CTX_free(ctx);
4297 EVP_CIPHER_free(type);
4298 return testresult;
4299 }
4300
4301 #ifndef OPENSSL_NO_DEPRECATED_3_0
4302 static EVP_PKEY_METHOD *custom_pmeth = NULL;
4303 static const EVP_PKEY_METHOD *orig_pmeth = NULL;
4304
4305 # define EVP_PKEY_CTRL_MY_COMMAND 9999
4306
4307 static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
4308 {
4309 int (*pinit)(EVP_PKEY_CTX *ctx);
4310
4311 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
4312 return pinit(ctx);
4313 }
4314
4315 static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
4316 {
4317 void (*pcleanup)(EVP_PKEY_CTX *ctx);
4318
4319 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
4320 pcleanup(ctx);
4321 }
4322
4323 static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
4324 size_t *outlen, const unsigned char *in,
4325 size_t inlen)
4326 {
4327 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
4328 const unsigned char *tbs, size_t tbslen);
4329
4330 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
4331 return psign(ctx, out, outlen, in, inlen);
4332 }
4333
4334 static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
4335 size_t *siglen, const unsigned char *tbs,
4336 size_t tbslen)
4337 {
4338 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
4339 const unsigned char *tbs, size_t tbslen);
4340
4341 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
4342 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
4343 }
4344
4345 static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
4346 size_t *keylen)
4347 {
4348 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
4349
4350 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
4351 return pderive(ctx, key, keylen);
4352 }
4353
4354 static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
4355 {
4356 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
4357
4358 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
4359 return pcopy(dst, src);
4360 }
4361
4362 static int ctrl_called;
4363
4364 static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
4365 {
4366 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
4367
4368 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
4369
4370 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
4371 ctrl_called = 1;
4372 return 1;
4373 }
4374
4375 return pctrl(ctx, type, p1, p2);
4376 }
4377
4378 static int test_custom_pmeth(int idx)
4379 {
4380 EVP_PKEY_CTX *pctx = NULL;
4381 EVP_MD_CTX *ctx = NULL;
4382 EVP_PKEY *pkey = NULL;
4383 int id, orig_id, orig_flags;
4384 int testresult = 0;
4385 size_t reslen;
4386 unsigned char *res = NULL;
4387 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
4388 const EVP_MD *md = EVP_sha256();
4389 int doderive = 0;
4390
4391 ctrl_called = 0;
4392
4393 /* We call deprecated APIs so this test doesn't support a custom libctx */
4394 if (testctx != NULL)
4395 return 1;
4396
4397 switch (idx) {
4398 case 0:
4399 case 6:
4400 id = EVP_PKEY_RSA;
4401 pkey = load_example_rsa_key();
4402 break;
4403 case 1:
4404 case 7:
4405 # ifndef OPENSSL_NO_DSA
4406 id = EVP_PKEY_DSA;
4407 pkey = load_example_dsa_key();
4408 break;
4409 # else
4410 return 1;
4411 # endif
4412 case 2:
4413 case 8:
4414 # ifndef OPENSSL_NO_EC
4415 id = EVP_PKEY_EC;
4416 pkey = load_example_ec_key();
4417 break;
4418 # else
4419 return 1;
4420 # endif
4421 case 3:
4422 case 9:
4423 # ifndef OPENSSL_NO_ECX
4424 id = EVP_PKEY_ED25519;
4425 md = NULL;
4426 pkey = load_example_ed25519_key();
4427 break;
4428 # else
4429 return 1;
4430 # endif
4431 case 4:
4432 case 10:
4433 # ifndef OPENSSL_NO_DH
4434 id = EVP_PKEY_DH;
4435 doderive = 1;
4436 pkey = load_example_dh_key();
4437 break;
4438 # else
4439 return 1;
4440 # endif
4441 case 5:
4442 case 11:
4443 # ifndef OPENSSL_NO_ECX
4444 id = EVP_PKEY_X25519;
4445 doderive = 1;
4446 pkey = load_example_x25519_key();
4447 break;
4448 # else
4449 return 1;
4450 # endif
4451 default:
4452 TEST_error("Should not happen");
4453 goto err;
4454 }
4455
4456 if (!TEST_ptr(pkey))
4457 goto err;
4458
4459 if (idx < 6) {
4460 if (!TEST_true(evp_pkey_is_provided(pkey)))
4461 goto err;
4462 } else {
4463 EVP_PKEY *tmp = pkey;
4464
4465 /* Convert to a legacy key */
