]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/evp_extra_test.c
projects / thirdparty / openssl.git / blob
? search:


bd6ff414d09b22d062ab96b789e44c4eaaea7c65
[thirdparty/openssl.git] / test / evp_extra_test.c
1 /*
2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
34 #include "testutil.h"
35 #include "internal/nelem.h"
36 #include "internal/sizes.h"
37 #include "crypto/evp.h"
38 #include "../e_os.h" /* strcasecmp */
39
40 static OSSL_LIB_CTX *testctx = NULL;
41 static char *testpropq = NULL;
42
43 static OSSL_PROVIDER *nullprov = NULL;
44 static OSSL_PROVIDER *deflprov = NULL;
45 static OSSL_PROVIDER *lgcyprov = NULL;
46
47 /*
48 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
49 * should never use this key anywhere but in an example.
50 */
51 static const unsigned char kExampleRSAKeyDER[] = {
52 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
53 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
54 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
55 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
56 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
57 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
58 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
59 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
60 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
61 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
62 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
63 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
64 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
65 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
66 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
67 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
68 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
69 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
70 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
71 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
72 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
73 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
74 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
75 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
76 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
77 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
78 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
79 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
80 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
81 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
82 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
83 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
84 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
85 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
86 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
87 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
88 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
89 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
90 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
91 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
92 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
93 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
94 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
95 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
96 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
97 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
98 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
99 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
100 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
101 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
102 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
103 };
104
105 /*
106 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
107 * should never use this key anywhere but in an example.
108 */
109 #ifndef OPENSSL_NO_DSA
110 static const unsigned char kExampleDSAKeyDER[] = {
111 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
112 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
113 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
114 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
115 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
116 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
117 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
118 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
119 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
120 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
121 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
122 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
123 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
124 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
125 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
126 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
127 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
128 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
129 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
130 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
131 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
132 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
133 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
134 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
135 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
136 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
137 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
138 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
139 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
140 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
141 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
142 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
143 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
144 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
145 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
146 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
147 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
148 0x40, 0x48
149 };
150 #endif
151
152 /*
153 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
154 * components are not correct.
155 */
156 static const unsigned char kExampleBadRSAKeyDER[] = {
157 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
158 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
159 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
160 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
161 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
162 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
163 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
164 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
165 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
166 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
167 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
168 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
169 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
170 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
171 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
172 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
173 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
174 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
175 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
176 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
177 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
178 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
179 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
180 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
181 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
182 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
183 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
184 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
185 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
186 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
187 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
188 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
189 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
190 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
191 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
192 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
193 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
194 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
195 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
196 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
197 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
198 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
199 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
200 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
201 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
202 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
203 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
204 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
205 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
206 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
207 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
208 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
209 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
210 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
211 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
212 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
213 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
214 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
215 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
216 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
217 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
218 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
219 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
220 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
221 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
222 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
223 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
224 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
225 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
226 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
227 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
228 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
229 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
230 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
231 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
232 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
233 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
234 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
235 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
236 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
237 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
238 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
239 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
240 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
241 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
242 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
243 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
244 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
245 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
246 };
247
248 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
249
250 static const unsigned char kSignature[] = {
251 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
252 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
253 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
254 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
255 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
256 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
257 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
258 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
259 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
260 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
261 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
262 };
263
264 /*
265 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
266 * PrivateKeyInfo.
267 */
268 static const unsigned char kExampleRSAKeyPKCS8[] = {
269 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
270 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
271 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
272 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
273 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
274 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
275 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
276 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
277 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
278 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
279 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
280 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
281 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
282 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
283 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
284 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
285 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
286 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
287 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
288 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
289 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
290 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
291 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
292 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
293 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
294 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
295 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
296 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
297 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
298 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
299 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
300 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
301 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
302 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
303 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
304 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
305 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
306 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
307 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
308 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
309 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
310 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
311 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
312 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
313 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
314 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
315 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
316 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
317 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
318 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
319 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
320 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
321 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
322 };
323
324 #ifndef OPENSSL_NO_EC
325 /*
326 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
327 * structure.
328 */
329 static const unsigned char kExampleECKeyDER[] = {
330 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
331 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
332 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
333 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
334 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
335 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
336 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
337 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
338 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
339 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
340 0xc1,
341 };
342
343 /*
344 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
345 * structure. The private key is equal to the order and will fail to import
346 */
347 static const unsigned char kExampleBadECKeyDER[] = {
348 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
349 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
350 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
351 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
352 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
353 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
354 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
355 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
356 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
357 };
358
359 /* prime256v1 */
360 static const unsigned char kExampleECPubKeyDER[] = {
361 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
362 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
363 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
364 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
365 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
366 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
367 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
368 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
369 };
370
371 /*
372 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
373 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
374 */
375 static const unsigned char kExampleBadECPubKeyDER[] = {
376 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
377 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
378 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
379 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
380 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
381 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
382 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
383 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
384 };
385
386 static const unsigned char pExampleECParamDER[] = {
387 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
388 };
389
390 static const unsigned char kExampleED25519KeyDER[] = {
391 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
392 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
393 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
394 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
395 };
396
397 static const unsigned char kExampleED25519PubKeyDER[] = {
398 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
399 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
400 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
401 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
402 };
403
404 # ifndef OPENSSL_NO_DEPRECATED_3_0
405 static const unsigned char kExampleX25519KeyDER[] = {
406 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
407 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
408 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
409 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
410 };
411 # endif
412 #endif
413
414 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
415 #ifndef OPENSSL_NO_DEPRECATED_3_0
416 # ifndef OPENSSL_NO_DH
417 static const unsigned char kExampleDHKeyDER[] = {
418 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
419 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
420 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
421 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
422 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
423 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
424 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
425 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
426 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
427 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
428 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
429 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
430 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
431 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
432 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
433 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
434 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
435 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
436 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
437 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
438 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
439 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
440 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
441 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
442 0x2e, 0x87, 0x2a, 0x0b, 0x7a
443 };
444 # endif
445 #endif
446
447 static const unsigned char kCFBDefaultKey[] = {
448 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
449 0x09, 0xCF, 0x4F, 0x3C
450 };
451
452 static const unsigned char kGCMDefaultKey[32] = { 0 };
453
454 static const unsigned char kGCMResetKey[] = {
455 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
456 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
457 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
458 };
459
460 static const unsigned char iCFBIV[] = {
461 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
462 0x0C, 0x0D, 0x0E, 0x0F
463 };
464
465 static const unsigned char iGCMDefaultIV[12] = { 0 };
466
467 static const unsigned char iGCMResetIV1[] = {
468 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
469 };
470
471 static const unsigned char iGCMResetIV2[] = {
472 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
473 };
474
475 static const unsigned char cfbPlaintext[] = {
476 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
477 0x73, 0x93, 0x17, 0x2A
478 };
479
480 static const unsigned char gcmDefaultPlaintext[16] = { 0 };
481
482 static const unsigned char gcmResetPlaintext[] = {
483 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
484 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
485 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
486 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
487 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
488 };
489
490 static const unsigned char cfbCiphertext[] = {
491 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
492 0xE8, 0x3C, 0xFB, 0x4A
493 };
494
495 static const unsigned char gcmDefaultCiphertext[] = {
496 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
497 0xba, 0xf3, 0x9d, 0x18
498 };
499
500 static const unsigned char gcmResetCiphertext1[] = {
501 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
502 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
503 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
504 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
505 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
506 };
507
508 static const unsigned char gcmResetCiphertext2[] = {
509 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
510 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
511 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
512 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
513 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
514 };
515
516 static const unsigned char gcmAAD[] = {
517 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
518 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
519 };
520
521 static const unsigned char gcmDefaultTag[] = {
522 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
523 0xd4, 0x8a, 0xb9, 0x19
524 };
525
526 static const unsigned char gcmResetTag1[] = {
527 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
528 0xfe, 0x2e, 0xa8, 0xf2
529 };
530
531 static const unsigned char gcmResetTag2[] = {
532 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
533 0xbb, 0x2d, 0x55, 0x1b
534 };
535
536 typedef struct APK_DATA_st {
537 const unsigned char *kder;
538 size_t size;
539 const char *keytype;
540 int evptype;
541 int check;
542 int pub_check;
543 int param_check;
544 int type; /* 0 for private, 1 for public, 2 for params */
545 } APK_DATA;
546
547 static APK_DATA keydata[] = {
548 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
549 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
550 #ifndef OPENSSL_NO_EC
551 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
552 #endif
553 };
554
555 static APK_DATA keycheckdata[] = {
556 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
557 0},
558 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
559 0, 1, 1, 0},
560 #ifndef OPENSSL_NO_EC
561 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
562 /* group is also associated in our pub key */
563 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
564 1, 1},
565 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
566 2},
567 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
568 EVP_PKEY_ED25519, 1, 1, 1, 0},
569 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
570 EVP_PKEY_ED25519, 0, 1, 1, 1},
571 #endif
572 };
573
574 static EVP_PKEY *load_example_key(const char *keytype,
575 const unsigned char *data, size_t data_len)
576 {
577 const unsigned char **pdata = &data;
578 EVP_PKEY *pkey = NULL;
579 OSSL_DECODER_CTX *dctx =
580 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
581 testctx, testpropq);
582
583 /* |pkey| will be NULL on error */
584 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
585 OSSL_DECODER_CTX_free(dctx);
586 return pkey;
587 }
588
589 static EVP_PKEY *load_example_rsa_key(void)
590 {
591 return load_example_key("RSA", kExampleRSAKeyDER,
592 sizeof(kExampleRSAKeyDER));
593 }
594
595 #ifndef OPENSSL_NO_DSA
596 static EVP_PKEY *load_example_dsa_key(void)
597 {
598 return load_example_key("DSA", kExampleDSAKeyDER,
599 sizeof(kExampleDSAKeyDER));
600 }
601 #endif
602
603 #ifndef OPENSSL_NO_EC
604 static EVP_PKEY *load_example_ec_key(void)
605 {
606 return load_example_key("EC", kExampleECKeyDER,
607 sizeof(kExampleECKeyDER));
608 }
609 #endif
610
611 #ifndef OPENSSL_NO_DEPRECATED_3_0
612 # ifndef OPENSSL_NO_DH
613 static EVP_PKEY *load_example_dh_key(void)
614 {
615 return load_example_key("DH", kExampleDHKeyDER,
616 sizeof(kExampleDHKeyDER));
617 }
618 # endif
619
620 # ifndef OPENSSL_NO_EC
621 static EVP_PKEY *load_example_ed25519_key(void)
622 {
623 return load_example_key("ED25519", kExampleED25519KeyDER,
624 sizeof(kExampleED25519KeyDER));
625 }
626
627 static EVP_PKEY *load_example_x25519_key(void)
628 {
629 return load_example_key("X25519", kExampleX25519KeyDER,
630 sizeof(kExampleX25519KeyDER));
631 }
632 # endif
633 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
634
635 static EVP_PKEY *load_example_hmac_key(void)
636 {
637 EVP_PKEY *pkey = NULL;
638 unsigned char key[] = {
639 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
640 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
641 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
642 };
643
644 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
645 NULL, key, sizeof(key));
646 if (!TEST_ptr(pkey))
647 return NULL;
648
649 return pkey;
650 }
651
652 static int test_EVP_set_default_properties(void)
653 {
654 OSSL_LIB_CTX *ctx;
655 EVP_MD *md = NULL;
656 int res = 0;
657
658 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
659 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
660 goto err;
661 EVP_MD_free(md);
662 md = NULL;
663
664 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
665 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
666 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
667 goto err;
668 EVP_MD_free(md);
669 md = NULL;
670
671 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
672 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
673 goto err;
674 res = 1;
675 err:
676 EVP_MD_free(md);
677 OSSL_LIB_CTX_free(ctx);
678 return res;
679 }
680
681 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
682 static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
683 {
684 EVP_PKEY_CTX *pctx = NULL;
685 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL;
686
687 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
688 goto err;
689 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
690 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
691 params), 0))
692 goto err;
693
694 if (!TEST_ptr(tmp_pkey))
695 goto err;
696
697 pkey = tmp_pkey;
698 tmp_pkey = NULL;
699 err:
700 EVP_PKEY_free(tmp_pkey);
701 EVP_PKEY_CTX_free(pctx);
702 return pkey;
703 }
704
705 static int test_selection(EVP_PKEY *pkey, int selection)
706 {
707 int testresult = 0;
708 int ret;
709 BIO *bio = BIO_new(BIO_s_mem());
710
711 ret = PEM_write_bio_PUBKEY(bio, pkey);
712 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
713 if (!TEST_true(ret))
714 goto err;
715 } else {
716 if (!TEST_false(ret))
717 goto err;
718 }
719 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
720 testctx, NULL);
721 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
722 if (!TEST_true(ret))
723 goto err;
724 } else {
725 if (!TEST_false(ret))
726 goto err;
727 }
728
729 testresult = 1;
730 err:
731 BIO_free(bio);
732
733 return testresult;
734 }
735 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
736
737 /*
738 * Test combinations of private, public, missing and private + public key
739 * params to ensure they are all accepted
740 */
741 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
742 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
743 {
744 OSSL_PARAM_BLD *bld = NULL;
745 OSSL_PARAM *params = NULL;
746 EVP_PKEY *just_params = NULL;
747 EVP_PKEY *params_and_priv = NULL;
748 EVP_PKEY *params_and_pub = NULL;
749 EVP_PKEY *params_and_keypair = NULL;
750 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
751 int ret = 0;
752
753 /*
754 * Setup the parameters for our pkey object. For our purposes they don't
755 * have to actually be *valid* parameters. We just need to set something.
