]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/evp_extra_test.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Fix various typos, repeated words, align some spelling to LDP.
[thirdparty/openssl.git] / test / evp_extra_test.c
CommitLineData
440e5d80 1/*
fecb3aae 2 * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
71ea6b48 3 *
909f1a2e 4 * Licensed under the Apache License 2.0 (the "License"). You may not use
440e5d80
RS		 5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
71ea6b48
MC		 8 */
9
41bbba53
P		 10/* We need to use some deprecated APIs */
11#define OPENSSL_SUPPRESS_DEPRECATED
12
71ea6b48
MC		 13#include <stdio.h>
14#include <stdlib.h>
bb5f281a 15#include <string.h>
71ea6b48 16#include <openssl/bio.h>
7bb82f92 17#include <openssl/conf.h>
71ea6b48
MC		 18#include <openssl/crypto.h>
19#include <openssl/err.h>
20#include <openssl/evp.h>
71ea6b48 21#include <openssl/x509.h>
4803717f 22#include <openssl/pem.h>
10d5b415 23#include <openssl/kdf.h>
847d0f81 24#include <openssl/provider.h>
9c45222d 25#include <openssl/core_names.h>
f54a4101 26#include <openssl/params.h>
d7e498ac 27#include <openssl/param_build.h>
9c45222d 28#include <openssl/dsa.h>
e295de1d 29#include <openssl/dh.h>
e5bc0ce2 30#include <openssl/aes.h>
d7e498ac 31#include <openssl/decoder.h>
e947a064 32#include <openssl/rsa.h>
0299094c 33#include <openssl/engine.h>
adcd8e37 34#include "testutil.h"
176db6dc 35#include "internal/nelem.h"
00bc1ad9 36#include "internal/sizes.h"
25f2138b 37#include "crypto/evp.h"
71ea6b48 38
b4250010 39static OSSL_LIB_CTX *testctx = NULL;
062490db
JS		 40static char *testpropq = NULL;
41
42static OSSL_PROVIDER *nullprov = NULL;
43static OSSL_PROVIDER *deflprov = NULL;
44static OSSL_PROVIDER *lgcyprov = NULL;
86dc26ba 45
71ea6b48
MC		 46/*
47 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
48 * should never use this key anywhere but in an example.
49 */
50static const unsigned char kExampleRSAKeyDER[] = {
51 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
52 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
53 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
54 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
55 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
56 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
57 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
58 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
59 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
60 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
61 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
62 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
63 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
64 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
65 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
66 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
67 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
68 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
69 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
70 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
71 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
72 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
73 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
74 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
75 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
76 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
77 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
78 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
79 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
80 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
81 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
82 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
83 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
84 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
85 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
86 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
87 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
88 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
89 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
90 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
91 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
92 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
93 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
94 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
95 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
96 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
97 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
98 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
99 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
100 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
101 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
102};
103
59d0e6c8
MC		 104/*
105* kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
106 * should never use this key anywhere but in an example.
107 */
f650ab47 108#ifndef OPENSSL_NO_DSA
59d0e6c8
MC		 109static const unsigned char kExampleDSAKeyDER[] = {
110 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
111 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
112 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
113 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
114 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
115 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
116 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
117 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
118 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
119 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
120 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
121 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
122 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
123 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
124 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
125 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
126 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
127 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
128 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
129 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
130 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
131 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
132 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
133 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
134 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
135 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
136 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
137 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
138 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
139 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
140 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
141 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
142 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
143 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
144 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
145 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
146 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
147 0x40, 0x48
148};
f650ab47 149#endif
59d0e6c8 150
2aee35d3
PY		 151/*
152 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
153 * components are not correct.
154 */
155static const unsigned char kExampleBadRSAKeyDER[] = {
156 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
157 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
158 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
159 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
160 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
161 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
162 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
163 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
164 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
165 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
166 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
167 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
168 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
169 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
170 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
171 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
172 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
173 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
174 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
175 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
176 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
177 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
178 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
179 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
180 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
181 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
182 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
183 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
184 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
185 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
186 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
187 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
188 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
189 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
190 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
191 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
192 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
193 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
194 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
195 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
196 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
197 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
198 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
199 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
200 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
201 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
202 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
203 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
204 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
205 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
206 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
207 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
208 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
209 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
210 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
211 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
212 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
213 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
214 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
215 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
216 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
217 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
218 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
219 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
220 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
221 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
222 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
223 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
224 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
225 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
226 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
227 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
228 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
229 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
230 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
231 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
232 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
233 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
234 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
235 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
236 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
237 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
238 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
239 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
240 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
241 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
242 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
243 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
244 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
245};
246
995eccb6
MC		 247/*
248 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All
249 * values are 0.
250 */
251static const unsigned char kExampleBad2RSAKeyDER[] = {
252 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
253 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
254 0x01, 0x00, 0x02, 0x01, 0x00
255};
256
71ea6b48
MC		 257static const unsigned char kMsg[] = { 1, 2, 3, 4 };
258
259static const unsigned char kSignature[] = {
260 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
261 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
262 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
263 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
264 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
265 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
266 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
267 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
268 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
269 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
270 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
271};
272
273/*
274 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
275 * PrivateKeyInfo.
276 */
277static const unsigned char kExampleRSAKeyPKCS8[] = {
278 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
279 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
280 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
281 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
282 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
283 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
284 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
285 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
286 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
287 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
288 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
289 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
290 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
291 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
292 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
293 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
294 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
295 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
296 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
297 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
298 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
299 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
300 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
301 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
302 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
303 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
304 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
305 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
306 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
307 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
308 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
309 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
310 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
311 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
312 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
313 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
314 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
315 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
316 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
317 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
318 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
319 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
320 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
321 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
322 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
323 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
324 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
325 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
326 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
327 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
328 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
329 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
330 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
331};
332
a9880362 333#ifndef OPENSSL_NO_EC
71ea6b48
MC		 334/*
335 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
336 * structure.
337 */
338static const unsigned char kExampleECKeyDER[] = {
339 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
340 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
341 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
342 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
343 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
344 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
345 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
346 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
347 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
348 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
349 0xc1,
350};
351
352/*
353 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
354 * structure. The private key is equal to the order and will fail to import
355 */
356static const unsigned char kExampleBadECKeyDER[] = {
357 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
358 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
359 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
360 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
361 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
362 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
363 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
364 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
365 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
366};
b0004708
PY		 367
368/* prime256v1 */
369static const unsigned char kExampleECPubKeyDER[] = {
370 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
371 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
372 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