4466 pkey = EVP_PKEY_new();
4467 if (!TEST_ptr(pkey)) {
4468 pkey = tmp;
4469 goto err;
4470 }
4471 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
4472 EVP_PKEY_free(tmp);
4473 goto err;
4474 }
4475 EVP_PKEY_free(tmp);
4476 if (!TEST_true(evp_pkey_is_legacy(pkey)))
4477 goto err;
4478 }
4479
4480 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
4481 || !TEST_ptr(pkey))
4482 goto err;
4483
4484 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
4485 if (!TEST_int_eq(orig_id, id)
4486 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
4487 goto err;
4488
4489 if (id == EVP_PKEY_ED25519) {
4490 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
4491 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
4492 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
4493 } else {
4494 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
4495 }
4496 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
4497 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
4498 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
4499 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
4500 }
4501 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
4502 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
4503 goto err;
4504
4505 if (doderive) {
4506 pctx = EVP_PKEY_CTX_new(pkey, NULL);
4507 if (!TEST_ptr(pctx)
4508 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
4509 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4510 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4511 1)
4512 || !TEST_int_eq(ctrl_called, 1)
4513 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
4514 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
4515 || !TEST_ptr(res = OPENSSL_malloc(reslen))
4516 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
4517 goto err;
4518 } else {
4519 ctx = EVP_MD_CTX_new();
4520 reslen = EVP_PKEY_size(pkey);
4521 res = OPENSSL_malloc(reslen);
4522 if (!TEST_ptr(ctx)
4523 || !TEST_ptr(res)
4524 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
4525 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4526 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4527 1)
4528 || !TEST_int_eq(ctrl_called, 1))
4529 goto err;
4530
4531 if (id == EVP_PKEY_ED25519) {
4532 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
4533 goto err;
4534 } else {
4535 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
4536 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
4537 goto err;
4538 }
4539 }
4540
4541 testresult = 1;
4542 err:
4543 OPENSSL_free(res);
4544 EVP_MD_CTX_free(ctx);
4545 if (doderive)
4546 EVP_PKEY_CTX_free(pctx);
4547 EVP_PKEY_free(pkey);
4548 EVP_PKEY_meth_remove(custom_pmeth);
4549 EVP_PKEY_meth_free(custom_pmeth);
4550 custom_pmeth = NULL;
4551 return testresult;
4552 }
4553
4554 static int test_evp_md_cipher_meth(void)
4555 {
4556 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
4557 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
4558 int testresult = 0;
4559
4560 if (!TEST_ptr(md) || !TEST_ptr(ciph))
4561 goto err;
4562
4563 testresult = 1;
4564
4565 err:
4566 EVP_MD_meth_free(md);
4567 EVP_CIPHER_meth_free(ciph);
4568
4569 return testresult;
4570 }
4571
4572 typedef struct {
4573 int data;
4574 } custom_dgst_ctx;
4575
4576 static int custom_md_init_called = 0;
4577 static int custom_md_cleanup_called = 0;
4578
4579 static int custom_md_init(EVP_MD_CTX *ctx)
4580 {
4581 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4582
4583 if (p == NULL)
4584 return 0;
4585
4586 custom_md_init_called++;
4587 return 1;
4588 }
4589
4590 static int custom_md_cleanup(EVP_MD_CTX *ctx)
4591 {
4592 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4593
4594 if (p == NULL)
4595 /* Nothing to do */
4596 return 1;
4597
4598 custom_md_cleanup_called++;
4599 return 1;
4600 }
4601
4602 static int test_custom_md_meth(void)
4603 {
4604 EVP_MD_CTX *mdctx = NULL;
4605 EVP_MD *tmp = NULL;
4606 char mess[] = "Test Message\n";
4607 unsigned char md_value[EVP_MAX_MD_SIZE];
4608 unsigned int md_len;
4609 int testresult = 0;
4610 int nid;
4611
4612 /*
4613 * We are testing deprecated functions. We don't support a non-default
4614 * library context in this test.