756 */
757 if (!TEST_ptr(p = BN_new())
758 || !TEST_ptr(q = BN_new())
759 || !TEST_ptr(g = BN_new())
760 || !TEST_ptr(pub = BN_new())
761 || !TEST_ptr(priv = BN_new()))
762 goto err;
763
764 /* Test !priv and !pub */
765 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
766 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
767 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
768 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
769 goto err;
770 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
771 || !TEST_ptr(just_params = make_key_fromdata(keytype, params)))
772 goto err;
773
774 OSSL_PARAM_free(params);
775 OSSL_PARAM_BLD_free(bld);
776 params = NULL;
777 bld = NULL;
778
779 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
780 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
781 goto err;
782
783 /* Test priv and !pub */
784 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
785 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
786 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
787 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
788 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
789 priv)))
790 goto err;
791 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
792 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params)))
793 goto err;
794
795 OSSL_PARAM_free(params);
796 OSSL_PARAM_BLD_free(bld);
797 params = NULL;
798 bld = NULL;
799
800 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
801 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
802 goto err;
803
804 /* Test !priv and pub */
805 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
806 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
807 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
808 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
809 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
810 pub)))
811 goto err;
812 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
813 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params)))
814 goto err;
815
816 OSSL_PARAM_free(params);
817 OSSL_PARAM_BLD_free(bld);
818 params = NULL;
819 bld = NULL;
820
821 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
822 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
823 goto err;
824
825 /* Test priv and pub */
826 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
827 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
828 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
829 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
830 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
831 pub))
832 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
833 priv)))
834 goto err;
835 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
836 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params)))
837 goto err;
838
839 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
840 goto err;
841
842 ret = 1;
843 err:
844 OSSL_PARAM_free(params);
845 OSSL_PARAM_BLD_free(bld);
846 EVP_PKEY_free(just_params);
847 EVP_PKEY_free(params_and_priv);
848 EVP_PKEY_free(params_and_pub);
849 EVP_PKEY_free(params_and_keypair);
850 BN_free(p);
851 BN_free(q);
852 BN_free(g);
853 BN_free(pub);
854 BN_free(priv);
855
856 return ret;
857 }
858 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
859
860 /*
861 * Test combinations of private, public, missing and private + public key
862 * params to ensure they are all accepted for EC keys
863 */
864 #ifndef OPENSSL_NO_EC
865 static unsigned char ec_priv[] = {
866 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
867 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
868 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
869 };
870 static unsigned char ec_pub[] = {
871 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
872 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
873 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
874 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
875 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
876 0x08, 0x09, 0xb8, 0xdb, 0x03
877 };
878
879 static int test_EC_priv_pub(void)
880 {
881 OSSL_PARAM_BLD *bld = NULL;
882 OSSL_PARAM *params = NULL;
883 EVP_PKEY *just_params = NULL;
884 EVP_PKEY *params_and_priv = NULL;
885 EVP_PKEY *params_and_pub = NULL;
886 EVP_PKEY *params_and_keypair = NULL;
887 BIGNUM *priv = NULL;
888 int ret = 0;
889
890 /*
891 * Setup the parameters for our pkey object. For our purposes they don't
892 * have to actually be *valid* parameters. We just need to set something.
893 */
894 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
895 goto err;
896
897 /* Test !priv and !pub */
898 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
899 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
900 OSSL_PKEY_PARAM_GROUP_NAME,
901 "P-256", 0)))
902 goto err;
903 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
904 || !TEST_ptr(just_params = make_key_fromdata("EC", params)))
905 goto err;
906
907 OSSL_PARAM_free(params);
908 OSSL_PARAM_BLD_free(bld);
909 params = NULL;
910 bld = NULL;
911
912 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
913 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
914 goto err;
915
916 /* Test priv and !pub */
917 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
918 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
919 OSSL_PKEY_PARAM_GROUP_NAME,
920 "P-256", 0))
921 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
922 priv)))
923 goto err;
924 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
925 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params)))
926 goto err;
927
928 OSSL_PARAM_free(params);
929 OSSL_PARAM_BLD_free(bld);
930 params = NULL;
931 bld = NULL;
932
933 /*
934 * We indicate only parameters here, in spite of having built a key that
935 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
936 * expected to fail because it does not support exporting a private EC
937 * key without a corresponding public key
938 */
939 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
940 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
941 goto err;
942
943 /* Test !priv and pub */
944 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
945 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
946 OSSL_PKEY_PARAM_GROUP_NAME,
947 "P-256", 0))
948 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
949 OSSL_PKEY_PARAM_PUB_KEY,
950 ec_pub, sizeof(ec_pub))))
951 goto err;
952 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
953 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params)))
954 goto err;
955
956 OSSL_PARAM_free(params);
957 OSSL_PARAM_BLD_free(bld);
958 params = NULL;
959 bld = NULL;
960
961 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
962 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
963 goto err;
964
965 /* Test priv and pub */
966 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
967 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
968 OSSL_PKEY_PARAM_GROUP_NAME,
969 "P-256", 0))
970 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
971 OSSL_PKEY_PARAM_PUB_KEY,
972 ec_pub, sizeof(ec_pub)))
973 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
974 priv)))
975 goto err;
976 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
977 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params)))
978 goto err;
979
980 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
981 goto err;
982
983 ret = 1;
984 err:
985 OSSL_PARAM_free(params);
986 OSSL_PARAM_BLD_free(bld);
987 EVP_PKEY_free(just_params);
988 EVP_PKEY_free(params_and_priv);
989 EVP_PKEY_free(params_and_pub);
990 EVP_PKEY_free(params_and_keypair);
991 BN_free(priv);
992
993 return ret;
994 }
995
996 /* Test that using a legacy EC key with only a private key in it works */
997 # ifndef OPENSSL_NO_DEPRECATED_3_0
998 static int test_EC_priv_only_legacy(void)
999 {
1000 BIGNUM *priv = NULL;
1001 int ret = 0;
1002 EC_KEY *eckey = NULL;
1003 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
1004 EVP_MD_CTX *ctx = NULL;
1005
1006 /* Create the low level EC_KEY */
1007 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1008 goto err;
1009
1010 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1011 if (!TEST_ptr(eckey))
1012 goto err;
1013
1014 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1015 goto err;
1016
1017 pkey = EVP_PKEY_new();
1018 if (!TEST_ptr(pkey))
1019 goto err;
1020
1021 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1022 goto err;
1023 eckey = NULL;
1024
1025 while (dup_pk == NULL) {
1026 ret = 0;
1027 ctx = EVP_MD_CTX_new();
1028 if (!TEST_ptr(ctx))
1029 goto err;
1030
1031 /*
1032 * The EVP_DigestSignInit function should create the key on the
1033 * provider side which is sufficient for this test.
1034 */
1035 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
1036 testpropq, pkey, NULL)))
1037 goto err;
1038 EVP_MD_CTX_free(ctx);
1039 ctx = NULL;
1040
1041 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
1042 goto err;
1043 /* EVP_PKEY_eq() returns -2 with missing public keys */
1044 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
1045 EVP_PKEY_free(pkey);
1046 pkey = dup_pk;
1047 if (!ret)
1048 goto err;
1049 }
1050
1051 err:
1052 EVP_MD_CTX_free(ctx);
1053 EVP_PKEY_free(pkey);
1054 EC_KEY_free(eckey);
1055 BN_free(priv);
1056
1057 return ret;
1058 }
1059 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
1060 #endif /* OPENSSL_NO_EC */
1061
1062 static int test_EVP_PKEY_sign(int tst)
1063 {
1064 int ret = 0;
1065 EVP_PKEY *pkey = NULL;
1066 unsigned char *sig = NULL;
1067 size_t sig_len = 0, shortsig_len = 1;
1068 EVP_PKEY_CTX *ctx = NULL;
1069 unsigned char tbs[] = {
1070 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1071 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1072 };
1073
1074 if (tst == 0) {
1075 if (!TEST_ptr(pkey = load_example_rsa_key()))
1076 goto out;
1077 } else if (tst == 1) {
1078 #ifndef OPENSSL_NO_DSA
1079 if (!TEST_ptr(pkey = load_example_dsa_key()))
1080 goto out;
1081 #else
1082 ret = 1;
1083 goto out;
1084 #endif
1085 } else {
1086 #ifndef OPENSSL_NO_EC
1087 if (!TEST_ptr(pkey = load_example_ec_key()))
1088 goto out;
1089 #else
1090 ret = 1;
1091 goto out;
1092 #endif
1093 }
1094
1095 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1096 if (!TEST_ptr(ctx)
1097 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1098 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1099 sizeof(tbs)), 0))
1100 goto out;
1101 sig = OPENSSL_malloc(sig_len);
1102 if (!TEST_ptr(sig)
1103 /* Test sending a signature buffer that is too short is rejected */
1104 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1105 sizeof(tbs)), 0)
1106 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1107 0)
1108 /* Test the signature round-trips */
1109 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1110 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1111 0))
1112 goto out;
1113
1114 ret = 1;
1115 out:
1116 EVP_PKEY_CTX_free(ctx);
1117 OPENSSL_free(sig);
1118 EVP_PKEY_free(pkey);
1119 return ret;
1120 }
1121
1122 /*
1123 * n = 0 => test using legacy cipher
1124 * n = 1 => test using fetched cipher
1125 */
1126 static int test_EVP_Enveloped(int n)
1127 {
1128 int ret = 0;
1129 EVP_CIPHER_CTX *ctx = NULL;
1130 EVP_PKEY *keypair = NULL;
1131 unsigned char *kek = NULL;
1132 unsigned char iv[EVP_MAX_IV_LENGTH];
1133 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1134 int len, kek_len, ciphertext_len, plaintext_len;
1135 unsigned char ciphertext[32], plaintext[16];
1136 EVP_CIPHER *type = NULL;
1137
1138 if (nullprov != NULL)
1139 return TEST_skip("Test does not support a non-default library context");
1140
1141 if (n == 0)
1142 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1143 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1144 testpropq)))
1145 goto err;
1146
1147 if (!TEST_ptr(keypair = load_example_rsa_key())
1148 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
1149 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1150 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1151 &keypair, 1))
1152 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1153 msg, sizeof(msg)))
1154 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1155 &len)))
1156 goto err;
1157
1158 ciphertext_len += len;
1159
1160 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1161 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1162 ciphertext, ciphertext_len))
1163 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1164 goto err;
1165
1166 plaintext_len += len;
1167 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1168 goto err;
1169
1170 ret = 1;
1171 err:
1172 if (n != 0)
1173 EVP_CIPHER_free(type);
1174 OPENSSL_free(kek);
1175 EVP_PKEY_free(keypair);
1176 EVP_CIPHER_CTX_free(ctx);
1177 return ret;
1178 }
1179
1180 /*
1181 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1182 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1183 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1184 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1185 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1186 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1187 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1188 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1189 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1190 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1191 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1192 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1193 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1194 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1195 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1196 * Test 15-29: Same as above with reinitialization
1197 */
1198 static int test_EVP_DigestSignInit(int tst)
1199 {
1200 int ret = 0;
1201 EVP_PKEY *pkey = NULL;
1202 unsigned char *sig = NULL, *sig2 = NULL;
1203 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
1204 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1205 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1206 BIO *mdbio = NULL, *membio = NULL;
1207 size_t written;
1208 const EVP_MD *md;
1209 EVP_MD *mdexp = NULL;
1210 int reinit = 0;
1211
1212 if (nullprov != NULL)
1213 return TEST_skip("Test does not support a non-default library context");
1214
1215 if (tst >= 15) {
1216 reinit = 1;
1217 tst -= 15;
1218 }
1219
1220 if (tst >= 6 && tst <= 8) {
1221 membio = BIO_new(BIO_s_mem());
1222 mdbio = BIO_new(BIO_f_md());
1223 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1224 goto out;
1225 BIO_push(mdbio, membio);
1226 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1227 goto out;
1228 } else {
1229 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1230 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1231 goto out;
1232 }
1233
1234 if (tst % 3 == 0) {
1235 if (!TEST_ptr(pkey = load_example_rsa_key()))
1236 goto out;
1237 } else if (tst % 3 == 1) {
1238 #ifndef OPENSSL_NO_DSA
1239 if (!TEST_ptr(pkey = load_example_dsa_key()))
1240 goto out;
1241 #else
1242 ret = 1;
1243 goto out;
1244 #endif
1245 } else {
1246 if (!TEST_ptr(pkey = load_example_hmac_key()))
1247 goto out;
1248 }
1249
1250 if (tst >= 3 && tst <= 5)
1251 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1252 else
1253 md = EVP_sha256();
1254
1255 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1256 goto out;
1257
1258 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
1259 goto out;
1260
1261 if (tst >= 6 && tst <= 8) {
1262 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1263 goto out;
1264 } else if (tst < 6) {
1265 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1266 goto out;
1267 }
1268
1269 if (tst >= 9) {
1270 /* Determine the size of the signature. */
1271 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1272 sizeof(kMsg)))
1273 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1274 goto out;
1275 if (tst <= 11) {
1276 /* Test that supply a short sig buffer fails */
1277 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1278 sizeof(kMsg))))
1279 goto out;
1280 /*
1281 * We end here because once EVP_DigestSign() has failed you should
1282 * not call it again without re-initing the ctx
1283 */
1284 ret = 1;
1285 goto out;
1286 }
1287 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1288 sizeof(kMsg))))
1289 goto out;
1290 } else {
1291 /* Determine the size of the signature. */
1292 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1293 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1294 /*
1295 * Trying to create a signature with a deliberately short
1296 * buffer should fail.
1297 */
1298 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1299 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1300 goto out;
1301 }
1302
1303 /*
1304 * Ensure that the signature round-trips (Verification isn't supported for
1305 * HMAC via EVP_DigestVerify*)
1306 */
1307 if (tst % 3 != 2) {
1308 if (tst >= 6 && tst <= 8) {
1309 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1310 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1311 goto out;
1312 }
1313
1314 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1315 NULL, pkey)))
1316 goto out;
1317
1318 if (tst >= 6 && tst <= 8) {
1319 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1320 goto out;
1321 } else {
1322 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1323 sizeof(kMsg))))
1324 goto out;
1325 }
1326 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1327 goto out;
1328
1329 /* Multiple calls to EVP_DigestVerifyFinal should work */
1330 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1331 goto out;
1332 } else {
1333 /*
1334 * For HMAC a doubled call to DigestSignFinal should produce the same
1335 * value as finalization should not happen.