373 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
374 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
375 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
376 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
377 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
378};
379
5dc40a83 380/*
87762939 381 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
5dc40a83
BE		 382 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
383 */
384static const unsigned char kExampleBadECPubKeyDER[] = {
385 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
386 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
387 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
388 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
389 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
390 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
391 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
392 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
393};
394
b0004708
PY		 395static const unsigned char pExampleECParamDER[] = {
396 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
397};
2cf8bb46
MC		 398
399static const unsigned char kExampleED25519KeyDER[] = {
400 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
401 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
402 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
403 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
404};
405
406static const unsigned char kExampleED25519PubKeyDER[] = {
407 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
408 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
409 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
410 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
411};
412
a983764e
MC		 413# ifndef OPENSSL_NO_DEPRECATED_3_0
414static const unsigned char kExampleX25519KeyDER[] = {
415 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
416 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
417 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
418 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
419};
420# endif
421#endif
422
423/* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
424#ifndef OPENSSL_NO_DEPRECATED_3_0
425# ifndef OPENSSL_NO_DH
426static const unsigned char kExampleDHKeyDER[] = {
427 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
428 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
429 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
430 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
431 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
432 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
433 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
434 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
435 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
436 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
437 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
438 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
439 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
440 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
441 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
442 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
443 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
444 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
445 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
446 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
447 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
448 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
449 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
450 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
451 0x2e, 0x87, 0x2a, 0x0b, 0x7a
452};
453# endif
a9880362 454#endif
71ea6b48 455
063e0197
JC		 456static const unsigned char kCFBDefaultKey[] = {
457 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
458 0x09, 0xCF, 0x4F, 0x3C
459};
460
461static const unsigned char kGCMDefaultKey[32] = { 0 };
462
463static const unsigned char kGCMResetKey[] = {
464 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
465 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
466 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
467};
468
469static const unsigned char iCFBIV[] = {
470 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
471 0x0C, 0x0D, 0x0E, 0x0F
472};
473
474static const unsigned char iGCMDefaultIV[12] = { 0 };
475
476static const unsigned char iGCMResetIV1[] = {
477 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
478};
479
480static const unsigned char iGCMResetIV2[] = {
481 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
482};
483
484static const unsigned char cfbPlaintext[] = {
485 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
486 0x73, 0x93, 0x17, 0x2A
487};
488
489static const unsigned char gcmDefaultPlaintext[16] = { 0 };
490
491static const unsigned char gcmResetPlaintext[] = {
492 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
493 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
494 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
495 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
496 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
497};
498
499static const unsigned char cfbCiphertext[] = {
500 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
501 0xE8, 0x3C, 0xFB, 0x4A
502};
503
504static const unsigned char gcmDefaultCiphertext[] = {
505 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
506 0xba, 0xf3, 0x9d, 0x18
507};
508
509static const unsigned char gcmResetCiphertext1[] = {
510 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
511 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
512 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
513 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
514 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
515};
516
517static const unsigned char gcmResetCiphertext2[] = {
518 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
519 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
520 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
521 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
522 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
523};
524
525static const unsigned char gcmAAD[] = {
526 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
527 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
528};
529
530static const unsigned char gcmDefaultTag[] = {
531 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
532 0xd4, 0x8a, 0xb9, 0x19
533};
534
535static const unsigned char gcmResetTag1[] = {
536 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
537 0xfe, 0x2e, 0xa8, 0xf2
538};
539
540static const unsigned char gcmResetTag2[] = {
541 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
542 0xbb, 0x2d, 0x55, 0x1b
543};
544
adcd8e37
RS		 545typedef struct APK_DATA_st {
546 const unsigned char *kder;
547 size_t size;
5b5eea4b 548 const char *keytype;
adcd8e37 549 int evptype;
2aee35d3 550 int check;
b0004708
PY		 551 int pub_check;
552 int param_check;
553 int type; /* 0 for private, 1 for public, 2 for params */
adcd8e37
RS		 554} APK_DATA;
555
556static APK_DATA keydata[] = {
5b5eea4b
SL		 557 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
558 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
aa24cd1b 559#ifndef OPENSSL_NO_EC
5b5eea4b 560 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
aa24cd1b 561#endif
adcd8e37
RS		 562};
563
2aee35d3 564static APK_DATA keycheckdata[] = {
2cf8bb46
MC		 565 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
566 0},
5b5eea4b 567 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
e6774a72 568 0, 1, 1, 0},
995eccb6
MC		 569 {kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA,
570 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0},
2aee35d3 571#ifndef OPENSSL_NO_EC
5b5eea4b 572 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
b0004708 573 /* group is also associated in our pub key */
2cf8bb46
MC		 574 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
575 1, 1},
576 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
577 2},
578 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
579 EVP_PKEY_ED25519, 1, 1, 1, 0},
580 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
581 EVP_PKEY_ED25519, 0, 1, 1, 1},
2aee35d3
PY		 582#endif
583};
584
d7e498ac
RL		 585static EVP_PKEY *load_example_key(const char *keytype,
586 const unsigned char *data, size_t data_len)
71ea6b48 587{
d7e498ac 588 const unsigned char **pdata = &data;
71ea6b48 589 EVP_PKEY *pkey = NULL;
d7e498ac 590 OSSL_DECODER_CTX *dctx =
fe75766c 591 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
062490db 592 testctx, testpropq);
71ea6b48 593
d7e498ac
RL		 594 /* |pkey| will be NULL on error */
595 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
596 OSSL_DECODER_CTX_free(dctx);
597 return pkey;
598}
71ea6b48 599
d7e498ac
RL		 600static EVP_PKEY *load_example_rsa_key(void)
601{
602 return load_example_key("RSA", kExampleRSAKeyDER,
603 sizeof(kExampleRSAKeyDER));
71ea6b48
MC		 604}
605
f650ab47 606#ifndef OPENSSL_NO_DSA
59d0e6c8
MC		 607static EVP_PKEY *load_example_dsa_key(void)
608{
6ed4022c
RL		 609 return load_example_key("DSA", kExampleDSAKeyDER,
610 sizeof(kExampleDSAKeyDER));
59d0e6c8 611}
f650ab47 612#endif
59d0e6c8 613
15ff7d7c
MC		 614#ifndef OPENSSL_NO_EC
615static EVP_PKEY *load_example_ec_key(void)
616{
617 return load_example_key("EC", kExampleECKeyDER,
618 sizeof(kExampleECKeyDER));
619}
620#endif
621
a983764e
MC		 622#ifndef OPENSSL_NO_DEPRECATED_3_0
623# ifndef OPENSSL_NO_DH
624static EVP_PKEY *load_example_dh_key(void)
625{
626 return load_example_key("DH", kExampleDHKeyDER,
627 sizeof(kExampleDHKeyDER));
628}
629# endif
630
631# ifndef OPENSSL_NO_EC
a983764e
MC		 632static EVP_PKEY *load_example_ed25519_key(void)
633{
634 return load_example_key("ED25519", kExampleED25519KeyDER,
635 sizeof(kExampleED25519KeyDER));
636}
637
638static EVP_PKEY *load_example_x25519_key(void)
639{
640 return load_example_key("X25519", kExampleX25519KeyDER,
641 sizeof(kExampleX25519KeyDER));
642}
643# endif
644#endif /* OPENSSL_NO_DEPRECATED_3_0 */
645
6d242fa5
MC		 646static EVP_PKEY *load_example_hmac_key(void)
647{
648 EVP_PKEY *pkey = NULL;
649 unsigned char key[] = {
650 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
651 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
652 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
653 };
654
5af6e154
TM		 655 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
656 NULL, key, sizeof(key));
6d242fa5
MC		 657 if (!TEST_ptr(pkey))
658 return NULL;
659
660 return pkey;
661}
662
f9e504e8
P		 663static int test_EVP_set_default_properties(void)
664{
b4250010 665 OSSL_LIB_CTX *ctx;
f9e504e8
P		 666 EVP_MD *md = NULL;
667 int res = 0;
668
b4250010 669 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
f9e504e8
P		 670 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
671 goto err;
672 EVP_MD_free(md);
673 md = NULL;
674
675 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
676 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
677 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
678 goto err;
679 EVP_MD_free(md);
680 md = NULL;
681
682 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
683 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
684 goto err;
685 res = 1;
686err:
687 EVP_MD_free(md);
b4250010 688 OSSL_LIB_CTX_free(ctx);
f9e504e8
P		 689 return res;
690}
691
b8a1272d 692#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
5fbe15fd 693static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
b8a1272d
MC		 694{
695 EVP_PKEY_CTX *pctx = NULL;
5fbe15fd 696 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL;
b8a1272d 697
062490db 698 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
b8a1272d 699 goto err;
2db985b7 700 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
5fbe15fd 701 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
2db985b7 702 params), 0))
b8a1272d
MC		 703 goto err;
704
5fbe15fd 705 if (!TEST_ptr(tmp_pkey))
b8a1272d
MC		 706 goto err;
707
5fbe15fd
RL		 708 pkey = tmp_pkey;
709 tmp_pkey = NULL;
710 err:
711 EVP_PKEY_free(tmp_pkey);
712 EVP_PKEY_CTX_free(pctx);
713 return pkey;
714}
715
716static int test_selection(EVP_PKEY *pkey, int selection)
717{
718 int testresult = 0;
719 int ret;
720 BIO *bio = BIO_new(BIO_s_mem());
721
fd19fc4c
MC		 722 ret = PEM_write_bio_PUBKEY(bio, pkey);
723 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
724 if (!TEST_true(ret))
725 goto err;
726 } else {
727 if (!TEST_false(ret))
728 goto err;
729 }
730 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
731 testctx, NULL);
732 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
733 if (!TEST_true(ret))
734 goto err;
735 } else {
736 if (!TEST_false(ret))
737 goto err;
738 }
739
b8a1272d
MC		 740 testresult = 1;
741 err:
fd19fc4c 742 BIO_free(bio);
b8a1272d
MC		 743
744 return testresult;
745}
746#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
747
2c04b341 748/*
8a9394c1 749 * Test combinations of private, public, missing and private + public key
2c04b341
JS		 750 * params to ensure they are all accepted
751 */
b8a1272d 752#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
2c04b341
JS		 753static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
754{
755 OSSL_PARAM_BLD *bld = NULL;
756 OSSL_PARAM *params = NULL;
5fbe15fd
RL		 757 EVP_PKEY *just_params = NULL;
758 EVP_PKEY *params_and_priv = NULL;
759 EVP_PKEY *params_and_pub = NULL;
760 EVP_PKEY *params_and_keypair = NULL;
2c04b341 761 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2c04b341
JS		 762 int ret = 0;
763
764 /*
765 * Setup the parameters for our pkey object. For our purposes they don't
766 * have to actually be *valid* parameters. We just need to set something.
767 */
b8a1272d 768 if (!TEST_ptr(p = BN_new())
2c04b341
JS		 769 || !TEST_ptr(q = BN_new())
770 || !TEST_ptr(g = BN_new())
771 || !TEST_ptr(pub = BN_new())
772 || !TEST_ptr(priv = BN_new()))
773 goto err;
774
775 /* Test !priv and !pub */
776 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
777 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
778 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
779 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
780 goto err;
5fbe15fd
RL		 781 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
782 || !TEST_ptr(just_params = make_key_fromdata(keytype, params)))
2c04b341
JS		 783 goto err;
784
3f883c7c 785 OSSL_PARAM_free(params);
2c04b341 786 OSSL_PARAM_BLD_free(bld);
5fbe15fd
RL		 787 params = NULL;
788 bld = NULL;
789
790 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
791 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
792 goto err;
2c04b341
JS		 793
794 /* Test priv and !pub */
795 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
796 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
797 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
798 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
799 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
800 priv)))
801 goto err;
5fbe15fd
RL		 802 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
803 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params)))
2c04b341
JS		 804 goto err;
805
3f883c7c 806 OSSL_PARAM_free(params);
2c04b341 807 OSSL_PARAM_BLD_free(bld);
5fbe15fd
RL		 808 params = NULL;
809 bld = NULL;
810
811 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
812 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
813 goto err;
2c04b341
JS		 814
815 /* Test !priv and pub */
816 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
817 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
818 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
819 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
820 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
821 pub)))
822 goto err;
5fbe15fd
RL		 823 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
824 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params)))
2c04b341
JS		 825 goto err;
826
3f883c7c 827 OSSL_PARAM_free(params);
2c04b341 828 OSSL_PARAM_BLD_free(bld);
5fbe15fd
RL		 829 params = NULL;
830 bld = NULL;
831
832 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
833 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
834 goto err;
2c04b341
JS		 835
836 /* Test priv and pub */
837 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
838 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
839 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
840 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
841 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
842 pub))
843 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
844 priv)))
845 goto err;
5fbe15fd
RL		 846 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
847 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params)))
2c04b341
JS		 848 goto err;
849
5fbe15fd 850 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
2c04b341
JS		 851 goto err;
852
853 ret = 1;
854 err:
3f883c7c 855 OSSL_PARAM_free(params);
2c04b341 856 OSSL_PARAM_BLD_free(bld);
5fbe15fd
RL		 857 EVP_PKEY_free(just_params);
858 EVP_PKEY_free(params_and_priv);
859 EVP_PKEY_free(params_and_pub);
860 EVP_PKEY_free(params_and_keypair);
2c04b341
JS		 861 BN_free(p);
862 BN_free(q);
863 BN_free(g);
864 BN_free(pub);
865 BN_free(priv);
866
867 return ret;
868}
8a9394c1 869#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
2c04b341 870
b8a1272d
MC		 871/*
872 * Test combinations of private, public, missing and private + public key
873 * params to ensure they are all accepted for EC keys
874 */
875#ifndef OPENSSL_NO_EC
876static unsigned char ec_priv[] = {
877 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
878 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
879 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
880};
881static unsigned char ec_pub[] = {
882 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
883 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
884 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
885 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
886 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
887 0x08, 0x09, 0xb8, 0xdb, 0x03
888};
889
890static int test_EC_priv_pub(void)
891{
892 OSSL_PARAM_BLD *bld = NULL;
893 OSSL_PARAM *params = NULL;
5fbe15fd
RL		 894 EVP_PKEY *just_params = NULL;
895 EVP_PKEY *params_and_priv = NULL;
896 EVP_PKEY *params_and_pub = NULL;
897 EVP_PKEY *params_and_keypair = NULL;
b8a1272d
MC		 898 BIGNUM *priv = NULL;
899 int ret = 0;
3a1596f4 900 unsigned char *encoded = NULL;
b8a1272d
MC		 901
902 /*
903 * Setup the parameters for our pkey object. For our purposes they don't
904 * have to actually be *valid* parameters. We just need to set something.