4615 */
4616 if (testctx != NULL)
4617 return TEST_skip("Non-default libctx");
4618
4619 custom_md_init_called = custom_md_cleanup_called = 0;
4620
4621 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
4622 if (!TEST_int_ne(nid, NID_undef))
4623 goto err;
4624 tmp = EVP_MD_meth_new(nid, NID_undef);
4625 if (!TEST_ptr(tmp))
4626 goto err;
4627
4628 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init))
4629 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup))
4630 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp,
4631 sizeof(custom_dgst_ctx))))
4632 goto err;
4633
4634 mdctx = EVP_MD_CTX_new();
4635 if (!TEST_ptr(mdctx)
4636 /*
4637 * Initing our custom md and then initing another md should
4638 * result in the init and cleanup functions of the custom md
4639 * being called.
4640 */
4641 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL))
4642 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
4643 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess)))
4644 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len))
4645 || !TEST_int_eq(custom_md_init_called, 1)
4646 || !TEST_int_eq(custom_md_cleanup_called, 1))
4647 goto err;
4648
4649 testresult = 1;
4650 err:
4651 EVP_MD_CTX_free(mdctx);
4652 EVP_MD_meth_free(tmp);
4653 return testresult;
4654 }
4655
4656 typedef struct {
4657 int data;
4658 } custom_ciph_ctx;
4659
4660 static int custom_ciph_init_called = 0;
4661 static int custom_ciph_cleanup_called = 0;
4662
4663 static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
4664 const unsigned char *iv, int enc)
4665 {
4666 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
4667
4668 if (p == NULL)
4669 return 0;
4670
4671 custom_ciph_init_called++;
4672 return 1;
4673 }
4674
4675 static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx)
4676 {
4677 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
4678
4679 if (p == NULL)
4680 /* Nothing to do */
4681 return 1;
4682
4683 custom_ciph_cleanup_called++;
4684 return 1;
4685 }
4686
4687 static int test_custom_ciph_meth(void)
4688 {
4689 EVP_CIPHER_CTX *ciphctx = NULL;
4690 EVP_CIPHER *tmp = NULL;
4691 int testresult = 0;
4692 int nid;
4693
4694 /*
4695 * We are testing deprecated functions. We don't support a non-default
4696 * library context in this test.
4697 */
4698 if (testctx != NULL)
4699 return TEST_skip("Non-default libctx");
4700
4701 custom_ciph_init_called = custom_ciph_cleanup_called = 0;
4702
4703 nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph");
4704 if (!TEST_int_ne(nid, NID_undef))
4705 goto err;
4706 tmp = EVP_CIPHER_meth_new(nid, 16, 16);
4707 if (!TEST_ptr(tmp))
4708 goto err;
4709
4710 if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init))
4711 || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT))
4712 || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup))
4713 || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp,
4714 sizeof(custom_ciph_ctx))))
4715 goto err;
4716
4717 ciphctx = EVP_CIPHER_CTX_new();
4718 if (!TEST_ptr(ciphctx)
4719 /*
4720 * Initing our custom cipher and then initing another cipher
4721 * should result in the init and cleanup functions of the custom
4722 * cipher being called.