1336 */
1337 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1338 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1339 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1340 goto out;
1341
1342 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1343 goto out;
1344 }
1345
1346 ret = 1;
1347
1348 out:
1349 BIO_free(membio);
1350 BIO_free(mdbio);
1351 EVP_MD_CTX_free(a_md_ctx);
1352 EVP_MD_CTX_free(a_md_ctx_verify);
1353 EVP_PKEY_free(pkey);
1354 OPENSSL_free(sig);
1355 OPENSSL_free(sig2);
1356 EVP_MD_free(mdexp);
1357
1358 return ret;
1359 }
1360
1361 static int test_EVP_DigestVerifyInit(void)
1362 {
1363 int ret = 0;
1364 EVP_PKEY *pkey = NULL;
1365 EVP_MD_CTX *md_ctx = NULL;
1366
1367 if (nullprov != NULL)
1368 return TEST_skip("Test does not support a non-default library context");
1369
1370 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1371 || !TEST_ptr(pkey = load_example_rsa_key()))
1372 goto out;
1373
1374 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1375 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1376 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1377 sizeof(kSignature)), 0))
1378 goto out;
1379
1380 /* test with reinitialization */
1381 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
1382 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1383 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1384 sizeof(kSignature)), 0))
1385 goto out;
1386 ret = 1;
1387
1388 out:
1389 EVP_MD_CTX_free(md_ctx);
1390 EVP_PKEY_free(pkey);
1391 return ret;
1392 }
1393
1394 #ifndef OPENSSL_NO_SIPHASH
1395 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
1396 static int test_siphash_digestsign(void)
1397 {
1398 unsigned char key[16];
1399 unsigned char buf[8], digest[8];
1400 unsigned char expected[8] = {
1401 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1402 };
1403 EVP_PKEY *pkey = NULL;
1404 EVP_MD_CTX *mdctx = NULL;
1405 EVP_PKEY_CTX *ctx = NULL;
1406 int ret = 0;
1407 size_t len = 8;
1408
1409 if (nullprov != NULL)
1410 return TEST_skip("Test does not support a non-default library context");
1411
1412 memset(buf, 0, 8);
1413 memset(key, 1, 16);
1414 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
1415 key, 16)))
1416 goto out;
1417
1418 if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
1419 goto out;
1420
1421 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
1422 goto out;
1423 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
1424 EVP_PKEY_CTRL_SET_DIGEST_SIZE,
1425 8, NULL), 1))
1426 goto out;
1427 /* reinitialize */
1428 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
1429 goto out;
1430 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
1431 goto out;
1432 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
1433 goto out;
1434 if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
1435 goto out;
1436
1437 ret = 1;
1438 out:
1439 EVP_PKEY_free(pkey);
1440 EVP_MD_CTX_free(mdctx);
1441 return ret;
1442 }
1443 #endif
1444
1445 /*
1446 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1447 */
1448 static int test_EVP_Digest(void)
1449 {
1450 int ret = 0;
1451 EVP_MD_CTX *md_ctx = NULL;
1452 unsigned char md[EVP_MAX_MD_SIZE];
1453 EVP_MD *sha256 = NULL;
1454 EVP_MD *shake256 = NULL;
1455
1456 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1457 goto out;
1458
1459 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1460 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1461 goto out;
1462
1463 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1464 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1465 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1466 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1467 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1468 goto out;
1469
1470 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1471 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1472 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1473 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1474 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1475 /*
1476 * EVP_DigestInit_ex with NULL type should work on
1477 * pre-initialized context.
1478 */
1479 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1480 goto out;
1481
1482 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1483 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1484 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1485 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1486 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1487 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1488 goto out;
1489 ret = 1;
1490
1491 out:
1492 EVP_MD_CTX_free(md_ctx);
1493 EVP_MD_free(sha256);
1494 EVP_MD_free(shake256);
1495 return ret;
1496 }
1497
1498 static int test_EVP_md_null(void)
1499 {
1500 int ret = 0;
1501 EVP_MD_CTX *md_ctx = NULL;
1502 const EVP_MD *md_null = EVP_md_null();
1503 unsigned char md_value[EVP_MAX_MD_SIZE];
1504 unsigned int md_len = sizeof(md_value);
1505
1506 if (nullprov != NULL)
1507 return TEST_skip("Test does not support a non-default library context");
1508
1509 if (!TEST_ptr(md_null)
1510 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1511 goto out;
1512
1513 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
1514 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
1515 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
1516 goto out;
1517
1518 if (!TEST_uint_eq(md_len, 0))
1519 goto out;
1520
1521 ret = 1;
1522 out:
1523 EVP_MD_CTX_free(md_ctx);
1524 return ret;
1525 }
1526
1527 static int test_d2i_AutoPrivateKey(int i)
1528 {
1529 int ret = 0;
1530 const unsigned char *p;
1531 EVP_PKEY *pkey = NULL;
1532 const APK_DATA *ak = &keydata[i];
1533 const unsigned char *input = ak->kder;
1534 size_t input_len = ak->size;
1535 int expected_id = ak->evptype;
1536
1537 p = input;
1538 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1539 || !TEST_ptr_eq(p, input + input_len)
1540 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
1541 goto done;
1542
1543 ret = 1;
1544
1545 done:
1546 EVP_PKEY_free(pkey);
1547 return ret;
1548 }
1549
1550 #ifndef OPENSSL_NO_EC
1551
1552 static const unsigned char ec_public_sect163k1_validxy[] = {
1553 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1554 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1555 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1556 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1557 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1558 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1559 };
1560
1561 static const unsigned char ec_public_sect163k1_badx[] = {
1562 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1563 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1564 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1565 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1566 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1567 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1568 };
1569
1570 static const unsigned char ec_public_sect163k1_bady[] = {
1571 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1572 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1573 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1574 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1575 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1576 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1577 };
1578
1579 static struct ec_der_pub_keys_st {
1580 const unsigned char *der;
1581 size_t len;
1582 int valid;
1583 } ec_der_pub_keys[] = {
1584 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1585 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1586 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1587 };
1588
1589 /*
1590 * Tests the range of the decoded EC char2 public point.
1591 * See ec_GF2m_simple_oct2point().
1592 */
1593 static int test_invalide_ec_char2_pub_range_decode(int id)
1594 {
1595 int ret = 0;
1596 EVP_PKEY *pkey;
1597
1598 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1599 ec_der_pub_keys[id].len);
1600
1601 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1602 || TEST_ptr_null(pkey);
1603 EVP_PKEY_free(pkey);
1604 return ret;
1605 }
1606
1607 /* Tests loading a bad key in PKCS8 format */
1608 static int test_EVP_PKCS82PKEY(void)
1609 {
1610 int ret = 0;
1611 const unsigned char *derp = kExampleBadECKeyDER;
1612 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1613 EVP_PKEY *pkey = NULL;
1614
1615 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1616 sizeof(kExampleBadECKeyDER))))
1617 goto done;
1618
1619 if (!TEST_ptr_eq(derp,
1620 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1621 goto done;
1622
1623 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1624 goto done;
1625
1626 ret = 1;
1627
1628 done:
1629 PKCS8_PRIV_KEY_INFO_free(p8inf);
1630 EVP_PKEY_free(pkey);
1631
1632 return ret;
1633 }
1634
1635 #endif
1636 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1637 {
1638 EVP_PKEY *pkey = NULL;
1639 EVP_PKEY *pkey2 = NULL;
1640 BIO *membio = NULL;
1641 char *membuf = NULL;
1642 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1643 int ok = 0;
1644
1645 if (testctx != NULL)
1646 /* test not supported with non-default context */
1647 return 1;
1648
1649 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1650 || !TEST_ptr(pkey = load_example_rsa_key())
1651 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1652 NULL, 0, NULL, NULL),
1653 0)
1654 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1655 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1656 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
1657 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1658 goto done;
1659 }
1660
1661 ok = 1;
1662 done:
1663 EVP_PKEY_free(pkey);
1664 EVP_PKEY_free(pkey2);
1665 PKCS8_PRIV_KEY_INFO_free(p8inf);
1666 BIO_free_all(membio);
1667 return ok;
1668 }
1669
1670 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1671 static int test_privatekey_to_pkcs8(void)
1672 {
1673 EVP_PKEY *pkey = NULL;
1674 BIO *membio = NULL;
1675 char *membuf = NULL;
1676 long membuf_len = 0;
1677 int ok = 0;
1678
1679 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1680 || !TEST_ptr(pkey = load_example_rsa_key())
1681 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1682 NULL, 0, NULL, NULL),
1683 0)
1684 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1685 || !TEST_ptr(membuf)
1686 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1687 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1688 /*
1689 * We try to write PEM as well, just to see that it doesn't err, but
1690 * assume that the result is correct.
1691 */
1692 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1693 NULL, 0, NULL, NULL),
1694 0))
1695 goto done;
1696
1697 ok = 1;
1698 done:
1699 EVP_PKEY_free(pkey);
1700 BIO_free_all(membio);
1701 return ok;
1702 }
1703
1704 #ifndef OPENSSL_NO_EC
1705 static const struct {
1706 int encoding;
1707 const char *encoding_name;
1708 } ec_encodings[] = {
1709 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1710 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1711 };
1712
1713 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1714 {
1715 const OSSL_PARAM *p;
1716 const char *enc_name = NULL;
1717 int *enc = arg;
1718 size_t i;
1719
1720 *enc = -1;
1721
1722 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1723 OSSL_PKEY_PARAM_EC_ENCODING))
1724 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1725 return 0;
1726
1727 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1728 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1729 *enc = ec_encodings[i].encoding;
1730 break;
1731 }
1732 }
1733
1734 return (*enc != -1);
1735 }
1736
1737 static int test_EC_keygen_with_enc(int idx)
1738 {
1739 EVP_PKEY *params = NULL, *key = NULL;
1740 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1741 int enc;
1742 int ret = 0;
1743
1744 enc = ec_encodings[idx].encoding;
1745
1746 /* Create key parameters */
1747 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1748 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
1749 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
1750 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1751 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
1752 || !TEST_ptr(params))
1753 goto done;
1754
1755 /* Create key */
1756 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1757 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1758 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1759 || !TEST_ptr(key))
1760 goto done;
1761
1762 /* Check that the encoding got all the way into the key */
1763 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1764 ec_export_get_encoding_cb, &enc))
1765 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1766 goto done;
1767
1768 ret = 1;
1769 done:
1770 EVP_PKEY_free(key);
1771 EVP_PKEY_free(params);
1772 EVP_PKEY_CTX_free(kctx);
1773 EVP_PKEY_CTX_free(pctx);
1774 return ret;
1775 }
1776 #endif
1777
1778 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1779
1780 static int test_EVP_SM2_verify(void)
1781 {
1782 const char *pubkey =
1783 "-----BEGIN PUBLIC KEY-----\n"
1784 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1785 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1786 "-----END PUBLIC KEY-----\n";
1787
1788 const char *msg = "message digest";
1789 const char *id = "ALICE123@YAHOO.COM";
1790
1791 const uint8_t signature[] = {
1792 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1793 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1794 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1795 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1796 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1797 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1798 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1799 };
1800
1801 int rc = 0;
1802 BIO *bio = NULL;
1803 EVP_PKEY *pkey = NULL;
1804 EVP_MD_CTX *mctx = NULL;
1805 EVP_PKEY_CTX *pctx = NULL;
1806 EVP_MD *sm3 = NULL;
1807
1808 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1809 if (!TEST_true(bio != NULL))
1810 goto done;
1811
1812 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
1813 if (!TEST_true(pkey != NULL))
1814 goto done;
1815
1816 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1817 goto done;
1818
1819 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1820 goto done;
1821
1822 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1823 goto done;
1824
1825 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1826
1827 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1828 goto done;
1829
1830 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
1831 goto done;
1832
1833 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1834 goto done;
1835
1836 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1837 goto done;
1838
1839 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
1840 goto done;
1841 rc = 1;
1842
1843 done:
1844 BIO_free(bio);
1845 EVP_PKEY_free(pkey);
1846 EVP_PKEY_CTX_free(pctx);
1847 EVP_MD_CTX_free(mctx);
1848 EVP_MD_free(sm3);
1849 return rc;
1850 }
1851
1852 static int test_EVP_SM2(void)
1853 {
1854 int ret = 0;
1855 EVP_PKEY *pkey = NULL;
1856 EVP_PKEY *pkeyparams = NULL;
1857 EVP_PKEY_CTX *pctx = NULL;
1858 EVP_PKEY_CTX *kctx = NULL;
1859 EVP_PKEY_CTX *sctx = NULL;
1860 size_t sig_len = 0;
1861 unsigned char *sig = NULL;
1862 EVP_MD_CTX *md_ctx = NULL;
1863 EVP_MD_CTX *md_ctx_verify = NULL;
1864 EVP_PKEY_CTX *cctx = NULL;
1865 EVP_MD *check_md = NULL;
1866
1867 uint8_t ciphertext[128];
1868 size_t ctext_len = sizeof(ciphertext);
1869
1870 uint8_t plaintext[8];
1871 size_t ptext_len = sizeof(plaintext);
1872
1873 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1874
1875 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1876 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1877 int i;
1878 char mdname[OSSL_MAX_NAME_SIZE];
1879
1880 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
1881 "SM2", testpropq)))
1882 goto done;
1883
1884 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1885 goto done;
1886
1887 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1888 goto done;
1889
1890 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1891 goto done;
1892
1893 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1894 pkeyparams, testpropq)))
1895 goto done;
1896
1897 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0))
1898 goto done;
1899
1900 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1901 goto done;
1902
1903 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1904 goto done;
1905
1906 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1907 goto done;
1908
1909 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1910 goto done;
1911
1912 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1913 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1914
1915 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
1916 goto done;
1917
1918 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
1919 goto done;
1920
1921 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1922 goto done;
1923
1924 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1925 goto done;
1926
1927 /* Determine the size of the signature. */
1928 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1929 goto done;
1930
1931 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1932 goto done;
1933
1934 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1935 goto done;
1936
1937 /* Ensure that the signature round-trips. */
1938
1939 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1940 pkey)))
1941 goto done;
1942
1943 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1944 goto done;
1945
1946 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1947 goto done;
1948
1949 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1950 goto done;
1951
1952 /* now check encryption/decryption */
1953
1954 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1955 mdname, sizeof(mdname));
1956 for (i = 0; i < 2; i++) {
1957 const char *mdnames[] = {
1958 #ifndef OPENSSL_NO_SM3
1959 "SM3",
1960 #else
1961 NULL,
1962 #endif
1963 "SHA2-256" };
1964 EVP_PKEY_CTX_free(cctx);
1965
1966 if (mdnames[i] == NULL)
1967 continue;
1968
1969 sparams[0] =
1970 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1971 (char *)mdnames[i], 0);
1972
1973 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1974 pkey, testpropq)))
1975 goto done;
1976
1977 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1978 goto done;
1979
1980 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1981 goto done;
1982
1983 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1984 sizeof(kMsg))))
1985 goto done;
1986
1987 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1988 goto done;
1989
1990 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1991 goto done;
1992
1993 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1994 ctext_len), 0))
1995 goto done;
1996
1997 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1998 goto done;
1999
2000 /*
2001 * Test we're still using the digest we think we are.
