]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/evp_extra_test.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
test: remove the just added, but now unrealistic, shake128 OAEP tests
[thirdparty/openssl.git] / test / evp_extra_test.c
1 /*
2 * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
34 #include <openssl/proverr.h>
35 #include "testutil.h"
36 #include "internal/nelem.h"
37 #include "internal/sizes.h"
38 #include "crypto/evp.h"
39 #include "fake_rsaprov.h"
40
41 #ifdef STATIC_LEGACY
42 OSSL_provider_init_fn ossl_legacy_provider_init;
43 #endif
44
45 static OSSL_LIB_CTX *testctx = NULL;
46 static char *testpropq = NULL;
47
48 static OSSL_PROVIDER *nullprov = NULL;
49 static OSSL_PROVIDER *deflprov = NULL;
50 static OSSL_PROVIDER *lgcyprov = NULL;
51
52 /*
53 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
54 * should never use this key anywhere but in an example.
55 */
56 static const unsigned char kExampleRSAKeyDER[] = {
57 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
58 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
59 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
60 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
61 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
62 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
63 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
64 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
65 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
66 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
67 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
68 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
69 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
70 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
71 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
72 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
73 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
74 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
75 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
76 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
77 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
78 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
79 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
80 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
81 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
82 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
83 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
84 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
85 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
86 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
87 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
88 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
89 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
90 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
91 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
92 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
93 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
94 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
95 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
96 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
97 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
98 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
99 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
100 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
101 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
102 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
103 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
104 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
105 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
106 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
107 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
108 };
109
110 /*
111 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
112 * should never use this key anywhere but in an example.
113 */
114 #ifndef OPENSSL_NO_DSA
115 static const unsigned char kExampleDSAKeyDER[] = {
116 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
117 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
118 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
119 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
120 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
121 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
122 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
123 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
124 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
125 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
126 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
127 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
128 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
129 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
130 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
131 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
132 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
133 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
134 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
135 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
136 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
137 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
138 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
139 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
140 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
141 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
142 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
143 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
144 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
145 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
146 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
147 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
148 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
149 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
150 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
151 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
152 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
153 0x40, 0x48
154 };
155 #endif
156
157 /*
158 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
159 * components are not correct.
160 */
161 static const unsigned char kExampleBadRSAKeyDER[] = {
162 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
163 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
164 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
165 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
166 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
167 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
168 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
169 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
170 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
171 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
172 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
173 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
174 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
175 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
176 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
177 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
178 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
179 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
180 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
181 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
182 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
183 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
184 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
185 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
186 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
187 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
188 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
189 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
190 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
191 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
192 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
193 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
194 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
195 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
196 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
197 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
198 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
199 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
200 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
201 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
202 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
203 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
204 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
205 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
206 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
207 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
208 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
209 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
210 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
211 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
212 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
213 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
214 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
215 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
216 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
217 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
218 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
219 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
220 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
221 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
222 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
223 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
224 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
225 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
226 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
227 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
228 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
229 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
230 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
231 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
232 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
233 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
234 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
235 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
236 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
237 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
238 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
239 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
240 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
241 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
242 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
243 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
244 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
245 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
246 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
247 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
248 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
249 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
250 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
251 };
252
253 /*
254 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All
255 * values are 0.
256 */
257 static const unsigned char kExampleBad2RSAKeyDER[] = {
258 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
259 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
260 0x01, 0x00, 0x02, 0x01, 0x00
261 };
262
263 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
264
265 static const unsigned char kSignature[] = {
266 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
267 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
268 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
269 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
270 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
271 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
272 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
273 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
274 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
275 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
276 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
277 };
278
279 /*
280 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
281 * PrivateKeyInfo.
282 */
283 static const unsigned char kExampleRSAKeyPKCS8[] = {
284 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
285 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
286 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
287 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
288 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
289 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
290 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
291 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
292 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
293 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
294 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
295 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
296 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
297 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
298 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
299 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
300 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
301 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
302 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
303 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
304 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
305 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
306 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
307 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
308 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
309 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
310 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
311 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
312 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
313 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
314 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
315 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
316 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
317 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
318 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
319 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
320 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
321 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
322 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
323 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
324 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
325 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
326 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
327 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
328 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
329 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
330 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
331 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
332 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
333 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
334 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
335 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
336 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
337 };
338
339 #ifndef OPENSSL_NO_EC
340 /*
341 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
342 * structure.
343 */
344 static const unsigned char kExampleECKeyDER[] = {
345 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
346 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
347 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
348 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
349 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
350 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
351 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
352 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
353 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
354 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
355 0xc1,
356 };
357
358 /*
359 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
360 * structure. The private key is equal to the order and will fail to import
361 */
362 static const unsigned char kExampleBadECKeyDER[] = {
363 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
364 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
365 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
366 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
367 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
368 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
369 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
370 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
371 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
372 };
373
374 /* prime256v1 */
375 static const unsigned char kExampleECPubKeyDER[] = {
376 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
377 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
378 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
379 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
380 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
381 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
382 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
383 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
384 };
385
386 /*
387 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
388 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
389 */
390 static const unsigned char kExampleBadECPubKeyDER[] = {
391 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
392 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
393 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
394 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
395 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
396 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
397 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
398 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
399 };
400
401 static const unsigned char pExampleECParamDER[] = {
402 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
403 };
404
405 # ifndef OPENSSL_NO_ECX
406 static const unsigned char kExampleED25519KeyDER[] = {
407 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
408 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
409 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
410 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
411 };
412
413 static const unsigned char kExampleED25519PubKeyDER[] = {
414 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
415 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
416 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
417 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
418 };
419
420 # ifndef OPENSSL_NO_DEPRECATED_3_0
421 static const unsigned char kExampleX25519KeyDER[] = {
422 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
423 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
424 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
425 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
426 };
427 # endif
428 # endif
429 #endif
430
431 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
432 #ifndef OPENSSL_NO_DEPRECATED_3_0
433 # ifndef OPENSSL_NO_DH
434 static const unsigned char kExampleDHKeyDER[] = {
435 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
436 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
437 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
438 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
439 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
440 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
441 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
442 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
443 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
444 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
445 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
446 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
447 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
448 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
449 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
450 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
451 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
452 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
453 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
454 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
455 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
456 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
457 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
458 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
459 0x2e, 0x87, 0x2a, 0x0b, 0x7a
460 };
461 # endif
462 #endif
463
464 static const unsigned char kCFBDefaultKey[] = {
465 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
466 0x09, 0xCF, 0x4F, 0x3C
467 };
468
469 static const unsigned char kGCMDefaultKey[32] = { 0 };
470
471 static const unsigned char kGCMResetKey[] = {
472 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
473 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
474 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
475 };
476
477 static const unsigned char iCFBIV[] = {
478 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
479 0x0C, 0x0D, 0x0E, 0x0F
480 };
481
482 static const unsigned char iGCMDefaultIV[12] = { 0 };
483
484 static const unsigned char iGCMResetIV1[] = {
485 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
486 };
487
488 static const unsigned char iGCMResetIV2[] = {
489 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
490 };
491
492 static const unsigned char cfbPlaintext[] = {
493 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
494 0x73, 0x93, 0x17, 0x2A
495 };
496 static const unsigned char cfbPlaintext_partial[] = {
497 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
498 0x73, 0x93, 0x17, 0x2A, 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
499 };
500
501 static const unsigned char gcmDefaultPlaintext[16] = { 0 };
502
503 static const unsigned char gcmResetPlaintext[] = {
504 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
505 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
506 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
507 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
508 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
509 };
510
511 static const unsigned char cfbCiphertext[] = {
512 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
513 0xE8, 0x3C, 0xFB, 0x4A
514 };
515
516 static const unsigned char cfbCiphertext_partial[] = {
517 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
518 0xE8, 0x3C, 0xFB, 0x4A, 0x0D, 0x4A, 0x71, 0x82, 0x90, 0xF0, 0x9A, 0x35
519 };
520
521 static const unsigned char ofbCiphertext_partial[] = {
522 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
523 0xE8, 0x3C, 0xFB, 0x4A, 0xB2, 0x65, 0x64, 0x38, 0x26, 0xD2, 0xBC, 0x09
524 };
525
526 static const unsigned char gcmDefaultCiphertext[] = {
527 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
528 0xba, 0xf3, 0x9d, 0x18
529 };
530
531 static const unsigned char gcmResetCiphertext1[] = {
532 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
533 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
534 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
535 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
536 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
537 };
538
539 static const unsigned char gcmResetCiphertext2[] = {
540 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
541 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
542 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
543 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
544 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
545 };
546
547 static const unsigned char gcmAAD[] = {
548 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
549 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
550 };
551
552 static const unsigned char gcmDefaultTag[] = {
553 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
554 0xd4, 0x8a, 0xb9, 0x19
555 };
556
557 static const unsigned char gcmResetTag1[] = {
558 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
559 0xfe, 0x2e, 0xa8, 0xf2
560 };
561
562 static const unsigned char gcmResetTag2[] = {
563 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
564 0xbb, 0x2d, 0x55, 0x1b
565 };
566
567 typedef struct APK_DATA_st {
568 const unsigned char *kder;
569 size_t size;
570 const char *keytype;
571 int evptype;
572 int check;
573 int pub_check;
574 int param_check;
575 int type; /* 0 for private, 1 for public, 2 for params */
576 } APK_DATA;
577
578 static APK_DATA keydata[] = {
579 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
580 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
581 #ifndef OPENSSL_NO_EC
582 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
583 #endif
584 };
585
586 static APK_DATA keycheckdata[] = {
587 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
588 0},
589 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
590 0, 1, 1, 0},
591 {kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA,
592 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0},
593 #ifndef OPENSSL_NO_EC
594 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
595 /* group is also associated in our pub key */
596 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
597 1, 1},
598 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
599 2},
600 # ifndef OPENSSL_NO_ECX
601 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
602 EVP_PKEY_ED25519, 1, 1, 1, 0},
603 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
604 EVP_PKEY_ED25519, 0, 1, 1, 1},
605 # endif
606 #endif
607 };
608
609 static EVP_PKEY *load_example_key(const char *keytype,
610 const unsigned char *data, size_t data_len)
611 {
612 const unsigned char **pdata = &data;
613 EVP_PKEY *pkey = NULL;
614 OSSL_DECODER_CTX *dctx =
615 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
616 testctx, testpropq);
617
618 /* |pkey| will be NULL on error */
619 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
620 OSSL_DECODER_CTX_free(dctx);
621 return pkey;
622 }
623
624 static EVP_PKEY *load_example_rsa_key(void)
625 {
626 return load_example_key("RSA", kExampleRSAKeyDER,
627 sizeof(kExampleRSAKeyDER));
628 }
629
630 #ifndef OPENSSL_NO_DSA
631 static EVP_PKEY *load_example_dsa_key(void)
632 {
633 return load_example_key("DSA", kExampleDSAKeyDER,
634 sizeof(kExampleDSAKeyDER));
635 }
636 #endif
637
638 #ifndef OPENSSL_NO_EC
639 static EVP_PKEY *load_example_ec_key(void)
640 {
641 return load_example_key("EC", kExampleECKeyDER,
642 sizeof(kExampleECKeyDER));
643 }
644 #endif
645
646 #ifndef OPENSSL_NO_DEPRECATED_3_0
647 # ifndef OPENSSL_NO_DH
648 static EVP_PKEY *load_example_dh_key(void)
649 {
650 return load_example_key("DH", kExampleDHKeyDER,
651 sizeof(kExampleDHKeyDER));
652 }
653 # endif
654
655 # ifndef OPENSSL_NO_ECX
656 static EVP_PKEY *load_example_ed25519_key(void)
657 {
658 return load_example_key("ED25519", kExampleED25519KeyDER,
659 sizeof(kExampleED25519KeyDER));
660 }
661
662 static EVP_PKEY *load_example_x25519_key(void)
663 {
664 return load_example_key("X25519", kExampleX25519KeyDER,
665 sizeof(kExampleX25519KeyDER));
666 }
667 # endif
668 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
669
670 static EVP_PKEY *load_example_hmac_key(void)
671 {
672 EVP_PKEY *pkey = NULL;
673 unsigned char key[] = {
674 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
675 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
676 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
677 };
678
679 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
680 NULL, key, sizeof(key));
681 if (!TEST_ptr(pkey))
682 return NULL;
683
684 return pkey;
685 }
686
687 static int test_EVP_set_default_properties(void)
688 {
689 OSSL_LIB_CTX *ctx;
690 EVP_MD *md = NULL;
691 int res = 0;
692
693 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
694 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
695 goto err;
696 EVP_MD_free(md);
697 md = NULL;
698
699 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
700 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
701 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
702 goto err;
703 EVP_MD_free(md);
704 md = NULL;
705
706 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
707 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
708 goto err;
709 res = 1;
710 err:
711 EVP_MD_free(md);
712 OSSL_LIB_CTX_free(ctx);
713 return res;
714 }
715
716 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
717 static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
718 {
719 EVP_PKEY_CTX *pctx = NULL;
720 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL;
721
722 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
723 goto err;
724 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
725 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
726 params), 0))
727 goto err;
728
729 if (!TEST_ptr(tmp_pkey))
730 goto err;
731
732 pkey = tmp_pkey;
733 tmp_pkey = NULL;
734 err:
735 EVP_PKEY_free(tmp_pkey);
736 EVP_PKEY_CTX_free(pctx);
737 return pkey;
738 }
739
740 static int test_selection(EVP_PKEY *pkey, int selection)
741 {
742 int testresult = 0;
743 int ret;
744 BIO *bio = BIO_new(BIO_s_mem());
745
746 ret = PEM_write_bio_PUBKEY(bio, pkey);
747 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
748 if (!TEST_true(ret))
749 goto err;
750 } else {
751 if (!TEST_false(ret))
752 goto err;
753 }
754 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
755 testctx, NULL);
756 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
757 if (!TEST_true(ret))
758 goto err;
759 } else {
760 if (!TEST_false(ret))
761 goto err;
762 }
763
764 testresult = 1;
765 err:
766 BIO_free(bio);
767
768 return testresult;
769 }
770 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
771
772 /*
773 * Test combinations of private, public, missing and private + public key
774 * params to ensure they are all accepted
775 */
776 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
777 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
778 {
779 OSSL_PARAM_BLD *bld = NULL;
780 OSSL_PARAM *params = NULL;
781 EVP_PKEY *just_params = NULL;
782 EVP_PKEY *params_and_priv = NULL;
783 EVP_PKEY *params_and_pub = NULL;
784 EVP_PKEY *params_and_keypair = NULL;
785 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
786 int ret = 0;
787
788 /*
789 * Setup the parameters for our pkey object. For our purposes they don't
790 * have to actually be *valid* parameters. We just need to set something.
791 */
792 if (!TEST_ptr(p = BN_new())
793 || !TEST_ptr(q = BN_new())
794 || !TEST_ptr(g = BN_new())
795 || !TEST_ptr(pub = BN_new())
796 || !TEST_ptr(priv = BN_new()))
797 goto err;
798
799 /* Test !priv and !pub */
800 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
801 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
802 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
803 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
804 goto err;
805 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
806 || !TEST_ptr(just_params = make_key_fromdata(keytype, params)))
807 goto err;
808
809 OSSL_PARAM_free(params);
810 OSSL_PARAM_BLD_free(bld);
811 params = NULL;
812 bld = NULL;
813
814 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
815 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
816 goto err;
817
818 /* Test priv and !pub */
819 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
820 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
821 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
822 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
823 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
824 priv)))
825 goto err;
826 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
827 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params)))
828 goto err;
829
830 OSSL_PARAM_free(params);
831 OSSL_PARAM_BLD_free(bld);
832 params = NULL;
833 bld = NULL;
834
835 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
836 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
837 goto err;
838
839 /* Test !priv and pub */
840 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
841 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
842 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
843 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
844 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
845 pub)))
846 goto err;
847 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
848 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params)))
849 goto err;
850
851 OSSL_PARAM_free(params);
852 OSSL_PARAM_BLD_free(bld);
853 params = NULL;
854 bld = NULL;
855
856 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
857 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
858 goto err;
859
860 /* Test priv and pub */
861 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
862 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
863 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
864 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
865 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
866 pub))
867 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
868 priv)))
869 goto err;
870 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
871 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params)))
872 goto err;
873
874 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
875 goto err;
876
877 ret = 1;
878 err:
879 OSSL_PARAM_free(params);
880 OSSL_PARAM_BLD_free(bld);
881 EVP_PKEY_free(just_params);
882 EVP_PKEY_free(params_and_priv);
883 EVP_PKEY_free(params_and_pub);
884 EVP_PKEY_free(params_and_keypair);
885 BN_free(p);
886 BN_free(q);
887 BN_free(g);
888 BN_free(pub);
889 BN_free(priv);
890
891 return ret;
892 }
893 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
894
895 /*
896 * Test combinations of private, public, missing and private + public key
897 * params to ensure they are all accepted for EC keys
898 */
899 #ifndef OPENSSL_NO_EC
900 static unsigned char ec_priv[] = {
901 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
902 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
903 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
904 };
905 static unsigned char ec_pub[] = {
906 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
907 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
908 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
909 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
910 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
911 0x08, 0x09, 0xb8, 0xdb, 0x03
912 };
913
914 static int test_EC_priv_pub(void)
915 {
916 OSSL_PARAM_BLD *bld = NULL;
917 OSSL_PARAM *params = NULL;
918 EVP_PKEY *just_params = NULL;
919 EVP_PKEY *params_and_priv = NULL;
920 EVP_PKEY *params_and_pub = NULL;
921 EVP_PKEY *params_and_keypair = NULL;
922 BIGNUM *priv = NULL;
923 int ret = 0;
924 unsigned char *encoded = NULL;
925 size_t len = 0;
926 unsigned char buffer[128];
927
928 /*
929 * Setup the parameters for our pkey object. For our purposes they don't
930 * have to actually be *valid* parameters. We just need to set something.