4723 */
4724 || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1))
4725 || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL,
4726 NULL, NULL, 1))
4727 || !TEST_int_eq(custom_ciph_init_called, 1)
4728 || !TEST_int_eq(custom_ciph_cleanup_called, 1))
4729 goto err;
4730
4731 testresult = 1;
4732 err:
4733 EVP_CIPHER_CTX_free(ciphctx);
4734 EVP_CIPHER_meth_free(tmp);
4735 return testresult;
4736 }
4737
4738 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4739 /* Test we can create a signature keys with an associated ENGINE */
4740 static int test_signatures_with_engine(int tst)
4741 {
4742 ENGINE *e;
4743 const char *engine_id = "dasync";
4744 EVP_PKEY *pkey = NULL;
4745 const unsigned char badcmackey[] = { 0x00, 0x01 };
4746 const unsigned char cmackey[] = {
4747 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4748 0x0c, 0x0d, 0x0e, 0x0f
4749 };
4750 const unsigned char ed25519key[] = {
4751 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4752 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4753 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
4754 };
4755 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4756 int testresult = 0;
4757 EVP_MD_CTX *ctx = NULL;
4758 unsigned char *mac = NULL;
4759 size_t maclen = 0;
4760 int ret;
4761
4762 # ifdef OPENSSL_NO_CMAC
4763 /* Skip CMAC tests in a no-cmac build */
4764 if (tst <= 1)
4765 return 1;
4766 # endif
4767 # ifdef OPENSSL_NO_ECX
4768 /* Skip ECX tests in a no-ecx build */
4769 if (tst == 2)
4770 return 1;
4771 # endif
4772
4773 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4774 return 0;
4775
4776 if (!TEST_true(ENGINE_init(e))) {
4777 ENGINE_free(e);
4778 return 0;
4779 }
4780
4781 switch (tst) {
4782 case 0:
4783 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
4784 EVP_aes_128_cbc());
4785 break;
4786 case 1:
4787 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
4788 EVP_aes_128_cbc());
4789 break;
4790 case 2:
4791 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
4792 sizeof(ed25519key));
4793 break;
4794 default:
4795 TEST_error("Invalid test case");
4796 goto err;
4797 }
4798 if (!TEST_ptr(pkey))
4799 goto err;
4800
4801 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
4802 goto err;
4803
4804 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
4805 pkey);
4806 if (tst == 0) {
4807 if (!TEST_true(ret))
4808 goto err;
4809
4810 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
4811 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
4812 goto err;
4813
4814 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
4815 goto err;
4816
4817 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
4818 goto err;
4819 } else {
4820 /* We used a bad key. We expect a failure here */
4821 if (!TEST_false(ret))
4822 goto err;
4823 }
4824
4825 testresult = 1;
4826 err:
4827 EVP_MD_CTX_free(ctx);
4828 OPENSSL_free(mac);
4829 EVP_PKEY_free(pkey);
4830 ENGINE_finish(e);
4831 ENGINE_free(e);
4832
4833 return testresult;
4834 }
4835
4836 static int test_cipher_with_engine(void)
4837 {
4838 ENGINE *e;
4839 const char *engine_id = "dasync";
4840 const unsigned char keyiv[] = {
4841 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4842 0x0c, 0x0d, 0x0e, 0x0f
4843 };
4844 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4845 int testresult = 0;
4846 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
4847 unsigned char buf[AES_BLOCK_SIZE];
4848 int len = 0;
4849
4850 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4851 return 0;