2002 * Because of aliases, the easiest is to fetch the digest and
2003 * check the name with EVP_MD_is_a().
2004 */
2005 EVP_MD_free(check_md);
2006 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
2007 goto done;
2008 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
2009 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
2010 goto done;
2011 }
2012
2013 if (!TEST_true(ptext_len == sizeof(kMsg)))
2014 goto done;
2015
2016 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
2017 goto done;
2018 }
2019
2020 ret = 1;
2021 done:
2022 EVP_PKEY_CTX_free(pctx);
2023 EVP_PKEY_CTX_free(kctx);
2024 EVP_PKEY_CTX_free(sctx);
2025 EVP_PKEY_CTX_free(cctx);
2026 EVP_PKEY_free(pkey);
2027 EVP_PKEY_free(pkeyparams);
2028 EVP_MD_CTX_free(md_ctx);
2029 EVP_MD_CTX_free(md_ctx_verify);
2030 EVP_MD_free(check_md);
2031 OPENSSL_free(sig);
2032 return ret;
2033 }
2034
2035 #endif
2036
2037 static struct keys_st {
2038 int type;
2039 char *priv;
2040 char *pub;
2041 } keys[] = {
2042 {
2043 EVP_PKEY_HMAC, "0123456789", NULL
2044 },
2045 {
2046 EVP_PKEY_HMAC, "", NULL
2047 #ifndef OPENSSL_NO_POLY1305
2048 }, {
2049 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
2050 #endif
2051 #ifndef OPENSSL_NO_SIPHASH
2052 }, {
2053 EVP_PKEY_SIPHASH, "0123456789012345", NULL
2054 #endif
2055 },
2056 #ifndef OPENSSL_NO_EC
2057 {
2058 EVP_PKEY_X25519, "01234567890123456789012345678901",
2059 "abcdefghijklmnopqrstuvwxyzabcdef"
2060 }, {
2061 EVP_PKEY_ED25519, "01234567890123456789012345678901",
2062 "abcdefghijklmnopqrstuvwxyzabcdef"
2063 }, {
2064 EVP_PKEY_X448,
2065 "01234567890123456789012345678901234567890123456789012345",
2066 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2067 }, {
2068 EVP_PKEY_ED448,
2069 "012345678901234567890123456789012345678901234567890123456",
2070 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2071 }
2072 #endif
2073 };
2074
2075 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
2076 {
2077 int ret = 0;
2078 unsigned char buf[80];
2079 unsigned char *in;
2080 size_t inlen, len = 0, shortlen = 1;
2081 EVP_PKEY *pkey;
2082
2083 /* Check if this algorithm supports public keys */
2084 if (pub && keys[tst].pub == NULL)
2085 return 1;
2086
2087 memset(buf, 0, sizeof(buf));
2088
2089 if (pub) {
2090 #ifndef OPENSSL_NO_EC
2091 inlen = strlen(keys[tst].pub);
2092 in = (unsigned char *)keys[tst].pub;
2093 if (uselibctx) {
2094 pkey = EVP_PKEY_new_raw_public_key_ex(
2095 testctx,
2096 OBJ_nid2sn(keys[tst].type),
2097 NULL,
2098 in,
2099 inlen);
2100 } else {
2101 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
2102 NULL,
2103 in,
2104 inlen);
2105 }
2106 #else
2107 return 1;
2108 #endif
2109 } else {
2110 inlen = strlen(keys[tst].priv);
2111 in = (unsigned char *)keys[tst].priv;
2112 if (uselibctx) {
2113 pkey = EVP_PKEY_new_raw_private_key_ex(
2114 testctx, OBJ_nid2sn(keys[tst].type),
2115 NULL,
2116 in,
2117 inlen);
2118 } else {
2119 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
2120 NULL,
2121 in,
2122 inlen);
2123 }
2124 }
2125
2126 if (!TEST_ptr(pkey)
2127 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
2128 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
2129 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
2130 || !TEST_true(len == inlen))
2131 goto done;
2132 if (tst != 1) {
2133 /*
2134 * Test that supplying a buffer that is too small fails. Doesn't apply
2135 * to HMAC with a zero length key
2136 */
2137 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
2138 &shortlen)))
2139 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
2140 &shortlen))))
2141 goto done;
2142 }
2143 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
2144 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
2145 || !TEST_mem_eq(in, inlen, buf, len))
2146 goto done;
2147
2148 ret = 1;
2149 done:
2150 EVP_PKEY_free(pkey);
2151 return ret;
2152 }
2153
2154 static int test_set_get_raw_keys(int tst)
2155 {
2156 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
2157 && test_set_get_raw_keys_int(tst, 0, 1)
2158 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
2159 && test_set_get_raw_keys_int(tst, 1, 1);
2160 }
2161
2162 #ifndef OPENSSL_NO_DEPRECATED_3_0
2163 static int pkey_custom_check(EVP_PKEY *pkey)
2164 {
2165 return 0xbeef;
2166 }
2167
2168 static int pkey_custom_pub_check(EVP_PKEY *pkey)
2169 {
2170 return 0xbeef;
2171 }
2172
2173 static int pkey_custom_param_check(EVP_PKEY *pkey)
2174 {
2175 return 0xbeef;
2176 }
2177
2178 static EVP_PKEY_METHOD *custom_pmeth;
2179 #endif
2180
2181 static int test_EVP_PKEY_check(int i)
2182 {
2183 int ret = 0;
2184 EVP_PKEY *pkey = NULL;
2185 EVP_PKEY_CTX *ctx = NULL;
2186 #ifndef OPENSSL_NO_DEPRECATED_3_0
2187 EVP_PKEY_CTX *ctx2 = NULL;
2188 #endif
2189 const APK_DATA *ak = &keycheckdata[i];
2190 const unsigned char *input = ak->kder;
2191 size_t input_len = ak->size;
2192 int expected_id = ak->evptype;
2193 int expected_check = ak->check;
2194 int expected_pub_check = ak->pub_check;
2195 int expected_param_check = ak->param_check;
2196 int type = ak->type;
2197
2198 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
2199 goto done;
2200 if (type == 0
2201 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2202 goto done;
2203
2204 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2205 goto done;
2206
2207 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
2208 goto done;
2209
2210 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
2211 goto done;
2212
2213 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
2214 goto done;
2215
2216 #ifndef OPENSSL_NO_DEPRECATED_3_0
2217 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
2218 /* assign the pkey directly, as an internal test */
2219 EVP_PKEY_up_ref(pkey);
2220 ctx2->pkey = pkey;
2221
2222 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
2223 goto done;
2224
2225 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
2226 goto done;
2227
2228 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
2229 goto done;
2230 #endif
2231
2232 ret = 1;
2233
2234 done:
2235 EVP_PKEY_CTX_free(ctx);
2236 #ifndef OPENSSL_NO_DEPRECATED_3_0
2237 EVP_PKEY_CTX_free(ctx2);
2238 #endif
2239 EVP_PKEY_free(pkey);
2240 return ret;
2241 }
2242
2243 #ifndef OPENSSL_NO_CMAC
2244 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
2245 {
2246 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
2247 const char msg[] = "Hello World";
2248 size_t maclen = AES_BLOCK_SIZE;
2249 int ret = 1;
2250
2251 if (!TEST_ptr(mdctx)
2252 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
2253 testpropq, pkey, NULL))
2254 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
2255 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
2256 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
2257 ret = 0;
2258
2259 EVP_MD_CTX_free(mdctx);
2260
2261 return ret;
2262 }
2263 static int test_CMAC_keygen(void)
2264 {
2265 static unsigned char key[] = {
2266 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2267 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2268 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2269 };
2270 EVP_PKEY_CTX *kctx = NULL;
2271 int ret = 0;
2272 EVP_PKEY *pkey = NULL;
2273 unsigned char mac[AES_BLOCK_SIZE];
2274 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2275 unsigned char mac2[AES_BLOCK_SIZE];
2276 # endif
2277
2278 if (nullprov != NULL)
2279 return TEST_skip("Test does not support a non-default library context");
2280
2281 /*
2282 * This is a legacy method for CMACs, but should still work.
2283 * This verifies that it works without an ENGINE.
2284 */
2285 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2286
2287 /* Test a CMAC key created using the "generated" method */
2288 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2289 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2290 EVP_PKEY_CTRL_CIPHER,
2291 0, (void *)EVP_aes_256_ecb()), 0)
2292 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2293 EVP_PKEY_CTRL_SET_MAC_KEY,
2294 sizeof(key), (void *)key), 0)
2295 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2296 || !TEST_ptr(pkey)
2297 || !TEST_true(get_cmac_val(pkey, mac)))
2298 goto done;
2299
2300 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2301 EVP_PKEY_free(pkey);
2302
2303 /*
2304 * Test a CMAC key using the direct method, and compare with the mac
2305 * created above.
2306 */
2307 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
2308 if (!TEST_ptr(pkey)
2309 || !TEST_true(get_cmac_val(pkey, mac2))
2310 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
2311 goto done;
2312 # endif
2313
2314 ret = 1;
2315
2316 done:
2317 EVP_PKEY_free(pkey);
2318 EVP_PKEY_CTX_free(kctx);
2319 return ret;
2320 }
2321 #endif
2322
2323 static int test_HKDF(void)
2324 {
2325 EVP_PKEY_CTX *pctx;
2326 unsigned char out[20];
2327 size_t outlen;
2328 int i, ret = 0;
2329 unsigned char salt[] = "0123456789";
2330 unsigned char key[] = "012345678901234567890123456789";
2331 unsigned char info[] = "infostring";
2332 const unsigned char expected[] = {
2333 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2334 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2335 };
2336 size_t expectedlen = sizeof(expected);
2337
2338 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2339 goto done;
2340
2341 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2342 for (i = 0; i < 2; i++) {
2343 outlen = sizeof(out);
2344 memset(out, 0, outlen);
2345
2346 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2347 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2348 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2349 sizeof(salt) - 1), 0)
2350 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2351 sizeof(key) - 1), 0)
2352 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2353 sizeof(info) - 1), 0)
2354 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2355 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2356 goto done;
2357 }
2358
2359 ret = 1;
2360
2361 done:
2362 EVP_PKEY_CTX_free(pctx);
2363
2364 return ret;
2365 }
2366
2367 static int test_emptyikm_HKDF(void)
2368 {
2369 EVP_PKEY_CTX *pctx;
2370 unsigned char out[20];
2371 size_t outlen;
2372 int ret = 0;
2373 unsigned char salt[] = "9876543210";
2374 unsigned char key[] = "";
2375 unsigned char info[] = "stringinfo";
2376 const unsigned char expected[] = {
2377 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2378 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2379 };
2380 size_t expectedlen = sizeof(expected);
2381
2382 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2383 goto done;
2384
2385 outlen = sizeof(out);
2386 memset(out, 0, outlen);
2387
2388 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2389 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2390 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2391 sizeof(salt) - 1), 0)
2392 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2393 sizeof(key) - 1), 0)
2394 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2395 sizeof(info) - 1), 0)
2396 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2397 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2398 goto done;
2399
2400 ret = 1;
2401
2402 done:
2403 EVP_PKEY_CTX_free(pctx);
2404
2405 return ret;
2406 }
2407
2408 #ifndef OPENSSL_NO_EC
2409 static int test_X509_PUBKEY_inplace(void)
2410 {
2411 int ret = 0;
2412 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
2413 const unsigned char *p = kExampleECPubKeyDER;
2414 size_t input_len = sizeof(kExampleECPubKeyDER);
2415
2416 if (!TEST_ptr(xp))
2417 goto done;
2418 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
2419 goto done;
2420
2421 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2422 goto done;
2423
2424 p = kExampleBadECPubKeyDER;
2425 input_len = sizeof(kExampleBadECPubKeyDER);
2426
2427 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2428 goto done;
2429
2430 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2431 goto done;
2432
2433 ret = 1;
2434
2435 done:
2436 X509_PUBKEY_free(xp);
2437 return ret;
2438 }
2439
2440 static int test_X509_PUBKEY_dup(void)
2441 {
2442 int ret = 0;
2443 X509_PUBKEY *xp = NULL, *xq = NULL;
2444 const unsigned char *p = kExampleECPubKeyDER;
2445 size_t input_len = sizeof(kExampleECPubKeyDER);
2446
2447 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2448 if (!TEST_ptr(xp)
2449 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
2450 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2451 || !TEST_ptr_ne(xp, xq))
2452 goto done;
2453
2454 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2455 || !TEST_ptr(X509_PUBKEY_get0(xp))
2456 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
2457 goto done;
2458
2459 X509_PUBKEY_free(xq);
2460 xq = NULL;
2461 p = kExampleBadECPubKeyDER;
2462 input_len = sizeof(kExampleBadECPubKeyDER);
2463
2464 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2465 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2466 goto done;
2467
2468 X509_PUBKEY_free(xp);
2469 xp = NULL;
2470 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2471 goto done;
2472
2473 ret = 1;
2474
2475 done:
2476 X509_PUBKEY_free(xp);
2477 X509_PUBKEY_free(xq);
2478 return ret;
2479 }
2480 #endif /* OPENSSL_NO_EC */
2481
2482 /* Test getting and setting parameters on an EVP_PKEY_CTX */
2483 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
2484 {
2485 EVP_MD_CTX *mdctx = NULL;
2486 EVP_PKEY_CTX *ctx = NULL;
2487 const OSSL_PARAM *params;
2488 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
2489 int ret = 0;
2490 const EVP_MD *md;
2491 char mdname[OSSL_MAX_NAME_SIZE];
2492 char ssl3ms[48];
2493
2494 /* Initialise a sign operation */
2495 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
2496 if (!TEST_ptr(ctx)
2497 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
2498 goto err;
2499
2500 /*
2501 * We should be able to query the parameters now.