905 */
906 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
907 goto err;
908
909 /* Test !priv and !pub */
910 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
911 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
912 OSSL_PKEY_PARAM_GROUP_NAME,
913 "P-256", 0)))
914 goto err;
5fbe15fd
RL		 915 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
916 || !TEST_ptr(just_params = make_key_fromdata("EC", params)))
b8a1272d
MC		 917 goto err;
918
3f883c7c 919 OSSL_PARAM_free(params);
b8a1272d 920 OSSL_PARAM_BLD_free(bld);
5fbe15fd
RL		 921 params = NULL;
922 bld = NULL;
923
924 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
925 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
926 goto err;
b8a1272d
MC		 927
928 /* Test priv and !pub */
929 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
930 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
931 OSSL_PKEY_PARAM_GROUP_NAME,
932 "P-256", 0))
933 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
934 priv)))
935 goto err;
5fbe15fd
RL		 936 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
937 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params)))
b8a1272d
MC		 938 goto err;
939
5fbe15fd
RL		 940 OSSL_PARAM_free(params);
941 OSSL_PARAM_BLD_free(bld);
942 params = NULL;
943 bld = NULL;
944
fd19fc4c 945 /*
5fbe15fd
RL		 946 * We indicate only parameters here, in spite of having built a key that
947 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
948 * expected to fail because it does not support exporting a private EC
949 * key without a corresponding public key
fd19fc4c 950 */
5fbe15fd
RL		 951 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
952 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
b8a1272d 953 goto err;
b8a1272d
MC		 954
955 /* Test !priv and pub */
956 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
957 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
958 OSSL_PKEY_PARAM_GROUP_NAME,
959 "P-256", 0))
960 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
961 OSSL_PKEY_PARAM_PUB_KEY,
962 ec_pub, sizeof(ec_pub))))
963 goto err;
5fbe15fd
RL		 964 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
965 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params)))
b8a1272d
MC		 966 goto err;
967
3f883c7c 968 OSSL_PARAM_free(params);
b8a1272d 969 OSSL_PARAM_BLD_free(bld);
5fbe15fd
RL		 970 params = NULL;
971 bld = NULL;
972
973 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
974 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
975 goto err;
b8a1272d
MC		 976
977 /* Test priv and pub */
978 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
979 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
980 OSSL_PKEY_PARAM_GROUP_NAME,
981 "P-256", 0))
982 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
983 OSSL_PKEY_PARAM_PUB_KEY,
984 ec_pub, sizeof(ec_pub)))
d36a5dd0
MC		 985 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
986 priv)))
b8a1272d 987 goto err;
5fbe15fd
RL		 988 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
989 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params)))
b8a1272d
MC		 990 goto err;
991
5fbe15fd 992 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
b8a1272d
MC		 993 goto err;
994
edc8566f
RL		 995 /* Try key equality */
996 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0)
997 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub),
998 0)
999 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv),
1000 0)
1001 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair),
1002 0)
1003 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0)
1004 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0)
1005 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0)
1006 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0))
1007 goto err;
1008
3a1596f4
TM		 1009 /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */
1010 if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0))
1011 goto err;
1012 OPENSSL_free(encoded);
1013 encoded = NULL;
1014 if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) {
1015 OPENSSL_free(encoded);
1016 encoded = NULL;
1017 goto err;
1018 }
1019
b8a1272d
MC		 1020 ret = 1;
1021 err:
3f883c7c 1022 OSSL_PARAM_free(params);
b8a1272d 1023 OSSL_PARAM_BLD_free(bld);
5fbe15fd
RL		 1024 EVP_PKEY_free(just_params);
1025 EVP_PKEY_free(params_and_priv);
1026 EVP_PKEY_free(params_and_pub);
1027 EVP_PKEY_free(params_and_keypair);
b8a1272d
MC		 1028 BN_free(priv);
1029
1030 return ret;
1031}
1032
1033/* Test that using a legacy EC key with only a private key in it works */
1034# ifndef OPENSSL_NO_DEPRECATED_3_0
1035static int test_EC_priv_only_legacy(void)
1036{
1037 BIGNUM *priv = NULL;
1038 int ret = 0;
1039 EC_KEY *eckey = NULL;
2145ba5e 1040 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
b8a1272d
MC		 1041 EVP_MD_CTX *ctx = NULL;
1042
1043 /* Create the low level EC_KEY */
1044 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1045 goto err;
1046
1047 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1048 if (!TEST_ptr(eckey))
1049 goto err;
1050
1051 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1052 goto err;
1053
1054 pkey = EVP_PKEY_new();
1055 if (!TEST_ptr(pkey))
1056 goto err;
1057
1058 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1059 goto err;
1060 eckey = NULL;
1061
2145ba5e
TM		 1062 while (dup_pk == NULL) {
1063 ret = 0;
1064 ctx = EVP_MD_CTX_new();
1065 if (!TEST_ptr(ctx))
1066 goto err;
1067
1068 /*
1069 * The EVP_DigestSignInit function should create the key on the
1070 * provider side which is sufficient for this test.
1071 */
1072 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
1073 testpropq, pkey, NULL)))
1074 goto err;
1075 EVP_MD_CTX_free(ctx);
1076 ctx = NULL;
1077
1078 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
1079 goto err;
1080 /* EVP_PKEY_eq() returns -2 with missing public keys */
1081 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
1082 EVP_PKEY_free(pkey);
1083 pkey = dup_pk;
1084 if (!ret)
1085 goto err;
1086 }
b8a1272d
MC		 1087
1088 err:
1089 EVP_MD_CTX_free(ctx);
1090 EVP_PKEY_free(pkey);
1091 EC_KEY_free(eckey);
1092 BN_free(priv);
1093
1094 return ret;
1095}
1096# endif /* OPENSSL_NO_DEPRECATED_3_0 */
1097#endif /* OPENSSL_NO_EC */
1098
15ff7d7c
MC		 1099static int test_EVP_PKEY_sign(int tst)
1100{
1101 int ret = 0;
1102 EVP_PKEY *pkey = NULL;
1103 unsigned char *sig = NULL;
1104 size_t sig_len = 0, shortsig_len = 1;
1105 EVP_PKEY_CTX *ctx = NULL;
1106 unsigned char tbs[] = {
1107 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1108 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1109 };
1110
1287dabd 1111 if (tst == 0) {
15ff7d7c
MC		 1112 if (!TEST_ptr(pkey = load_example_rsa_key()))
1113 goto out;
1114 } else if (tst == 1) {
1115#ifndef OPENSSL_NO_DSA
1116 if (!TEST_ptr(pkey = load_example_dsa_key()))
1117 goto out;
1118#else
1119 ret = 1;
1120 goto out;
1121#endif
1122 } else {
1123#ifndef OPENSSL_NO_EC
1124 if (!TEST_ptr(pkey = load_example_ec_key()))
1125 goto out;
1126#else
1127 ret = 1;
1128 goto out;
1129#endif
1130 }
1131
1132 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1133 if (!TEST_ptr(ctx)
1134 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1135 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1136 sizeof(tbs)), 0))
1137 goto out;
1138 sig = OPENSSL_malloc(sig_len);
1139 if (!TEST_ptr(sig)
1140 /* Test sending a signature buffer that is too short is rejected */
1141 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1142 sizeof(tbs)), 0)
1143 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1144 0)
1145 /* Test the signature round-trips */
1146 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1147 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1148 0))
1149 goto out;
1150
1151 ret = 1;
1152 out:
1153 EVP_PKEY_CTX_free(ctx);
1154 OPENSSL_free(sig);
1155 EVP_PKEY_free(pkey);
1156 return ret;
1157}
1158
4547a719
P		 1159/*
1160 * n = 0 => test using legacy cipher
1161 * n = 1 => test using fetched cipher
1162 */
1163static int test_EVP_Enveloped(int n)
2eb2b4f3
SL		 1164{
1165 int ret = 0;
1166 EVP_CIPHER_CTX *ctx = NULL;
1167 EVP_PKEY *keypair = NULL;
1168 unsigned char *kek = NULL;
1169 unsigned char iv[EVP_MAX_IV_LENGTH];
1170 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1171 int len, kek_len, ciphertext_len, plaintext_len;
1172 unsigned char ciphertext[32], plaintext[16];
4547a719 1173 EVP_CIPHER *type = NULL;
062490db
JS		 1174
1175 if (nullprov != NULL)
1176 return TEST_skip("Test does not support a non-default library context");
1177
4547a719
P		 1178 if (n == 0)
1179 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1180 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1181 testpropq)))
1182 goto err;
2eb2b4f3
SL		 1183
1184 if (!TEST_ptr(keypair = load_example_rsa_key())
ed576acd 1185 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
2eb2b4f3
SL		 1186 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1187 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1188 &keypair, 1))
1189 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1190 msg, sizeof(msg)))
1191 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1192 &len)))
1193 goto err;
1194
1195 ciphertext_len += len;
1196
1197 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1198 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1199 ciphertext, ciphertext_len))
1200 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1201 goto err;
1202
1203 plaintext_len += len;
1204 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1205 goto err;
1206
1207 ret = 1;
1208err:
4547a719
P		 1209 if (n != 0)
1210 EVP_CIPHER_free(type);
2eb2b4f3
SL		 1211 OPENSSL_free(kek);
1212 EVP_PKEY_free(keypair);
1213 EVP_CIPHER_CTX_free(ctx);
1214 return ret;
1215}
1216
59d0e6c8 1217/*
6d242fa5
MC		 1218 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1219 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1220 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1221 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1222 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1223 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1224 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1225 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1226 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
15ff7d7c
MC		 1227 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1228 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1229 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1230 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1231 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1232 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
816f72d0 1233 * Test 15-29: Same as above with reinitialization
59d0e6c8
MC		 1234 */
1235static int test_EVP_DigestSignInit(int tst)
71ea6b48
MC		 1236{
1237 int ret = 0;
1238 EVP_PKEY *pkey = NULL;
78539b25 1239 unsigned char *sig = NULL, *sig2 = NULL;
15ff7d7c 1240 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
59d0e6c8
MC		 1241 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1242 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1243 BIO *mdbio = NULL, *membio = NULL;
1244 size_t written;
6d242fa5
MC		 1245 const EVP_MD *md;
1246 EVP_MD *mdexp = NULL;
816f72d0 1247 int reinit = 0;
59d0e6c8 1248
062490db
JS		 1249 if (nullprov != NULL)
1250 return TEST_skip("Test does not support a non-default library context");
1251
816f72d0
TM		 1252 if (tst >= 15) {
1253 reinit = 1;
1254 tst -= 15;
1255 }
1256
15ff7d7c 1257 if (tst >= 6 && tst <= 8) {
59d0e6c8
MC		 1258 membio = BIO_new(BIO_s_mem());
1259 mdbio = BIO_new(BIO_f_md());
1260 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1261 goto out;
1262 BIO_push(mdbio, membio);
1263 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1264 goto out;
1265 } else {
1266 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1267 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1268 goto out;
1269 }
71ea6b48 1270
15ff7d7c 1271 if (tst % 3 == 0) {
59d0e6c8
MC		 1272 if (!TEST_ptr(pkey = load_example_rsa_key()))
1273 goto out;
15ff7d7c 1274 } else if (tst % 3 == 1) {
f650ab47 1275#ifndef OPENSSL_NO_DSA
59d0e6c8
MC		 1276 if (!TEST_ptr(pkey = load_example_dsa_key()))
1277 goto out;
f650ab47
MC		 1278#else
1279 ret = 1;
1280 goto out;
1281#endif
6d242fa5
MC		 1282 } else {
1283 if (!TEST_ptr(pkey = load_example_hmac_key()))
1284 goto out;
59d0e6c8 1285 }
71ea6b48 1286
6d242fa5
MC		 1287 if (tst >= 3 && tst <= 5)
1288 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1289 else
1290 md = EVP_sha256();
1291
1292 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
71ea6b48 1293 goto out;
adcd8e37 1294
816f72d0
TM		 1295 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
1296 goto out;
1297
15ff7d7c 1298 if (tst >= 6 && tst <= 8) {
59d0e6c8
MC		 1299 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1300 goto out;
15ff7d7c 1301 } else if (tst < 6) {
59d0e6c8
MC		 1302 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1303 goto out;
1304 }
1305
15ff7d7c
MC		 1306 if (tst >= 9) {
1307 /* Determine the size of the signature. */
1308 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1309 sizeof(kMsg)))
1310 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1311 goto out;
1312 if (tst <= 11) {
1313 /* Test that supply a short sig buffer fails */
1314 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1315 sizeof(kMsg))))
1316 goto out;
1317 /*
1318 * We end here because once EVP_DigestSign() has failed you should
1319 * not call it again without re-initing the ctx
1320 */
1321 ret = 1;
1322 goto out;
1323 }
1324 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1325 sizeof(kMsg))))
1326 goto out;
1327 } else {
1328 /* Determine the size of the signature. */
1329 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1330 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1331 /*
1332 * Trying to create a signature with a deliberately short
1333 * buffer should fail.