4852
4853 if (!TEST_true(ENGINE_init(e))) {
4854 ENGINE_free(e);
4855 return 0;
4856 }
4857
4858 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4859 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
4860 goto err;
4861
4862 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
4863 goto err;
4864
4865 /* Copy the ctx, and complete the operation with the new ctx */
4866 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
4867 goto err;
4868
4869 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
4870 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
4871 goto err;
4872
4873 testresult = 1;
4874 err:
4875 EVP_CIPHER_CTX_free(ctx);
4876 EVP_CIPHER_CTX_free(ctx2);
4877 ENGINE_finish(e);
4878 ENGINE_free(e);
4879
4880 return testresult;
4881 }
4882 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
4883 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
4884
4885 #ifndef OPENSSL_NO_ECX
4886 static int ecxnids[] = {
4887 NID_X25519,
4888 NID_X448,
4889 NID_ED25519,
4890 NID_ED448
4891 };
4892
4893 /* Test that creating ECX keys with a short private key fails as expected */
4894 static int test_ecx_short_keys(int tst)
4895 {
4896 unsigned char ecxkeydata = 1;
4897 EVP_PKEY *pkey;
4898
4899
4900 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, OBJ_nid2sn(ecxnids[tst]),
4901 NULL, &ecxkeydata, 1);
4902 if (!TEST_ptr_null(pkey)) {
4903 EVP_PKEY_free(pkey);
4904 return 0;
4905 }
4906
4907 return 1;
4908 }
4909 #endif
4910
4911 typedef enum OPTION_choice {
4912 OPT_ERR = -1,
4913 OPT_EOF = 0,
4914 OPT_CONTEXT,
4915 OPT_TEST_ENUM
4916 } OPTION_CHOICE;
4917
4918 const OPTIONS *test_get_options(void)
4919 {
4920 static const OPTIONS options[] = {
4921 OPT_TEST_OPTIONS_DEFAULT_USAGE,
4922 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
4923 { NULL }
4924 };
4925 return options;
4926 }
4927
4928 #ifndef OPENSSL_NO_ECX
4929 /* Test that trying to sign with a public key errors out gracefully */
4930 static int test_ecx_not_private_key(int tst)
4931 {
4932 EVP_PKEY *pkey = NULL;
4933
4934 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4935 int testresult = 0;
4936 EVP_MD_CTX *ctx = NULL;
4937 unsigned char *mac = NULL;
4938 size_t maclen = 0;
4939 unsigned char *pubkey;
4940 size_t pubkeylen;
4941
4942 switch (keys[tst].type) {
4943 case NID_X25519:
4944 case NID_X448:
4945 return TEST_skip("signing not supported for X25519/X448");
4946 }
4947
4948 /* Check if this algorithm supports public keys */
4949 if (keys[tst].pub == NULL)
4950 return TEST_skip("no public key present");
4951
4952 pubkey = (unsigned char *)keys[tst].pub;
4953 pubkeylen = strlen(keys[tst].pub);
4954
4955 pkey = EVP_PKEY_new_raw_public_key_ex(testctx, OBJ_nid2sn(keys[tst].type),
4956 NULL, pubkey, pubkeylen);
4957 if (!TEST_ptr(pkey))
4958 goto err;
4959
4960 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
4961 goto err;
4962
4963 if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey) != 1)
4964 goto check_err;
4965
4966 if (EVP_DigestSign(ctx, NULL, &maclen, msg, sizeof(msg)) != 1)
4967 goto check_err;
4968
4969 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
4970 goto err;
4971
4972 if (!TEST_int_eq(EVP_DigestSign(ctx, mac, &maclen, msg, sizeof(msg)), 0))
4973 goto err;
4974
4975 check_err:
4976 /*
4977 * Currently only EVP_DigestSign will throw PROV_R_NOT_A_PRIVATE_KEY,
4978 * but we relax the check to allow error also thrown by
4979 * EVP_DigestSignInit and EVP_DigestSign.