931 */
932 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
933 goto err;
934
935 /* Test !priv and !pub */
936 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
937 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
938 OSSL_PKEY_PARAM_GROUP_NAME,
939 "P-256", 0)))
940 goto err;
941 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
942 || !TEST_ptr(just_params = make_key_fromdata("EC", params)))
943 goto err;
944
945 OSSL_PARAM_free(params);
946 OSSL_PARAM_BLD_free(bld);
947 params = NULL;
948 bld = NULL;
949
950 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
951 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
952 goto err;
953
954 /* Test priv and !pub */
955 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
956 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
957 OSSL_PKEY_PARAM_GROUP_NAME,
958 "P-256", 0))
959 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
960 priv)))
961 goto err;
962 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
963 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params)))
964 goto err;
965
966 OSSL_PARAM_free(params);
967 OSSL_PARAM_BLD_free(bld);
968 params = NULL;
969 bld = NULL;
970
971 /*
972 * We indicate only parameters here, in spite of having built a key that
973 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
974 * expected to fail because it does not support exporting a private EC
975 * key without a corresponding public key
976 */
977 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
978 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
979 goto err;
980
981 /* Test !priv and pub */
982 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
983 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
984 OSSL_PKEY_PARAM_GROUP_NAME,
985 "P-256", 0))
986 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
987 OSSL_PKEY_PARAM_PUB_KEY,
988 ec_pub, sizeof(ec_pub))))
989 goto err;
990 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
991 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params)))
992 goto err;
993
994 OSSL_PARAM_free(params);
995 OSSL_PARAM_BLD_free(bld);
996 params = NULL;
997 bld = NULL;
998
999 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
1000 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
1001 goto err;
1002
1003 /* Test priv and pub */
1004 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1005 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1006 OSSL_PKEY_PARAM_GROUP_NAME,
1007 "P-256", 0))
1008 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1009 OSSL_PKEY_PARAM_PUB_KEY,
1010 ec_pub, sizeof(ec_pub)))
1011 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1012 priv)))
1013 goto err;
1014 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1015 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params)))
1016 goto err;
1017
1018 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
1019 goto err;
1020
1021 /* Try key equality */
1022 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0)
1023 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub),
1024 0)
1025 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv),
1026 0)
1027 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair),
1028 0)
1029 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0)
1030 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0)
1031 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0)
1032 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0))
1033 goto err;
1034
1035 /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */
1036 if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0))
1037 goto err;
1038 OPENSSL_free(encoded);
1039 encoded = NULL;
1040 if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) {
1041 OPENSSL_free(encoded);
1042 encoded = NULL;
1043 goto err;
1044 }
1045
1046 /* Positive and negative testcase for EVP_PKEY_get_octet_string_param */
1047 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1048 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1049 buffer, sizeof(buffer), &len), 1)
1050 || !TEST_int_eq(len, 65))
1051 goto err;
1052
1053 len = 0;
1054 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1055 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1056 NULL, 0, &len), 1)
1057 || !TEST_int_eq(len, 65))
1058 goto err;
1059
1060 /* too-short buffer len*/
1061 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1062 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1063 buffer, 10, &len), 0))
1064 goto err;
1065
1066 ret = 1;
1067 err:
1068 OSSL_PARAM_free(params);
1069 OSSL_PARAM_BLD_free(bld);
1070 EVP_PKEY_free(just_params);
1071 EVP_PKEY_free(params_and_priv);
1072 EVP_PKEY_free(params_and_pub);
1073 EVP_PKEY_free(params_and_keypair);
1074 BN_free(priv);
1075
1076 return ret;
1077 }
1078
1079 /* Also test that we can read the EC PUB affine coordinates */
1080 static int test_evp_get_ec_pub(void)
1081 {
1082 OSSL_PARAM_BLD *bld = NULL;
1083 OSSL_PARAM *params = NULL;
1084 unsigned char *pad = NULL;
1085 EVP_PKEY *keypair = NULL;
1086 BIGNUM *priv = NULL;
1087 BIGNUM *x = NULL;
1088 BIGNUM *y = NULL;
1089 int ret = 0;
1090
1091 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1092 goto err;
1093
1094 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1095 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1096 OSSL_PKEY_PARAM_GROUP_NAME,
1097 "P-256", 0))
1098 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1099 OSSL_PKEY_PARAM_PUB_KEY,
1100 ec_pub, sizeof(ec_pub)))
1101 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1102 priv)))
1103 goto err;
1104
1105 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1106 || !TEST_ptr(keypair = make_key_fromdata("EC", params)))
1107 goto err;
1108
1109 if (!test_selection(keypair, EVP_PKEY_KEYPAIR))
1110 goto err;
1111
1112 if (!EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_X, &x)
1113 || !EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_Y, &y))
1114 goto err;
1115
1116 if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub))))
1117 goto err;
1118
1119 pad[0] = ec_pub[0];
1120 BN_bn2bin(x, &pad[1]);
1121 BN_bn2bin(y, &pad[33]);
1122 if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0))
1123 goto err;
1124
1125 ret = 1;
1126
1127 err:
1128 OSSL_PARAM_free(params);
1129 OSSL_PARAM_BLD_free(bld);
1130 EVP_PKEY_free(keypair);
1131 OPENSSL_free(pad);
1132 BN_free(priv);
1133 BN_free(x);
1134 BN_free(y);
1135 return ret;
1136 }
1137
1138 /* Test that using a legacy EC key with only a private key in it works */
1139 # ifndef OPENSSL_NO_DEPRECATED_3_0
1140 static int test_EC_priv_only_legacy(void)
1141 {
1142 BIGNUM *priv = NULL;
1143 int ret = 0;
1144 EC_KEY *eckey = NULL;
1145 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
1146 EVP_MD_CTX *ctx = NULL;
1147
1148 /* Create the low level EC_KEY */
1149 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1150 goto err;
1151
1152 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1153 if (!TEST_ptr(eckey))
1154 goto err;
1155
1156 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1157 goto err;
1158
1159 pkey = EVP_PKEY_new();
1160 if (!TEST_ptr(pkey))
1161 goto err;
1162
1163 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1164 goto err;
1165 eckey = NULL;
1166
1167 for (;;) {
1168 ret = 0;
1169 ctx = EVP_MD_CTX_new();
1170 if (!TEST_ptr(ctx))
1171 goto err;
1172
1173 /*
1174 * The EVP_DigestSignInit function should create the key on the
1175 * provider side which is sufficient for this test.
1176 */
1177 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
1178 testpropq, pkey, NULL)))
1179 goto err;
1180 EVP_MD_CTX_free(ctx);
1181 ctx = NULL;
1182
1183 if (dup_pk != NULL)
1184 break;
1185
1186 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
1187 goto err;
1188 /* EVP_PKEY_eq() returns -2 with missing public keys */
1189 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
1190 EVP_PKEY_free(pkey);
1191 pkey = dup_pk;
1192 if (!ret)
1193 goto err;
1194 }
1195 ret = 1;
1196
1197 err:
1198 EVP_MD_CTX_free(ctx);
1199 EVP_PKEY_free(pkey);
1200 EC_KEY_free(eckey);
1201 BN_free(priv);
1202
1203 return ret;
1204 }
1205
1206 static int test_evp_get_ec_pub_legacy(void)
1207 {
1208 OSSL_LIB_CTX *libctx = NULL;
1209 unsigned char *pad = NULL;
1210 EVP_PKEY *pkey = NULL;
1211 EC_KEY *eckey = NULL;
1212 BIGNUM *priv = NULL;
1213 BIGNUM *x = NULL;
1214 BIGNUM *y = NULL;
1215 int ret = 0;
1216
1217 if (!TEST_ptr(libctx = OSSL_LIB_CTX_new()))
1218 goto err;
1219
1220 /* Create the legacy key */
1221 if (!TEST_ptr(eckey = EC_KEY_new_by_curve_name_ex(libctx, NULL,
1222 NID_X9_62_prime256v1)))
1223 goto err;
1224
1225 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1226 goto err;
1227
1228 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1229 goto err;
1230
1231 if (!TEST_ptr(x = BN_bin2bn(&ec_pub[1], 32, NULL)))
1232 goto err;
1233
1234 if (!TEST_ptr(y = BN_bin2bn(&ec_pub[33], 32, NULL)))
1235 goto err;
1236
1237 if (!TEST_true(EC_KEY_set_public_key_affine_coordinates(eckey, x, y)))
1238 goto err;
1239
1240 if (!TEST_ptr(pkey = EVP_PKEY_new()))
1241 goto err;
1242
1243 /* Transfer the legacy key */
1244 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1245 goto err;
1246 eckey = NULL;
1247
1248 if (!TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &x))
1249 || !TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &y)))
1250 goto err;
1251
1252 if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub))))
1253 goto err;
1254
1255 pad[0] = ec_pub[0];
1256 BN_bn2bin(x, &pad[1]);
1257 BN_bn2bin(y, &pad[33]);
1258
1259 if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0))
1260 goto err;
1261
1262 ret = 1;
1263
1264 err:
1265 OSSL_LIB_CTX_free(libctx);
1266 EVP_PKEY_free(pkey);
1267 EC_KEY_free(eckey);
1268 OPENSSL_free(pad);
1269 BN_free(priv);
1270 BN_free(x);
1271 BN_free(y);
1272
1273 return ret;
1274 }
1275 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
1276 #endif /* OPENSSL_NO_EC */
1277
1278 static int test_EVP_PKEY_sign(int tst)
1279 {
1280 int ret = 0;
1281 EVP_PKEY *pkey = NULL;
1282 unsigned char *sig = NULL;
1283 size_t sig_len = 0, shortsig_len = 1;
1284 EVP_PKEY_CTX *ctx = NULL;
1285 unsigned char tbs[] = {
1286 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1287 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1288 };
1289
1290 if (tst == 0) {
1291 if (!TEST_ptr(pkey = load_example_rsa_key()))
1292 goto out;
1293 } else if (tst == 1) {
1294 #ifndef OPENSSL_NO_DSA
1295 if (!TEST_ptr(pkey = load_example_dsa_key()))
1296 goto out;
1297 #else
1298 ret = 1;
1299 goto out;
1300 #endif
1301 } else {
1302 #ifndef OPENSSL_NO_EC
1303 if (!TEST_ptr(pkey = load_example_ec_key()))
1304 goto out;
1305 #else
1306 ret = 1;
1307 goto out;
1308 #endif
1309 }
1310
1311 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1312 if (!TEST_ptr(ctx)
1313 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1314 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1315 sizeof(tbs)), 0))
1316 goto out;
1317 sig = OPENSSL_malloc(sig_len);
1318 if (!TEST_ptr(sig)
1319 /* Test sending a signature buffer that is too short is rejected */
1320 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1321 sizeof(tbs)), 0)
1322 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1323 0)
1324 /* Test the signature round-trips */
1325 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1326 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1327 0))
1328 goto out;
1329
1330 ret = 1;
1331 out:
1332 EVP_PKEY_CTX_free(ctx);
1333 OPENSSL_free(sig);
1334 EVP_PKEY_free(pkey);
1335 return ret;
1336 }
1337
1338 #ifndef OPENSSL_NO_DEPRECATED_3_0
1339 static int test_EVP_PKEY_sign_with_app_method(int tst)
1340 {
1341 int ret = 0;
1342 EVP_PKEY *pkey = NULL;
1343 RSA *rsa = NULL;
1344 RSA_METHOD *rsa_meth = NULL;
1345 #ifndef OPENSSL_NO_DSA
1346 DSA *dsa = NULL;
1347 DSA_METHOD *dsa_meth = NULL;
1348 #endif
1349 unsigned char *sig = NULL;
1350 size_t sig_len = 0, shortsig_len = 1;
1351 EVP_PKEY_CTX *ctx = NULL;
1352 unsigned char tbs[] = {
1353 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1354 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1355 };
1356
1357 if (tst == 0) {
1358 if (!TEST_ptr(pkey = load_example_rsa_key()))
1359 goto out;
1360 if (!TEST_ptr(rsa_meth = RSA_meth_dup(RSA_get_default_method())))
1361 goto out;
1362
1363 if (!TEST_ptr(rsa = EVP_PKEY_get1_RSA(pkey))
1364 || !TEST_int_gt(RSA_set_method(rsa, rsa_meth), 0)
1365 || !TEST_int_gt(EVP_PKEY_assign_RSA(pkey, rsa), 0))
1366 goto out;
1367 rsa = NULL; /* now owned by the pkey */
1368 } else {
1369 #ifndef OPENSSL_NO_DSA
1370 if (!TEST_ptr(pkey = load_example_dsa_key()))
1371 goto out;
1372 if (!TEST_ptr(dsa_meth = DSA_meth_dup(DSA_get_default_method())))
1373 goto out;
1374
1375 if (!TEST_ptr(dsa = EVP_PKEY_get1_DSA(pkey))
1376 || !TEST_int_gt(DSA_set_method(dsa, dsa_meth), 0)
1377 || !TEST_int_gt(EVP_PKEY_assign_DSA(pkey, dsa), 0))
1378 goto out;
1379 dsa = NULL; /* now owned by the pkey */
1380 #else
1381 ret = 1;
1382 goto out;
1383 #endif
1384 }
1385
1386 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1387 if (!TEST_ptr(ctx)
1388 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1389 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1390 sizeof(tbs)), 0))
1391 goto out;
1392 sig = OPENSSL_malloc(sig_len);
1393 if (!TEST_ptr(sig)
1394 /* Test sending a signature buffer that is too short is rejected */
1395 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1396 sizeof(tbs)), 0)
1397 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1398 0)
1399 /* Test the signature round-trips */
1400 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1401 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1402 0))
1403 goto out;
1404
1405 ret = 1;
1406 out:
1407 EVP_PKEY_CTX_free(ctx);
1408 OPENSSL_free(sig);
1409 EVP_PKEY_free(pkey);
1410 RSA_free(rsa);
1411 RSA_meth_free(rsa_meth);
1412 #ifndef OPENSSL_NO_DSA
1413 DSA_free(dsa);
1414 DSA_meth_free(dsa_meth);
1415 #endif
1416 return ret;
1417 }
1418 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */
1419
1420 /*
1421 * n = 0 => test using legacy cipher
1422 * n = 1 => test using fetched cipher
1423 */
1424 static int test_EVP_Enveloped(int n)
1425 {
1426 int ret = 0;
1427 EVP_CIPHER_CTX *ctx = NULL;
1428 EVP_PKEY *keypair = NULL;
1429 unsigned char *kek = NULL;
1430 unsigned char iv[EVP_MAX_IV_LENGTH];
1431 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1432 int len, kek_len, ciphertext_len, plaintext_len;
1433 unsigned char ciphertext[32], plaintext[16];
1434 EVP_CIPHER *type = NULL;
1435
1436 if (nullprov != NULL)
1437 return TEST_skip("Test does not support a non-default library context");
1438
1439 if (n == 0)
1440 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1441 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1442 testpropq)))
1443 goto err;
1444
1445 if (!TEST_ptr(keypair = load_example_rsa_key())
1446 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
1447 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1448 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1449 &keypair, 1))
1450 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1451 msg, sizeof(msg)))
1452 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1453 &len)))
1454 goto err;
1455
1456 ciphertext_len += len;
1457
1458 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1459 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1460 ciphertext, ciphertext_len))
1461 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1462 goto err;
1463
1464 plaintext_len += len;
1465 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1466 goto err;
1467
1468 ret = 1;
1469 err:
1470 if (n != 0)
1471 EVP_CIPHER_free(type);
1472 OPENSSL_free(kek);
1473 EVP_PKEY_free(keypair);
1474 EVP_CIPHER_CTX_free(ctx);
1475 return ret;
1476 }
1477
1478 /*
1479 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1480 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1481 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1482 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1483 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1484 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1485 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1486 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1487 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1488 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1489 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1490 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1491 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1492 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1493 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1494 * Test 15-29: Same as above with reinitialization
1495 */
1496 static int test_EVP_DigestSignInit(int tst)
1497 {
1498 int ret = 0;
1499 EVP_PKEY *pkey = NULL;
1500 unsigned char *sig = NULL, *sig2 = NULL;
1501 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
1502 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1503 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1504 BIO *mdbio = NULL, *membio = NULL;
1505 size_t written;
1506 const EVP_MD *md;
1507 EVP_MD *mdexp = NULL;
1508 int reinit = 0;
1509
1510 if (nullprov != NULL)
1511 return TEST_skip("Test does not support a non-default library context");
1512
1513 if (tst >= 15) {
1514 reinit = 1;
1515 tst -= 15;
1516 }
1517
1518 if (tst >= 6 && tst <= 8) {
1519 membio = BIO_new(BIO_s_mem());
1520 mdbio = BIO_new(BIO_f_md());
1521 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1522 goto out;
1523 BIO_push(mdbio, membio);
1524 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1525 goto out;
1526 } else {
1527 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1528 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1529 goto out;
1530 }
1531
1532 if (tst % 3 == 0) {
1533 if (!TEST_ptr(pkey = load_example_rsa_key()))
1534 goto out;
1535 } else if (tst % 3 == 1) {
1536 #ifndef OPENSSL_NO_DSA
1537 if (!TEST_ptr(pkey = load_example_dsa_key()))
1538 goto out;
1539 #else
1540 ret = 1;
1541 goto out;
1542 #endif
1543 } else {
1544 if (!TEST_ptr(pkey = load_example_hmac_key()))
1545 goto out;
1546 }
1547
1548 if (tst >= 3 && tst <= 5)
1549 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1550 else
1551 md = EVP_sha256();
1552
1553 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1554 goto out;
1555
1556 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
1557 goto out;
1558
1559 if (tst >= 6 && tst <= 8) {
1560 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1561 goto out;
1562 } else if (tst < 6) {
1563 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1564 goto out;
1565 }
1566
1567 if (tst >= 9) {
1568 /* Determine the size of the signature. */
1569 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1570 sizeof(kMsg)))
1571 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1572 goto out;
1573 if (tst <= 11) {
1574 /* Test that supply a short sig buffer fails */
1575 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1576 sizeof(kMsg))))
1577 goto out;
1578 /*
1579 * We end here because once EVP_DigestSign() has failed you should
1580 * not call it again without re-initing the ctx
1581 */
1582 ret = 1;
1583 goto out;
1584 }
1585 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1586 sizeof(kMsg))))
1587 goto out;
1588 } else {
1589 /* Determine the size of the signature. */
1590 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1591 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1592 /*
1593 * Trying to create a signature with a deliberately short
1594 * buffer should fail.
1595 */
1596 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1597 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1598 goto out;
1599 }
1600
1601 /*
1602 * Ensure that the signature round-trips (Verification isn't supported for
1603 * HMAC via EVP_DigestVerify*)
1604 */
1605 if (tst % 3 != 2) {
1606 if (tst >= 6 && tst <= 8) {
1607 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1608 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1609 goto out;
1610 }
1611
1612 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1613 NULL, pkey)))
1614 goto out;
1615
1616 if (tst >= 6 && tst <= 8) {
1617 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1618 goto out;
1619 } else {
1620 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1621 sizeof(kMsg))))
1622 goto out;
1623 }
1624 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1625 goto out;
1626
1627 /* Multiple calls to EVP_DigestVerifyFinal should work */
1628 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1629 goto out;
1630 } else {
1631 /*
1632 * For HMAC a doubled call to DigestSignFinal should produce the same
1633 * value as finalization should not happen.
1634 */
1635 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1636 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1637 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1638 goto out;
1639
1640 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1641 goto out;
1642 }
1643
1644 ret = 1;
1645
1646 out:
1647 BIO_free(membio);
1648 BIO_free(mdbio);
1649 EVP_MD_CTX_free(a_md_ctx);
1650 EVP_MD_CTX_free(a_md_ctx_verify);
1651 EVP_PKEY_free(pkey);
1652 OPENSSL_free(sig);
1653 OPENSSL_free(sig2);
1654 EVP_MD_free(mdexp);
1655
1656 return ret;
1657 }
1658
1659 static int test_EVP_DigestVerifyInit(void)
1660 {
1661 int ret = 0;
1662 EVP_PKEY *pkey = NULL;
1663 EVP_MD_CTX *md_ctx = NULL;
1664
1665 if (nullprov != NULL)
1666 return TEST_skip("Test does not support a non-default library context");
1667
1668 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1669 || !TEST_ptr(pkey = load_example_rsa_key()))
1670 goto out;
1671
1672 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1673 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1674 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1675 sizeof(kSignature)), 0))
1676 goto out;
1677
1678 /* test with reinitialization */
1679 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
1680 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1681 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1682 sizeof(kSignature)), 0))
1683 goto out;
1684 ret = 1;
1685
1686 out:
1687 EVP_MD_CTX_free(md_ctx);
1688 EVP_PKEY_free(pkey);
1689 return ret;
1690 }
1691
1692 #ifndef OPENSSL_NO_SIPHASH
1693 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
1694 static int test_siphash_digestsign(void)
1695 {
1696 unsigned char key[16];
1697 unsigned char buf[8], digest[8];
1698 unsigned char expected[8] = {
1699 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1700 };
1701 EVP_PKEY *pkey = NULL;
1702 EVP_MD_CTX *mdctx = NULL;
1703 EVP_PKEY_CTX *ctx = NULL;
1704 int ret = 0;
1705 size_t len = 8;
1706
1707 if (nullprov != NULL)
1708 return TEST_skip("Test does not support a non-default library context");
1709
1710 memset(buf, 0, 8);
1711 memset(key, 1, 16);
1712 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
1713 key, 16)))
1714 goto out;
1715
1716 if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
1717 goto out;
1718
1719 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
1720 goto out;
1721 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
1722 EVP_PKEY_CTRL_SET_DIGEST_SIZE,
1723 8, NULL), 1))
1724 goto out;
1725 /* reinitialize */
1726 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
1727 goto out;
1728 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
1729 goto out;
1730 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
1731 goto out;
1732 if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
1733 goto out;
1734
1735 ret = 1;
1736 out:
1737 EVP_PKEY_free(pkey);
1738 EVP_MD_CTX_free(mdctx);
1739 return ret;
1740 }
1741 #endif
1742
1743 /*
1744 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1745 */
1746 static int test_EVP_Digest(void)
1747 {
1748 int ret = 0;
1749 EVP_MD_CTX *md_ctx = NULL;
1750 unsigned char md[EVP_MAX_MD_SIZE];
1751 EVP_MD *sha256 = NULL;
1752 EVP_MD *shake256 = NULL;
1753
1754 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1755 goto out;
1756
1757 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1758 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1759 goto out;
1760
1761 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1762 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1763 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1764 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1765 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1766 goto out;
1767
1768 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1769 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1770 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1771 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1772 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1773 /*
1774 * EVP_DigestInit_ex with NULL type should work on
1775 * pre-initialized context.