1334 */
1335 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1336 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1337 goto out;
1338 }
71ea6b48 1339
6d242fa5
MC		 1340 /*
1341 * Ensure that the signature round-trips (Verification isn't supported for
1342 * HMAC via EVP_DigestVerify*)
1343 */
15ff7d7c
MC		 1344 if (tst % 3 != 2) {
1345 if (tst >= 6 && tst <= 8) {
78539b25
TM		 1346 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1347 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1348 goto out;
1349 }
1350
6d242fa5
MC		 1351 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1352 NULL, pkey)))
59d0e6c8 1353 goto out;
6d242fa5 1354
15ff7d7c 1355 if (tst >= 6 && tst <= 8) {
6d242fa5
MC		 1356 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1357 goto out;
1358 } else {
1359 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1360 sizeof(kMsg))))
1361 goto out;
1362 }
e2e5e72d 1363 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
59d0e6c8 1364 goto out;
78539b25
TM		 1365
1366 /* Multiple calls to EVP_DigestVerifyFinal should work */
e2e5e72d 1367 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
78539b25
TM		 1368 goto out;
1369 } else {
1370 /*
1371 * For HMAC a doubled call to DigestSignFinal should produce the same
1372 * value as finalization should not happen.
1373 */
1374 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1375 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1376 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1377 goto out;
1378
1379 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1380 goto out;
59d0e6c8 1381 }
71ea6b48
MC		 1382
1383 ret = 1;
1384
1385 out:
59d0e6c8
MC		 1386 BIO_free(membio);
1387 BIO_free(mdbio);
1388 EVP_MD_CTX_free(a_md_ctx);
1389 EVP_MD_CTX_free(a_md_ctx_verify);
c5ba2d99 1390 EVP_PKEY_free(pkey);
b548a1f1 1391 OPENSSL_free(sig);
78539b25 1392 OPENSSL_free(sig2);
6d242fa5 1393 EVP_MD_free(mdexp);
71ea6b48
MC		 1394
1395 return ret;
1396}
1397
1398static int test_EVP_DigestVerifyInit(void)
1399{
1400 int ret = 0;
1401 EVP_PKEY *pkey = NULL;
adcd8e37 1402 EVP_MD_CTX *md_ctx = NULL;
71ea6b48 1403
062490db
JS		 1404 if (nullprov != NULL)
1405 return TEST_skip("Test does not support a non-default library context");
1406
adcd8e37
RS		 1407 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1408 || !TEST_ptr(pkey = load_example_rsa_key()))
1409 goto out;
71ea6b48 1410
adcd8e37
RS		 1411 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1412 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
e2e5e72d
PH		 1413 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1414 sizeof(kSignature)), 0))
71ea6b48 1415 goto out;
ae6b68b7
TM		 1416
1417 /* test with reinitialization */
1418 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
1419 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
e2e5e72d
PH		 1420 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1421 sizeof(kSignature)), 0))
ae6b68b7 1422 goto out;
71ea6b48
MC		 1423 ret = 1;
1424
1425 out:
bfb0641f 1426 EVP_MD_CTX_free(md_ctx);
c5ba2d99 1427 EVP_PKEY_free(pkey);
71ea6b48
MC		 1428 return ret;
1429}
1430
8cbfc4f6
TM		 1431#ifndef OPENSSL_NO_SIPHASH
1432/* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
1433static int test_siphash_digestsign(void)
1434{
1435 unsigned char key[16];
1436 unsigned char buf[8], digest[8];
1437 unsigned char expected[8] = {
1438 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1439 };
1440 EVP_PKEY *pkey = NULL;
1441 EVP_MD_CTX *mdctx = NULL;
1442 EVP_PKEY_CTX *ctx = NULL;
1443 int ret = 0;
1444 size_t len = 8;
1445
1446 if (nullprov != NULL)
1447 return TEST_skip("Test does not support a non-default library context");
1448
1449 memset(buf, 0, 8);
1450 memset(key, 1, 16);
1451 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
1452 key, 16)))
1453 goto out;
1454
1455 if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
1456 goto out;
1457
1458 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
1459 goto out;
1460 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
1461 EVP_PKEY_CTRL_SET_DIGEST_SIZE,
1462 8, NULL), 1))
1463 goto out;
1464 /* reinitialize */
1465 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
1466 goto out;
1467 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
1468 goto out;
1469 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
1470 goto out;
1471 if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
1472 goto out;
1473
1474 ret = 1;
1475 out:
1476 EVP_PKEY_free(pkey);
1477 EVP_MD_CTX_free(mdctx);
1478 return ret;
1479}
1480#endif
1481
8d8dd09b
TM		 1482/*
1483 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1484 */
1485static int test_EVP_Digest(void)
1486{
1487 int ret = 0;
1488 EVP_MD_CTX *md_ctx = NULL;
1489 unsigned char md[EVP_MAX_MD_SIZE];
062490db
JS		 1490 EVP_MD *sha256 = NULL;
1491 EVP_MD *shake256 = NULL;
8d8dd09b
TM		 1492
1493 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1494 goto out;
1495
062490db
JS		 1496 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1497 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1498 goto out;
1499
1500 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
8d8dd09b
TM		 1501 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1502 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1503 /* EVP_DigestFinal resets the EVP_MD_CTX. */
f6c95e46 1504 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
8d8dd09b
TM		 1505 goto out;
1506
062490db 1507 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
8d8dd09b
TM		 1508 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1509 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1510 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
f6c95e46 1511 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
8d8dd09b
TM		 1512 /*
1513 * EVP_DigestInit_ex with NULL type should work on
1514 * pre-initialized context.
1515 */
1516 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1517 goto out;
1518
062490db 1519 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
8d8dd09b
TM		 1520 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1521 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1522 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
f6c95e46 1523 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
8d8dd09b
TM		 1524 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1525 goto out;
1526 ret = 1;
1527
1528 out:
1529 EVP_MD_CTX_free(md_ctx);
062490db
JS		 1530 EVP_MD_free(sha256);
1531 EVP_MD_free(shake256);
8d8dd09b
TM		 1532 return ret;
1533}
1534
bef9b48e
TM		 1535static int test_EVP_md_null(void)
1536{
1537 int ret = 0;
1538 EVP_MD_CTX *md_ctx = NULL;
1539 const EVP_MD *md_null = EVP_md_null();
1540 unsigned char md_value[EVP_MAX_MD_SIZE];
1541 unsigned int md_len = sizeof(md_value);
1542
1543 if (nullprov != NULL)
1544 return TEST_skip("Test does not support a non-default library context");
1545
1546 if (!TEST_ptr(md_null)
1547 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1548 goto out;
1549
1550 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
1551 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
1552 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
1553 goto out;
1554
1555 if (!TEST_uint_eq(md_len, 0))
1556 goto out;
1557
1558 ret = 1;
1559 out:
1560 EVP_MD_CTX_free(md_ctx);
1561 return ret;
1562}
1563
adcd8e37 1564static int test_d2i_AutoPrivateKey(int i)
71ea6b48
MC		 1565{
1566 int ret = 0;
1567 const unsigned char *p;
1568 EVP_PKEY *pkey = NULL;
adcd8e37
RS		 1569 const APK_DATA *ak = &keydata[i];
1570 const unsigned char *input = ak->kder;
1571 size_t input_len = ak->size;
1572 int expected_id = ak->evptype;
71ea6b48
MC		 1573
1574 p = input;
adcd8e37
RS		 1575 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1576 || !TEST_ptr_eq(p, input + input_len)
ed576acd 1577 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
71ea6b48 1578 goto done;
71ea6b48
MC		 1579
1580 ret = 1;
1581
1582 done:
c5ba2d99 1583 EVP_PKEY_free(pkey);
71ea6b48
MC		 1584 return ret;
1585}
1586
a9880362 1587#ifndef OPENSSL_NO_EC
cad8347b
SL		 1588
1589static const unsigned char ec_public_sect163k1_validxy[] = {
1590 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1591 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1592 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1593 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1594 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1595 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1596};
1597
1598static const unsigned char ec_public_sect163k1_badx[] = {
1599 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1600 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1601 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1602 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1603 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1604 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1605};
1606
1607static const unsigned char ec_public_sect163k1_bady[] = {
1608 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1609 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1610 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1611 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1612 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1613 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1614};
1615
1616static struct ec_der_pub_keys_st {
1617 const unsigned char *der;
1618 size_t len;
1619 int valid;
1620} ec_der_pub_keys[] = {
1621 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1622 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1623 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1624};
1625
1626/*
1627 * Tests the range of the decoded EC char2 public point.