4980 */
4981 if (ERR_GET_REASON(ERR_peek_error()) == PROV_R_NOT_A_PRIVATE_KEY) {
4982 testresult = 1;
4983 ERR_clear_error();
4984 }
4985
4986 err:
4987 EVP_MD_CTX_free(ctx);
4988 OPENSSL_free(mac);
4989 EVP_PKEY_free(pkey);
4990
4991 return testresult;
4992 }
4993 #endif /* OPENSSL_NO_ECX */
4994
4995 static int test_sign_continuation(void)
4996 {
4997 OSSL_PROVIDER *fake_rsa = NULL;
4998 int testresult = 0;
4999 EVP_PKEY *pkey = NULL;
5000 EVP_PKEY_CTX *pctx = NULL;
5001 EVP_MD_CTX *mctx = NULL;
5002 const char sigbuf[] = "To Be Signed";
5003 unsigned char signature[256];
5004 size_t siglen = 256;
5005 static int nodupnum = 1;
5006 static const OSSL_PARAM nodup_params[] = {
5007 OSSL_PARAM_int("NO_DUP", &nodupnum),
5008 OSSL_PARAM_END
5009 };
5010
5011 if (!TEST_ptr(fake_rsa = fake_rsa_start(testctx)))
5012 return 0;
5013
5014 /* Construct a pkey using precise propq to use our provider */
5015 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA",
5016 "provider=fake-rsa"))
5017 || !TEST_true(EVP_PKEY_fromdata_init(pctx))
5018 || !TEST_true(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, NULL))
5019 || !TEST_ptr(pkey))
5020 goto end;
5021
5022 /* First test it continues (classic behavior) */
5023 if (!TEST_ptr(mctx = EVP_MD_CTX_new())
5024 || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx,
5025 NULL, pkey, NULL))
5026 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
5027 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen))
5028 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
5029 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen)))
5030 goto end;
5031
5032 EVP_MD_CTX_free(mctx);
5033
5034 /* try again but failing the continuation */
5035 if (!TEST_ptr(mctx = EVP_MD_CTX_new())
5036 || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx,
5037 NULL, pkey, nodup_params))
5038 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
5039 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen))
5040 || !TEST_false(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
5041 || !TEST_false(EVP_DigestSignFinal(mctx, signature, &siglen)))
5042 goto end;
5043
5044 testresult = 1;
5045
5046 end:
5047 EVP_MD_CTX_free(mctx);
5048 EVP_PKEY_free(pkey);
5049 EVP_PKEY_CTX_free(pctx);
5050 fake_rsa_finish(fake_rsa);
5051 return testresult;
5052 }
5053
5054 int setup_tests(void)
5055 {
5056 OPTION_CHOICE o;
5057
5058 while ((o = opt_next()) != OPT_EOF) {
5059 switch (o) {
5060 case OPT_CONTEXT:
5061 /* Set up an alternate library context */
5062 testctx = OSSL_LIB_CTX_new();
5063 if (!TEST_ptr(testctx))
5064 return 0;
5065 /* Swap the libctx to test non-default context only */
5066 nullprov = OSSL_PROVIDER_load(NULL, "null");
5067 deflprov = OSSL_PROVIDER_load(testctx, "default");
5068 #ifndef OPENSSL_SYS_TANDEM
5069 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
5070 #endif
5071 break;
5072 case OPT_TEST_CASES:
5073 break;
5074 default:
5075 return 0;
5076 }
5077 }
5078
5079 ADD_TEST(test_EVP_set_default_properties);
5080 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
5081 ADD_TEST(test_EVP_DigestVerifyInit);
5082 #ifndef OPENSSL_NO_SIPHASH
5083 ADD_TEST(test_siphash_digestsign);
5084 #endif
5085 ADD_TEST(test_EVP_Digest);
5086 ADD_TEST(test_EVP_md_null);
5087 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
5088 #ifndef OPENSSL_NO_DEPRECATED_3_0
5089 ADD_ALL_TESTS(test_EVP_PKEY_sign_with_app_method, 2);
5090 #endif
5091 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
5092 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
5093 ADD_TEST(test_privatekey_to_pkcs8);
5094 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
5095 #ifndef OPENSSL_NO_EC
5096 ADD_TEST(test_EVP_PKCS82PKEY);
5097 #endif
5098 #ifndef OPENSSL_NO_EC