1776 */
1777 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1778 goto out;
1779
1780 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1781 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1782 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1783 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1784 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1785 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1786 goto out;
1787 ret = 1;
1788
1789 out:
1790 EVP_MD_CTX_free(md_ctx);
1791 EVP_MD_free(sha256);
1792 EVP_MD_free(shake256);
1793 return ret;
1794 }
1795
1796 static int test_EVP_md_null(void)
1797 {
1798 int ret = 0;
1799 EVP_MD_CTX *md_ctx = NULL;
1800 const EVP_MD *md_null = EVP_md_null();
1801 unsigned char md_value[EVP_MAX_MD_SIZE];
1802 unsigned int md_len = sizeof(md_value);
1803
1804 if (nullprov != NULL)
1805 return TEST_skip("Test does not support a non-default library context");
1806
1807 if (!TEST_ptr(md_null)
1808 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1809 goto out;
1810
1811 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
1812 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
1813 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
1814 goto out;
1815
1816 if (!TEST_uint_eq(md_len, 0))
1817 goto out;
1818
1819 ret = 1;
1820 out:
1821 EVP_MD_CTX_free(md_ctx);
1822 return ret;
1823 }
1824
1825 static int test_d2i_AutoPrivateKey(int i)
1826 {
1827 int ret = 0;
1828 const unsigned char *p;
1829 EVP_PKEY *pkey = NULL;
1830 const APK_DATA *ak = &keydata[i];
1831 const unsigned char *input = ak->kder;
1832 size_t input_len = ak->size;
1833 int expected_id = ak->evptype;
1834
1835 p = input;
1836 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1837 || !TEST_ptr_eq(p, input + input_len)
1838 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
1839 goto done;
1840
1841 ret = 1;
1842
1843 done:
1844 EVP_PKEY_free(pkey);
1845 return ret;
1846 }
1847
1848 #ifndef OPENSSL_NO_EC
1849
1850 static const unsigned char ec_public_sect163k1_validxy[] = {
1851 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1852 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1853 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1854 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1855 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1856 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1857 };
1858
1859 static const unsigned char ec_public_sect163k1_badx[] = {
1860 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1861 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1862 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1863 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1864 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1865 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1866 };
1867
1868 static const unsigned char ec_public_sect163k1_bady[] = {
1869 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1870 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1871 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1872 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1873 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1874 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1875 };
1876
1877 static struct ec_der_pub_keys_st {
1878 const unsigned char *der;
1879 size_t len;
1880 int valid;
1881 } ec_der_pub_keys[] = {
1882 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1883 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1884 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1885 };
1886
1887 /*
1888 * Tests the range of the decoded EC char2 public point.
1889 * See ec_GF2m_simple_oct2point().
1890 */
1891 static int test_invalide_ec_char2_pub_range_decode(int id)
1892 {
1893 int ret = 0;
1894 EVP_PKEY *pkey;
1895
1896 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1897 ec_der_pub_keys[id].len);
1898
1899 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1900 || TEST_ptr_null(pkey);
1901 EVP_PKEY_free(pkey);
1902 return ret;
1903 }
1904
1905 /* Tests loading a bad key in PKCS8 format */
1906 static int test_EVP_PKCS82PKEY(void)
1907 {
1908 int ret = 0;
1909 const unsigned char *derp = kExampleBadECKeyDER;
1910 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1911 EVP_PKEY *pkey = NULL;
1912
1913 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1914 sizeof(kExampleBadECKeyDER))))
1915 goto done;
1916
1917 if (!TEST_ptr_eq(derp,
1918 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1919 goto done;
1920
1921 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1922 goto done;
1923
1924 ret = 1;
1925
1926 done:
1927 PKCS8_PRIV_KEY_INFO_free(p8inf);
1928 EVP_PKEY_free(pkey);
1929
1930 return ret;
1931 }
1932
1933 #endif
1934 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1935 {
1936 EVP_PKEY *pkey = NULL;
1937 EVP_PKEY *pkey2 = NULL;
1938 BIO *membio = NULL;
1939 char *membuf = NULL;
1940 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1941 int ok = 0;
1942
1943 if (testctx != NULL)
1944 /* test not supported with non-default context */
1945 return 1;
1946
1947 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1948 || !TEST_ptr(pkey = load_example_rsa_key())
1949 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1950 NULL, 0, NULL, NULL),
1951 0)
1952 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1953 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1954 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
1955 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1956 goto done;
1957 }
1958
1959 ok = 1;
1960 done:
1961 EVP_PKEY_free(pkey);
1962 EVP_PKEY_free(pkey2);
1963 PKCS8_PRIV_KEY_INFO_free(p8inf);
1964 BIO_free_all(membio);
1965 return ok;
1966 }
1967
1968 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1969 static int test_privatekey_to_pkcs8(void)
1970 {
1971 EVP_PKEY *pkey = NULL;
1972 BIO *membio = NULL;
1973 char *membuf = NULL;
1974 long membuf_len = 0;
1975 int ok = 0;
1976
1977 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1978 || !TEST_ptr(pkey = load_example_rsa_key())
1979 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1980 NULL, 0, NULL, NULL),
1981 0)
1982 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1983 || !TEST_ptr(membuf)
1984 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1985 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1986 /*
1987 * We try to write PEM as well, just to see that it doesn't err, but
1988 * assume that the result is correct.
1989 */
1990 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1991 NULL, 0, NULL, NULL),
1992 0))
1993 goto done;
1994
1995 ok = 1;
1996 done:
1997 EVP_PKEY_free(pkey);
1998 BIO_free_all(membio);
1999 return ok;
2000 }
2001
2002 #ifndef OPENSSL_NO_EC
2003 static const struct {
2004 int encoding;
2005 const char *encoding_name;
2006 } ec_encodings[] = {
2007 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
2008 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
2009 };
2010
2011 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
2012 {
2013 const OSSL_PARAM *p;
2014 const char *enc_name = NULL;
2015 int *enc = arg;
2016 size_t i;
2017
2018 *enc = -1;
2019
2020 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
2021 OSSL_PKEY_PARAM_EC_ENCODING))
2022 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
2023 return 0;
2024
2025 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
2026 if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
2027 *enc = ec_encodings[i].encoding;
2028 break;
2029 }
2030 }
2031
2032 return (*enc != -1);
2033 }
2034
2035 static int test_EC_keygen_with_enc(int idx)
2036 {
2037 EVP_PKEY *params = NULL, *key = NULL;
2038 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
2039 int enc;
2040 int ret = 0;
2041
2042 enc = ec_encodings[idx].encoding;
2043
2044 /* Create key parameters */
2045 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
2046 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
2047 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0)
2048 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0)
2049 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
2050 || !TEST_ptr(params))
2051 goto done;
2052
2053 /* Create key */
2054 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
2055 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2056 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
2057 || !TEST_ptr(key))
2058 goto done;
2059
2060 /* Check that the encoding got all the way into the key */
2061 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
2062 ec_export_get_encoding_cb, &enc))
2063 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
2064 goto done;
2065
2066 ret = 1;
2067 done:
2068 EVP_PKEY_free(key);
2069 EVP_PKEY_free(params);
2070 EVP_PKEY_CTX_free(kctx);
2071 EVP_PKEY_CTX_free(pctx);
2072 return ret;
2073 }
2074 #endif
2075
2076 #if !defined(OPENSSL_NO_SM2)
2077
2078 static int test_EVP_SM2_verify(void)
2079 {
2080 const char *pubkey =
2081 "-----BEGIN PUBLIC KEY-----\n"
2082 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
2083 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
2084 "-----END PUBLIC KEY-----\n";
2085
2086 const char *msg = "message digest";
2087 const char *id = "ALICE123@YAHOO.COM";
2088
2089 const uint8_t signature[] = {
2090 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
2091 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
2092 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
2093 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
2094 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
2095 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
2096 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
2097 };
2098
2099 int rc = 0;
2100 BIO *bio = NULL;
2101 EVP_PKEY *pkey = NULL;
2102 EVP_MD_CTX *mctx = NULL;
2103 EVP_PKEY_CTX *pctx = NULL;
2104 EVP_MD *sm3 = NULL;
2105
2106 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
2107 if (!TEST_true(bio != NULL))
2108 goto done;
2109
2110 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
2111 if (!TEST_true(pkey != NULL))
2112 goto done;
2113
2114 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
2115 goto done;
2116
2117 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
2118 goto done;
2119
2120 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2121 goto done;
2122
2123 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
2124
2125 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
2126 goto done;
2127
2128 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
2129 goto done;
2130
2131 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
2132 goto done;
2133
2134 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
2135 goto done;
2136
2137 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
2138 goto done;
2139 rc = 1;
2140
2141 done:
2142 BIO_free(bio);
2143 EVP_PKEY_free(pkey);
2144 EVP_PKEY_CTX_free(pctx);
2145 EVP_MD_CTX_free(mctx);
2146 EVP_MD_free(sm3);
2147 return rc;
2148 }
2149
2150 static int test_EVP_SM2(void)
2151 {
2152 int ret = 0;
2153 EVP_PKEY *pkey = NULL;
2154 EVP_PKEY *pkeyparams = NULL;
2155 EVP_PKEY_CTX *pctx = NULL;
2156 EVP_PKEY_CTX *kctx = NULL;
2157 EVP_PKEY_CTX *sctx = NULL;
2158 size_t sig_len = 0;
2159 unsigned char *sig = NULL;
2160 EVP_MD_CTX *md_ctx = NULL;
2161 EVP_MD_CTX *md_ctx_verify = NULL;
2162 EVP_PKEY_CTX *cctx = NULL;
2163 EVP_MD *check_md = NULL;
2164
2165 uint8_t ciphertext[128];
2166 size_t ctext_len = sizeof(ciphertext);
2167
2168 uint8_t plaintext[8];
2169 size_t ptext_len = sizeof(plaintext);
2170
2171 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
2172
2173 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
2174 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
2175 int i;
2176 char mdname[OSSL_MAX_NAME_SIZE];
2177
2178 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
2179 "SM2", testpropq)))
2180 goto done;
2181
2182 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
2183 goto done;
2184
2185 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0))
2186 goto done;
2187
2188 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
2189 goto done;
2190
2191 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2192 pkeyparams, testpropq)))
2193 goto done;
2194
2195 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0))
2196 goto done;
2197
2198 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
2199 goto done;
2200
2201 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
2202 goto done;
2203
2204 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
2205 goto done;
2206
2207 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2208 goto done;
2209
2210 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
2211 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
2212
2213 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
2214 goto done;
2215
2216 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
2217 goto done;
2218
2219 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
2220 goto done;
2221
2222 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
2223 goto done;
2224
2225 /* Determine the size of the signature. */
2226 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
2227 goto done;
2228
2229 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
2230 goto done;
2231
2232 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
2233 goto done;
2234
2235 /* Ensure that the signature round-trips. */
2236
2237 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
2238 pkey)))
2239 goto done;
2240
2241 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
2242 goto done;
2243
2244 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2245 goto done;
2246
2247 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2248 goto done;
2249
2250 /*
2251 * Try verify again with non-matching 0 length id but ensure that it can
2252 * be set on the context and overrides the previous value.
2253 */
2254
2255 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
2256 pkey)))
2257 goto done;
2258
2259 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0))
2260 goto done;
2261
2262 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2263 goto done;
2264
2265 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2266 goto done;
2267
2268 /* now check encryption/decryption */
2269
2270 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2271 mdname, sizeof(mdname));
2272 for (i = 0; i < 2; i++) {
2273 const char *mdnames[] = {
2274 #ifndef OPENSSL_NO_SM3
2275 "SM3",
2276 #else
2277 NULL,
2278 #endif
2279 "SHA2-256" };
2280 EVP_PKEY_CTX_free(cctx);
2281
2282 if (mdnames[i] == NULL)
2283 continue;
2284
2285 sparams[0] =
2286 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2287 (char *)mdnames[i], 0);
2288
2289 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2290 pkey, testpropq)))
2291 goto done;
2292
2293 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
2294 goto done;
2295
2296 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2297 goto done;
2298
2299 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
2300 sizeof(kMsg))))
2301 goto done;
2302
2303 if (!TEST_int_gt(EVP_PKEY_decrypt_init(cctx), 0))
2304 goto done;
2305
2306 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2307 goto done;
2308
2309 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
2310 ctext_len), 0))
2311 goto done;
2312
2313 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
2314 goto done;
2315
2316 /*
2317 * Test we're still using the digest we think we are.
2318 * Because of aliases, the easiest is to fetch the digest and
2319 * check the name with EVP_MD_is_a().
2320 */
2321 EVP_MD_free(check_md);
2322 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
2323 goto done;
2324 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
2325 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
2326 goto done;
2327 }
2328
2329 if (!TEST_true(ptext_len == sizeof(kMsg)))
2330 goto done;
2331
2332 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
2333 goto done;
2334 }
2335
2336 ret = 1;
2337 done:
2338 EVP_PKEY_CTX_free(pctx);
2339 EVP_PKEY_CTX_free(kctx);
2340 EVP_PKEY_CTX_free(sctx);
2341 EVP_PKEY_CTX_free(cctx);
2342 EVP_PKEY_free(pkey);
2343 EVP_PKEY_free(pkeyparams);
2344 EVP_MD_CTX_free(md_ctx);
2345 EVP_MD_CTX_free(md_ctx_verify);
2346 EVP_MD_free(check_md);
2347 OPENSSL_free(sig);
2348 return ret;
2349 }
2350
2351 #endif
2352
2353 static struct keys_st {
2354 int type;
2355 char *priv;
2356 char *pub;
2357 } keys[] = {
2358 {
2359 EVP_PKEY_HMAC, "0123456789", NULL
2360 },
2361 {
2362 EVP_PKEY_HMAC, "", NULL
2363 #ifndef OPENSSL_NO_POLY1305
2364 }, {
2365 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
2366 #endif
2367 #ifndef OPENSSL_NO_SIPHASH
2368 }, {
2369 EVP_PKEY_SIPHASH, "0123456789012345", NULL
2370 #endif
2371 },
2372 #ifndef OPENSSL_NO_ECX
2373 {
2374 EVP_PKEY_X25519, "01234567890123456789012345678901",
2375 "abcdefghijklmnopqrstuvwxyzabcdef"
2376 }, {
2377 EVP_PKEY_ED25519, "01234567890123456789012345678901",
2378 "abcdefghijklmnopqrstuvwxyzabcdef"
2379 }, {
2380 EVP_PKEY_X448,
2381 "01234567890123456789012345678901234567890123456789012345",
2382 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2383 }, {
2384 EVP_PKEY_ED448,
2385 "012345678901234567890123456789012345678901234567890123456",
2386 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2387 }
2388 #endif
2389 };
2390
2391 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
2392 {
2393 int ret = 0;
2394 unsigned char buf[80];
2395 unsigned char *in;
2396 size_t inlen, len = 0, shortlen = 1;
2397 EVP_PKEY *pkey;
2398
2399 /* Check if this algorithm supports public keys */
2400 if (pub && keys[tst].pub == NULL)
2401 return 1;
2402
2403 memset(buf, 0, sizeof(buf));
2404
2405 if (pub) {
2406 #ifndef OPENSSL_NO_EC
2407 inlen = strlen(keys[tst].pub);
2408 in = (unsigned char *)keys[tst].pub;
2409 if (uselibctx) {
2410 pkey = EVP_PKEY_new_raw_public_key_ex(
2411 testctx,
2412 OBJ_nid2sn(keys[tst].type),
2413 NULL,
2414 in,
2415 inlen);
2416 } else {
2417 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
2418 NULL,
2419 in,
2420 inlen);
2421 }
2422 #else
2423 return 1;
2424 #endif
2425 } else {
2426 inlen = strlen(keys[tst].priv);
2427 in = (unsigned char *)keys[tst].priv;
2428 if (uselibctx) {
2429 pkey = EVP_PKEY_new_raw_private_key_ex(
2430 testctx, OBJ_nid2sn(keys[tst].type),
2431 NULL,
2432 in,
2433 inlen);
2434 } else {
2435 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
2436 NULL,
2437 in,
2438 inlen);
2439 }
2440 }
2441
2442 if (!TEST_ptr(pkey)
2443 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
2444 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
2445 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
2446 || !TEST_true(len == inlen))
2447 goto done;
2448 if (tst != 1) {
2449 /*
2450 * Test that supplying a buffer that is too small fails. Doesn't apply
2451 * to HMAC with a zero length key
2452 */
2453 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
2454 &shortlen)))
2455 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
2456 &shortlen))))
2457 goto done;
2458 }
2459 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
2460 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
2461 || !TEST_mem_eq(in, inlen, buf, len))
2462 goto done;
2463
2464 ret = 1;
2465 done:
2466 EVP_PKEY_free(pkey);
2467 return ret;
2468 }
2469
2470 static int test_set_get_raw_keys(int tst)
2471 {
2472 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
2473 && test_set_get_raw_keys_int(tst, 0, 1)
2474 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
2475 && test_set_get_raw_keys_int(tst, 1, 1);
2476 }
2477
2478 #ifndef OPENSSL_NO_DEPRECATED_3_0
2479 static int pkey_custom_check(EVP_PKEY *pkey)
2480 {
2481 return 0xbeef;
2482 }
2483
2484 static int pkey_custom_pub_check(EVP_PKEY *pkey)
2485 {
2486 return 0xbeef;
2487 }
2488
2489 static int pkey_custom_param_check(EVP_PKEY *pkey)
2490 {
2491 return 0xbeef;
2492 }
2493
2494 static EVP_PKEY_METHOD *custom_pmeth;
2495 #endif
2496
2497 static int test_EVP_PKEY_check(int i)
2498 {
2499 int ret = 0;
2500 EVP_PKEY *pkey = NULL;
2501 EVP_PKEY_CTX *ctx = NULL;
2502 #ifndef OPENSSL_NO_DEPRECATED_3_0
2503 EVP_PKEY_CTX *ctx2 = NULL;
2504 #endif
2505 const APK_DATA *ak = &keycheckdata[i];
2506 const unsigned char *input = ak->kder;
2507 size_t input_len = ak->size;
2508 int expected_id = ak->evptype;
2509 int expected_check = ak->check;
2510 int expected_pub_check = ak->pub_check;
2511 int expected_param_check = ak->param_check;
2512 int type = ak->type;
2513
2514 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
2515 goto done;
2516 if (type == 0
2517 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2518 goto done;
2519
2520 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2521 goto done;
2522
2523 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
2524 goto done;
2525
2526 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
2527 goto done;
2528
2529 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
2530 goto done;
2531
2532 #ifndef OPENSSL_NO_DEPRECATED_3_0
2533 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
2534 /* assign the pkey directly, as an internal test */
2535 EVP_PKEY_up_ref(pkey);
2536 ctx2->pkey = pkey;
2537
2538 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
2539 goto done;
2540
2541 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
2542 goto done;
2543
2544 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
2545 goto done;
2546 #endif
2547
2548 ret = 1;
2549
2550 done:
2551 EVP_PKEY_CTX_free(ctx);
2552 #ifndef OPENSSL_NO_DEPRECATED_3_0
2553 EVP_PKEY_CTX_free(ctx2);
2554 #endif
2555 EVP_PKEY_free(pkey);
2556 return ret;
2557 }
2558
2559 #ifndef OPENSSL_NO_CMAC
2560 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
2561 {
2562 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
2563 const char msg[] = "Hello World";
2564 size_t maclen = AES_BLOCK_SIZE;
2565 int ret = 1;
2566
2567 if (!TEST_ptr(mdctx)
2568 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
2569 testpropq, pkey, NULL))
2570 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
2571 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
2572 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
2573 ret = 0;
2574
2575 EVP_MD_CTX_free(mdctx);
2576
2577 return ret;
2578 }
2579 static int test_CMAC_keygen(void)
2580 {
2581 static unsigned char key[] = {
2582 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2583 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2584 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2585 };
2586 EVP_PKEY_CTX *kctx = NULL;
2587 int ret = 0;
2588 EVP_PKEY *pkey = NULL;
2589 unsigned char mac[AES_BLOCK_SIZE];
2590 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2591 unsigned char mac2[AES_BLOCK_SIZE];
2592 # endif
2593
2594 if (nullprov != NULL)
2595 return TEST_skip("Test does not support a non-default library context");
2596
2597 /*
2598 * This is a legacy method for CMACs, but should still work.