2502 */
2503 params = EVP_PKEY_CTX_settable_params(ctx);
2504 if (!TEST_ptr(params)
2505 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2506 OSSL_SIGNATURE_PARAM_DIGEST)))
2507 goto err;
2508
2509 params = EVP_PKEY_CTX_gettable_params(ctx);
2510 if (!TEST_ptr(params)
2511 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2512 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
2513 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2514 OSSL_SIGNATURE_PARAM_DIGEST)))
2515 goto err;
2516
2517 /*
2518 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2519 * EVP_PKEY_CTX_get_params()
2520 */
2521 strcpy(mdname, "SHA512");
2522 param_md = param;
2523 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2524 mdname, 0);
2525 *param++ = OSSL_PARAM_construct_end();
2526
2527 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2528 goto err;
2529
2530 mdname[0] = '\0';
2531 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2532 mdname, sizeof(mdname));
2533 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
2534 || !TEST_str_eq(mdname, "SHA512"))
2535 goto err;
2536
2537 /*
2538 * Test the TEST_PKEY_CTX_set_signature_md() and
2539 * TEST_PKEY_CTX_get_signature_md() functions
2540 */
2541 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2542 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2543 || !TEST_ptr_eq(md, EVP_sha256()))
2544 goto err;
2545
2546 /*
2547 * Test getting MD parameters via an associated EVP_PKEY_CTX
2548 */
2549 mdctx = EVP_MD_CTX_new();
2550 if (!TEST_ptr(mdctx)
2551 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2552 pkey, NULL)))
2553 goto err;
2554
2555 /*
2556 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2557 * able to obtain the digest's settable parameters from the provider.
2558 */
2559 params = EVP_MD_CTX_settable_params(mdctx);
2560 if (!TEST_ptr(params)
2561 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2562 /* The final key should be NULL */
2563 || !TEST_ptr_null(params[1].key))
2564 goto err;
2565
2566 param = ourparams;
2567 memset(ssl3ms, 0, sizeof(ssl3ms));
2568 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2569 ssl3ms, sizeof(ssl3ms));
2570 *param++ = OSSL_PARAM_construct_end();
2571
2572 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2573 goto err;
2574
2575 ret = 1;
2576
2577 err:
2578 EVP_MD_CTX_free(mdctx);
2579 EVP_PKEY_CTX_free(ctx);
2580
2581 return ret;
2582 }
2583
2584 #ifndef OPENSSL_NO_DSA
2585 static int test_DSA_get_set_params(void)
2586 {
2587 OSSL_PARAM_BLD *bld = NULL;
2588 OSSL_PARAM *params = NULL;
2589 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2590 EVP_PKEY_CTX *pctx = NULL;
2591 EVP_PKEY *pkey = NULL;
2592 int ret = 0;
2593
2594 /*
2595 * Setup the parameters for our DSA object. For our purposes they don't
2596 * have to actually be *valid* parameters. We just need to set something.
2597 */
2598 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2599 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2600 || !TEST_ptr(p = BN_new())
2601 || !TEST_ptr(q = BN_new())
2602 || !TEST_ptr(g = BN_new())
2603 || !TEST_ptr(pub = BN_new())
2604 || !TEST_ptr(priv = BN_new()))
2605 goto err;
2606 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2607 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2608 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2609 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2610 pub))
2611 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2612 priv)))
2613 goto err;
2614 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2615 goto err;
2616
2617 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2618 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2619 params), 0))
2620 goto err;
2621
2622 if (!TEST_ptr(pkey))
2623 goto err;
2624
2625 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2626
2627 err:
2628 EVP_PKEY_free(pkey);
2629 EVP_PKEY_CTX_free(pctx);
2630 OSSL_PARAM_free(params);
2631 OSSL_PARAM_BLD_free(bld);
2632 BN_free(p);
2633 BN_free(q);
2634 BN_free(g);
2635 BN_free(pub);
2636 BN_free(priv);
2637
2638 return ret;
2639 }
2640
2641 /*
2642 * Test combinations of private, public, missing and private + public key
2643 * params to ensure they are all accepted
2644 */
2645 static int test_DSA_priv_pub(void)
2646 {
2647 return test_EVP_PKEY_ffc_priv_pub("DSA");
2648 }
2649
2650 #endif /* !OPENSSL_NO_DSA */
2651
2652 static int test_RSA_get_set_params(void)
2653 {
2654 OSSL_PARAM_BLD *bld = NULL;
2655 OSSL_PARAM *params = NULL;
2656 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2657 EVP_PKEY_CTX *pctx = NULL;
2658 EVP_PKEY *pkey = NULL;
2659 int ret = 0;
2660
2661 /*
2662 * Setup the parameters for our RSA object. For our purposes they don't
2663 * have to actually be *valid* parameters. We just need to set something.
2664 */
2665 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2666 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2667 || !TEST_ptr(n = BN_new())
2668 || !TEST_ptr(e = BN_new())
2669 || !TEST_ptr(d = BN_new()))
2670 goto err;
2671 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2672 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2673 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2674 goto err;
2675 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2676 goto err;
2677
2678 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2679 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2680 params), 0))
2681 goto err;
2682
2683 if (!TEST_ptr(pkey))
2684 goto err;
2685
2686 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2687
2688 err:
2689 EVP_PKEY_free(pkey);
2690 EVP_PKEY_CTX_free(pctx);
2691 OSSL_PARAM_free(params);
2692 OSSL_PARAM_BLD_free(bld);
2693 BN_free(n);
2694 BN_free(e);
2695 BN_free(d);
2696
2697 return ret;
2698 }
2699
2700 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2701 static int test_decrypt_null_chunks(void)
2702 {
2703 EVP_CIPHER_CTX* ctx = NULL;
2704 EVP_CIPHER *cipher = NULL;
2705 const unsigned char key[32] = {
2706 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2707 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2708 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2709 };
2710 unsigned char iv[12] = {
2711 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2712 };
2713 unsigned char msg[] = "It was the best of times, it was the worst of times";
2714 unsigned char ciphertext[80];
2715 unsigned char plaintext[80];
2716 /* We initialise tmp to a non zero value on purpose */
2717 int ctlen, ptlen, tmp = 99;
2718 int ret = 0;
2719 const int enc_offset = 10, dec_offset = 20;
2720
2721 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2722 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2723 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
2724 key, iv))
2725 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2726 enc_offset))
2727 /* Deliberate add a zero length update */
2728 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2729 0))
2730 || !TEST_int_eq(tmp, 0)
2731 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2732 msg + enc_offset,
2733 sizeof(msg) - enc_offset))
2734 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2735 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2736 || !TEST_int_eq(tmp, 0))
2737 goto err;
2738
2739 /* Deliberately initialise tmp to a non zero value */
2740 tmp = 99;
2741 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
2742 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2743 dec_offset))
2744 /*
2745 * Deliberately add a zero length update. We also deliberately do
2746 * this at a different offset than for encryption.
2747 */
2748 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2749 0))
2750 || !TEST_int_eq(tmp, 0)
2751 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2752 ciphertext + dec_offset,
2753 ctlen - dec_offset))
2754 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2755 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2756 || !TEST_int_eq(tmp, 0)
2757 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2758 goto err;
2759
2760 ret = 1;
2761 err:
2762 EVP_CIPHER_CTX_free(ctx);
2763 EVP_CIPHER_free(cipher);
2764 return ret;
2765 }
2766 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2767
2768 #ifndef OPENSSL_NO_DH
2769 /*
2770 * Test combinations of private, public, missing and private + public key
2771 * params to ensure they are all accepted
2772 */
2773 static int test_DH_priv_pub(void)
2774 {
2775 return test_EVP_PKEY_ffc_priv_pub("DH");
2776 }
2777
2778 # ifndef OPENSSL_NO_DEPRECATED_3_0
2779 static int test_EVP_PKEY_set1_DH(void)
2780 {
2781 DH *x942dh = NULL, *noqdh = NULL;
2782 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
2783 int ret = 0;
2784 BIGNUM *p, *g = NULL;
2785 BIGNUM *pubkey = NULL;
2786 unsigned char pub[2048 / 8];
2787 size_t len = 0;
2788
2789 if (!TEST_ptr(p = BN_new())
2790 || !TEST_ptr(g = BN_new())
2791 || !TEST_ptr(pubkey = BN_new())
2792 || !TEST_true(BN_set_word(p, 9999))
2793 || !TEST_true(BN_set_word(g, 2))
2794 || !TEST_true(BN_set_word(pubkey, 4321))
2795 || !TEST_ptr(noqdh = DH_new())
2796 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
2797 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
2798 || !TEST_ptr(pubkey = BN_new())
2799 || !TEST_true(BN_set_word(pubkey, 4321)))
2800 goto err;
2801 p = g = NULL;
2802
2803 x942dh = DH_get_2048_256();
2804 pkey1 = EVP_PKEY_new();
2805 pkey2 = EVP_PKEY_new();
2806 if (!TEST_ptr(x942dh)
2807 || !TEST_ptr(noqdh)
2808 || !TEST_ptr(pkey1)
2809 || !TEST_ptr(pkey2)
2810 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
2811 goto err;
2812 pubkey = NULL;
2813
2814 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2815 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
2816 goto err;
2817
2818 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
2819 &pubkey))
2820 || !TEST_ptr(pubkey))
2821 goto err;
2822
2823 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
2824 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
2825 goto err;
2826
2827 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
2828 OSSL_PKEY_PARAM_PUB_KEY,
2829 pub, sizeof(pub), &len))
2830 || !TEST_size_t_ne(len, 0))
2831 goto err;
2832
2833 ret = 1;
2834 err:
2835 BN_free(p);
2836 BN_free(g);
2837 BN_free(pubkey);
2838 EVP_PKEY_free(pkey1);
2839 EVP_PKEY_free(pkey2);
2840 DH_free(x942dh);
2841 DH_free(noqdh);
2842
2843 return ret;
2844 }
2845 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2846 #endif /* !OPENSSL_NO_DH */
2847
2848 /*
2849 * We test what happens with an empty template. For the sake of this test,
2850 * the template must be ignored, and we know that's the case for RSA keys
2851 * (this might arguably be a misfeature, but that's what we currently do,
2852 * even in provider code, since that's how the legacy RSA implementation
2853 * does things)
2854 */
2855 static int test_keygen_with_empty_template(int n)
2856 {
2857 EVP_PKEY_CTX *ctx = NULL;
2858 EVP_PKEY *pkey = NULL;
2859 EVP_PKEY *tkey = NULL;
2860 int ret = 0;
2861
2862 if (nullprov != NULL)
2863 return TEST_skip("Test does not support a non-default library context");
2864
2865 switch (n) {
2866 case 0:
2867 /* We do test with no template at all as well */
2868 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2869 goto err;
2870 break;
2871 case 1:
2872 /* Here we create an empty RSA key that serves as our template */
2873 if (!TEST_ptr(tkey = EVP_PKEY_new())
2874 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2875 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2876 goto err;
2877 break;
2878 }
2879
2880 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2881 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2882 goto err;
2883
2884 ret = 1;
2885 err:
2886 EVP_PKEY_CTX_free(ctx);
2887 EVP_PKEY_free(pkey);
2888 EVP_PKEY_free(tkey);
2889 return ret;
2890 }
2891
2892 /*
2893 * Test that we fail if we attempt to use an algorithm that is not available
2894 * in the current library context (unless we are using an algorithm that
2895 * should be made available via legacy codepaths).
2896 *
2897 * 0: RSA
2898 * 1: SM2
2899 */
2900 static int test_pkey_ctx_fail_without_provider(int tst)
2901 {
2902 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
2903 OSSL_PROVIDER *tmpnullprov = NULL;
2904 EVP_PKEY_CTX *pctx = NULL;
2905 const char *keytype = NULL;
2906 int expect_null = 0;
2907 int ret = 0;
2908
2909 if (!TEST_ptr(tmpctx))
2910 goto err;
2911
2912 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
2913 if (!TEST_ptr(tmpnullprov))
2914 goto err;
2915
2916 /*
2917 * We check for certain algos in the null provider.
2918 * If an algo is expected to have a provider keymgmt, contructing an
2919 * EVP_PKEY_CTX is expected to fail (return NULL).