1628 * See ec_GF2m_simple_oct2point().
1629 */
1630static int test_invalide_ec_char2_pub_range_decode(int id)
1631{
1632 int ret = 0;
5b5eea4b 1633 EVP_PKEY *pkey;
cad8347b 1634
5b5eea4b
SL		 1635 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1636 ec_der_pub_keys[id].len);
1637
1638 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1639 || TEST_ptr_null(pkey);
1640 EVP_PKEY_free(pkey);
cad8347b
SL		 1641 return ret;
1642}
1643
71ea6b48
MC		 1644/* Tests loading a bad key in PKCS8 format */
1645static int test_EVP_PKCS82PKEY(void)
1646{
1647 int ret = 0;
1648 const unsigned char *derp = kExampleBadECKeyDER;
1649 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1650 EVP_PKEY *pkey = NULL;
1651
adcd8e37
RS		 1652 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1653 sizeof(kExampleBadECKeyDER))))
1654 goto done;
71ea6b48 1655
adcd8e37
RS		 1656 if (!TEST_ptr_eq(derp,
1657 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
71ea6b48 1658 goto done;
71ea6b48 1659
adcd8e37 1660 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
71ea6b48 1661 goto done;
71ea6b48
MC		 1662
1663 ret = 1;
1664
1665 done:
e0e920b1 1666 PKCS8_PRIV_KEY_INFO_free(p8inf);
c5ba2d99 1667 EVP_PKEY_free(pkey);
71ea6b48
MC		 1668
1669 return ret;
1670}
8be513ae 1671
a9880362 1672#endif
8be513ae
DB		 1673static int test_EVP_PKCS82PKEY_wrong_tag(void)
1674{
1675 EVP_PKEY *pkey = NULL;
1676 EVP_PKEY *pkey2 = NULL;
1677 BIO *membio = NULL;
1678 char *membuf = NULL;
1679 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1680 int ok = 0;
1681
1682 if (testctx != NULL)
1683 /* test not supported with non-default context */
1684 return 1;
1685
1686 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1687 || !TEST_ptr(pkey = load_example_rsa_key())
1688 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1689 NULL, 0, NULL, NULL),
1690 0)
1691 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1692 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1693 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
5d8ad7d3 1694 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
8be513ae
DB		 1695 goto done;
1696 }
1697
1698 ok = 1;
1699 done:
1700 EVP_PKEY_free(pkey);
1701 EVP_PKEY_free(pkey2);
1702 PKCS8_PRIV_KEY_INFO_free(p8inf);
1703 BIO_free_all(membio);
1704 return ok;
1705}
71ea6b48 1706
29c49b25
RL		 1707/* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1708static int test_privatekey_to_pkcs8(void)
1709{
1710 EVP_PKEY *pkey = NULL;
1711 BIO *membio = NULL;
1712 char *membuf = NULL;
e2cc68c8 1713 long membuf_len = 0;
29c49b25
RL		 1714 int ok = 0;
1715
1716 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1717 || !TEST_ptr(pkey = load_example_rsa_key())
1718 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1719 NULL, 0, NULL, NULL),
1720 0)
e2cc68c8
SL		 1721 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1722 || !TEST_ptr(membuf)
1723 || !TEST_mem_eq(membuf, (size_t)membuf_len,
29c49b25
RL		 1724 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1725 /*
1726 * We try to write PEM as well, just to see that it doesn't err, but
1727 * assume that the result is correct.
1728 */
1729 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1730 NULL, 0, NULL, NULL),
1731 0))
1732 goto done;
1733
1734 ok = 1;
1735 done:
1736 EVP_PKEY_free(pkey);
1737 BIO_free_all(membio);
1738 return ok;
1739}
1740
f0c62c53
RL		 1741#ifndef OPENSSL_NO_EC
1742static const struct {
1743 int encoding;
1744 const char *encoding_name;
1745} ec_encodings[] = {
1746 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1747 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1748};
1749
1750static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1751{
1752 const OSSL_PARAM *p;
1753 const char *enc_name = NULL;
1754 int *enc = arg;
1755 size_t i;
1756
1757 *enc = -1;
1758
1759 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1760 OSSL_PKEY_PARAM_EC_ENCODING))
1761 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1762 return 0;
1763
1764 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
fba140c7 1765 if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
f0c62c53
RL		 1766 *enc = ec_encodings[i].encoding;
1767 break;
1768 }
1769 }
1770
1771 return (*enc != -1);
1772}
1773
1774static int test_EC_keygen_with_enc(int idx)
1775{
1776 EVP_PKEY *params = NULL, *key = NULL;
1777 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1778 int enc;
1779 int ret = 0;
1780
1781 enc = ec_encodings[idx].encoding;
1782
1783 /* Create key parameters */
1784 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
6e0b05f3 1785 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
56876ae9 1786 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0)
2cba2e16 1787 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0)
f0c62c53
RL		 1788 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
1789 || !TEST_ptr(params))
1790 goto done;
1791
1792 /* Create key */
1793 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
bf4ceede 1794 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
f0c62c53
RL		 1795 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1796 || !TEST_ptr(key))
1797 goto done;
1798
1799 /* Check that the encoding got all the way into the key */
1800 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1801 ec_export_get_encoding_cb, &enc))
1802 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1803 goto done;
1804
1805 ret = 1;
1806 done:
1807 EVP_PKEY_free(key);
1808 EVP_PKEY_free(params);
1809 EVP_PKEY_CTX_free(kctx);
1810 EVP_PKEY_CTX_free(pctx);
1811 return ret;
1812}
1813#endif
1814
919adfcf 1815#if !defined(OPENSSL_NO_SM2)
ddb634fe 1816
a6c4cb84
JL		 1817static int test_EVP_SM2_verify(void)
1818{
a6c4cb84 1819 const char *pubkey =
d0b79f86
PY		 1820 "-----BEGIN PUBLIC KEY-----\n"
1821 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1822 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1823 "-----END PUBLIC KEY-----\n";
a6c4cb84
JL		 1824
1825 const char *msg = "message digest";
1826 const char *id = "ALICE123@YAHOO.COM";
1827
1828 const uint8_t signature[] = {
d0b79f86
PY		 1829 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1830 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1831 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1832 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1833 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1834 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1835 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
a6c4cb84
JL		 1836 };
1837
1838 int rc = 0;
1839 BIO *bio = NULL;
1840 EVP_PKEY *pkey = NULL;
1841 EVP_MD_CTX *mctx = NULL;
1842 EVP_PKEY_CTX *pctx = NULL;
062490db 1843 EVP_MD *sm3 = NULL;
a6c4cb84
JL		 1844
1845 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1846 if (!TEST_true(bio != NULL))
1847 goto done;
1848
062490db 1849 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
a6c4cb84
JL		 1850 if (!TEST_true(pkey != NULL))
1851 goto done;
1852
8a288609 1853 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
a6c4cb84
JL		 1854 goto done;
1855
1856 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1857 goto done;
1858
062490db 1859 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
a6c4cb84
JL		 1860 goto done;
1861
a6c4cb84
JL		 1862 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1863
062490db
JS		 1864 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1865 goto done;
1866
1867 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
a6c4cb84
JL		 1868 goto done;
1869
d0b79f86
PY		 1870 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1871 goto done;
1872
a6c4cb84
JL		 1873 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1874 goto done;
1875
e2e5e72d 1876 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
a6c4cb84
JL		 1877 goto done;
1878 rc = 1;
1879
1880 done:
1881 BIO_free(bio);
1882 EVP_PKEY_free(pkey);
1883 EVP_PKEY_CTX_free(pctx);
1884 EVP_MD_CTX_free(mctx);
062490db 1885 EVP_MD_free(sm3);
a6c4cb84
JL		 1886 return rc;
1887}
1888
ddb634fe
JL		 1889static int test_EVP_SM2(void)
1890{
1891 int ret = 0;
1892 EVP_PKEY *pkey = NULL;
bfb56a97 1893 EVP_PKEY *pkeyparams = NULL;
ddb634fe
JL		 1894 EVP_PKEY_CTX *pctx = NULL;
1895 EVP_PKEY_CTX *kctx = NULL;
4803717f 1896 EVP_PKEY_CTX *sctx = NULL;
ddb634fe
JL		 1897 size_t sig_len = 0;
1898 unsigned char *sig = NULL;
1899 EVP_MD_CTX *md_ctx = NULL;
1900 EVP_MD_CTX *md_ctx_verify = NULL;
1901 EVP_PKEY_CTX *cctx = NULL;
42423ac9 1902 EVP_MD *check_md = NULL;
ddb634fe
JL		 1903
1904 uint8_t ciphertext[128];
1905 size_t ctext_len = sizeof(ciphertext);
1906
1907 uint8_t plaintext[8];
1908 size_t ptext_len = sizeof(plaintext);
1909
4803717f
PY		 1910 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1911
bfb56a97
MC		 1912 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1913 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1914 int i;
a0fff549 1915 char mdname[OSSL_MAX_NAME_SIZE];
bfb56a97 1916
42423ac9
RL		 1917 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
1918 "SM2", testpropq)))
ddb634fe
JL		 1919 goto done;
1920
1921 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1922 goto done;
1923
2cba2e16 1924 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0))
ddb634fe
JL		 1925 goto done;
1926
bfb56a97 1927 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
ddb634fe
JL		 1928 goto done;
1929
42423ac9
RL		 1930 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1931 pkeyparams, testpropq)))
ddb634fe
JL		 1932 goto done;
1933
bf4ceede 1934 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0))
ddb634fe
JL		 1935 goto done;
1936
1937 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1938 goto done;
1939
ddb634fe
JL		 1940 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1941 goto done;
1942
1943 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1944 goto done;
1945
062490db 1946 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
4803717f
PY		 1947 goto done;
1948
1949 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1950 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1951
42423ac9 1952 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
062490db
JS		 1953 goto done;
1954
42423ac9 1955 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
4803717f
PY		 1956 goto done;
1957
d0b79f86 1958 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
ddb634fe
JL		 1959 goto done;
1960
42423ac9 1961 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
ddb634fe
JL		 1962 goto done;
1963
1964 /* Determine the size of the signature. */
1965 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1966 goto done;
1967
ddb634fe
JL		 1968 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1969 goto done;
1970
1971 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1972 goto done;
1973
1974 /* Ensure that the signature round-trips. */
1975
42423ac9
RL		 1976 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1977 pkey)))
ddb634fe
JL		 1978 goto done;
1979
d0b79f86
PY		 1980 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1981 goto done;
1982
ddb634fe
JL		 1983 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1984 goto done;
1985
e2e5e72d 1986 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
ddb634fe
JL		 1987 goto done;
1988
707d4e06
TM		 1989 /*
1990 * Try verify again with non-matching 0 length id but ensure that it can
1991 * be set on the context and overrides the previous value.