5099 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
5100 #endif
5101 #if !defined(OPENSSL_NO_SM2)
5102 ADD_TEST(test_EVP_SM2);
5103 ADD_TEST(test_EVP_SM2_verify);
5104 #endif
5105 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
5106 #ifndef OPENSSL_NO_DEPRECATED_3_0
5107 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
5108 if (!TEST_ptr(custom_pmeth))
5109 return 0;
5110 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
5111 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
5112 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
5113 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
5114 return 0;
5115 #endif
5116 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
5117 #ifndef OPENSSL_NO_CMAC
5118 ADD_TEST(test_CMAC_keygen);
5119 #endif
5120 ADD_TEST(test_HKDF);
5121 ADD_TEST(test_emptyikm_HKDF);
5122 #ifndef OPENSSL_NO_EC
5123 ADD_TEST(test_X509_PUBKEY_inplace);
5124 ADD_TEST(test_X509_PUBKEY_dup);
5125 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
5126 OSSL_NELEM(ec_der_pub_keys));
5127 #endif
5128 #ifndef OPENSSL_NO_DSA
5129 ADD_TEST(test_DSA_get_set_params);
5130 ADD_TEST(test_DSA_priv_pub);
5131 #endif
5132 ADD_TEST(test_RSA_get_set_params);
5133 ADD_TEST(test_RSA_OAEP_set_get_params);
5134 ADD_TEST(test_RSA_OAEP_set_null_label);
5135 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
5136 ADD_TEST(test_decrypt_null_chunks);
5137 #endif
5138 #ifndef OPENSSL_NO_DH
5139 ADD_TEST(test_DH_priv_pub);
5140 # ifndef OPENSSL_NO_DEPRECATED_3_0
5141 ADD_TEST(test_EVP_PKEY_set1_DH);
5142 # endif
5143 #endif
5144 #ifndef OPENSSL_NO_EC
5145 ADD_TEST(test_EC_priv_pub);
5146 ADD_TEST(test_evp_get_ec_pub);
5147 # ifndef OPENSSL_NO_DEPRECATED_3_0
5148 ADD_TEST(test_EC_priv_only_legacy);
5149 ADD_TEST(test_evp_get_ec_pub_legacy);
5150 # endif
5151 #endif
5152 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
5153 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
5154
5155 ADD_TEST(test_rand_agglomeration);
5156 ADD_ALL_TESTS(test_evp_iv_aes, 12);
5157 #ifndef OPENSSL_NO_DES
5158 ADD_ALL_TESTS(test_evp_iv_des, 6);
5159 #endif
5160 #ifndef OPENSSL_NO_BF
5161 ADD_ALL_TESTS(test_evp_bf_default_keylen, 4);
5162 #endif
5163 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
5164 ADD_TEST(test_EVP_rsa_pss_set_saltlen);
5165 #ifndef OPENSSL_NO_EC
5166 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
5167 #endif
5168
5169 ADD_TEST(test_names_do_all);
5170
5171 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
5172 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
5173 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
5174 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
5175
5176 #ifndef OPENSSL_NO_DEPRECATED_3_0
5177 ADD_ALL_TESTS(test_custom_pmeth, 12);
5178 ADD_TEST(test_evp_md_cipher_meth);
5179 ADD_TEST(test_custom_md_meth);
5180 ADD_TEST(test_custom_ciph_meth);
5181
5182 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
5183 /* Tests only support the default libctx */
5184 if (testctx == NULL) {
5185 # ifndef OPENSSL_NO_EC
5186 ADD_ALL_TESTS(test_signatures_with_engine, 3);
5187 # else
5188 ADD_ALL_TESTS(test_signatures_with_engine, 2);
5189 # endif
5190 ADD_TEST(test_cipher_with_engine);
5191 }
5192 # endif
5193 #endif
5194
5195 #ifndef OPENSSL_NO_ECX
5196 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
5197 ADD_ALL_TESTS(test_ecx_not_private_key, OSSL_NELEM(keys));
5198 #endif
5199
5200 ADD_TEST(test_sign_continuation);
5201
5202 return 1;
5203 }
5204
5205 void cleanup_tests(void)
5206 {
5207 OSSL_PROVIDER_unload(nullprov);
5208 OSSL_PROVIDER_unload(deflprov);
5209 #ifndef OPENSSL_SYS_TANDEM
5210 OSSL_PROVIDER_unload(lgcyprov);
5211 #endif
5212 OSSL_LIB_CTX_free(testctx);
5213 }
A mirror of the official openssl repository