2920 * Otherwise, if it's expected to have legacy support, contructing an
2921 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2922 */
2923 switch (tst) {
2924 case 0:
2925 keytype = "RSA";
2926 expect_null = 1;
2927 break;
2928 case 1:
2929 keytype = "SM2";
2930 expect_null = 1;
2931 #ifdef OPENSSL_NO_EC
2932 TEST_info("EC disable, skipping SM2 check...");
2933 goto end;
2934 #endif
2935 #ifdef OPENSSL_NO_SM2
2936 TEST_info("SM2 disable, skipping SM2 check...");
2937 goto end;
2938 #endif
2939 break;
2940 default:
2941 TEST_error("No test for case %d", tst);
2942 goto err;
2943 }
2944
2945 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2946 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
2947 goto err;
2948
2949 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2950 end:
2951 #endif
2952 ret = 1;
2953
2954 err:
2955 EVP_PKEY_CTX_free(pctx);
2956 OSSL_PROVIDER_unload(tmpnullprov);
2957 OSSL_LIB_CTX_free(tmpctx);
2958 return ret;
2959 }
2960
2961 static int test_rand_agglomeration(void)
2962 {
2963 EVP_RAND *rand;
2964 EVP_RAND_CTX *ctx;
2965 OSSL_PARAM params[3], *p = params;
2966 int res;
2967 unsigned int step = 7;
2968 static unsigned char seed[] = "It does not matter how slowly you go "
2969 "as long as you do not stop.";
2970 unsigned char out[sizeof(seed)];
2971
2972 if (!TEST_int_ne(sizeof(seed) % step, 0)
2973 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
2974 return 0;
2975 ctx = EVP_RAND_CTX_new(rand, NULL);
2976 EVP_RAND_free(rand);
2977 if (!TEST_ptr(ctx))
2978 return 0;
2979
2980 memset(out, 0, sizeof(out));
2981 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2982 seed, sizeof(seed));
2983 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
2984 *p = OSSL_PARAM_construct_end();
2985 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
2986 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
2987 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
2988 EVP_RAND_CTX_free(ctx);
2989 return res;
2990 }
2991
2992 /*
2993 * Test that we correctly return the original or "running" IV after
2994 * an encryption operation.
2995 * Run multiple times for some different relevant algorithms/modes.
2996 */
2997 static int test_evp_iv_aes(int idx)
2998 {
2999 int ret = 0;
3000 EVP_CIPHER_CTX *ctx = NULL;
3001 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
3002 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
3003 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
3004 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
3005 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
3006 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3007 9, 10, 11, 12, 13, 14, 15, 16 };
3008 unsigned char ciphertext[32], oiv[16], iv[16];
3009 unsigned char *ref_iv;
3010 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
3011 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
3012
3013 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
3014 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
3015 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
3016 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
3017 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3018 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3019 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
3020 #ifndef OPENSSL_NO_OCB
3021 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3022 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3023 #endif
3024 int len = sizeof(ciphertext);
3025 size_t ivlen, ref_len;
3026 const EVP_CIPHER *type = NULL;
3027 int iv_reset = 0;
3028
3029 if (nullprov != NULL && idx < 6)
3030 return TEST_skip("Test does not support a non-default library context");
3031
3032 switch (idx) {
3033 case 0:
3034 type = EVP_aes_128_cbc();
3035 /* FALLTHROUGH */
3036 case 6:
3037 type = (type != NULL) ? type :
3038 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
3039 ref_iv = cbc_state;
3040 ref_len = sizeof(cbc_state);
3041 iv_reset = 1;
3042 break;
3043 case 1:
3044 type = EVP_aes_128_ofb();
3045 /* FALLTHROUGH */
3046 case 7:
3047 type = (type != NULL) ? type :
3048 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
3049 ref_iv = ofb_state;
3050 ref_len = sizeof(ofb_state);
3051 iv_reset = 1;
3052 break;
3053 case 2:
3054 type = EVP_aes_128_cfb();
3055 /* FALLTHROUGH */
3056 case 8:
3057 type = (type != NULL) ? type :
3058 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
3059 ref_iv = cfb_state;
3060 ref_len = sizeof(cfb_state);
3061 iv_reset = 1;
3062 break;
3063 case 3:
3064 type = EVP_aes_128_gcm();
3065 /* FALLTHROUGH */
3066 case 9:
3067 type = (type != NULL) ? type :
3068 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
3069 ref_iv = gcm_state;
3070 ref_len = sizeof(gcm_state);
3071 break;
3072 case 4:
3073 type = EVP_aes_128_ccm();
3074 /* FALLTHROUGH */
3075 case 10:
3076 type = (type != NULL) ? type :
3077 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
3078 ref_iv = ccm_state;
3079 ref_len = sizeof(ccm_state);
3080 break;
3081 #ifdef OPENSSL_NO_OCB
3082 case 5:
3083 case 11:
3084 return 1;
3085 #else
3086 case 5:
3087 type = EVP_aes_128_ocb();
3088 /* FALLTHROUGH */
3089 case 11:
3090 type = (type != NULL) ? type :
3091 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
3092 ref_iv = ocb_state;
3093 ref_len = sizeof(ocb_state);
3094 break;
3095 #endif
3096 default:
3097 return 0;
3098 }
3099
3100 if (!TEST_ptr(type)
3101 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3102 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3103 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3104 (int)sizeof(msg)))
3105 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3106 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3107 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3108 goto err;
3109 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3110 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3111 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3112 goto err;
3113
3114 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3115 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3116 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3117 goto err;
3118 if (iv_reset) {
3119 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3120 goto err;
3121 } else {
3122 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
3123 goto err;
3124 }
3125
3126 ret = 1;
3127 err:
3128 EVP_CIPHER_CTX_free(ctx);
3129 if (idx >= 6)
3130 EVP_CIPHER_free((EVP_CIPHER *)type);
3131 return ret;
3132 }
3133
3134 #ifndef OPENSSL_NO_DES
3135 static int test_evp_iv_des(int idx)
3136 {
3137 int ret = 0;
3138 EVP_CIPHER_CTX *ctx = NULL;
3139 static const unsigned char key[24] = {
3140 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3141 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3142 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3143 };
3144 static const unsigned char init_iv[8] = {
3145 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3146 };
3147 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3148 9, 10, 11, 12, 13, 14, 15, 16 };
3149 unsigned char ciphertext[32], oiv[8], iv[8];
3150 unsigned const char *ref_iv;
3151 static const unsigned char cbc_state_des[8] = {
3152 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3153 };
3154 static const unsigned char cbc_state_3des[8] = {
3155 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3156 };
3157 static const unsigned char ofb_state_des[8] = {
3158 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3159 };
3160 static const unsigned char ofb_state_3des[8] = {
3161 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3162 };
3163 static const unsigned char cfb_state_des[8] = {
3164 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3165 };
3166 static const unsigned char cfb_state_3des[8] = {
3167 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3168 };
3169 int len = sizeof(ciphertext);
3170 size_t ivlen, ref_len;
3171 EVP_CIPHER *type = NULL;
3172
3173 if (lgcyprov == NULL && idx < 3)
3174 return TEST_skip("Test requires legacy provider to be loaded");
3175
3176 switch (idx) {
3177 case 0:
3178 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
3179 ref_iv = cbc_state_des;
3180 ref_len = sizeof(cbc_state_des);
3181 break;
3182 case 1:
3183 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
3184 ref_iv = ofb_state_des;
3185 ref_len = sizeof(ofb_state_des);
3186 break;
3187 case 2:
3188 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
3189 ref_iv = cfb_state_des;
3190 ref_len = sizeof(cfb_state_des);
3191 break;
3192 case 3:
3193 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
3194 ref_iv = cbc_state_3des;
3195 ref_len = sizeof(cbc_state_3des);
3196 break;
3197 case 4:
3198 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
3199 ref_iv = ofb_state_3des;
3200 ref_len = sizeof(ofb_state_3des);
3201 break;
3202 case 5:
3203 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
3204 ref_iv = cfb_state_3des;
3205 ref_len = sizeof(cfb_state_3des);
3206 break;
3207 default:
3208 return 0;
3209 }
3210
3211 if (!TEST_ptr(type)
3212 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3213 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3214 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3215 (int)sizeof(msg)))
3216 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3217 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3218 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3219 goto err;
3220 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3221 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3222 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3223 goto err;
3224
3225 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3226 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3227 goto err;
3228 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3229 goto err;
3230
3231 ret = 1;
3232 err:
3233 EVP_CIPHER_CTX_free(ctx);
3234 EVP_CIPHER_free(type);
3235 return ret;
3236 }
3237 #endif
3238
3239 #ifndef OPENSSL_NO_EC
3240 static int ecpub_nids[] = {
3241 NID_brainpoolP256r1, NID_X9_62_prime256v1,
3242 NID_secp384r1, NID_secp521r1,
3243 # ifndef OPENSSL_NO_EC2M
3244 NID_sect233k1, NID_sect233r1, NID_sect283r1,
3245 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
3246 # endif
3247 NID_brainpoolP384r1, NID_brainpoolP512r1
3248 };
3249
3250 static int test_ecpub(int idx)
3251 {
3252 int ret = 0, len, savelen;
3253 int nid;
3254 unsigned char buf[1024];
3255 unsigned char *p;
3256 EVP_PKEY *pkey = NULL;
3257 EVP_PKEY_CTX *ctx = NULL;
3258 # ifndef OPENSSL_NO_DEPRECATED_3_0
3259 const unsigned char *q;
3260 EVP_PKEY *pkey2 = NULL;
3261 EC_KEY *ec = NULL;
3262 # endif
3263
3264 if (nullprov != NULL)
3265 return TEST_skip("Test does not support a non-default library context");
3266
3267 nid = ecpub_nids[idx];
3268
3269 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
3270 if (!TEST_ptr(ctx)
3271 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3272 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid))
3273 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
3274 goto done;
3275 len = i2d_PublicKey(pkey, NULL);
3276 savelen = len;
3277 if (!TEST_int_ge(len, 1)
3278 || !TEST_int_lt(len, 1024))
3279 goto done;
3280 p = buf;
3281 len = i2d_PublicKey(pkey, &p);
3282 if (!TEST_int_ge(len, 1)
3283 || !TEST_int_eq(len, savelen))
3284 goto done;
3285
3286 # ifndef OPENSSL_NO_DEPRECATED_3_0
3287 /* Now try to decode the just-created DER. */
3288 q = buf;
3289 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
3290 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
3291 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
3292 goto done;
3293 /* EC_KEY ownership transferred */
3294 ec = NULL;
3295 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
3296 goto done;
3297 /* The keys should match. */
3298 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
3299 goto done;
3300 # endif
3301
3302 ret = 1;
3303
3304 done:
3305 EVP_PKEY_CTX_free(ctx);
3306 EVP_PKEY_free(pkey);
3307 # ifndef OPENSSL_NO_DEPRECATED_3_0
3308 EVP_PKEY_free(pkey2);
3309 EC_KEY_free(ec);
3310 # endif
3311 return ret;
3312 }
3313 #endif
3314
3315 static int test_EVP_rsa_pss_with_keygen_bits(void)
3316 {
3317 int ret = 0;
3318 EVP_PKEY_CTX *ctx = NULL;
3319 EVP_PKEY *pkey = NULL;
3320 EVP_MD *md;
3321
3322 md = EVP_MD_fetch(testctx, "sha256", testpropq);
3323 ret = TEST_ptr(md)
3324 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", testpropq)))
3325 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3326 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
3327 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
3328 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
3329
3330 EVP_MD_free(md);
3331 EVP_PKEY_free(pkey);
3332 EVP_PKEY_CTX_free(ctx);
3333 return ret;
3334 }
3335
3336 static int test_EVP_rsa_pss_set_saltlen(void)
3337 {
3338 int ret = 0;
3339 EVP_PKEY *pkey = NULL;
3340 EVP_PKEY_CTX *pkey_ctx = NULL;
3341 EVP_MD *sha256 = NULL;
3342 EVP_MD_CTX *sha256_ctx = NULL;
3343 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
3344 const int test_value = 32;
3345
3346 ret = TEST_ptr(pkey = load_example_rsa_key())
3347 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
3348 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
3349 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
3350 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
3351 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value))
3352 && TEST_true(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen))
3353 && TEST_int_eq(saltlen, test_value);
3354
3355 EVP_MD_CTX_free(sha256_ctx);
3356 EVP_PKEY_free(pkey);
3357 EVP_MD_free(sha256);
3358
3359 return ret;
3360 }
3361
3362 static int success = 1;
3363 static void md_names(const char *name, void *vctx)
3364 {
3365 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
3366 /* Force a namemap update */
3367 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
3368
3369 if (!TEST_ptr(aes128))
3370 success = 0;
3371
3372 EVP_CIPHER_free(aes128);
3373 }
3374
3375 /*
3376 * Test that changing the namemap in a user callback works in a names_do_all
3377 * function.
3378 */
3379 static int test_names_do_all(void)
3380 {
3381 /* We use a custom libctx so that we know the state of the namemap */
3382 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
3383 EVP_MD *sha256 = NULL;
3384 int testresult = 0;
3385
3386 if (!TEST_ptr(ctx))
3387 goto err;
3388
3389 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
3390 if (!TEST_ptr(sha256))
3391 goto err;
3392
3393 /*
3394 * We loop through all the names for a given digest. This should still work
3395 * even if the namemap changes part way through.
3396 */
3397 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
3398 goto err;
3399
3400 if (!TEST_true(success))
3401 goto err;
3402
3403 testresult = 1;
3404 err:
3405 EVP_MD_free(sha256);
3406 OSSL_LIB_CTX_free(ctx);
3407 return testresult;
3408 }
3409
3410 typedef struct {
3411 const char *cipher;
3412 const unsigned char *key;
3413 const unsigned char *iv;
3414 const unsigned char *input;
3415 const unsigned char *expected;
3416 const unsigned char *tag;
3417 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3418 size_t inlen;
3419 size_t expectedlen;
3420 size_t taglen;
3421 int keyfirst;
3422 int initenc;
3423 int finalenc;
3424 } EVP_INIT_TEST_st;
3425
3426 static const EVP_INIT_TEST_st evp_init_tests[] = {
3427 {
3428 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3429 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3430 0, 1, 0, 1
3431 },
3432 {
3433 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3434 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3435 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3436 sizeof(gcmDefaultTag), 1, 0, 1
3437 },
3438 {
3439 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3440 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3441 0, 0, 0, 1
3442 },
3443 {
3444 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3445 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3446 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3447 sizeof(gcmDefaultTag), 0, 0, 1
3448 },
3449 {
3450 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3451 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3452 0, 1, 1, 0
3453 },
3454 {
3455 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3456 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3457 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3458 sizeof(gcmDefaultTag), 1, 1, 0
3459 },
3460 {
3461 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3462 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3463 0, 0, 1, 0
3464 },
3465 {
3466 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3467 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3468 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3469 sizeof(gcmDefaultTag), 0, 1, 0
3470 }
3471 };
3472
3473 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
3474 {
3475 int res = 0;
3476
3477 if (t->ivlen != 0) {
3478 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL)))
3479 goto err;
3480 }
3481 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
3482 goto err;
3483 res = 1;
3484 err:
3485 return res;
3486 }
3487
3488 /*
3489 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3490 * arguments are given one at a time and a final adjustment to the enc
3491 * parameter sets the correct operation.