1992 */
1993
1994 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1995 pkey)))
1996 goto done;
1997
1998 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0))
1999 goto done;
2000
2001 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2002 goto done;
2003
2004 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2005 goto done;
2006
ddb634fe
JL		 2007 /* now check encryption/decryption */
2008
bfb56a97
MC		 2009 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2010 mdname, sizeof(mdname));
2011 for (i = 0; i < 2; i++) {
42423ac9
RL		 2012 const char *mdnames[] = {
2013#ifndef OPENSSL_NO_SM3
2014 "SM3",
2015#else
2016 NULL,
2017#endif
2018 "SHA2-256" };
bfb56a97 2019 EVP_PKEY_CTX_free(cctx);
ddb634fe 2020
42423ac9
RL		 2021 if (mdnames[i] == NULL)
2022 continue;
2023
2024 sparams[0] =
2025 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2026 (char *)mdnames[i], 0);
ddb634fe 2027
42423ac9
RL		 2028 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2029 pkey, testpropq)))
bfb56a97 2030 goto done;
ddb634fe 2031
bfb56a97
MC		 2032 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
2033 goto done;
ddb634fe 2034
bfb56a97
MC		 2035 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2036 goto done;
ddb634fe 2037
bfb56a97
MC		 2038 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
2039 sizeof(kMsg))))
2040 goto done;
ddb634fe 2041
bfb56a97
MC		 2042 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
2043 goto done;
2044
2045 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2046 goto done;
2047
0650ac43
PH		 2048 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
2049 ctext_len), 0))
bfb56a97
MC		 2050 goto done;
2051
2052 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
2053 goto done;
2054
42423ac9
RL		 2055 /*
2056 * Test we're still using the digest we think we are.
2057 * Because of aliases, the easiest is to fetch the digest and
2058 * check the name with EVP_MD_is_a().
2059 */
2060 EVP_MD_free(check_md);
2061 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
bfb56a97 2062 goto done;
42423ac9
RL		 2063 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
2064 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
bfb56a97 2065 goto done;
42423ac9 2066 }
bfb56a97
MC		 2067
2068 if (!TEST_true(ptext_len == sizeof(kMsg)))
2069 goto done;
2070
2071 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
2072 goto done;
2073 }
ddb634fe
JL		 2074
2075 ret = 1;
2076done:
2077 EVP_PKEY_CTX_free(pctx);
2078 EVP_PKEY_CTX_free(kctx);
4803717f 2079 EVP_PKEY_CTX_free(sctx);
ddb634fe
JL		 2080 EVP_PKEY_CTX_free(cctx);
2081 EVP_PKEY_free(pkey);
bfb56a97 2082 EVP_PKEY_free(pkeyparams);
ddb634fe
JL		 2083 EVP_MD_CTX_free(md_ctx);
2084 EVP_MD_CTX_free(md_ctx_verify);
42423ac9 2085 EVP_MD_free(check_md);
ddb634fe
JL		 2086 OPENSSL_free(sig);
2087 return ret;
2088}
2089
2090#endif
2091
bb5f281a
MC		 2092static struct keys_st {
2093 int type;
2094 char *priv;
2095 char *pub;
2096} keys[] = {
2097 {
2098 EVP_PKEY_HMAC, "0123456789", NULL
92b83537
TM		 2099 },
2100 {
2101 EVP_PKEY_HMAC, "", NULL
5af6e154 2102#ifndef OPENSSL_NO_POLY1305
bb5f281a
MC		 2103 }, {
2104 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
5af6e154
TM		 2105#endif
2106#ifndef OPENSSL_NO_SIPHASH
bb5f281a
MC		 2107 }, {
2108 EVP_PKEY_SIPHASH, "0123456789012345", NULL
5af6e154 2109#endif
896dcb80
MC		 2110 },
2111#ifndef OPENSSL_NO_EC
2112 {
bb5f281a
MC		 2113 EVP_PKEY_X25519, "01234567890123456789012345678901",
2114 "abcdefghijklmnopqrstuvwxyzabcdef"
2115 }, {
2116 EVP_PKEY_ED25519, "01234567890123456789012345678901",
2117 "abcdefghijklmnopqrstuvwxyzabcdef"
2118 }, {
2119 EVP_PKEY_X448,
2120 "01234567890123456789012345678901234567890123456789012345",
2121 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2122 }, {
2123 EVP_PKEY_ED448,
2124 "012345678901234567890123456789012345678901234567890123456",
2125 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2126 }
896dcb80 2127#endif
bb5f281a
MC		 2128};
2129
86dc26ba 2130static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
bb5f281a
MC		 2131{
2132 int ret = 0;
2133 unsigned char buf[80];
2134 unsigned char *in;
15ff7d7c 2135 size_t inlen, len = 0, shortlen = 1;
bb5f281a
MC		 2136 EVP_PKEY *pkey;
2137
2138 /* Check if this algorithm supports public keys */
5af6e154 2139 if (pub && keys[tst].pub == NULL)
bb5f281a
MC		 2140 return 1;
2141
2142 memset(buf, 0, sizeof(buf));
2143
2144 if (pub) {
5af6e154 2145#ifndef OPENSSL_NO_EC
bb5f281a
MC		 2146 inlen = strlen(keys[tst].pub);
2147 in = (unsigned char *)keys[tst].pub;
86dc26ba 2148 if (uselibctx) {
d8652be0 2149 pkey = EVP_PKEY_new_raw_public_key_ex(
86dc26ba
MC		 2150 testctx,
2151 OBJ_nid2sn(keys[tst].type),
2152 NULL,
2153 in,
2154 inlen);
2155 } else {
2156 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
2157 NULL,
2158 in,
2159 inlen);
2160 }
5af6e154
TM		 2161#else
2162 return 1;
2163#endif
bb5f281a
MC		 2164 } else {
2165 inlen = strlen(keys[tst].priv);
2166 in = (unsigned char *)keys[tst].priv;
86dc26ba 2167 if (uselibctx) {
d8652be0 2168 pkey = EVP_PKEY_new_raw_private_key_ex(
86dc26ba
MC		 2169 testctx, OBJ_nid2sn(keys[tst].type),
2170 NULL,
2171 in,
2172 inlen);
2173 } else {
2174 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
2175 NULL,
2176 in,
2177 inlen);
2178 }
bb5f281a
MC		 2179 }
2180
2181 if (!TEST_ptr(pkey)
5af6e154 2182 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
bb5f281a
MC		 2183 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
2184 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
15ff7d7c
MC		 2185 || !TEST_true(len == inlen))
2186 goto done;
2187 if (tst != 1) {
2188 /*
2189 * Test that supplying a buffer that is too small fails. Doesn't apply
2190 * to HMAC with a zero length key
2191 */
2192 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
2193 &shortlen)))
2194 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
2195 &shortlen))))
2196 goto done;
2197 }
2198 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
bb5f281a
MC		 2199 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
2200 || !TEST_mem_eq(in, inlen, buf, len))
2201 goto done;
2202
2203 ret = 1;
2204 done:
2205 EVP_PKEY_free(pkey);
2206 return ret;
2207}
2208
2209static int test_set_get_raw_keys(int tst)
2210{
5af6e154 2211 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
86dc26ba 2212 && test_set_get_raw_keys_int(tst, 0, 1)
5af6e154 2213 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
86dc26ba 2214 && test_set_get_raw_keys_int(tst, 1, 1);
bb5f281a
MC		 2215}
2216
41bbba53 2217#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3
PY		 2218static int pkey_custom_check(EVP_PKEY *pkey)
2219{
2220 return 0xbeef;
2221}
2222
b0004708
PY		 2223static int pkey_custom_pub_check(EVP_PKEY *pkey)
2224{
2225 return 0xbeef;
2226}
2227
2228static int pkey_custom_param_check(EVP_PKEY *pkey)
2229{
2230 return 0xbeef;
2231}
2232
2aee35d3 2233static EVP_PKEY_METHOD *custom_pmeth;
41bbba53 2234#endif
2aee35d3
PY		 2235
2236static int test_EVP_PKEY_check(int i)
2237{
2238 int ret = 0;
2aee35d3
PY		 2239 EVP_PKEY *pkey = NULL;
2240 EVP_PKEY_CTX *ctx = NULL;
41bbba53 2241#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3 2242 EVP_PKEY_CTX *ctx2 = NULL;
41bbba53 2243#endif
2aee35d3
PY		 2244 const APK_DATA *ak = &keycheckdata[i];
2245 const unsigned char *input = ak->kder;
2246 size_t input_len = ak->size;
2247 int expected_id = ak->evptype;
2248 int expected_check = ak->check;
b0004708
PY		 2249 int expected_pub_check = ak->pub_check;
2250 int expected_param_check = ak->param_check;
2251 int type = ak->type;
b0004708 2252
5b5eea4b
SL		 2253 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
2254 goto done;
2255 if (type == 0
ed576acd 2256 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
5b5eea4b 2257 goto done;
2aee35d3 2258
062490db 2259 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2aee35d3
PY		 2260 goto done;
2261
b0004708
PY		 2262 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
2263 goto done;
2264
2265 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
2266 goto done;
2267
2268 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
2269 goto done;
2aee35d3 2270
41bbba53 2271#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3
PY		 2272 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
2273 /* assign the pkey directly, as an internal test */
2274 EVP_PKEY_up_ref(pkey);
2275 ctx2->pkey = pkey;
2276
2277 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
2278 goto done;
2279
b0004708
PY		 2280 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
2281 goto done;
2282
2283 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
2284 goto done;
41bbba53 2285#endif
b0004708 2286
2aee35d3
PY		 2287 ret = 1;
2288
2289 done:
2290 EVP_PKEY_CTX_free(ctx);
41bbba53 2291#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3 2292 EVP_PKEY_CTX_free(ctx2);
41bbba53 2293#endif
2aee35d3
PY		 2294 EVP_PKEY_free(pkey);
2295 return ret;
2296}
2297
fab8fde3 2298#ifndef OPENSSL_NO_CMAC
e5bc0ce2
MC		 2299static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
2300{
2301 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
2302 const char msg[] = "Hello World";
cff7d58e 2303 size_t maclen = AES_BLOCK_SIZE;
e5bc0ce2
MC		 2304 int ret = 1;
2305
2306 if (!TEST_ptr(mdctx)
062490db
JS		 2307 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
2308 testpropq, pkey, NULL))
e5bc0ce2
MC		 2309 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
2310 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
2311 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
2312 ret = 0;
2313
2314 EVP_MD_CTX_free(mdctx);
2315
2316 return ret;
2317}
a87820e1
RL		 2318static int test_CMAC_keygen(void)
2319{
e5bc0ce2
MC		 2320 static unsigned char key[] = {
2321 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2322 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2323 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2324 };
062490db 2325 EVP_PKEY_CTX *kctx = NULL;
a87820e1 2326 int ret = 0;
e5bc0ce2 2327 EVP_PKEY *pkey = NULL;
a3d267f1
RS		 2328 unsigned char mac[AES_BLOCK_SIZE];
2329# if !defined(OPENSSL_NO_DEPRECATED_3_0)
2330 unsigned char mac2[AES_BLOCK_SIZE];
2331# endif
e5bc0ce2 2332
062490db
JS		 2333 if (nullprov != NULL)
2334 return TEST_skip("Test does not support a non-default library context");
2335
2336 /*
2337 * This is a legacy method for CMACs, but should still work.