2599 * This verifies that it works without an ENGINE.
2600 */
2601 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2602
2603 /* Test a CMAC key created using the "generated" method */
2604 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2605 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2606 EVP_PKEY_CTRL_CIPHER,
2607 0, (void *)EVP_aes_256_cbc()), 0)
2608 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2609 EVP_PKEY_CTRL_SET_MAC_KEY,
2610 sizeof(key), (void *)key), 0)
2611 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2612 || !TEST_ptr(pkey)
2613 || !TEST_true(get_cmac_val(pkey, mac)))
2614 goto done;
2615
2616 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2617 EVP_PKEY_free(pkey);
2618
2619 /*
2620 * Test a CMAC key using the direct method, and compare with the mac
2621 * created above.
2622 */
2623 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_cbc());
2624 if (!TEST_ptr(pkey)
2625 || !TEST_true(get_cmac_val(pkey, mac2))
2626 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
2627 goto done;
2628 # endif
2629
2630 ret = 1;
2631
2632 done:
2633 EVP_PKEY_free(pkey);
2634 EVP_PKEY_CTX_free(kctx);
2635 return ret;
2636 }
2637 #endif
2638
2639 static int test_HKDF(void)
2640 {
2641 EVP_PKEY_CTX *pctx;
2642 unsigned char out[20];
2643 size_t outlen;
2644 int i, ret = 0;
2645 unsigned char salt[] = "0123456789";
2646 unsigned char key[] = "012345678901234567890123456789";
2647 unsigned char info[] = "infostring";
2648 const unsigned char expected[] = {
2649 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2650 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2651 };
2652 size_t expectedlen = sizeof(expected);
2653
2654 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2655 goto done;
2656
2657 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2658 for (i = 0; i < 2; i++) {
2659 outlen = sizeof(out);
2660 memset(out, 0, outlen);
2661
2662 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2663 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2664 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2665 sizeof(salt) - 1), 0)
2666 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2667 sizeof(key) - 1), 0)
2668 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2669 sizeof(info) - 1), 0)
2670 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2671 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2672 goto done;
2673 }
2674
2675 ret = 1;
2676
2677 done:
2678 EVP_PKEY_CTX_free(pctx);
2679
2680 return ret;
2681 }
2682
2683 static int test_emptyikm_HKDF(void)
2684 {
2685 EVP_PKEY_CTX *pctx;
2686 unsigned char out[20];
2687 size_t outlen;
2688 int ret = 0;
2689 unsigned char salt[] = "9876543210";
2690 unsigned char key[] = "";
2691 unsigned char info[] = "stringinfo";
2692 const unsigned char expected[] = {
2693 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2694 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2695 };
2696 size_t expectedlen = sizeof(expected);
2697
2698 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2699 goto done;
2700
2701 outlen = sizeof(out);
2702 memset(out, 0, outlen);
2703
2704 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2705 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2706 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2707 sizeof(salt) - 1), 0)
2708 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2709 sizeof(key) - 1), 0)
2710 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2711 sizeof(info) - 1), 0)
2712 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2713 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2714 goto done;
2715
2716 ret = 1;
2717
2718 done:
2719 EVP_PKEY_CTX_free(pctx);
2720
2721 return ret;
2722 }
2723
2724 static int test_empty_salt_info_HKDF(void)
2725 {
2726 EVP_PKEY_CTX *pctx;
2727 unsigned char out[20];
2728 size_t outlen;
2729 int ret = 0;
2730 unsigned char salt[] = "";
2731 unsigned char key[] = "012345678901234567890123456789";
2732 unsigned char info[] = "";
2733 const unsigned char expected[] = {
2734 0x67, 0x12, 0xf9, 0x27, 0x8a, 0x8a, 0x3a, 0x8f, 0x7d, 0x2c, 0xa3, 0x6a,
2735 0xaa, 0xe9, 0xb3, 0xb9, 0x52, 0x5f, 0xe0, 0x06,
2736 };
2737 size_t expectedlen = sizeof(expected);
2738
2739 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2740 goto done;
2741
2742 outlen = sizeof(out);
2743 memset(out, 0, outlen);
2744
2745 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2746 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2747 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2748 sizeof(salt) - 1), 0)
2749 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2750 sizeof(key) - 1), 0)
2751 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2752 sizeof(info) - 1), 0)
2753 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2754 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2755 goto done;
2756
2757 ret = 1;
2758
2759 done:
2760 EVP_PKEY_CTX_free(pctx);
2761
2762 return ret;
2763 }
2764
2765 #ifndef OPENSSL_NO_EC
2766 static int test_X509_PUBKEY_inplace(void)
2767 {
2768 int ret = 0;
2769 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
2770 const unsigned char *p = kExampleECPubKeyDER;
2771 size_t input_len = sizeof(kExampleECPubKeyDER);
2772
2773 if (!TEST_ptr(xp))
2774 goto done;
2775 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
2776 goto done;
2777
2778 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2779 goto done;
2780
2781 p = kExampleBadECPubKeyDER;
2782 input_len = sizeof(kExampleBadECPubKeyDER);
2783
2784 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2785 goto done;
2786
2787 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2788 goto done;
2789
2790 ret = 1;
2791
2792 done:
2793 X509_PUBKEY_free(xp);
2794 return ret;
2795 }
2796
2797 static int test_X509_PUBKEY_dup(void)
2798 {
2799 int ret = 0;
2800 X509_PUBKEY *xp = NULL, *xq = NULL;
2801 const unsigned char *p = kExampleECPubKeyDER;
2802 size_t input_len = sizeof(kExampleECPubKeyDER);
2803
2804 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2805 if (!TEST_ptr(xp)
2806 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
2807 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2808 || !TEST_ptr_ne(xp, xq))
2809 goto done;
2810
2811 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2812 || !TEST_ptr(X509_PUBKEY_get0(xp))
2813 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
2814 goto done;
2815
2816 X509_PUBKEY_free(xq);
2817 xq = NULL;
2818 p = kExampleBadECPubKeyDER;
2819 input_len = sizeof(kExampleBadECPubKeyDER);
2820
2821 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2822 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2823 goto done;
2824
2825 X509_PUBKEY_free(xp);
2826 xp = NULL;
2827 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2828 goto done;
2829
2830 ret = 1;
2831
2832 done:
2833 X509_PUBKEY_free(xp);
2834 X509_PUBKEY_free(xq);
2835 return ret;
2836 }
2837 #endif /* OPENSSL_NO_EC */
2838
2839 /* Test getting and setting parameters on an EVP_PKEY_CTX */
2840 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
2841 {
2842 EVP_MD_CTX *mdctx = NULL;
2843 EVP_PKEY_CTX *ctx = NULL;
2844 const OSSL_PARAM *params;
2845 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
2846 int ret = 0;
2847 const EVP_MD *md;
2848 char mdname[OSSL_MAX_NAME_SIZE];
2849 char ssl3ms[48];
2850
2851 /* Initialise a sign operation */
2852 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
2853 if (!TEST_ptr(ctx)
2854 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
2855 goto err;
2856
2857 /*
2858 * We should be able to query the parameters now.
2859 */
2860 params = EVP_PKEY_CTX_settable_params(ctx);
2861 if (!TEST_ptr(params)
2862 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2863 OSSL_SIGNATURE_PARAM_DIGEST)))
2864 goto err;
2865
2866 params = EVP_PKEY_CTX_gettable_params(ctx);
2867 if (!TEST_ptr(params)
2868 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2869 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
2870 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2871 OSSL_SIGNATURE_PARAM_DIGEST)))
2872 goto err;
2873
2874 /*
2875 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2876 * EVP_PKEY_CTX_get_params()
2877 */
2878 strcpy(mdname, "SHA512");
2879 param_md = param;
2880 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2881 mdname, 0);
2882 *param++ = OSSL_PARAM_construct_end();
2883
2884 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2885 goto err;
2886
2887 mdname[0] = '\0';
2888 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2889 mdname, sizeof(mdname));
2890 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
2891 || !TEST_str_eq(mdname, "SHA512"))
2892 goto err;
2893
2894 /*
2895 * Test the TEST_PKEY_CTX_set_signature_md() and
2896 * TEST_PKEY_CTX_get_signature_md() functions
2897 */
2898 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2899 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2900 || !TEST_ptr_eq(md, EVP_sha256()))
2901 goto err;
2902
2903 /*
2904 * Test getting MD parameters via an associated EVP_PKEY_CTX
2905 */
2906 mdctx = EVP_MD_CTX_new();
2907 if (!TEST_ptr(mdctx)
2908 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2909 pkey, NULL)))
2910 goto err;
2911
2912 /*
2913 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2914 * able to obtain the digest's settable parameters from the provider.
2915 */
2916 params = EVP_MD_CTX_settable_params(mdctx);
2917 if (!TEST_ptr(params)
2918 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2919 /* The final key should be NULL */
2920 || !TEST_ptr_null(params[1].key))
2921 goto err;
2922
2923 param = ourparams;
2924 memset(ssl3ms, 0, sizeof(ssl3ms));
2925 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2926 ssl3ms, sizeof(ssl3ms));
2927 *param++ = OSSL_PARAM_construct_end();
2928
2929 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2930 goto err;
2931
2932 ret = 1;
2933
2934 err:
2935 EVP_MD_CTX_free(mdctx);
2936 EVP_PKEY_CTX_free(ctx);
2937
2938 return ret;
2939 }
2940
2941 #ifndef OPENSSL_NO_DSA
2942 static int test_DSA_get_set_params(void)
2943 {
2944 OSSL_PARAM_BLD *bld = NULL;
2945 OSSL_PARAM *params = NULL;
2946 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2947 EVP_PKEY_CTX *pctx = NULL;
2948 EVP_PKEY *pkey = NULL;
2949 int ret = 0;
2950
2951 /*
2952 * Setup the parameters for our DSA object. For our purposes they don't
2953 * have to actually be *valid* parameters. We just need to set something.
2954 */
2955 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2956 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2957 || !TEST_ptr(p = BN_new())
2958 || !TEST_ptr(q = BN_new())
2959 || !TEST_ptr(g = BN_new())
2960 || !TEST_ptr(pub = BN_new())
2961 || !TEST_ptr(priv = BN_new()))
2962 goto err;
2963 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2964 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2965 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2966 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2967 pub))
2968 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2969 priv)))
2970 goto err;
2971 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2972 goto err;
2973
2974 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2975 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2976 params), 0))
2977 goto err;
2978
2979 if (!TEST_ptr(pkey))
2980 goto err;
2981
2982 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2983
2984 err:
2985 EVP_PKEY_free(pkey);
2986 EVP_PKEY_CTX_free(pctx);
2987 OSSL_PARAM_free(params);
2988 OSSL_PARAM_BLD_free(bld);
2989 BN_free(p);
2990 BN_free(q);
2991 BN_free(g);
2992 BN_free(pub);
2993 BN_free(priv);
2994
2995 return ret;
2996 }
2997
2998 /*
2999 * Test combinations of private, public, missing and private + public key
3000 * params to ensure they are all accepted
3001 */
3002 static int test_DSA_priv_pub(void)
3003 {
3004 return test_EVP_PKEY_ffc_priv_pub("DSA");
3005 }
3006
3007 #endif /* !OPENSSL_NO_DSA */
3008
3009 static int test_RSA_get_set_params(void)
3010 {
3011 OSSL_PARAM_BLD *bld = NULL;
3012 OSSL_PARAM *params = NULL;
3013 BIGNUM *n = NULL, *e = NULL, *d = NULL;
3014 EVP_PKEY_CTX *pctx = NULL;
3015 EVP_PKEY *pkey = NULL;
3016 int ret = 0;
3017
3018 /*
3019 * Setup the parameters for our RSA object. For our purposes they don't
3020 * have to actually be *valid* parameters. We just need to set something.
3021 */
3022 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
3023 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
3024 || !TEST_ptr(n = BN_new())
3025 || !TEST_ptr(e = BN_new())
3026 || !TEST_ptr(d = BN_new()))
3027 goto err;
3028 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
3029 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
3030 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
3031 goto err;
3032 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
3033 goto err;
3034
3035 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
3036 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
3037 params), 0))
3038 goto err;
3039
3040 if (!TEST_ptr(pkey))
3041 goto err;
3042
3043 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
3044
3045 err:
3046 EVP_PKEY_free(pkey);
3047 EVP_PKEY_CTX_free(pctx);
3048 OSSL_PARAM_free(params);
3049 OSSL_PARAM_BLD_free(bld);
3050 BN_free(n);
3051 BN_free(e);
3052 BN_free(d);
3053
3054 return ret;
3055 }
3056
3057 static int test_RSA_OAEP_set_get_params(void)
3058 {
3059 int ret = 0;
3060 EVP_PKEY *key = NULL;
3061 EVP_PKEY_CTX *key_ctx = NULL;
3062
3063 if (nullprov != NULL)
3064 return TEST_skip("Test does not support a non-default library context");
3065
3066 if (!TEST_ptr(key = load_example_rsa_key())
3067 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(0, key, 0)))
3068 goto err;
3069
3070 {
3071 int padding = RSA_PKCS1_OAEP_PADDING;
3072 OSSL_PARAM params[4];
3073
3074 params[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE, &padding);
3075 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
3076 OSSL_DIGEST_NAME_SHA2_256, 0);
3077 params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
3078 OSSL_DIGEST_NAME_SHA1, 0);
3079 params[3] = OSSL_PARAM_construct_end();
3080
3081 if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params),0))
3082 goto err;
3083 }
3084 {
3085 OSSL_PARAM params[3];
3086 char oaepmd[30] = { '\0' };
3087 char mgf1md[30] = { '\0' };
3088
3089 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
3090 oaepmd, sizeof(oaepmd));
3091 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
3092 mgf1md, sizeof(mgf1md));
3093 params[2] = OSSL_PARAM_construct_end();
3094
3095 if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx, params)))
3096 goto err;
3097
3098 if (!TEST_str_eq(oaepmd, OSSL_DIGEST_NAME_SHA2_256)
3099 || !TEST_str_eq(mgf1md, OSSL_DIGEST_NAME_SHA1))
3100 goto err;
3101 }
3102
3103 ret = 1;
3104
3105 err:
3106 EVP_PKEY_free(key);
3107 EVP_PKEY_CTX_free(key_ctx);
3108
3109 return ret;
3110 }
3111
3112 /* https://github.com/openssl/openssl/issues/21288 */
3113 static int test_RSA_OAEP_set_null_label(void)
3114 {
3115 int ret = 0;
3116 EVP_PKEY *key = NULL;
3117 EVP_PKEY_CTX *key_ctx = NULL;
3118
3119 if (!TEST_ptr(key = load_example_rsa_key())
3120 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(testctx, key, NULL))
3121 || !TEST_true(EVP_PKEY_encrypt_init(key_ctx)))
3122 goto err;
3123
3124 if (!TEST_true(EVP_PKEY_CTX_set_rsa_padding(key_ctx, RSA_PKCS1_OAEP_PADDING)))
3125 goto err;
3126
3127 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, OPENSSL_strdup("foo"), 0)))
3128 goto err;
3129
3130 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, NULL, 0)))
3131 goto err;
3132
3133 ret = 1;
3134
3135 err:
3136 EVP_PKEY_free(key);
3137 EVP_PKEY_CTX_free(key_ctx);
3138
3139 return ret;
3140 }
3141
3142 #ifndef OPENSSL_NO_DEPRECATED_3_0
3143 static int test_RSA_legacy(void)
3144 {
3145 int ret = 0;
3146 BIGNUM *p = NULL;
3147 BIGNUM *q = NULL;
3148 BIGNUM *n = NULL;
3149 BIGNUM *e = NULL;
3150 BIGNUM *d = NULL;
3151 const EVP_MD *md = EVP_sha256();
3152 EVP_MD_CTX *ctx = NULL;
3153 EVP_PKEY *pkey = NULL;
3154 RSA *rsa = NULL;
3155
3156 if (nullprov != NULL)
3157 return TEST_skip("Test does not support a non-default library context");
3158
3159 if (!TEST_ptr(p = BN_dup(BN_value_one()))
3160 || !TEST_ptr(q = BN_dup(BN_value_one()))
3161 || !TEST_ptr(n = BN_dup(BN_value_one()))
3162 || !TEST_ptr(e = BN_dup(BN_value_one()))
3163 || !TEST_ptr(d = BN_dup(BN_value_one())))
3164 goto err;
3165
3166 if (!TEST_ptr(rsa = RSA_new())
3167 || !TEST_ptr(pkey = EVP_PKEY_new())
3168 || !TEST_ptr(ctx = EVP_MD_CTX_new()))
3169 goto err;
3170
3171 if (!TEST_true(RSA_set0_factors(rsa, p, q)))
3172 goto err;
3173 p = NULL;
3174 q = NULL;
3175
3176 if (!TEST_true(RSA_set0_key(rsa, n, e, d)))
3177 goto err;
3178 n = NULL;
3179 e = NULL;
3180 d = NULL;
3181
3182 if (!TEST_true(EVP_PKEY_assign_RSA(pkey, rsa)))
3183 goto err;
3184
3185 rsa = NULL;
3186
3187 if (!TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey)))
3188 goto err;
3189
3190 ret = 1;
3191
3192 err:
3193 RSA_free(rsa);
3194 EVP_MD_CTX_free(ctx);
3195 EVP_PKEY_free(pkey);
3196 BN_free(p);
3197 BN_free(q);
3198 BN_free(n);
3199 BN_free(e);
3200 BN_free(d);
3201
3202 return ret;
3203 }
3204 #endif
3205
3206 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
3207 static int test_decrypt_null_chunks(void)
3208 {
3209 EVP_CIPHER_CTX* ctx = NULL;
3210 EVP_CIPHER *cipher = NULL;
3211 const unsigned char key[32] = {
3212 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
3213 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
3214 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
3215 };
3216 unsigned char iv[12] = {
3217 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
3218 };
3219 unsigned char msg[] = "It was the best of times, it was the worst of times";
3220 unsigned char ciphertext[80];
3221 unsigned char plaintext[80];
3222 /* We initialise tmp to a non zero value on purpose */
3223 int ctlen, ptlen, tmp = 99;
3224 int ret = 0;
3225 const int enc_offset = 10, dec_offset = 20;
3226
3227 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
3228 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
3229 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
3230 key, iv))
3231 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
3232 enc_offset))
3233 /* Deliberate add a zero length update */
3234 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
3235 0))
3236 || !TEST_int_eq(tmp, 0)
3237 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
3238 msg + enc_offset,
3239 sizeof(msg) - enc_offset))
3240 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
3241 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
3242 || !TEST_int_eq(tmp, 0))
3243 goto err;
3244
3245 /* Deliberately initialise tmp to a non zero value */
3246 tmp = 99;
3247 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
3248 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
3249 dec_offset))
3250 /*
3251 * Deliberately add a zero length update. We also deliberately do
3252 * this at a different offset than for encryption.