3492 */
3493 static int test_evp_init_seq(int idx)
3494 {
3495 int outlen1, outlen2;
3496 int testresult = 0;
3497 unsigned char outbuf[1024];
3498 unsigned char tag[16];
3499 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
3500 EVP_CIPHER_CTX *ctx = NULL;
3501 EVP_CIPHER *type = NULL;
3502 size_t taglen = sizeof(tag);
3503 char *errmsg = NULL;
3504
3505 ctx = EVP_CIPHER_CTX_new();
3506 if (ctx == NULL) {
3507 errmsg = "CTX_ALLOC";
3508 goto err;
3509 }
3510 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
3511 errmsg = "CIPHER_FETCH";
3512 goto err;
3513 }
3514 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
3515 errmsg = "EMPTY_ENC_INIT";
3516 goto err;
3517 }
3518 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3519 errmsg = "PADDING";
3520 goto err;
3521 }
3522 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3523 errmsg = "KEY_INIT (before iv)";
3524 goto err;
3525 }
3526 if (!evp_init_seq_set_iv(ctx, t)) {
3527 errmsg = "IV_INIT";
3528 goto err;
3529 }
3530 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3531 errmsg = "KEY_INIT (after iv)";
3532 goto err;
3533 }
3534 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
3535 errmsg = "FINAL_ENC_INIT";
3536 goto err;
3537 }
3538 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3539 errmsg = "CIPHER_UPDATE";
3540 goto err;
3541 }
3542 if (t->finalenc == 0 && t->tag != NULL) {
3543 /* Set expected tag */
3544 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
3545 t->taglen, (void *)t->tag))) {
3546 errmsg = "SET_TAG";
3547 goto err;
3548 }
3549 }
3550 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3551 errmsg = "CIPHER_FINAL";
3552 goto err;
3553 }
3554 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3555 errmsg = "WRONG_RESULT";
3556 goto err;
3557 }
3558 if (t->finalenc != 0 && t->tag != NULL) {
3559 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3560 errmsg = "GET_TAG";
3561 goto err;
3562 }
3563 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
3564 errmsg = "TAG_ERROR";
3565 goto err;
3566 }
3567 }
3568 testresult = 1;
3569 err:
3570 if (errmsg != NULL)
3571 TEST_info("evp_init_test %d: %s", idx, errmsg);
3572 EVP_CIPHER_CTX_free(ctx);
3573 EVP_CIPHER_free(type);
3574 return testresult;
3575 }
3576
3577 typedef struct {
3578 const unsigned char *input;
3579 const unsigned char *expected;
3580 size_t inlen;
3581 size_t expectedlen;
3582 int enc;
3583 } EVP_RESET_TEST_st;
3584
3585 static const EVP_RESET_TEST_st evp_reset_tests[] = {
3586 {
3587 cfbPlaintext, cfbCiphertext,
3588 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
3589 },
3590 {
3591 cfbCiphertext, cfbPlaintext,
3592 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
3593 }
3594 };
3595
3596 /*
3597 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3598 * been used.
3599 */
3600 static int test_evp_reset(int idx)
3601 {
3602 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
3603 int outlen1, outlen2;
3604 int testresult = 0;
3605 unsigned char outbuf[1024];
3606 EVP_CIPHER_CTX *ctx = NULL;
3607 EVP_CIPHER *type = NULL;
3608 char *errmsg = NULL;
3609
3610 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3611 errmsg = "CTX_ALLOC";
3612 goto err;
3613 }
3614 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
3615 errmsg = "CIPHER_FETCH";
3616 goto err;
3617 }
3618 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3619 errmsg = "CIPHER_INIT";
3620 goto err;
3621 }
3622 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3623 errmsg = "PADDING";
3624 goto err;
3625 }
3626 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3627 errmsg = "CIPHER_UPDATE";
3628 goto err;
3629 }
3630 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3631 errmsg = "CIPHER_FINAL";
3632 goto err;
3633 }
3634 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3635 errmsg = "WRONG_RESULT";
3636 goto err;
3637 }
3638 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
3639 errmsg = "CIPHER_REINIT";
3640 goto err;
3641 }
3642 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3643 errmsg = "CIPHER_UPDATE (reinit)";
3644 goto err;
3645 }
3646 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3647 errmsg = "CIPHER_FINAL (reinit)";
3648 goto err;
3649 }
3650 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3651 errmsg = "WRONG_RESULT (reinit)";
3652 goto err;
3653 }
3654 testresult = 1;
3655 err:
3656 if (errmsg != NULL)
3657 TEST_info("test_evp_reset %d: %s", idx, errmsg);
3658 EVP_CIPHER_CTX_free(ctx);
3659 EVP_CIPHER_free(type);
3660 return testresult;
3661 }
3662
3663 typedef struct {
3664 const char *cipher;
3665 int enc;
3666 } EVP_UPDATED_IV_TEST_st;
3667
3668 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
3669 {
3670 "aes-128-cfb", 1
3671 },
3672 {
3673 "aes-128-cfb", 0
3674 },
3675 {
3676 "aes-128-cfb1", 1
3677 },
3678 {
3679 "aes-128-cfb1", 0
3680 },
3681 {
3682 "aes-128-cfb8", 1
3683 },
3684 {
3685 "aes-128-cfb8", 0
3686 },
3687 {
3688 "aes-128-ofb", 1
3689 },
3690 {
3691 "aes-128-ofb", 0
3692 },
3693 {
3694 "aes-128-ctr", 1
3695 },
3696 {
3697 "aes-128-ctr", 0
3698 },
3699 {
3700 "aes-128-cbc", 1
3701 },
3702 {
3703 "aes-128-cbc", 0
3704 }
3705 };
3706
3707 /*
3708 * Test that the IV in the context is updated during a crypto operation for CFB
3709 * and OFB.
3710 */
3711 static int test_evp_updated_iv(int idx)
3712 {
3713 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
3714 int outlen1, outlen2;
3715 int testresult = 0;
3716 unsigned char outbuf[1024];
3717 EVP_CIPHER_CTX *ctx = NULL;
3718 EVP_CIPHER *type = NULL;
3719 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
3720 int iv_len;
3721 char *errmsg = NULL;
3722
3723 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3724 errmsg = "CTX_ALLOC";
3725 goto err;
3726 }
3727 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
3728 TEST_info("cipher %s not supported, skipping", t->cipher);
3729 goto ok;
3730 }
3731
3732 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3733 errmsg = "CIPHER_INIT";
3734 goto err;
3735 }
3736 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3737 errmsg = "PADDING";
3738 goto err;
3739 }
3740 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
3741 errmsg = "CIPHER_UPDATE";
3742 goto err;
3743 }
3744 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
3745 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
3746 goto err;
3747 }
3748 if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) {
3749 errmsg = "CIPHER_CTX_GET_IV_LEN";
3750 goto err;
3751 }
3752 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
3753 errmsg = "IV_NOT_UPDATED";
3754 goto err;
3755 }
3756 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3757 errmsg = "CIPHER_FINAL";
3758 goto err;
3759 }
3760 ok:
3761 testresult = 1;
3762 err:
3763 if (errmsg != NULL)
3764 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
3765 EVP_CIPHER_CTX_free(ctx);
3766 EVP_CIPHER_free(type);
3767 return testresult;
3768 }
3769
3770 typedef struct {
3771 const unsigned char *iv1;
3772 const unsigned char *iv2;
3773 const unsigned char *expected1;
3774 const unsigned char *expected2;
3775 const unsigned char *tag1;
3776 const unsigned char *tag2;
3777 size_t ivlen1;
3778 size_t ivlen2;
3779 size_t expectedlen1;
3780 size_t expectedlen2;
3781 } TEST_GCM_IV_REINIT_st;
3782
3783 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
3784 {
3785 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
3786 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
3787 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
3788 },
3789 {
3790 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
3791 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
3792 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
3793 }
3794 };
3795
3796 static int test_gcm_reinit(int idx)
3797 {
3798 int outlen1, outlen2, outlen3;
3799 int testresult = 0;
3800 unsigned char outbuf[1024];
3801 unsigned char tag[16];
3802 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
3803 EVP_CIPHER_CTX *ctx = NULL;
3804 EVP_CIPHER *type = NULL;
3805 size_t taglen = sizeof(tag);
3806 char *errmsg = NULL;
3807
3808 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3809 errmsg = "CTX_ALLOC";
3810 goto err;
3811 }
3812 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
3813 errmsg = "CIPHER_FETCH";
3814 goto err;
3815 }
3816 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
3817 errmsg = "ENC_INIT";
3818 goto err;
3819 }
3820 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL))) {
3821 errmsg = "SET_IVLEN1";
3822 goto err;
3823 }
3824 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
3825 errmsg = "SET_IV1";
3826 goto err;
3827 }
3828 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3829 errmsg = "AAD1";
3830 goto err;
3831 }
3832 EVP_CIPHER_CTX_set_padding(ctx, 0);
3833 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3834 sizeof(gcmResetPlaintext)))) {
3835 errmsg = "CIPHER_UPDATE1";
3836 goto err;
3837 }
3838 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3839 errmsg = "CIPHER_FINAL1";
3840 goto err;
3841 }
3842 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
3843 errmsg = "WRONG_RESULT1";
3844 goto err;
3845 }
3846 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3847 errmsg = "GET_TAG1";
3848 goto err;
3849 }
3850 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
3851 errmsg = "TAG_ERROR1";
3852 goto err;
3853 }
3854 /* Now reinit */
3855 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL))) {
3856 errmsg = "SET_IVLEN2";
3857 goto err;
3858 }
3859 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
3860 errmsg = "SET_IV2";
3861 goto err;
3862 }
3863 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3864 errmsg = "AAD2";
3865 goto err;
3866 }
3867 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3868 sizeof(gcmResetPlaintext)))) {
3869 errmsg = "CIPHER_UPDATE2";
3870 goto err;
3871 }
3872 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3873 errmsg = "CIPHER_FINAL2";
3874 goto err;
3875 }
3876 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
3877 errmsg = "WRONG_RESULT2";
3878 goto err;
3879 }
3880 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3881 errmsg = "GET_TAG2";
3882 goto err;
3883 }
3884 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
3885 errmsg = "TAG_ERROR2";
3886 goto err;
3887 }
3888 testresult = 1;
3889 err:
3890 if (errmsg != NULL)
3891 TEST_info("evp_init_test %d: %s", idx, errmsg);
3892 EVP_CIPHER_CTX_free(ctx);
3893 EVP_CIPHER_free(type);
3894 return testresult;
3895 }
3896
3897 #ifndef OPENSSL_NO_DEPRECATED_3_0
3898 static EVP_PKEY_METHOD *custom_pmeth = NULL;
3899 static const EVP_PKEY_METHOD *orig_pmeth = NULL;
3900
3901 # define EVP_PKEY_CTRL_MY_COMMAND 9999
3902
3903 static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
3904 {
3905 int (*pinit)(EVP_PKEY_CTX *ctx);
3906
3907 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
3908 return pinit(ctx);
3909 }
3910
3911 static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
3912 {
3913 void (*pcleanup)(EVP_PKEY_CTX *ctx);
3914
3915 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
3916 pcleanup(ctx);
3917 }
3918
3919 static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
3920 size_t *outlen, const unsigned char *in,
3921 size_t inlen)
3922 {
3923 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
3924 const unsigned char *tbs, size_t tbslen);
3925
3926 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
3927 return psign(ctx, out, outlen, in, inlen);
3928 }
3929
3930 static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
3931 size_t *siglen, const unsigned char *tbs,
3932 size_t tbslen)
3933 {
3934 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
3935 const unsigned char *tbs, size_t tbslen);
3936
3937 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
3938 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
3939 }
3940
3941 static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
3942 size_t *keylen)
3943 {
3944 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
3945
3946 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
3947 return pderive(ctx, key, keylen);
3948 }
3949
3950 static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
3951 {
3952 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
3953
3954 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
3955 return pcopy(dst, src);
3956 }
3957
3958 static int ctrl_called;
3959
3960 static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
3961 {
3962 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
3963
3964 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
3965
3966 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
3967 ctrl_called = 1;
3968 return 1;
3969 }
3970
3971 return pctrl(ctx, type, p1, p2);
3972 }
3973
3974 static int test_custom_pmeth(int idx)
3975 {
3976 EVP_PKEY_CTX *pctx = NULL;
3977 EVP_MD_CTX *ctx = NULL;
3978 EVP_PKEY *pkey = NULL;
3979 int id, orig_id, orig_flags;
3980 int testresult = 0;
3981 size_t reslen;
3982 unsigned char *res = NULL;
3983 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
3984 const EVP_MD *md = EVP_sha256();
3985 int doderive = 0;
3986
3987 ctrl_called = 0;
3988
3989 /* We call deprecated APIs so this test doesn't support a custom libctx */
3990 if (testctx != NULL)
3991 return 1;
3992
3993 switch (idx) {
3994 case 0:
3995 case 6:
3996 id = EVP_PKEY_RSA;
3997 pkey = load_example_rsa_key();
3998 break;
3999 case 1:
4000 case 7:
4001 # ifndef OPENSSL_NO_DSA
4002 id = EVP_PKEY_DSA;
4003 pkey = load_example_dsa_key();