2338 * This verifies that it works without an ENGINE.
2339 */
2340 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2341
e5bc0ce2
MC		 2342 /* Test a CMAC key created using the "generated" method */
2343 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2344 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2345 EVP_PKEY_CTRL_CIPHER,
2346 0, (void *)EVP_aes_256_ecb()), 0)
2347 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2348 EVP_PKEY_CTRL_SET_MAC_KEY,
2349 sizeof(key), (void *)key), 0)
2350 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2351 || !TEST_ptr(pkey)
2352 || !TEST_true(get_cmac_val(pkey, mac)))
2353 goto done;
a87820e1 2354
a3d267f1 2355# if !defined(OPENSSL_NO_DEPRECATED_3_0)
e5bc0ce2
MC		 2356 EVP_PKEY_free(pkey);
2357
2358 /*
2359 * Test a CMAC key using the direct method, and compare with the mac
2360 * created above.
2361 */
2362 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
2363 if (!TEST_ptr(pkey)
2364 || !TEST_true(get_cmac_val(pkey, mac2))
2365 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
a87820e1 2366 goto done;
a3d267f1 2367# endif
e5bc0ce2 2368
a87820e1
RL		 2369 ret = 1;
2370
2371 done:
e5bc0ce2 2372 EVP_PKEY_free(pkey);
a87820e1
RL		 2373 EVP_PKEY_CTX_free(kctx);
2374 return ret;
2375}
fab8fde3 2376#endif
a87820e1 2377
10d5b415
MC		 2378static int test_HKDF(void)
2379{
2380 EVP_PKEY_CTX *pctx;
2381 unsigned char out[20];
2382 size_t outlen;
2383 int i, ret = 0;
2384 unsigned char salt[] = "0123456789";
2385 unsigned char key[] = "012345678901234567890123456789";
2386 unsigned char info[] = "infostring";
2387 const unsigned char expected[] = {
2388 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2389 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2390 };
2391 size_t expectedlen = sizeof(expected);
2392
062490db 2393 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
10d5b415
MC		 2394 goto done;
2395
2396 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2397 for (i = 0; i < 2; i++) {
2398 outlen = sizeof(out);
2399 memset(out, 0, outlen);
2400
2401 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2402 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2403 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2404 sizeof(salt) - 1), 0)
2405 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2406 sizeof(key) - 1), 0)
2407 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2408 sizeof(info) - 1), 0)
2409 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2410 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2411 goto done;
2412 }
2413
2414 ret = 1;
2415
2416 done:
2417 EVP_PKEY_CTX_free(pctx);
2418
2419 return ret;
2420}
2421
2cd3ebc7
BK		 2422static int test_emptyikm_HKDF(void)
2423{
2424 EVP_PKEY_CTX *pctx;
2425 unsigned char out[20];
2426 size_t outlen;
2427 int ret = 0;
2428 unsigned char salt[] = "9876543210";
2429 unsigned char key[] = "";
2430 unsigned char info[] = "stringinfo";
2431 const unsigned char expected[] = {
2432 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2433 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2434 };
2435 size_t expectedlen = sizeof(expected);
2436
062490db 2437 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2cd3ebc7
BK		 2438 goto done;
2439
2440 outlen = sizeof(out);
2441 memset(out, 0, outlen);
2442
2443 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2444 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2445 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2446 sizeof(salt) - 1), 0)
2447 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2448 sizeof(key) - 1), 0)
2449 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2450 sizeof(info) - 1), 0)
2451 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2452 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2453 goto done;
2454
2455 ret = 1;
2456
2457 done:
2458 EVP_PKEY_CTX_free(pctx);
2459
2460 return ret;
2461}
2462
5dc40a83
BE		 2463#ifndef OPENSSL_NO_EC
2464static int test_X509_PUBKEY_inplace(void)
2465{
808c63c5 2466 int ret = 0;
62653483 2467 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
808c63c5
P		 2468 const unsigned char *p = kExampleECPubKeyDER;
2469 size_t input_len = sizeof(kExampleECPubKeyDER);
5dc40a83 2470
62653483
MC		 2471 if (!TEST_ptr(xp))
2472 goto done;
2473 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
808c63c5 2474 goto done;
5dc40a83 2475
808c63c5
P		 2476 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2477 goto done;
5dc40a83 2478
808c63c5
P		 2479 p = kExampleBadECPubKeyDER;
2480 input_len = sizeof(kExampleBadECPubKeyDER);
5dc40a83 2481
808c63c5
P		 2482 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2483 goto done;
5dc40a83 2484
808c63c5
P		 2485 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2486 goto done;
5dc40a83 2487
808c63c5 2488 ret = 1;
5dc40a83 2489
808c63c5
P		 2490 done:
2491 X509_PUBKEY_free(xp);
2492 return ret;
2493}
2494
2495static int test_X509_PUBKEY_dup(void)
2496{
2497 int ret = 0;
2498 X509_PUBKEY *xp = NULL, *xq = NULL;
2499 const unsigned char *p = kExampleECPubKeyDER;
2500 size_t input_len = sizeof(kExampleECPubKeyDER);
2501
62653483
MC		 2502 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2503 if (!TEST_ptr(xp)
2504 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
808c63c5
P		 2505 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2506 || !TEST_ptr_ne(xp, xq))
2507 goto done;
2508
2509 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2510 || !TEST_ptr(X509_PUBKEY_get0(xp))
7e35458b 2511 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
808c63c5
P		 2512 goto done;
2513
2514 X509_PUBKEY_free(xq);
2515 xq = NULL;
2516 p = kExampleBadECPubKeyDER;
2517 input_len = sizeof(kExampleBadECPubKeyDER);
2518
2519 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2520 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2521 goto done;
2522
2523 X509_PUBKEY_free(xp);
2524 xp = NULL;
2525 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2526 goto done;
2527
2528 ret = 1;
2529
2530 done:
2531 X509_PUBKEY_free(xp);
2532 X509_PUBKEY_free(xq);
2533 return ret;
5dc40a83 2534}
7bb82f92 2535#endif /* OPENSSL_NO_EC */
784883fc 2536
9c45222d 2537/* Test getting and setting parameters on an EVP_PKEY_CTX */
f54a4101 2538static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
9c45222d 2539{
9a071fef 2540 EVP_MD_CTX *mdctx = NULL;
9c45222d 2541 EVP_PKEY_CTX *ctx = NULL;
9c45222d 2542 const OSSL_PARAM *params;
00bc1ad9 2543 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
9c45222d
MC		 2544 int ret = 0;
2545 const EVP_MD *md;
00bc1ad9 2546 char mdname[OSSL_MAX_NAME_SIZE];
9a071fef 2547 char ssl3ms[48];
9c45222d 2548
9c45222d 2549 /* Initialise a sign operation */
062490db 2550 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
9c45222d 2551 if (!TEST_ptr(ctx)
c9c4a356 2552 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
9c45222d
MC		 2553 goto err;
2554
2555 /*
f54a4101 2556 * We should be able to query the parameters now.
9c45222d
MC		 2557 */
2558 params = EVP_PKEY_CTX_settable_params(ctx);
2559 if (!TEST_ptr(params)
0cb3f4f9
RL		 2560 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2561 OSSL_SIGNATURE_PARAM_DIGEST)))
9c45222d
MC		 2562 goto err;
2563
9c45222d
MC		 2564 params = EVP_PKEY_CTX_gettable_params(ctx);
2565 if (!TEST_ptr(params)
0cb3f4f9
RL		 2566 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2567 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
0cb3f4f9
RL		 2568 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2569 OSSL_SIGNATURE_PARAM_DIGEST)))
9c45222d
MC		 2570 goto err;
2571
2572 /*
2573 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2574 * EVP_PKEY_CTX_get_params()
2575 */
00bc1ad9
RL		 2576 strcpy(mdname, "SHA512");
2577 param_md = param;
2578 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2579 mdname, 0);
9c45222d
MC		 2580 *param++ = OSSL_PARAM_construct_end();
2581
2582 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2583 goto err;
2584
00bc1ad9
RL		 2585 mdname[0] = '\0';
2586 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2587 mdname, sizeof(mdname));
9c45222d 2588 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
00bc1ad9 2589 || !TEST_str_eq(mdname, "SHA512"))
9c45222d
MC		 2590 goto err;
2591
2592 /*
2593 * Test the TEST_PKEY_CTX_set_signature_md() and
2594 * TEST_PKEY_CTX_get_signature_md() functions
2595 */
2596 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2597 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2598 || !TEST_ptr_eq(md, EVP_sha256()))
2599 goto err;
2600
9a071fef
MC		 2601 /*
2602 * Test getting MD parameters via an associated EVP_PKEY_CTX
2603 */
2604 mdctx = EVP_MD_CTX_new();
2605 if (!TEST_ptr(mdctx)
062490db 2606 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
af6171b3 2607 pkey, NULL)))
9a071fef
MC		 2608 goto err;
2609
2610 /*
2611 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2612 * able to obtain the digest's settable parameters from the provider.