3253 */
3254 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
3255 0))
3256 || !TEST_int_eq(tmp, 0)
3257 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
3258 ciphertext + dec_offset,
3259 ctlen - dec_offset))
3260 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
3261 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
3262 || !TEST_int_eq(tmp, 0)
3263 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
3264 goto err;
3265
3266 ret = 1;
3267 err:
3268 EVP_CIPHER_CTX_free(ctx);
3269 EVP_CIPHER_free(cipher);
3270 return ret;
3271 }
3272 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
3273
3274 #ifndef OPENSSL_NO_DH
3275 /*
3276 * Test combinations of private, public, missing and private + public key
3277 * params to ensure they are all accepted
3278 */
3279 static int test_DH_priv_pub(void)
3280 {
3281 return test_EVP_PKEY_ffc_priv_pub("DH");
3282 }
3283
3284 # ifndef OPENSSL_NO_DEPRECATED_3_0
3285 static int test_EVP_PKEY_set1_DH(void)
3286 {
3287 DH *x942dh = NULL, *noqdh = NULL;
3288 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
3289 int ret = 0;
3290 BIGNUM *p, *g = NULL;
3291 BIGNUM *pubkey = NULL;
3292 unsigned char pub[2048 / 8];
3293 size_t len = 0;
3294
3295 if (!TEST_ptr(p = BN_new())
3296 || !TEST_ptr(g = BN_new())
3297 || !TEST_ptr(pubkey = BN_new())
3298 || !TEST_true(BN_set_word(p, 9999))
3299 || !TEST_true(BN_set_word(g, 2))
3300 || !TEST_true(BN_set_word(pubkey, 4321))
3301 || !TEST_ptr(noqdh = DH_new())
3302 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
3303 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
3304 || !TEST_ptr(pubkey = BN_new())
3305 || !TEST_true(BN_set_word(pubkey, 4321)))
3306 goto err;
3307 p = g = NULL;
3308
3309 x942dh = DH_get_2048_256();
3310 pkey1 = EVP_PKEY_new();
3311 pkey2 = EVP_PKEY_new();
3312 if (!TEST_ptr(x942dh)
3313 || !TEST_ptr(noqdh)
3314 || !TEST_ptr(pkey1)
3315 || !TEST_ptr(pkey2)
3316 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
3317 goto err;
3318 pubkey = NULL;
3319
3320 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
3321 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
3322 goto err;
3323
3324 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
3325 &pubkey))
3326 || !TEST_ptr(pubkey))
3327 goto err;
3328
3329 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
3330 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
3331 goto err;
3332
3333 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
3334 OSSL_PKEY_PARAM_PUB_KEY,
3335 pub, sizeof(pub), &len))
3336 || !TEST_size_t_ne(len, 0))
3337 goto err;
3338
3339 ret = 1;
3340 err:
3341 BN_free(p);
3342 BN_free(g);
3343 BN_free(pubkey);
3344 EVP_PKEY_free(pkey1);
3345 EVP_PKEY_free(pkey2);
3346 DH_free(x942dh);
3347 DH_free(noqdh);
3348
3349 return ret;
3350 }
3351 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
3352 #endif /* !OPENSSL_NO_DH */
3353
3354 /*
3355 * We test what happens with an empty template. For the sake of this test,
3356 * the template must be ignored, and we know that's the case for RSA keys
3357 * (this might arguably be a misfeature, but that's what we currently do,
3358 * even in provider code, since that's how the legacy RSA implementation
3359 * does things)
3360 */
3361 static int test_keygen_with_empty_template(int n)
3362 {
3363 EVP_PKEY_CTX *ctx = NULL;
3364 EVP_PKEY *pkey = NULL;
3365 EVP_PKEY *tkey = NULL;
3366 int ret = 0;
3367
3368 if (nullprov != NULL)
3369 return TEST_skip("Test does not support a non-default library context");
3370
3371 switch (n) {
3372 case 0:
3373 /* We do test with no template at all as well */
3374 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
3375 goto err;
3376 break;
3377 case 1:
3378 /* Here we create an empty RSA key that serves as our template */
3379 if (!TEST_ptr(tkey = EVP_PKEY_new())
3380 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
3381 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
3382 goto err;
3383 break;
3384 }
3385
3386 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3387 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
3388 goto err;
3389
3390 ret = 1;
3391 err:
3392 EVP_PKEY_CTX_free(ctx);
3393 EVP_PKEY_free(pkey);
3394 EVP_PKEY_free(tkey);
3395 return ret;
3396 }
3397
3398 /*
3399 * Test that we fail if we attempt to use an algorithm that is not available
3400 * in the current library context (unless we are using an algorithm that
3401 * should be made available via legacy codepaths).
3402 *
3403 * 0: RSA
3404 * 1: SM2
3405 */
3406 static int test_pkey_ctx_fail_without_provider(int tst)
3407 {
3408 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
3409 OSSL_PROVIDER *tmpnullprov = NULL;
3410 EVP_PKEY_CTX *pctx = NULL;
3411 const char *keytype = NULL;
3412 int expect_null = 0;
3413 int ret = 0;
3414
3415 if (!TEST_ptr(tmpctx))
3416 goto err;
3417
3418 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
3419 if (!TEST_ptr(tmpnullprov))
3420 goto err;
3421
3422 /*
3423 * We check for certain algos in the null provider.
3424 * If an algo is expected to have a provider keymgmt, constructing an
3425 * EVP_PKEY_CTX is expected to fail (return NULL).
3426 * Otherwise, if it's expected to have legacy support, constructing an
3427 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
3428 */
3429 switch (tst) {
3430 case 0:
3431 keytype = "RSA";
3432 expect_null = 1;
3433 break;
3434 case 1:
3435 keytype = "SM2";
3436 expect_null = 1;
3437 #ifdef OPENSSL_NO_EC
3438 TEST_info("EC disable, skipping SM2 check...");
3439 goto end;
3440 #endif
3441 #ifdef OPENSSL_NO_SM2
3442 TEST_info("SM2 disable, skipping SM2 check...");
3443 goto end;
3444 #endif
3445 break;
3446 default:
3447 TEST_error("No test for case %d", tst);
3448 goto err;
3449 }
3450
3451 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
3452 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
3453 goto err;
3454
3455 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
3456 end:
3457 #endif
3458 ret = 1;
3459
3460 err:
3461 EVP_PKEY_CTX_free(pctx);
3462 OSSL_PROVIDER_unload(tmpnullprov);
3463 OSSL_LIB_CTX_free(tmpctx);
3464 return ret;
3465 }
3466
3467 static int test_rand_agglomeration(void)
3468 {
3469 EVP_RAND *rand;
3470 EVP_RAND_CTX *ctx;
3471 OSSL_PARAM params[3], *p = params;
3472 int res;
3473 unsigned int step = 7;
3474 static unsigned char seed[] = "It does not matter how slowly you go "
3475 "as long as you do not stop.";
3476 unsigned char out[sizeof(seed)];
3477
3478 if (!TEST_int_ne(sizeof(seed) % step, 0)
3479 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
3480 return 0;
3481 ctx = EVP_RAND_CTX_new(rand, NULL);
3482 EVP_RAND_free(rand);
3483 if (!TEST_ptr(ctx))
3484 return 0;
3485
3486 memset(out, 0, sizeof(out));
3487 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
3488 seed, sizeof(seed));
3489 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
3490 *p = OSSL_PARAM_construct_end();
3491 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
3492 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
3493 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
3494 EVP_RAND_CTX_free(ctx);
3495 return res;
3496 }
3497
3498 /*
3499 * Test that we correctly return the original or "running" IV after
3500 * an encryption operation.
3501 * Run multiple times for some different relevant algorithms/modes.
3502 */
3503 static int test_evp_iv_aes(int idx)
3504 {
3505 int ret = 0;
3506 EVP_CIPHER_CTX *ctx = NULL;
3507 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
3508 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
3509 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
3510 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
3511 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
3512 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3513 9, 10, 11, 12, 13, 14, 15, 16 };
3514 unsigned char ciphertext[32], oiv[16], iv[16];
3515 unsigned char *ref_iv;
3516 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
3517 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
3518
3519 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
3520 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
3521 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
3522 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
3523 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3524 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3525 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
3526 #ifndef OPENSSL_NO_OCB
3527 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3528 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3529 #endif
3530 int len = sizeof(ciphertext);
3531 size_t ivlen, ref_len;
3532 const EVP_CIPHER *type = NULL;
3533 int iv_reset = 0;
3534
3535 if (nullprov != NULL && idx < 6)
3536 return TEST_skip("Test does not support a non-default library context");
3537
3538 switch (idx) {
3539 case 0:
3540 type = EVP_aes_128_cbc();
3541 /* FALLTHROUGH */
3542 case 6:
3543 type = (type != NULL) ? type :
3544 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
3545 ref_iv = cbc_state;
3546 ref_len = sizeof(cbc_state);
3547 iv_reset = 1;
3548 break;
3549 case 1:
3550 type = EVP_aes_128_ofb();
3551 /* FALLTHROUGH */
3552 case 7:
3553 type = (type != NULL) ? type :
3554 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
3555 ref_iv = ofb_state;
3556 ref_len = sizeof(ofb_state);
3557 iv_reset = 1;
3558 break;
3559 case 2:
3560 type = EVP_aes_128_cfb();
3561 /* FALLTHROUGH */
3562 case 8:
3563 type = (type != NULL) ? type :
3564 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
3565 ref_iv = cfb_state;
3566 ref_len = sizeof(cfb_state);
3567 iv_reset = 1;
3568 break;
3569 case 3:
3570 type = EVP_aes_128_gcm();
3571 /* FALLTHROUGH */
3572 case 9:
3573 type = (type != NULL) ? type :
3574 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
3575 ref_iv = gcm_state;
3576 ref_len = sizeof(gcm_state);
3577 break;
3578 case 4:
3579 type = EVP_aes_128_ccm();
3580 /* FALLTHROUGH */
3581 case 10:
3582 type = (type != NULL) ? type :
3583 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
3584 ref_iv = ccm_state;
3585 ref_len = sizeof(ccm_state);
3586 break;
3587 #ifdef OPENSSL_NO_OCB
3588 case 5:
3589 case 11:
3590 return 1;
3591 #else
3592 case 5:
3593 type = EVP_aes_128_ocb();
3594 /* FALLTHROUGH */
3595 case 11:
3596 type = (type != NULL) ? type :
3597 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
3598 ref_iv = ocb_state;
3599 ref_len = sizeof(ocb_state);
3600 break;
3601 #endif
3602 default:
3603 return 0;
3604 }
3605
3606 if (!TEST_ptr(type)
3607 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3608 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3609 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3610 (int)sizeof(msg)))
3611 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3612 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3613 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3614 goto err;
3615 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3616
3617 if (!TEST_int_gt(ivlen, 0))
3618 goto err;
3619
3620 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3621 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3622 goto err;
3623
3624 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3625 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3626 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3627 goto err;
3628 if (iv_reset) {
3629 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3630 goto err;
3631 } else {
3632 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
3633 goto err;
3634 }
3635
3636 ret = 1;
3637 err:
3638 EVP_CIPHER_CTX_free(ctx);
3639 if (idx >= 6)
3640 EVP_CIPHER_free((EVP_CIPHER *)type);
3641 return ret;
3642 }
3643
3644 #ifndef OPENSSL_NO_DES
3645 static int test_evp_iv_des(int idx)
3646 {
3647 int ret = 0;
3648 EVP_CIPHER_CTX *ctx = NULL;
3649 static const unsigned char key[24] = {
3650 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3651 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3652 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3653 };
3654 static const unsigned char init_iv[8] = {
3655 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3656 };
3657 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3658 9, 10, 11, 12, 13, 14, 15, 16 };
3659 unsigned char ciphertext[32], oiv[8], iv[8];
3660 unsigned const char *ref_iv;
3661 static const unsigned char cbc_state_des[8] = {
3662 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3663 };
3664 static const unsigned char cbc_state_3des[8] = {
3665 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3666 };
3667 static const unsigned char ofb_state_des[8] = {
3668 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3669 };
3670 static const unsigned char ofb_state_3des[8] = {
3671 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3672 };
3673 static const unsigned char cfb_state_des[8] = {
3674 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3675 };
3676 static const unsigned char cfb_state_3des[8] = {
3677 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3678 };
3679 int len = sizeof(ciphertext);
3680 size_t ivlen, ref_len;
3681 EVP_CIPHER *type = NULL;
3682
3683 if (lgcyprov == NULL && idx < 3)
3684 return TEST_skip("Test requires legacy provider to be loaded");
3685
3686 switch (idx) {
3687 case 0:
3688 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
3689 ref_iv = cbc_state_des;
3690 ref_len = sizeof(cbc_state_des);
3691 break;
3692 case 1:
3693 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
3694 ref_iv = ofb_state_des;
3695 ref_len = sizeof(ofb_state_des);
3696 break;
3697 case 2:
3698 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
3699 ref_iv = cfb_state_des;
3700 ref_len = sizeof(cfb_state_des);
3701 break;
3702 case 3:
3703 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
3704 ref_iv = cbc_state_3des;
3705 ref_len = sizeof(cbc_state_3des);
3706 break;
3707 case 4:
3708 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
3709 ref_iv = ofb_state_3des;
3710 ref_len = sizeof(ofb_state_3des);
3711 break;
3712 case 5:
3713 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
3714 ref_iv = cfb_state_3des;
3715 ref_len = sizeof(cfb_state_3des);
3716 break;
3717 default:
3718 return 0;
3719 }
3720
3721 if (!TEST_ptr(type)
3722 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3723 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3724 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3725 (int)sizeof(msg)))
3726 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3727 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3728 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3729 goto err;
3730 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3731
3732 if (!TEST_int_gt(ivlen, 0))
3733 goto err;
3734
3735 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3736 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3737 goto err;
3738
3739 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3740 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3741 goto err;
3742 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3743 goto err;
3744
3745 ret = 1;
3746 err:
3747 EVP_CIPHER_CTX_free(ctx);
3748 EVP_CIPHER_free(type);
3749 return ret;
3750 }
3751 #endif
3752
3753 #ifndef OPENSSL_NO_BF
3754 static int test_evp_bf_default_keylen(int idx)
3755 {
3756 int ret = 0;
3757 static const char *algos[4] = {
3758 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb"
3759 };
3760 int ivlen[4] = { 0, 8, 8, 8 };
3761 EVP_CIPHER *cipher = NULL;
3762
3763 if (lgcyprov == NULL)
3764 return TEST_skip("Test requires legacy provider to be loaded");
3765
3766 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq))
3767 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16)
3768 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx]))
3769 goto err;
3770
3771 ret = 1;
3772 err:
3773 EVP_CIPHER_free(cipher);
3774 return ret;
3775 }
3776 #endif
3777
3778 #ifndef OPENSSL_NO_EC
3779 static int ecpub_nids[] = {
3780 NID_brainpoolP256r1, NID_X9_62_prime256v1,
3781 NID_secp384r1, NID_secp521r1,
3782 # ifndef OPENSSL_NO_EC2M
3783 NID_sect233k1, NID_sect233r1, NID_sect283r1,
3784 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
3785 # endif
3786 NID_brainpoolP384r1, NID_brainpoolP512r1
3787 };
3788
3789 static int test_ecpub(int idx)
3790 {
3791 int ret = 0, len, savelen;
3792 int nid;
3793 unsigned char buf[1024];
3794 unsigned char *p;
3795 EVP_PKEY *pkey = NULL;
3796 EVP_PKEY_CTX *ctx = NULL;
3797 # ifndef OPENSSL_NO_DEPRECATED_3_0
3798 const unsigned char *q;
3799 EVP_PKEY *pkey2 = NULL;
3800 EC_KEY *ec = NULL;
3801 # endif
3802
3803 if (nullprov != NULL)
3804 return TEST_skip("Test does not support a non-default library context");
3805
3806 nid = ecpub_nids[idx];
3807
3808 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
3809 if (!TEST_ptr(ctx)
3810 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3811 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0)
3812 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
3813 goto done;
3814 len = i2d_PublicKey(pkey, NULL);
3815 savelen = len;
3816 if (!TEST_int_ge(len, 1)
3817 || !TEST_int_lt(len, 1024))
3818 goto done;
3819 p = buf;
3820 len = i2d_PublicKey(pkey, &p);
3821 if (!TEST_int_ge(len, 1)
3822 || !TEST_int_eq(len, savelen))
3823 goto done;
3824
3825 # ifndef OPENSSL_NO_DEPRECATED_3_0
3826 /* Now try to decode the just-created DER. */
3827 q = buf;
3828 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
3829 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
3830 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
3831 goto done;
3832 /* EC_KEY ownership transferred */
3833 ec = NULL;
3834 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
3835 goto done;
3836 /* The keys should match. */
3837 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
3838 goto done;
3839 # endif
3840
3841 ret = 1;
3842
3843 done:
3844 EVP_PKEY_CTX_free(ctx);
3845 EVP_PKEY_free(pkey);
3846 # ifndef OPENSSL_NO_DEPRECATED_3_0
3847 EVP_PKEY_free(pkey2);
3848 EC_KEY_free(ec);
3849 # endif
3850 return ret;
3851 }
3852 #endif
3853
3854 static int test_EVP_rsa_pss_with_keygen_bits(void)
3855 {
3856 int ret = 0;
3857 EVP_PKEY_CTX *ctx = NULL;
3858 EVP_PKEY *pkey = NULL;
3859 EVP_MD *md;
3860
3861 md = EVP_MD_fetch(testctx, "sha256", testpropq);
3862 ret = TEST_ptr(md)
3863 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq)))
3864 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3865 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
3866 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0)
3867 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
3868
3869 EVP_MD_free(md);
3870 EVP_PKEY_free(pkey);
3871 EVP_PKEY_CTX_free(ctx);
3872 return ret;
3873 }
3874
3875 static int test_EVP_rsa_pss_set_saltlen(void)
3876 {
3877 int ret = 0;
3878 EVP_PKEY *pkey = NULL;
3879 EVP_PKEY_CTX *pkey_ctx = NULL;
3880 EVP_MD *sha256 = NULL;
3881 EVP_MD_CTX *sha256_ctx = NULL;
3882 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
3883 const int test_value = 32;
3884
3885 ret = TEST_ptr(pkey = load_example_rsa_key())
3886 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
3887 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
3888 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
3889 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
3890 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0)
3891 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0)
3892 && TEST_int_eq(saltlen, test_value);
3893
3894 EVP_MD_CTX_free(sha256_ctx);
3895 EVP_PKEY_free(pkey);
3896 EVP_MD_free(sha256);
3897
3898 return ret;
3899 }
3900
3901 static int success = 1;
3902 static void md_names(const char *name, void *vctx)
3903 {
3904 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
3905 /* Force a namemap update */
3906 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
3907
3908 if (!TEST_ptr(aes128))
3909 success = 0;
3910
3911 EVP_CIPHER_free(aes128);
3912 }
3913
3914 /*
3915 * Test that changing the namemap in a user callback works in a names_do_all
3916 * function.