4004 break;
4005 # else
4006 return 1;
4007 # endif
4008 case 2:
4009 case 8:
4010 # ifndef OPENSSL_NO_EC
4011 id = EVP_PKEY_EC;
4012 pkey = load_example_ec_key();
4013 break;
4014 # else
4015 return 1;
4016 # endif
4017 case 3:
4018 case 9:
4019 # ifndef OPENSSL_NO_EC
4020 id = EVP_PKEY_ED25519;
4021 md = NULL;
4022 pkey = load_example_ed25519_key();
4023 break;
4024 # else
4025 return 1;
4026 # endif
4027 case 4:
4028 case 10:
4029 # ifndef OPENSSL_NO_DH
4030 id = EVP_PKEY_DH;
4031 doderive = 1;
4032 pkey = load_example_dh_key();
4033 break;
4034 # else
4035 return 1;
4036 # endif
4037 case 5:
4038 case 11:
4039 # ifndef OPENSSL_NO_EC
4040 id = EVP_PKEY_X25519;
4041 doderive = 1;
4042 pkey = load_example_x25519_key();
4043 break;
4044 # else
4045 return 1;
4046 # endif
4047 default:
4048 TEST_error("Should not happen");
4049 goto err;
4050 }
4051
4052 if (!TEST_ptr(pkey))
4053 goto err;
4054
4055 if (idx < 6) {
4056 if (!TEST_true(evp_pkey_is_provided(pkey)))
4057 goto err;
4058 } else {
4059 EVP_PKEY *tmp = pkey;
4060
4061 /* Convert to a legacy key */
4062 pkey = EVP_PKEY_new();
4063 if (!TEST_ptr(pkey)) {
4064 pkey = tmp;
4065 goto err;
4066 }
4067 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
4068 EVP_PKEY_free(tmp);
4069 goto err;
4070 }
4071 EVP_PKEY_free(tmp);
4072 if (!TEST_true(evp_pkey_is_legacy(pkey)))
4073 goto err;
4074 }
4075
4076 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
4077 || !TEST_ptr(pkey))
4078 goto err;
4079
4080 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
4081 if (!TEST_int_eq(orig_id, id)
4082 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
4083 goto err;
4084
4085 if (id == EVP_PKEY_ED25519) {
4086 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
4087 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
4088 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
4089 } else {
4090 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
4091 }
4092 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
4093 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
4094 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
4095 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
4096 }
4097 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
4098 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
4099 goto err;
4100
4101 if (doderive) {
4102 pctx = EVP_PKEY_CTX_new(pkey, NULL);
4103 if (!TEST_ptr(pctx)
4104 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
4105 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4106 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4107 1)
4108 || !TEST_int_eq(ctrl_called, 1)
4109 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
4110 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
4111 || !TEST_ptr(res = OPENSSL_malloc(reslen))
4112 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
4113 goto err;
4114 } else {
4115 ctx = EVP_MD_CTX_new();
4116 reslen = EVP_PKEY_size(pkey);
4117 res = OPENSSL_malloc(reslen);
4118 if (!TEST_ptr(ctx)
4119 || !TEST_ptr(res)
4120 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
4121 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4122 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4123 1)
4124 || !TEST_int_eq(ctrl_called, 1))
4125 goto err;
4126
4127 if (id == EVP_PKEY_ED25519) {
4128 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
4129 goto err;
4130 } else {
4131 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
4132 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
4133 goto err;
4134 }
4135 }
4136
4137 testresult = 1;
4138 err:
4139 OPENSSL_free(res);
4140 EVP_MD_CTX_free(ctx);
4141 if (doderive)
4142 EVP_PKEY_CTX_free(pctx);
4143 EVP_PKEY_free(pkey);
4144 EVP_PKEY_meth_remove(custom_pmeth);
4145 EVP_PKEY_meth_free(custom_pmeth);
4146 custom_pmeth = NULL;
4147 return testresult;
4148 }
4149
4150 static int test_evp_md_cipher_meth(void)
4151 {
4152 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
4153 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
4154 int testresult = 0;
4155
4156 if (!TEST_ptr(md) || !TEST_ptr(ciph))
4157 goto err;
4158
4159 testresult = 1;
4160
4161 err:
4162 EVP_MD_meth_free(md);
4163 EVP_CIPHER_meth_free(ciph);
4164
4165 return testresult;
4166 }
4167
4168 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4169 /* Test we can create a signature keys with an associated ENGINE */
4170 static int test_signatures_with_engine(int tst)
4171 {
4172 ENGINE *e;
4173 const char *engine_id = "dasync";
4174 EVP_PKEY *pkey = NULL;
4175 const unsigned char badcmackey[] = { 0x00, 0x01 };
4176 const unsigned char cmackey[] = {
4177 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4178 0x0c, 0x0d, 0x0e, 0x0f
4179 };
4180 const unsigned char ed25519key[] = {
4181 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4182 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4183 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
4184 };
4185 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4186 int testresult = 0;
4187 EVP_MD_CTX *ctx = NULL;
4188 unsigned char *mac = NULL;
4189 size_t maclen = 0;
4190 int ret;
4191
4192 # ifdef OPENSSL_NO_CMAC
4193 /* Skip CMAC tests in a no-cmac build */
4194 if (tst <= 1)
4195 return 1;
4196 # endif
4197
4198 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4199 return 0;
4200
4201 if (!TEST_true(ENGINE_init(e))) {
4202 ENGINE_free(e);
4203 return 0;
4204 }
4205
4206 switch (tst) {
4207 case 0:
4208 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
4209 EVP_aes_128_cbc());
4210 break;
4211 case 1:
4212 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
4213 EVP_aes_128_cbc());
4214 break;
4215 case 2:
4216 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
4217 sizeof(ed25519key));
4218 break;
4219 default:
4220 TEST_error("Invalid test case");
4221 goto err;
4222 }
4223 if (!TEST_ptr(pkey))
4224 goto err;
4225
4226 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
4227 goto err;
4228
4229 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
4230 pkey);
4231 if (tst == 0) {
4232 if (!TEST_true(ret))
4233 goto err;
4234
4235 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
4236 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
4237 goto err;
4238
4239 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
4240 goto err;
4241
4242 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
4243 goto err;
4244 } else {
4245 /* We used a bad key. We expect a failure here */
4246 if (!TEST_false(ret))
4247 goto err;
4248 }
4249
4250 testresult = 1;
4251 err:
4252 EVP_MD_CTX_free(ctx);
4253 OPENSSL_free(mac);
4254 EVP_PKEY_free(pkey);
4255 ENGINE_finish(e);
4256 ENGINE_free(e);
4257
4258 return testresult;
4259 }
4260
4261 static int test_cipher_with_engine(void)
4262 {
4263 ENGINE *e;
4264 const char *engine_id = "dasync";
4265 const unsigned char keyiv[] = {
4266 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4267 0x0c, 0x0d, 0x0e, 0x0f
4268 };
4269 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4270 int testresult = 0;
4271 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
4272 unsigned char buf[AES_BLOCK_SIZE];
4273 int len = 0;
4274
4275 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4276 return 0;
4277
4278 if (!TEST_true(ENGINE_init(e))) {
4279 ENGINE_free(e);
4280 return 0;
4281 }
4282
4283 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4284 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
4285 goto err;
4286
4287 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
4288 goto err;
4289
4290 /* Copy the ctx, and complete the operation with the new ctx */
4291 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
4292 goto err;
4293
4294 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
4295 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
4296 goto err;
4297
4298 testresult = 1;
4299 err:
4300 EVP_CIPHER_CTX_free(ctx);
4301 EVP_CIPHER_CTX_free(ctx2);
4302 ENGINE_finish(e);
4303 ENGINE_free(e);
4304
4305 return testresult;
4306 }
4307 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
4308 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
4309
4310 static int ecxnids[] = {
4311 NID_X25519,
4312 NID_X448,
4313 NID_ED25519,
4314 NID_ED448
4315 };
4316
4317 /* Test that creating ECX keys with a short private key fails as expected */
4318 static int test_ecx_short_keys(int tst)
4319 {
4320 unsigned char ecxkeydata = 1;
4321 EVP_PKEY *pkey;
4322
4323
4324 pkey = EVP_PKEY_new_raw_private_key(ecxnids[tst], NULL, &ecxkeydata, 1);
4325 if (!TEST_ptr_null(pkey)) {
4326 EVP_PKEY_free(pkey);
4327 return 0;
4328 }
4329 return 1;
4330 }
4331
4332 typedef enum OPTION_choice {
4333 OPT_ERR = -1,
4334 OPT_EOF = 0,
4335 OPT_CONTEXT,
4336 OPT_TEST_ENUM
4337 } OPTION_CHOICE;
4338
4339 const OPTIONS *test_get_options(void)
4340 {
4341 static const OPTIONS options[] = {
4342 OPT_TEST_OPTIONS_DEFAULT_USAGE,
4343 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
4344 { NULL }
4345 };
4346 return options;
4347 }
4348
4349 int setup_tests(void)
4350 {
4351 OPTION_CHOICE o;
4352
4353 while ((o = opt_next()) != OPT_EOF) {
4354 switch (o) {
4355 case OPT_CONTEXT:
4356 /* Set up an alternate library context */
4357 testctx = OSSL_LIB_CTX_new();
4358 if (!TEST_ptr(testctx))
4359 return 0;
4360 /* Swap the libctx to test non-default context only */
4361 nullprov = OSSL_PROVIDER_load(NULL, "null");
4362 deflprov = OSSL_PROVIDER_load(testctx, "default");
4363 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
4364 break;
4365 case OPT_TEST_CASES:
4366 break;
4367 default:
4368 return 0;
4369 }
4370 }
4371
4372 ADD_TEST(test_EVP_set_default_properties);
4373 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
4374 ADD_TEST(test_EVP_DigestVerifyInit);
4375 #ifndef OPENSSL_NO_SIPHASH
4376 ADD_TEST(test_siphash_digestsign);
4377 #endif
4378 ADD_TEST(test_EVP_Digest);
4379 ADD_TEST(test_EVP_md_null);
4380 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
4381 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
4382 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
4383 ADD_TEST(test_privatekey_to_pkcs8);
4384 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
4385 #ifndef OPENSSL_NO_EC
4386 ADD_TEST(test_EVP_PKCS82PKEY);
4387 #endif
4388 #ifndef OPENSSL_NO_EC
4389 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
4390 #endif
4391 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
4392 ADD_TEST(test_EVP_SM2);
4393 ADD_TEST(test_EVP_SM2_verify);
4394 #endif
4395 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
4396 #ifndef OPENSSL_NO_DEPRECATED_3_0
4397 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
4398 if (!TEST_ptr(custom_pmeth))
4399 return 0;
4400 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
4401 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
4402 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
4403 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
4404 return 0;
4405 #endif
4406 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
4407 #ifndef OPENSSL_NO_CMAC
4408 ADD_TEST(test_CMAC_keygen);
4409 #endif
4410 ADD_TEST(test_HKDF);
4411 ADD_TEST(test_emptyikm_HKDF);
4412 #ifndef OPENSSL_NO_EC
4413 ADD_TEST(test_X509_PUBKEY_inplace);
4414 ADD_TEST(test_X509_PUBKEY_dup);
4415 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
4416 OSSL_NELEM(ec_der_pub_keys));
4417 #endif
4418 #ifndef OPENSSL_NO_DSA
4419 ADD_TEST(test_DSA_get_set_params);
4420 ADD_TEST(test_DSA_priv_pub);
4421 #endif
4422 ADD_TEST(test_RSA_get_set_params);
4423 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
4424 ADD_TEST(test_decrypt_null_chunks);
4425 #endif
4426 #ifndef OPENSSL_NO_DH
4427 ADD_TEST(test_DH_priv_pub);
4428 # ifndef OPENSSL_NO_DEPRECATED_3_0
4429 ADD_TEST(test_EVP_PKEY_set1_DH);
4430 # endif
4431 #endif
4432 #ifndef OPENSSL_NO_EC
4433 ADD_TEST(test_EC_priv_pub);
4434 # ifndef OPENSSL_NO_DEPRECATED_3_0
4435 ADD_TEST(test_EC_priv_only_legacy);
4436 # endif
4437 #endif
4438 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
4439 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
4440
4441 ADD_TEST(test_rand_agglomeration);
4442 ADD_ALL_TESTS(test_evp_iv_aes, 12);
4443 #ifndef OPENSSL_NO_DES
4444 ADD_ALL_TESTS(test_evp_iv_des, 6);
4445 #endif
4446 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
4447 ADD_TEST(test_EVP_rsa_pss_set_saltlen);
4448 #ifndef OPENSSL_NO_EC
4449 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
4450 #endif
4451
4452 ADD_TEST(test_names_do_all);
4453
4454 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
4455 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
4456 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
4457 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
4458
4459 #ifndef OPENSSL_NO_DEPRECATED_3_0
4460 ADD_ALL_TESTS(test_custom_pmeth, 12);
4461 ADD_TEST(test_evp_md_cipher_meth);
4462
4463 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4464 /* Tests only support the default libctx */
4465 if (testctx == NULL) {
4466 # ifndef OPENSSL_NO_EC
4467 ADD_ALL_TESTS(test_signatures_with_engine, 3);
4468 # else
4469 ADD_ALL_TESTS(test_signatures_with_engine, 2);
4470 # endif
4471 ADD_TEST(test_cipher_with_engine);
4472 }
4473 # endif
4474 #endif
4475
4476 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
4477
4478 return 1;
4479 }
4480
4481 void cleanup_tests(void)
4482 {
4483 OSSL_PROVIDER_unload(nullprov);
4484 OSSL_PROVIDER_unload(deflprov);
4485 OSSL_PROVIDER_unload(lgcyprov);
4486 OSSL_LIB_CTX_free(testctx);
4487 }
A mirror of the official openssl repository