3917 */
3918 static int test_names_do_all(void)
3919 {
3920 /* We use a custom libctx so that we know the state of the namemap */
3921 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
3922 EVP_MD *sha256 = NULL;
3923 int testresult = 0;
3924
3925 if (!TEST_ptr(ctx))
3926 goto err;
3927
3928 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
3929 if (!TEST_ptr(sha256))
3930 goto err;
3931
3932 /*
3933 * We loop through all the names for a given digest. This should still work
3934 * even if the namemap changes part way through.
3935 */
3936 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
3937 goto err;
3938
3939 if (!TEST_true(success))
3940 goto err;
3941
3942 testresult = 1;
3943 err:
3944 EVP_MD_free(sha256);
3945 OSSL_LIB_CTX_free(ctx);
3946 return testresult;
3947 }
3948
3949 typedef struct {
3950 const char *cipher;
3951 const unsigned char *key;
3952 const unsigned char *iv;
3953 const unsigned char *input;
3954 const unsigned char *expected;
3955 const unsigned char *tag;
3956 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3957 size_t inlen;
3958 size_t expectedlen;
3959 size_t taglen;
3960 int keyfirst;
3961 int initenc;
3962 int finalenc;
3963 } EVP_INIT_TEST_st;
3964
3965 static const EVP_INIT_TEST_st evp_init_tests[] = {
3966 {
3967 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3968 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3969 0, 1, 0, 1
3970 },
3971 {
3972 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3973 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3974 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3975 sizeof(gcmDefaultTag), 1, 0, 1
3976 },
3977 {
3978 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3979 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3980 0, 0, 0, 1
3981 },
3982 {
3983 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3984 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3985 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3986 sizeof(gcmDefaultTag), 0, 0, 1
3987 },
3988 {
3989 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3990 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3991 0, 1, 1, 0
3992 },
3993 {
3994 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3995 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3996 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3997 sizeof(gcmDefaultTag), 1, 1, 0
3998 },
3999 {
4000 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
4001 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
4002 0, 0, 1, 0
4003 },
4004 {
4005 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
4006 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
4007 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
4008 sizeof(gcmDefaultTag), 0, 1, 0
4009 }
4010 };
4011
4012 /* use same key, iv and plaintext for cfb and ofb */
4013 static const EVP_INIT_TEST_st evp_reinit_tests[] = {
4014 {
4015 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial,
4016 cfbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial),
4017 sizeof(cfbCiphertext_partial), 0, 0, 1, 0
4018 },
4019 {
4020 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext_partial,
4021 cfbPlaintext_partial, NULL, 0, sizeof(cfbCiphertext_partial),
4022 sizeof(cfbPlaintext_partial), 0, 0, 0, 0
4023 },
4024 {
4025 "aes-128-ofb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial,
4026 ofbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial),
4027 sizeof(ofbCiphertext_partial), 0, 0, 1, 0
4028 },
4029 {
4030 "aes-128-ofb", kCFBDefaultKey, iCFBIV, ofbCiphertext_partial,
4031 cfbPlaintext_partial, NULL, 0, sizeof(ofbCiphertext_partial),
4032 sizeof(cfbPlaintext_partial), 0, 0, 0, 0
4033 },
4034 };
4035
4036 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
4037 {
4038 int res = 0;
4039
4040 if (t->ivlen != 0) {
4041 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0))
4042 goto err;
4043 }
4044 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
4045 goto err;
4046 res = 1;
4047 err:
4048 return res;
4049 }
4050
4051 /*
4052 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
4053 * arguments are given one at a time and a final adjustment to the enc
4054 * parameter sets the correct operation.
4055 */
4056 static int test_evp_init_seq(int idx)
4057 {
4058 int outlen1, outlen2;
4059 int testresult = 0;
4060 unsigned char outbuf[1024];
4061 unsigned char tag[16];
4062 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
4063 EVP_CIPHER_CTX *ctx = NULL;
4064 EVP_CIPHER *type = NULL;
4065 size_t taglen = sizeof(tag);
4066 char *errmsg = NULL;
4067
4068 ctx = EVP_CIPHER_CTX_new();
4069 if (ctx == NULL) {
4070 errmsg = "CTX_ALLOC";
4071 goto err;
4072 }
4073 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
4074 errmsg = "CIPHER_FETCH";
4075 goto err;
4076 }
4077 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
4078 errmsg = "EMPTY_ENC_INIT";
4079 goto err;
4080 }
4081 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
4082 errmsg = "PADDING";
4083 goto err;
4084 }
4085 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
4086 errmsg = "KEY_INIT (before iv)";
4087 goto err;
4088 }
4089 if (!evp_init_seq_set_iv(ctx, t)) {
4090 errmsg = "IV_INIT";
4091 goto err;
4092 }
4093 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
4094 errmsg = "KEY_INIT (after iv)";
4095 goto err;
4096 }
4097 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
4098 errmsg = "FINAL_ENC_INIT";
4099 goto err;
4100 }
4101 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
4102 errmsg = "CIPHER_UPDATE";
4103 goto err;
4104 }
4105 if (t->finalenc == 0 && t->tag != NULL) {
4106 /* Set expected tag */
4107 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
4108 t->taglen, (void *)t->tag), 0)) {
4109 errmsg = "SET_TAG";
4110 goto err;
4111 }
4112 }
4113 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4114 errmsg = "CIPHER_FINAL";
4115 goto err;
4116 }
4117 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
4118 errmsg = "WRONG_RESULT";
4119 goto err;
4120 }
4121 if (t->finalenc != 0 && t->tag != NULL) {
4122 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4123 errmsg = "GET_TAG";
4124 goto err;
4125 }
4126 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
4127 errmsg = "TAG_ERROR";
4128 goto err;
4129 }
4130 }
4131 testresult = 1;
4132 err:
4133 if (errmsg != NULL)
4134 TEST_info("evp_init_test %d: %s", idx, errmsg);
4135 EVP_CIPHER_CTX_free(ctx);
4136 EVP_CIPHER_free(type);
4137 return testresult;
4138 }
4139
4140 /*
4141 * Test re-initialization of cipher context without changing key or iv.
4142 * The result of both iteration should be the same.
4143 */
4144 static int test_evp_reinit_seq(int idx)
4145 {
4146 int outlen1, outlen2, outlen_final;
4147 int testresult = 0;
4148 unsigned char outbuf1[1024];
4149 unsigned char outbuf2[1024];
4150 const EVP_INIT_TEST_st *t = &evp_reinit_tests[idx];
4151 EVP_CIPHER_CTX *ctx = NULL;
4152 EVP_CIPHER *type = NULL;
4153
4154 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4155 || !TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))
4156 /* setup cipher context */
4157 || !TEST_true(EVP_CipherInit_ex2(ctx, type, t->key, t->iv, t->initenc, NULL))
4158 /* first iteration */
4159 || !TEST_true(EVP_CipherUpdate(ctx, outbuf1, &outlen1, t->input, t->inlen))
4160 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf1, &outlen_final))
4161 /* check test results iteration 1 */
4162 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf1, outlen1 + outlen_final)
4163 /* now re-init the context (same cipher, key and iv) */
4164 || !TEST_true(EVP_CipherInit_ex2(ctx, NULL, NULL, NULL, -1, NULL))
4165 /* second iteration */
4166 || !TEST_true(EVP_CipherUpdate(ctx, outbuf2, &outlen2, t->input, t->inlen))
4167 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf2, &outlen_final))
4168 /* check test results iteration 2 */
4169 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf2, outlen2 + outlen_final))
4170 goto err;
4171 testresult = 1;
4172 err:
4173 EVP_CIPHER_CTX_free(ctx);
4174 EVP_CIPHER_free(type);
4175 return testresult;
4176 }
4177
4178 typedef struct {
4179 const unsigned char *input;
4180 const unsigned char *expected;
4181 size_t inlen;
4182 size_t expectedlen;
4183 int enc;
4184 } EVP_RESET_TEST_st;
4185
4186 static const EVP_RESET_TEST_st evp_reset_tests[] = {
4187 {
4188 cfbPlaintext, cfbCiphertext,
4189 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
4190 },
4191 {
4192 cfbCiphertext, cfbPlaintext,
4193 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
4194 }
4195 };
4196
4197 /*
4198 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
4199 * been used.
4200 */
4201 static int test_evp_reset(int idx)
4202 {
4203 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
4204 int outlen1, outlen2;
4205 int testresult = 0;
4206 unsigned char outbuf[1024];
4207 EVP_CIPHER_CTX *ctx = NULL;
4208 EVP_CIPHER *type = NULL;
4209 char *errmsg = NULL;
4210
4211 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
4212 errmsg = "CTX_ALLOC";
4213 goto err;
4214 }
4215 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
4216 errmsg = "CIPHER_FETCH";
4217 goto err;
4218 }
4219 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
4220 errmsg = "CIPHER_INIT";
4221 goto err;
4222 }
4223 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
4224 errmsg = "PADDING";
4225 goto err;
4226 }
4227 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
4228 errmsg = "CIPHER_UPDATE";
4229 goto err;
4230 }
4231 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4232 errmsg = "CIPHER_FINAL";
4233 goto err;
4234 }
4235 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
4236 errmsg = "WRONG_RESULT";
4237 goto err;
4238 }
4239 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
4240 errmsg = "CIPHER_REINIT";
4241 goto err;
4242 }
4243 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
4244 errmsg = "CIPHER_UPDATE (reinit)";
4245 goto err;
4246 }
4247 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4248 errmsg = "CIPHER_FINAL (reinit)";
4249 goto err;
4250 }
4251 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
4252 errmsg = "WRONG_RESULT (reinit)";
4253 goto err;
4254 }
4255 testresult = 1;
4256 err:
4257 if (errmsg != NULL)
4258 TEST_info("test_evp_reset %d: %s", idx, errmsg);
4259 EVP_CIPHER_CTX_free(ctx);
4260 EVP_CIPHER_free(type);
4261 return testresult;
4262 }
4263
4264 typedef struct {
4265 const char *cipher;
4266 int enc;
4267 } EVP_UPDATED_IV_TEST_st;
4268
4269 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
4270 {
4271 "aes-128-cfb", 1
4272 },
4273 {
4274 "aes-128-cfb", 0
4275 },
4276 {
4277 "aes-128-cfb1", 1
4278 },
4279 {
4280 "aes-128-cfb1", 0
4281 },
4282 {
4283 "aes-128-cfb8", 1
4284 },
4285 {
4286 "aes-128-cfb8", 0
4287 },
4288 {
4289 "aes-128-ofb", 1
4290 },
4291 {
4292 "aes-128-ofb", 0
4293 },
4294 {
4295 "aes-128-ctr", 1
4296 },
4297 {
4298 "aes-128-ctr", 0
4299 },
4300 {
4301 "aes-128-cbc", 1
4302 },
4303 {
4304 "aes-128-cbc", 0
4305 }
4306 };
4307
4308 /*
4309 * Test that the IV in the context is updated during a crypto operation for CFB
4310 * and OFB.
4311 */
4312 static int test_evp_updated_iv(int idx)
4313 {
4314 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
4315 int outlen1, outlen2;
4316 int testresult = 0;
4317 unsigned char outbuf[1024];
4318 EVP_CIPHER_CTX *ctx = NULL;
4319 EVP_CIPHER *type = NULL;
4320 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
4321 int iv_len;
4322 char *errmsg = NULL;
4323
4324 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
4325 errmsg = "CTX_ALLOC";
4326 goto err;
4327 }
4328 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
4329 TEST_info("cipher %s not supported, skipping", t->cipher);
4330 goto ok;
4331 }
4332
4333 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
4334 errmsg = "CIPHER_INIT";
4335 goto err;
4336 }
4337 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
4338 errmsg = "PADDING";
4339 goto err;
4340 }
4341 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
4342 errmsg = "CIPHER_UPDATE";
4343 goto err;
4344 }
4345 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
4346 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
4347 goto err;
4348 }
4349 iv_len = EVP_CIPHER_CTX_get_iv_length(ctx);
4350 if (!TEST_int_ge(iv_len,0)) {
4351 errmsg = "CIPHER_CTX_GET_IV_LEN";
4352 goto err;
4353 }
4354 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
4355 errmsg = "IV_NOT_UPDATED";
4356 goto err;
4357 }
4358 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4359 errmsg = "CIPHER_FINAL";
4360 goto err;
4361 }
4362 ok:
4363 testresult = 1;
4364 err:
4365 if (errmsg != NULL)
4366 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
4367 EVP_CIPHER_CTX_free(ctx);
4368 EVP_CIPHER_free(type);
4369 return testresult;
4370 }
4371
4372 typedef struct {
4373 const unsigned char *iv1;
4374 const unsigned char *iv2;
4375 const unsigned char *expected1;
4376 const unsigned char *expected2;
4377 const unsigned char *tag1;
4378 const unsigned char *tag2;
4379 size_t ivlen1;
4380 size_t ivlen2;
4381 size_t expectedlen1;
4382 size_t expectedlen2;
4383 } TEST_GCM_IV_REINIT_st;
4384
4385 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
4386 {
4387 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
4388 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
4389 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
4390 },
4391 {
4392 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
4393 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
4394 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
4395 }
4396 };
4397
4398 static int test_gcm_reinit(int idx)
4399 {
4400 int outlen1, outlen2, outlen3;
4401 int testresult = 0;
4402 unsigned char outbuf[1024];
4403 unsigned char tag[16];
4404 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
4405 EVP_CIPHER_CTX *ctx = NULL;
4406 EVP_CIPHER *type = NULL;
4407 size_t taglen = sizeof(tag);
4408 char *errmsg = NULL;
4409
4410 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
4411 errmsg = "CTX_ALLOC";
4412 goto err;
4413 }
4414 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
4415 errmsg = "CIPHER_FETCH";
4416 goto err;
4417 }
4418 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
4419 errmsg = "ENC_INIT";
4420 goto err;
4421 }
4422 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) {
4423 errmsg = "SET_IVLEN1";
4424 goto err;
4425 }
4426 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
4427 errmsg = "SET_IV1";
4428 goto err;
4429 }
4430 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
4431 errmsg = "AAD1";
4432 goto err;
4433 }
4434 EVP_CIPHER_CTX_set_padding(ctx, 0);
4435 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
4436 sizeof(gcmResetPlaintext)))) {
4437 errmsg = "CIPHER_UPDATE1";
4438 goto err;
4439 }
4440 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4441 errmsg = "CIPHER_FINAL1";
4442 goto err;
4443 }
4444 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
4445 errmsg = "WRONG_RESULT1";
4446 goto err;
4447 }
4448 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4449 errmsg = "GET_TAG1";
4450 goto err;
4451 }
4452 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
4453 errmsg = "TAG_ERROR1";
4454 goto err;
4455 }
4456 /* Now reinit */
4457 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) {
4458 errmsg = "SET_IVLEN2";
4459 goto err;
4460 }
4461 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
4462 errmsg = "SET_IV2";
4463 goto err;
4464 }
4465 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
4466 errmsg = "AAD2";
4467 goto err;
4468 }
4469 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
4470 sizeof(gcmResetPlaintext)))) {
4471 errmsg = "CIPHER_UPDATE2";
4472 goto err;
4473 }
4474 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4475 errmsg = "CIPHER_FINAL2";
4476 goto err;
4477 }
4478 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
4479 errmsg = "WRONG_RESULT2";
4480 goto err;
4481 }
4482 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4483 errmsg = "GET_TAG2";
4484 goto err;
4485 }
4486 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
4487 errmsg = "TAG_ERROR2";
4488 goto err;
4489 }
4490 testresult = 1;
4491 err:
4492 if (errmsg != NULL)
4493 TEST_info("evp_init_test %d: %s", idx, errmsg);
4494 EVP_CIPHER_CTX_free(ctx);
4495 EVP_CIPHER_free(type);
4496 return testresult;
4497 }
4498
4499 static const char *ivlen_change_ciphers[] = {
4500 "AES-256-GCM",
4501 #ifndef OPENSSL_NO_OCB
4502 "AES-256-OCB",
4503 #endif
4504 "AES-256-CCM"
4505 };
4506
4507 /* Negative test for ivlen change after iv being set */
4508 static int test_ivlen_change(int idx)
4509 {
4510 int outlen;
4511 int res = 0;
4512 unsigned char outbuf[1024];
4513 static const unsigned char iv[] = {
4514 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
4515 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
4516 };
4517 EVP_CIPHER_CTX *ctx = NULL;
4518 EVP_CIPHER *ciph = NULL;
4519 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
4520 size_t ivlen = 13; /* non-default IV length */
4521
4522 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
4523 goto err;
4524
4525 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, ivlen_change_ciphers[idx],
4526 testpropq)))
4527 goto err;
4528
4529 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, kGCMDefaultKey, iv, 1)))
4530 goto err;
4531
4532 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4533 sizeof(gcmDefaultPlaintext))))
4534 goto err;
4535
4536 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
4537 &ivlen);
4538 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)))
4539 goto err;
4540
4541 ERR_set_mark();
4542 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4543 sizeof(gcmDefaultPlaintext)))) {
4544 ERR_clear_last_mark();
4545 goto err;
4546 }
4547 ERR_pop_to_mark();
4548
4549 res = 1;
4550 err:
4551 EVP_CIPHER_CTX_free(ctx);
4552 EVP_CIPHER_free(ciph);
4553 return res;
4554 }
4555
4556 static const char *keylen_change_ciphers[] = {
4557 #ifndef OPENSSL_NO_BF
4558 "BF-ECB",
4559 #endif
4560 #ifndef OPENSSL_NO_CAST
4561 "CAST5-ECB",
4562 #endif
4563 #ifndef OPENSSL_NO_RC2
4564 "RC2-ECB",
4565 #endif
4566 #ifndef OPENSSL_NO_RC4
4567 "RC4",
4568 #endif
4569 #ifndef OPENSSL_NO_RC5
4570 "RC5-ECB",
4571 #endif
4572 NULL
4573 };
4574
4575 /* Negative test for keylen change after key was set */
4576 static int test_keylen_change(int idx)
4577 {
4578 int outlen;
4579 int res = 0;
4580 unsigned char outbuf[1024];
4581 static const unsigned char key[] = {
4582 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
4583 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
4584 };
4585 EVP_CIPHER_CTX *ctx = NULL;
4586 EVP_CIPHER *ciph = NULL;
4587 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
4588 size_t keylen = 12; /* non-default key length */
4589
4590 if (lgcyprov == NULL)
4591 return TEST_skip("Test requires legacy provider to be loaded");
4592
4593 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
4594 goto err;
4595
4596 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, keylen_change_ciphers[idx],
4597 testpropq)))
4598 goto err;
4599
4600 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, key, NULL, 1)))
4601 goto err;
4602
4603 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4604 sizeof(gcmDefaultPlaintext))))
4605 goto err;
4606
4607 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
4608 &keylen);
4609 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)))
4610 goto err;
4611
4612 ERR_set_mark();
4613 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4614 sizeof(gcmDefaultPlaintext)))) {
4615 ERR_clear_last_mark();
4616 goto err;
4617 }
4618 ERR_pop_to_mark();
4619
4620 res = 1;
4621 err:
4622 EVP_CIPHER_CTX_free(ctx);
4623 EVP_CIPHER_free(ciph);
4624 return res;
4625 }
4626
4627 #ifndef OPENSSL_NO_DEPRECATED_3_0
4628 static EVP_PKEY_METHOD *custom_pmeth = NULL;
4629 static const EVP_PKEY_METHOD *orig_pmeth = NULL;
4630
4631 # define EVP_PKEY_CTRL_MY_COMMAND 9999
4632
4633 static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
4634 {
4635 int (*pinit)(EVP_PKEY_CTX *ctx);
4636
4637 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
4638 return pinit(ctx);
4639 }
4640
4641 static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
4642 {
4643 void (*pcleanup)(EVP_PKEY_CTX *ctx);
4644
4645 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
4646 pcleanup(ctx);
4647 }
4648
4649 static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
4650 size_t *outlen, const unsigned char *in,
4651 size_t inlen)
4652 {
4653 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
4654 const unsigned char *tbs, size_t tbslen);
4655
4656 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
4657 return psign(ctx, out, outlen, in, inlen);
4658 }
4659
4660 static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
4661 size_t *siglen, const unsigned char *tbs,
4662 size_t tbslen)
4663 {
4664 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
4665 const unsigned char *tbs, size_t tbslen);
4666
4667 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
4668 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
4669 }
4670
4671 static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
4672 size_t *keylen)
4673 {
4674 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
4675
4676 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
4677 return pderive(ctx, key, keylen);
4678 }
4679
4680 static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
4681 {
4682 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
4683
4684 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
4685 return pcopy(dst, src);
4686 }
4687
4688 static int ctrl_called;
4689
4690 static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
4691 {
4692 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
4693
4694 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
4695
4696 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
4697 ctrl_called = 1;
4698 return 1;
4699 }
4700
4701 return pctrl(ctx, type, p1, p2);
4702 }
4703
4704 static int test_custom_pmeth(int idx)
4705 {
4706 EVP_PKEY_CTX *pctx = NULL;
4707 EVP_MD_CTX *ctx = NULL;
4708 EVP_PKEY *pkey = NULL;
4709 int id, orig_id, orig_flags;
4710 int testresult = 0;
4711 size_t reslen;
4712 unsigned char *res = NULL;
4713 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
4714 const EVP_MD *md = EVP_sha256();
4715 int doderive = 0;
4716
4717 ctrl_called = 0;
4718
4719 /* We call deprecated APIs so this test doesn't support a custom libctx */
4720 if (testctx != NULL)
4721 return 1;
4722
4723 switch (idx) {
4724 case 0:
4725 case 6:
4726 id = EVP_PKEY_RSA;
4727 pkey = load_example_rsa_key();
4728 break;
4729 case 1:
4730 case 7:
4731 # ifndef OPENSSL_NO_DSA
4732 id = EVP_PKEY_DSA;
4733 pkey = load_example_dsa_key();
4734 break;
4735 # else
4736 return 1;
4737 # endif
4738 case 2:
4739 case 8:
4740 # ifndef OPENSSL_NO_EC
4741 id = EVP_PKEY_EC;
4742 pkey = load_example_ec_key();
4743 break;
4744 # else
4745 return 1;
4746 # endif
4747 case 3:
4748 case 9:
4749 # ifndef OPENSSL_NO_ECX
4750 id = EVP_PKEY_ED25519;
4751 md = NULL;
4752 pkey = load_example_ed25519_key();
4753 break;
4754 # else
4755 return 1;
4756 # endif
4757 case 4:
4758 case 10:
4759 # ifndef OPENSSL_NO_DH
4760 id = EVP_PKEY_DH;
4761 doderive = 1;
4762 pkey = load_example_dh_key();
4763 break;
4764 # else
4765 return 1;
4766 # endif
4767 case 5:
4768 case 11:
4769 # ifndef OPENSSL_NO_ECX
4770 id = EVP_PKEY_X25519;
4771 doderive = 1;
4772 pkey = load_example_x25519_key();
4773 break;
4774 # else
4775 return 1;
4776 # endif
4777 default:
4778 TEST_error("Should not happen");
4779 goto err;
4780 }
4781
4782 if (!TEST_ptr(pkey))
4783 goto err;
4784
4785 if (idx < 6) {
4786 if (!TEST_true(evp_pkey_is_provided(pkey)))
4787 goto err;
4788 } else {
4789 EVP_PKEY *tmp = pkey;
4790
4791 /* Convert to a legacy key */
4792 pkey = EVP_PKEY_new();
4793 if (!TEST_ptr(pkey)) {
4794 pkey = tmp;
4795 goto err;
4796 }
4797 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
4798 EVP_PKEY_free(tmp);
4799 goto err;
4800 }
4801 EVP_PKEY_free(tmp);
4802 if (!TEST_true(evp_pkey_is_legacy(pkey)))
4803 goto err;
4804 }
4805
4806 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
4807 || !TEST_ptr(pkey))
4808 goto err;
4809
4810 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
4811 if (!TEST_int_eq(orig_id, id)
4812 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
4813 goto err;
4814
4815 if (id == EVP_PKEY_ED25519) {
4816 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
4817 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
4818 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
4819 } else {
4820 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
4821 }
4822 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
4823 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
4824 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
4825 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
4826 }
4827 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
4828 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
4829 goto err;
4830
4831 if (doderive) {
4832 pctx = EVP_PKEY_CTX_new(pkey, NULL);
4833 if (!TEST_ptr(pctx)
4834 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
4835 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4836 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4837 1)
4838 || !TEST_int_eq(ctrl_called, 1)
4839 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
4840 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
4841 || !TEST_ptr(res = OPENSSL_malloc(reslen))
4842 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
4843 goto err;
4844 } else {
4845 ctx = EVP_MD_CTX_new();
4846 reslen = EVP_PKEY_size(pkey);
4847 res = OPENSSL_malloc(reslen);
4848 if (!TEST_ptr(ctx)
4849 || !TEST_ptr(res)
4850 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
4851 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4852 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4853 1)
4854 || !TEST_int_eq(ctrl_called, 1))
4855 goto err;
4856
4857 if (id == EVP_PKEY_ED25519) {
4858 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
4859 goto err;
4860 } else {
4861 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
4862 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
4863 goto err;
4864 }
4865 }
4866
4867 testresult = 1;
4868 err:
4869 OPENSSL_free(res);
4870 EVP_MD_CTX_free(ctx);
4871 if (doderive)
4872 EVP_PKEY_CTX_free(pctx);
4873 EVP_PKEY_free(pkey);
4874 EVP_PKEY_meth_remove(custom_pmeth);
4875 EVP_PKEY_meth_free(custom_pmeth);
4876 custom_pmeth = NULL;
4877 return testresult;
4878 }
4879
4880 static int test_evp_md_cipher_meth(void)
4881 {
4882 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
4883 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
4884 int testresult = 0;
4885
4886 if (!TEST_ptr(md) || !TEST_ptr(ciph))
4887 goto err;
4888
4889 testresult = 1;
4890
4891 err:
4892 EVP_MD_meth_free(md);
4893 EVP_CIPHER_meth_free(ciph);
4894
4895 return testresult;
4896 }
4897
4898 typedef struct {
4899 int data;
4900 } custom_dgst_ctx;
4901
4902 static int custom_md_init_called = 0;
4903 static int custom_md_cleanup_called = 0;
4904
4905 static int custom_md_init(EVP_MD_CTX *ctx)
4906 {
4907 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4908
4909 if (p == NULL)
4910 return 0;
4911
4912 custom_md_init_called++;
4913 return 1;
4914 }
4915
4916 static int custom_md_cleanup(EVP_MD_CTX *ctx)
4917 {
4918 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4919
4920 if (p == NULL)
4921 /* Nothing to do */
4922 return 1;
4923
4924 custom_md_cleanup_called++;
4925 return 1;
4926 }
4927
4928 static int test_custom_md_meth(void)
4929 {
4930 EVP_MD_CTX *mdctx = NULL;
4931 EVP_MD *tmp = NULL;
4932 char mess[] = "Test Message\n";
4933 unsigned char md_value[EVP_MAX_MD_SIZE];
4934 unsigned int md_len;
4935 int testresult = 0;
4936 int nid;
4937
4938 /*
4939 * We are testing deprecated functions. We don't support a non-default
4940 * library context in this test.
4941 */
4942 if (testctx != NULL)
4943 return TEST_skip("Non-default libctx");
4944
4945 custom_md_init_called = custom_md_cleanup_called = 0;
4946
4947 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
4948 if (!TEST_int_ne(nid, NID_undef))
4949 goto err;
4950 tmp = EVP_MD_meth_new(nid, NID_undef);
4951 if (!TEST_ptr(tmp))
4952 goto err;
4953
4954 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init))
4955 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup))
4956 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp,
4957 sizeof(custom_dgst_ctx))))
4958 goto err;
4959
4960 mdctx = EVP_MD_CTX_new();
4961 if (!TEST_ptr(mdctx)
4962 /*
4963 * Initing our custom md and then initing another md should
4964 * result in the init and cleanup functions of the custom md
4965 * being called.
4966 */
4967 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL))
4968 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
4969 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess)))
4970 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len))
4971 || !TEST_int_eq(custom_md_init_called, 1)
4972 || !TEST_int_eq(custom_md_cleanup_called, 1))
4973 goto err;
4974
4975 testresult = 1;
4976 err:
4977 EVP_MD_CTX_free(mdctx);
4978 EVP_MD_meth_free(tmp);
4979 return testresult;
4980 }
4981
4982 typedef struct {
4983 int data;
4984 } custom_ciph_ctx;
4985
4986 static int custom_ciph_init_called = 0;
4987 static int custom_ciph_cleanup_called = 0;
4988
4989 static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
4990 const unsigned char *iv, int enc)
4991 {
4992 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
4993
4994 if (p == NULL)
4995 return 0;
4996
4997 custom_ciph_init_called++;
4998 return 1;
4999 }
5000
5001 static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx)
5002 {
5003 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
5004
5005 if (p == NULL)
5006 /* Nothing to do */
5007 return 1;
5008
5009 custom_ciph_cleanup_called++;
5010 return 1;
5011 }
5012
5013 static int test_custom_ciph_meth(void)
5014 {
5015 EVP_CIPHER_CTX *ciphctx = NULL;
5016 EVP_CIPHER *tmp = NULL;
5017 int testresult = 0;
5018 int nid;
5019
5020 /*
5021 * We are testing deprecated functions. We don't support a non-default
5022 * library context in this test.
5023 */
5024 if (testctx != NULL)
5025 return TEST_skip("Non-default libctx");
5026
5027 custom_ciph_init_called = custom_ciph_cleanup_called = 0;
5028
5029 nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph");
5030 if (!TEST_int_ne(nid, NID_undef))
5031 goto err;
5032 tmp = EVP_CIPHER_meth_new(nid, 16, 16);
5033 if (!TEST_ptr(tmp))
5034 goto err;
5035
5036 if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init))
5037 || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT))
5038 || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup))
5039 || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp,
5040 sizeof(custom_ciph_ctx))))
5041 goto err;
5042
5043 ciphctx = EVP_CIPHER_CTX_new();
5044 if (!TEST_ptr(ciphctx)
5045 /*
5046 * Initing our custom cipher and then initing another cipher
5047 * should result in the init and cleanup functions of the custom
5048 * cipher being called.
5049 */
5050 || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1))
5051 || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL,
5052 NULL, NULL, 1))
5053 || !TEST_int_eq(custom_ciph_init_called, 1)
5054 || !TEST_int_eq(custom_ciph_cleanup_called, 1))
5055 goto err;
5056
5057 testresult = 1;
5058 err:
5059 EVP_CIPHER_CTX_free(ciphctx);
5060 EVP_CIPHER_meth_free(tmp);
5061 return testresult;
5062 }
5063
5064 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
5065 /* Test we can create a signature keys with an associated ENGINE */
5066 static int test_signatures_with_engine(int tst)
5067 {
5068 ENGINE *e;
5069 const char *engine_id = "dasync";
5070 EVP_PKEY *pkey = NULL;
5071 const unsigned char badcmackey[] = { 0x00, 0x01 };
5072 const unsigned char cmackey[] = {
5073 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
5074 0x0c, 0x0d, 0x0e, 0x0f
5075 };
5076 const unsigned char ed25519key[] = {
5077 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
5078 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
5079 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
5080 };
5081 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
5082 int testresult = 0;
5083 EVP_MD_CTX *ctx = NULL;
5084 unsigned char *mac = NULL;
5085 size_t maclen = 0;
5086 int ret;
5087
5088 # ifdef OPENSSL_NO_CMAC
5089 /* Skip CMAC tests in a no-cmac build */
5090 if (tst <= 1)
5091 return 1;
5092 # endif
5093 # ifdef OPENSSL_NO_ECX
5094 /* Skip ECX tests in a no-ecx build */
5095 if (tst == 2)
5096 return 1;
5097 # endif
5098
5099 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
5100 return 0;
5101
5102 if (!TEST_true(ENGINE_init(e))) {
5103 ENGINE_free(e);
5104 return 0;
5105 }
5106
5107 switch (tst) {
5108 case 0:
5109 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
5110 EVP_aes_128_cbc());
5111 break;
5112 case 1:
5113 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
5114 EVP_aes_128_cbc());
5115 break;
5116 case 2:
5117 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
5118 sizeof(ed25519key));
5119 break;
5120 default:
5121 TEST_error("Invalid test case");
5122 goto err;
5123 }
5124 if (!TEST_ptr(pkey))
5125 goto err;
5126
5127 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
5128 goto err;
5129
5130 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
5131 pkey);
5132 if (tst == 0) {
5133 if (!TEST_true(ret))
5134 goto err;
5135
5136 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
5137 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
5138 goto err;
5139
5140 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
5141 goto err;
5142
5143 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
5144 goto err;
5145 } else {
5146 /* We used a bad key. We expect a failure here */
5147 if (!TEST_false(ret))
5148 goto err;
5149 }
5150
5151 testresult = 1;
5152 err:
5153 EVP_MD_CTX_free(ctx);
5154 OPENSSL_free(mac);
5155 EVP_PKEY_free(pkey);
5156 ENGINE_finish(e);
5157 ENGINE_free(e);
5158
5159 return testresult;
5160 }
5161
5162 static int test_cipher_with_engine(void)
5163 {
5164 ENGINE *e;
5165 const char *engine_id = "dasync";
5166 const unsigned char keyiv[] = {
5167 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
5168 0x0c, 0x0d, 0x0e, 0x0f
5169 };
5170 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
5171 int testresult = 0;
5172 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
5173 unsigned char buf[AES_BLOCK_SIZE];
5174 int len = 0;
5175
5176 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
5177 return 0;
5178
5179 if (!TEST_true(ENGINE_init(e))) {
5180 ENGINE_free(e);
5181 return 0;
5182 }
5183
5184 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
5185 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
5186 goto err;
5187
5188 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
5189 goto err;
5190
5191 /* Copy the ctx, and complete the operation with the new ctx */
5192 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
5193 goto err;
5194
5195 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
5196 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
5197 goto err;
5198
5199 testresult = 1;
5200 err:
5201 EVP_CIPHER_CTX_free(ctx);
5202 EVP_CIPHER_CTX_free(ctx2);
5203 ENGINE_finish(e);
5204 ENGINE_free(e);
5205
5206 return testresult;
5207 }
5208 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
5209 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
5210
5211 #ifndef OPENSSL_NO_ECX
5212 static int ecxnids[] = {
5213 NID_X25519,
5214 NID_X448,
5215 NID_ED25519,
5216 NID_ED448
5217 };
5218
5219 /* Test that creating ECX keys with a short private key fails as expected */
5220 static int test_ecx_short_keys(int tst)
5221 {
5222 unsigned char ecxkeydata = 1;
5223 EVP_PKEY *pkey;
5224
5225
5226 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, OBJ_nid2sn(ecxnids[tst]),
5227 NULL, &ecxkeydata, 1);
5228 if (!TEST_ptr_null(pkey)) {
5229 EVP_PKEY_free(pkey);
5230 return 0;
5231 }
5232
5233 return 1;
5234 }
5235 #endif
5236
5237 typedef enum OPTION_choice {
5238 OPT_ERR = -1,
5239 OPT_EOF = 0,
5240 OPT_CONTEXT,
5241 OPT_TEST_ENUM
5242 } OPTION_CHOICE;
5243
5244 const OPTIONS *test_get_options(void)
5245 {
5246 static const OPTIONS options[] = {
5247 OPT_TEST_OPTIONS_DEFAULT_USAGE,
5248 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
5249 { NULL }
5250 };
5251 return options;
5252 }
5253
5254 #ifndef OPENSSL_NO_ECX
5255 /* Test that trying to sign with a public key errors out gracefully */
5256 static int test_ecx_not_private_key(int tst)
5257 {
5258 EVP_PKEY *pkey = NULL;
5259
5260 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
5261 int testresult = 0;
5262 EVP_MD_CTX *ctx = NULL;
5263 unsigned char *mac = NULL;
5264 size_t maclen = 0;
5265 unsigned char *pubkey;
5266 size_t pubkeylen;
5267
5268 switch (keys[tst].type) {
5269 case NID_X25519:
5270 case NID_X448:
5271 return TEST_skip("signing not supported for X25519/X448");
5272 }
5273
5274 /* Check if this algorithm supports public keys */
5275 if (keys[tst].pub == NULL)
5276 return TEST_skip("no public key present");
5277
5278 pubkey = (unsigned char *)keys[tst].pub;
5279 pubkeylen = strlen(keys[tst].pub);
5280
5281 pkey = EVP_PKEY_new_raw_public_key_ex(testctx, OBJ_nid2sn(keys[tst].type),
5282 NULL, pubkey, pubkeylen);
5283 if (!TEST_ptr(pkey))
5284 goto err;
5285
5286 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
5287 goto err;
5288
5289 if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey) != 1)
5290 goto check_err;
5291
5292 if (EVP_DigestSign(ctx, NULL, &maclen, msg, sizeof(msg)) != 1)
5293 goto check_err;
5294
5295 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
5296 goto err;
5297
5298 if (!TEST_int_eq(EVP_DigestSign(ctx, mac, &maclen, msg, sizeof(msg)), 0))
5299 goto err;
5300
5301 check_err:
5302 /*
5303 * Currently only EVP_DigestSign will throw PROV_R_NOT_A_PRIVATE_KEY,
5304 * but we relax the check to allow error also thrown by
5305 * EVP_DigestSignInit and EVP_DigestSign.
5306 */
5307 if (ERR_GET_REASON(ERR_peek_error()) == PROV_R_NOT_A_PRIVATE_KEY) {
5308 testresult = 1;
5309 ERR_clear_error();
5310 }
5311
5312 err:
5313 EVP_MD_CTX_free(ctx);
5314 OPENSSL_free(mac);
5315 EVP_PKEY_free(pkey);
5316
5317 return testresult;
5318 }
5319 #endif /* OPENSSL_NO_ECX */
5320
5321 static int test_sign_continuation(void)
5322 {
5323 OSSL_PROVIDER *fake_rsa = NULL;
5324 int testresult = 0;
5325 EVP_PKEY *pkey = NULL;
5326 EVP_PKEY_CTX *pctx = NULL;
5327 EVP_MD_CTX *mctx = NULL;
5328 const char sigbuf[] = "To Be Signed";
5329 unsigned char signature[256];
5330 size_t siglen = 256;
5331 static int nodupnum = 1;
5332 static const OSSL_PARAM nodup_params[] = {
5333 OSSL_PARAM_int("NO_DUP", &nodupnum),
5334 OSSL_PARAM_END
5335 };
5336
5337 if (!TEST_ptr(fake_rsa = fake_rsa_start(testctx)))
5338 return 0;
5339
5340 /* Construct a pkey using precise propq to use our provider */
5341 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA",
5342 "provider=fake-rsa"))
5343 || !TEST_true(EVP_PKEY_fromdata_init(pctx))
5344 || !TEST_true(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, NULL))
5345 || !TEST_ptr(pkey))
5346 goto end;
5347
5348 /* First test it continues (classic behavior) */
5349 if (!TEST_ptr(mctx = EVP_MD_CTX_new())
5350 || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx,
5351 NULL, pkey, NULL))
5352 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
5353 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen))
5354 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
5355 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen)))
5356 goto end;
5357
5358 EVP_MD_CTX_free(mctx);
5359
5360 /* try again but failing the continuation */
5361 if (!TEST_ptr(mctx = EVP_MD_CTX_new())
5362 || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx,
5363 NULL, pkey, nodup_params))
5364 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
5365 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen))
5366 || !TEST_false(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
5367 || !TEST_false(EVP_DigestSignFinal(mctx, signature, &siglen)))
5368 goto end;
5369
5370 testresult = 1;
5371
5372 end:
5373 EVP_MD_CTX_free(mctx);
5374 EVP_PKEY_free(pkey);
5375 EVP_PKEY_CTX_free(pctx);
5376 fake_rsa_finish(fake_rsa);
5377 return testresult;
5378 }
5379
5380 static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s,
5381 const unsigned char *gcm_iv, size_t gcm_ivlen,
5382 const unsigned char *gcm_pt, size_t gcm_pt_s,
5383 const unsigned char *gcm_aad, size_t gcm_aad_s,
5384 const unsigned char *gcm_ct, size_t gcm_ct_s,
5385 const unsigned char *gcm_tag, size_t gcm_tag_s)
5386 {
5387 int ret = 0;
5388 EVP_CIPHER_CTX *ctx;
5389 EVP_CIPHER *cipher = NULL;
5390 int outlen, tmplen;
5391 unsigned char outbuf[1024];
5392 unsigned char outtag[16];
5393 OSSL_PARAM params[2] = {
5394 OSSL_PARAM_END, OSSL_PARAM_END
5395 };
5396
5397 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
5398 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")))
5399 goto err;
5400
5401 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
5402 &gcm_ivlen);
5403
5404 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
5405 || (gcm_aad != NULL
5406 && !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen,
5407 gcm_aad, gcm_aad_s)))
5408 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen,
5409 gcm_pt, gcm_pt_s))
5410 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)))
5411 goto err;
5412
5413 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
5414 outtag, sizeof(outtag));
5415
5416 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params))
5417 || !TEST_mem_eq(outbuf, outlen, gcm_ct, gcm_ct_s)
5418 || !TEST_mem_eq(outtag, gcm_tag_s, gcm_tag, gcm_tag_s))
5419 goto err;
5420
5421 ret = 1;
5422 err:
5423 EVP_CIPHER_free(cipher);
5424 EVP_CIPHER_CTX_free(ctx);
5425
5426 return ret;
5427 }
5428
5429 static int aes_gcm_decrypt(const unsigned char *gcm_key, size_t gcm_key_s,
5430 const unsigned char *gcm_iv, size_t gcm_ivlen,
5431 const unsigned char *gcm_pt, size_t gcm_pt_s,
5432 const unsigned char *gcm_aad, size_t gcm_aad_s,
5433 const unsigned char *gcm_ct, size_t gcm_ct_s,
5434 const unsigned char *gcm_tag, size_t gcm_tag_s)
5435 {
5436 int ret = 0;
5437 EVP_CIPHER_CTX *ctx;
5438 EVP_CIPHER *cipher = NULL;
5439 int outlen;
5440 unsigned char outbuf[1024];
5441 OSSL_PARAM params[2] = {
5442 OSSL_PARAM_END, OSSL_PARAM_END
5443 };
5444
5445 if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
5446 goto err;
5447
5448 if ((cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")) == NULL)
5449 goto err;
5450
5451 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
5452 &gcm_ivlen);
5453
5454 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
5455 || (gcm_aad != NULL
5456 && !TEST_true(EVP_DecryptUpdate(ctx, NULL, &outlen,
5457 gcm_aad, gcm_aad_s)))
5458 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen,
5459 gcm_ct, gcm_ct_s))
5460 || !TEST_mem_eq(outbuf, outlen, gcm_pt, gcm_pt_s))
5461 goto err;
5462
5463 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
5464 (void*)gcm_tag, gcm_tag_s);
5465
5466 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))
5467 ||!TEST_true(EVP_DecryptFinal_ex(ctx, outbuf, &outlen)))
5468 goto err;
5469
5470 ret = 1;
5471 err:
5472 EVP_CIPHER_free(cipher);
5473 EVP_CIPHER_CTX_free(ctx);
5474
5475 return ret;
5476 }
5477
5478 static int test_aes_gcm_ivlen_change_cve_2023_5363(void)
5479 {
5480 /* AES-GCM test data obtained from NIST public test vectors */
5481 static const unsigned char gcm_key[] = {
5482 0xd0, 0xc2, 0x67, 0xc1, 0x9f, 0x30, 0xd8, 0x0b, 0x89, 0x14, 0xbb, 0xbf,
5483 0xb7, 0x2f, 0x73, 0xb8, 0xd3, 0xcd, 0x5f, 0x6a, 0x78, 0x70, 0x15, 0x84,
5484 0x8a, 0x7b, 0x30, 0xe3, 0x8f, 0x16, 0xf1, 0x8b,
5485 };
5486 static const unsigned char gcm_iv[] = {
5487 0xb6, 0xdc, 0xda, 0x95, 0xac, 0x99, 0x77, 0x76, 0x25, 0xae, 0x87, 0xf8,
5488 0xa3, 0xa9, 0xdd, 0x64, 0xd7, 0x9b, 0xbd, 0x5f, 0x4a, 0x0e, 0x54, 0xca,
5489 0x1a, 0x9f, 0xa2, 0xe3, 0xf4, 0x5f, 0x5f, 0xc2, 0xce, 0xa7, 0xb6, 0x14,
5490 0x12, 0x6f, 0xf0, 0xaf, 0xfd, 0x3e, 0x17, 0x35, 0x6e, 0xa0, 0x16, 0x09,
5491 0xdd, 0xa1, 0x3f, 0xd8, 0xdd, 0xf3, 0xdf, 0x4f, 0xcb, 0x18, 0x49, 0xb8,
5492 0xb3, 0x69, 0x2c, 0x5d, 0x4f, 0xad, 0x30, 0x91, 0x08, 0xbc, 0xbe, 0x24,
5493 0x01, 0x0f, 0xbe, 0x9c, 0xfb, 0x4f, 0x5d, 0x19, 0x7f, 0x4c, 0x53, 0xb0,
5494 0x95, 0x90, 0xac, 0x7b, 0x1f, 0x7b, 0xa0, 0x99, 0xe1, 0xf3, 0x48, 0x54,
5495 0xd0, 0xfc, 0xa9, 0xcc, 0x91, 0xf8, 0x1f, 0x9b, 0x6c, 0x9a, 0xe0, 0xdc,
5496 0x63, 0xea, 0x7d, 0x2a, 0x4a, 0x7d, 0xa5, 0xed, 0x68, 0x57, 0x27, 0x6b,
5497 0x68, 0xe0, 0xf2, 0xb8, 0x51, 0x50, 0x8d, 0x3d,
5498 };
5499 static const unsigned char gcm_pt[] = {
5500 0xb8, 0xb6, 0x88, 0x36, 0x44, 0xe2, 0x34, 0xdf, 0x24, 0x32, 0x91, 0x07,
5501 0x4f, 0xe3, 0x6f, 0x81,
5502 };
5503 static const unsigned char gcm_ct[] = {
5504 0xff, 0x4f, 0xb3, 0xf3, 0xf9, 0xa2, 0x51, 0xd4, 0x82, 0xc2, 0xbe, 0xf3,
5505 0xe2, 0xd0, 0xec, 0xed,
5506 };
5507 static const unsigned char gcm_tag[] = {
5508 0xbd, 0x06, 0x38, 0x09, 0xf7, 0xe1, 0xc4, 0x72, 0x0e, 0xf2, 0xea, 0x63,
5509 0xdb, 0x99, 0x6c, 0x21,
5510 };
5511
5512 return aes_gcm_encrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv),
5513 gcm_pt, sizeof(gcm_pt), NULL, 0,
5514 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag))
5515 && aes_gcm_decrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv),
5516 gcm_pt, sizeof(gcm_pt), NULL, 0,
5517 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag));
5518 }
5519
5520 #ifndef OPENSSL_NO_RC4
5521 static int rc4_encrypt(const unsigned char *rc4_key, size_t rc4_key_s,
5522 const unsigned char *rc4_pt, size_t rc4_pt_s,
5523 const unsigned char *rc4_ct, size_t rc4_ct_s)
5524 {
5525 int ret = 0;
5526 EVP_CIPHER_CTX *ctx;
5527 EVP_CIPHER *cipher = NULL;
5528 int outlen, tmplen;
5529 unsigned char outbuf[1024];
5530 OSSL_PARAM params[2] = {
5531 OSSL_PARAM_END, OSSL_PARAM_END
5532 };
5533
5534 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
5535 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "RC4", "")))
5536 goto err;
5537
5538 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
5539 &rc4_key_s);
5540
5541 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, rc4_key, NULL, params))
5542 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen,
5543 rc4_pt, rc4_pt_s))
5544 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)))
5545 goto err;
5546
5547 if (!TEST_mem_eq(outbuf, outlen, rc4_ct, rc4_ct_s))
5548 goto err;
5549
5550 ret = 1;
5551 err:
5552 EVP_CIPHER_free(cipher);
5553 EVP_CIPHER_CTX_free(ctx);
5554
5555 return ret;
5556 }
5557
5558 static int rc4_decrypt(const unsigned char *rc4_key, size_t rc4_key_s,
5559 const unsigned char *rc4_pt, size_t rc4_pt_s,
5560 const unsigned char *rc4_ct, size_t rc4_ct_s)
5561 {
5562 int ret = 0;
5563 EVP_CIPHER_CTX *ctx;
5564 EVP_CIPHER *cipher = NULL;
5565 int outlen;
5566 unsigned char outbuf[1024];
5567 OSSL_PARAM params[2] = {
5568 OSSL_PARAM_END, OSSL_PARAM_END
5569 };
5570
5571 if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
5572 goto err;
5573
5574 if ((cipher = EVP_CIPHER_fetch(testctx, "RC4", "")) == NULL)
5575 goto err;
5576
5577 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
5578 &rc4_key_s);
5579
5580 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, rc4_key, NULL, params))
5581 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen,
5582 rc4_ct, rc4_ct_s))
5583 || !TEST_mem_eq(outbuf, outlen, rc4_pt, rc4_pt_s))
5584 goto err;
5585
5586 ret = 1;
5587 err:
5588 EVP_CIPHER_free(cipher);
5589 EVP_CIPHER_CTX_free(ctx);
5590
5591 return ret;
5592 }
5593
5594 static int test_aes_rc4_keylen_change_cve_2023_5363(void)
5595 {
5596 /* RC4 test data obtained from RFC 6229 */
5597 static const struct {
5598 unsigned char key[5];
5599 unsigned char padding[11];
5600 } rc4_key = {
5601 { /* Five bytes of key material */
5602 0x83, 0x32, 0x22, 0x77, 0x2a,
5603 },
5604 { /* Random padding to 16 bytes */
5605 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 0xaa, 0x32, 0x91
5606 }
5607 };
5608 static const unsigned char rc4_pt[] = {
5609 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5610 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
5611 };
5612 static const unsigned char rc4_ct[] = {
5613 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a,
5614 0x2e, 0x87, 0x9e, 0x92, 0xa4, 0x97, 0xef, 0xda
5615 };
5616
5617 if (lgcyprov == NULL)
5618 return TEST_skip("Test requires legacy provider to be loaded");
5619
5620 return rc4_encrypt(rc4_key.key, sizeof(rc4_key.key),
5621 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct))
5622 && rc4_decrypt(rc4_key.key, sizeof(rc4_key.key),
5623 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct));
5624 }
5625 #endif
5626
5627 int setup_tests(void)
5628 {
5629 OPTION_CHOICE o;
5630
5631 while ((o = opt_next()) != OPT_EOF) {
5632 switch (o) {
5633 case OPT_CONTEXT:
5634 /* Set up an alternate library context */
5635 testctx = OSSL_LIB_CTX_new();
5636 if (!TEST_ptr(testctx))
5637 return 0;
5638 #ifdef STATIC_LEGACY
5639 /*
5640 * This test is always statically linked against libcrypto. We must not
5641 * attempt to load legacy.so that might be dynamically linked against
5642 * libcrypto. Instead we use a built-in version of the legacy provider.
5643 */
5644 if (!OSSL_PROVIDER_add_builtin(testctx, "legacy", ossl_legacy_provider_init))
5645 return 0;
5646 #endif
5647 /* Swap the libctx to test non-default context only */
5648 nullprov = OSSL_PROVIDER_load(NULL, "null");
5649 deflprov = OSSL_PROVIDER_load(testctx, "default");
5650 #ifndef OPENSSL_SYS_TANDEM
5651 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
5652 #endif
5653 break;
5654 case OPT_TEST_CASES:
5655 break;
5656 default:
5657 return 0;
5658 }
5659 }
5660
5661 ADD_TEST(test_EVP_set_default_properties);
5662 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
5663 ADD_TEST(test_EVP_DigestVerifyInit);
5664 #ifndef OPENSSL_NO_SIPHASH
5665 ADD_TEST(test_siphash_digestsign);
5666 #endif
5667 ADD_TEST(test_EVP_Digest);
5668 ADD_TEST(test_EVP_md_null);
5669 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
5670 #ifndef OPENSSL_NO_DEPRECATED_3_0
5671 ADD_ALL_TESTS(test_EVP_PKEY_sign_with_app_method, 2);
5672 #endif
5673 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
5674 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
5675 ADD_TEST(test_privatekey_to_pkcs8);
5676 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
5677 #ifndef OPENSSL_NO_EC
5678 ADD_TEST(test_EVP_PKCS82PKEY);
5679 #endif
5680 #ifndef OPENSSL_NO_EC
5681 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
5682 #endif
5683 #if !defined(OPENSSL_NO_SM2)
5684 ADD_TEST(test_EVP_SM2);
5685 ADD_TEST(test_EVP_SM2_verify);
5686 #endif
5687 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
5688 #ifndef OPENSSL_NO_DEPRECATED_3_0
5689 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
5690 if (!TEST_ptr(custom_pmeth))
5691 return 0;
5692 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
5693 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
5694 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
5695 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
5696 return 0;
5697 #endif
5698 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
5699 #ifndef OPENSSL_NO_CMAC
5700 ADD_TEST(test_CMAC_keygen);
5701 #endif
5702 ADD_TEST(test_HKDF);
5703 ADD_TEST(test_emptyikm_HKDF);
5704 ADD_TEST(test_empty_salt_info_HKDF);
5705 #ifndef OPENSSL_NO_EC
5706 ADD_TEST(test_X509_PUBKEY_inplace);
5707 ADD_TEST(test_X509_PUBKEY_dup);
5708 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
5709 OSSL_NELEM(ec_der_pub_keys));
5710 #endif
5711 #ifndef OPENSSL_NO_DSA
5712 ADD_TEST(test_DSA_get_set_params);
5713 ADD_TEST(test_DSA_priv_pub);
5714 #endif
5715 ADD_TEST(test_RSA_get_set_params);
5716 ADD_TEST(test_RSA_OAEP_set_get_params);
5717 ADD_TEST(test_RSA_OAEP_set_null_label);
5718 #ifndef OPENSSL_NO_DEPRECATED_3_0
5719 ADD_TEST(test_RSA_legacy);
5720 #endif
5721 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
5722 ADD_TEST(test_decrypt_null_chunks);
5723 #endif
5724 #ifndef OPENSSL_NO_DH
5725 ADD_TEST(test_DH_priv_pub);
5726 # ifndef OPENSSL_NO_DEPRECATED_3_0
5727 ADD_TEST(test_EVP_PKEY_set1_DH);
5728 # endif
5729 #endif
5730 #ifndef OPENSSL_NO_EC
5731 ADD_TEST(test_EC_priv_pub);
5732 ADD_TEST(test_evp_get_ec_pub);
5733 # ifndef OPENSSL_NO_DEPRECATED_3_0
5734 ADD_TEST(test_EC_priv_only_legacy);
5735 ADD_TEST(test_evp_get_ec_pub_legacy);
5736 # endif
5737 #endif
5738 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
5739 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
5740
5741 ADD_TEST(test_rand_agglomeration);
5742 ADD_ALL_TESTS(test_evp_iv_aes, 12);
5743 #ifndef OPENSSL_NO_DES
5744 ADD_ALL_TESTS(test_evp_iv_des, 6);
5745 #endif
5746 #ifndef OPENSSL_NO_BF
5747 ADD_ALL_TESTS(test_evp_bf_default_keylen, 4);
5748 #endif
5749 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
5750 ADD_TEST(test_EVP_rsa_pss_set_saltlen);
5751 #ifndef OPENSSL_NO_EC
5752 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
5753 #endif
5754
5755 ADD_TEST(test_names_do_all);
5756
5757 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
5758 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
5759 ADD_ALL_TESTS(test_evp_reinit_seq, OSSL_NELEM(evp_reinit_tests));
5760 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
5761 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
5762 ADD_ALL_TESTS(test_ivlen_change, OSSL_NELEM(ivlen_change_ciphers));
5763 if (OSSL_NELEM(keylen_change_ciphers) - 1 > 0)
5764 ADD_ALL_TESTS(test_keylen_change, OSSL_NELEM(keylen_change_ciphers) - 1);
5765
5766 #ifndef OPENSSL_NO_DEPRECATED_3_0
5767 ADD_ALL_TESTS(test_custom_pmeth, 12);
5768 ADD_TEST(test_evp_md_cipher_meth);
5769 ADD_TEST(test_custom_md_meth);
5770 ADD_TEST(test_custom_ciph_meth);
5771
5772 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
5773 /* Tests only support the default libctx */
5774 if (testctx == NULL) {
5775 # ifndef OPENSSL_NO_EC
5776 ADD_ALL_TESTS(test_signatures_with_engine, 3);
5777 # else
5778 ADD_ALL_TESTS(test_signatures_with_engine, 2);
5779 # endif
5780 ADD_TEST(test_cipher_with_engine);
5781 }
5782 # endif
5783 #endif
5784
5785 #ifndef OPENSSL_NO_ECX
5786 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
5787 ADD_ALL_TESTS(test_ecx_not_private_key, OSSL_NELEM(keys));
5788 #endif
5789
5790 ADD_TEST(test_sign_continuation);
5791
5792 /* Test cases for CVE-2023-5363 */
5793 ADD_TEST(test_aes_gcm_ivlen_change_cve_2023_5363);
5794 #ifndef OPENSSL_NO_RC4
5795 ADD_TEST(test_aes_rc4_keylen_change_cve_2023_5363);
5796 #endif
5797
5798 return 1;
5799 }
5800
5801 void cleanup_tests(void)
5802 {
5803 OSSL_PROVIDER_unload(nullprov);
5804 OSSL_PROVIDER_unload(deflprov);
5805 #ifndef OPENSSL_SYS_TANDEM
5806 OSSL_PROVIDER_unload(lgcyprov);
5807 #endif
5808 OSSL_LIB_CTX_free(testctx);
5809 }
A mirror of the official openssl repository