2613 */
2614 params = EVP_MD_CTX_settable_params(mdctx);
2615 if (!TEST_ptr(params)
2616 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2617 /* The final key should be NULL */
2618 || !TEST_ptr_null(params[1].key))
2619 goto err;
2620
2621 param = ourparams;
2622 memset(ssl3ms, 0, sizeof(ssl3ms));
2623 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2624 ssl3ms, sizeof(ssl3ms));
2625 *param++ = OSSL_PARAM_construct_end();
2626
2627 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2628 goto err;
2629
9c45222d
MC		 2630 ret = 1;
2631
2632 err:
9a071fef 2633 EVP_MD_CTX_free(mdctx);
9c45222d 2634 EVP_PKEY_CTX_free(ctx);
f54a4101
RL		 2635
2636 return ret;
2637}
2638
2639#ifndef OPENSSL_NO_DSA
2640static int test_DSA_get_set_params(void)
2641{
6ed4022c
RL		 2642 OSSL_PARAM_BLD *bld = NULL;
2643 OSSL_PARAM *params = NULL;
f54a4101 2644 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
6ed4022c 2645 EVP_PKEY_CTX *pctx = NULL;
f54a4101
RL		 2646 EVP_PKEY *pkey = NULL;
2647 int ret = 0;
2648
2649 /*
2650 * Setup the parameters for our DSA object. For our purposes they don't
2651 * have to actually be *valid* parameters. We just need to set something.
2652 */
6ed4022c
RL		 2653 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2654 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2655 || !TEST_ptr(p = BN_new())
2656 || !TEST_ptr(q = BN_new())
2657 || !TEST_ptr(g = BN_new())
2658 || !TEST_ptr(pub = BN_new())
2659 || !TEST_ptr(priv = BN_new()))
2660 goto err;
2661 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2662 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2663 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2664 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2665 pub))
2666 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2667 priv)))
2668 goto err;
2669 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
f54a4101 2670 goto err;
f54a4101 2671
2db985b7
SL		 2672 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2673 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2674 params), 0))
f54a4101
RL		 2675 goto err;
2676
6ed4022c
RL		 2677 if (!TEST_ptr(pkey))
2678 goto err;
f54a4101
RL		 2679
2680 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2681
2682 err:
9c45222d 2683 EVP_PKEY_free(pkey);
6ed4022c 2684 EVP_PKEY_CTX_free(pctx);
3f883c7c 2685 OSSL_PARAM_free(params);
6ed4022c 2686 OSSL_PARAM_BLD_free(bld);
9c45222d
MC		 2687 BN_free(p);
2688 BN_free(q);
2689 BN_free(g);
cd32a0f5
RL		 2690 BN_free(pub);
2691 BN_free(priv);
9c45222d
MC		 2692
2693 return ret;
2694}
2c04b341
JS		 2695
2696/*
8a9394c1 2697 * Test combinations of private, public, missing and private + public key
2c04b341
JS		 2698 * params to ensure they are all accepted
2699 */
2700static int test_DSA_priv_pub(void)
2701{
2702 return test_EVP_PKEY_ffc_priv_pub("DSA");
2703}
2704
2705#endif /* !OPENSSL_NO_DSA */
9c45222d 2706
f54a4101
RL		 2707static int test_RSA_get_set_params(void)
2708{
d7e498ac
RL		 2709 OSSL_PARAM_BLD *bld = NULL;
2710 OSSL_PARAM *params = NULL;
f54a4101 2711 BIGNUM *n = NULL, *e = NULL, *d = NULL;
d7e498ac 2712 EVP_PKEY_CTX *pctx = NULL;
f54a4101
RL		 2713 EVP_PKEY *pkey = NULL;
2714 int ret = 0;
2715
2716 /*
2717 * Setup the parameters for our RSA object. For our purposes they don't
2718 * have to actually be *valid* parameters. We just need to set something.
2719 */
d7e498ac
RL		 2720 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2721 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2722 || !TEST_ptr(n = BN_new())
2723 || !TEST_ptr(e = BN_new())
2724 || !TEST_ptr(d = BN_new()))
2725 goto err;
2726 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2727 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2728 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2729 goto err;
2730 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
f54a4101 2731 goto err;
f54a4101 2732
2db985b7
SL		 2733 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2734 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2735 params), 0))
f54a4101
RL		 2736 goto err;
2737
d7e498ac
RL		 2738 if (!TEST_ptr(pkey))
2739 goto err;
f54a4101
RL		 2740
2741 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2742
2743 err:
2744 EVP_PKEY_free(pkey);
d7e498ac 2745 EVP_PKEY_CTX_free(pctx);
3f883c7c 2746 OSSL_PARAM_free(params);
d7e498ac 2747 OSSL_PARAM_BLD_free(bld);
f54a4101
RL		 2748 BN_free(n);
2749 BN_free(e);
2750 BN_free(d);
2751
2752 return ret;
2753}
2754
e5a7536e
JM		 2755static int test_RSA_OAEP_set_get_params(void)
2756{
2757 int ret = 0;
2758 EVP_PKEY *key = NULL;
2759 EVP_PKEY_CTX *key_ctx = NULL;
2760
2761 if (nullprov != NULL)
2762 return TEST_skip("Test does not support a non-default library context");
2763
2764 if (!TEST_ptr(key = load_example_rsa_key())
2765 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(0, key, 0)))
2766 goto err;
2767
2768 {
2769 int padding = RSA_PKCS1_OAEP_PADDING;
2770 OSSL_PARAM params[4];
2771
2772 params[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE, &padding);
2773 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
2774 OSSL_DIGEST_NAME_SHA2_256, 0);
2775 params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
2776 OSSL_DIGEST_NAME_SHA1, 0);
2777 params[3] = OSSL_PARAM_construct_end();
2778
2779 if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params),0))
2780 goto err;
2781 }
2782 {
2783 OSSL_PARAM params[3];
2784 char oaepmd[30] = { '\0' };
2785 char mgf1md[30] = { '\0' };
2786
2787 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
2788 oaepmd, sizeof(oaepmd));
2789 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
2790 mgf1md, sizeof(mgf1md));
2791 params[2] = OSSL_PARAM_construct_end();
2792
2793 if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx, params)))
2794 goto err;
2795
2796 if (!TEST_str_eq(oaepmd, OSSL_DIGEST_NAME_SHA2_256)
2797 || !TEST_str_eq(mgf1md, OSSL_DIGEST_NAME_SHA1))
2798 goto err;
2799 }
2800
2801 ret = 1;
2802
2803 err:
2804 EVP_PKEY_free(key);
2805 EVP_PKEY_CTX_free(key_ctx);
2806
2807 return ret;
2808}
2809
b4be6937
MC		 2810#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2811static int test_decrypt_null_chunks(void)
2812{
2813 EVP_CIPHER_CTX* ctx = NULL;
062490db 2814 EVP_CIPHER *cipher = NULL;
b4be6937
MC		 2815 const unsigned char key[32] = {
2816 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2817 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2818 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2819 };
2820 unsigned char iv[12] = {
2821 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2822 };
2823 unsigned char msg[] = "It was the best of times, it was the worst of times";
2824 unsigned char ciphertext[80];
2825 unsigned char plaintext[80];
2826 /* We initialise tmp to a non zero value on purpose */
2827 int ctlen, ptlen, tmp = 99;
2828 int ret = 0;
2829 const int enc_offset = 10, dec_offset = 20;
2830
062490db
JS		 2831 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2832 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2833 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
b4be6937
MC		 2834 key, iv))
2835 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2836 enc_offset))
2837 /* Deliberate add a zero length update */
2838 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2839 0))
2840 || !TEST_int_eq(tmp, 0)
2841 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2842 msg + enc_offset,
2843 sizeof(msg) - enc_offset))
2844 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2845 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2846 || !TEST_int_eq(tmp, 0))
2847 goto err;
2848
2849 /* Deliberately initialise tmp to a non zero value */
2850 tmp = 99;
062490db 2851 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
b4be6937
MC		 2852 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2853 dec_offset))
2854 /*
2855 * Deliberately add a zero length update. We also deliberately do
2856 * this at a different offset than for encryption.
2857 */
2858 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2859 0))
2860 || !TEST_int_eq(tmp, 0)
2861 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2862 ciphertext + dec_offset,
2863 ctlen - dec_offset))
2864 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2865 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2866 || !TEST_int_eq(tmp, 0)
2867 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2868 goto err;
2869
2870 ret = 1;
2871 err:
2872 EVP_CIPHER_CTX_free(ctx);
062490db 2873 EVP_CIPHER_free(cipher);
b4be6937
MC		 2874 return ret;
2875}
2876#endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2877
2c04b341
JS		 2878#ifndef OPENSSL_NO_DH
2879/*
8a9394c1 2880 * Test combinations of private, public, missing and private + public key
2c04b341
JS		 2881 * params to ensure they are all accepted
2882 */
2883static int test_DH_priv_pub(void)
2884{
2885 return test_EVP_PKEY_ffc_priv_pub("DH");
2886}
2887
2888# ifndef OPENSSL_NO_DEPRECATED_3_0
e295de1d
MC		 2889static int test_EVP_PKEY_set1_DH(void)
2890{
ca2bf555
SL		 2891 DH *x942dh = NULL, *noqdh = NULL;
2892 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
e295de1d 2893 int ret = 0;
ca2bf555 2894 BIGNUM *p, *g = NULL;
0ec73843
TM		 2895 BIGNUM *pubkey = NULL;
2896 unsigned char pub[2048 / 8];
2897 size_t len = 0;
ca2bf555
SL		 2898
2899 if (!TEST_ptr(p = BN_new())
2900 || !TEST_ptr(g = BN_new())
0ec73843
TM		 2901 || !TEST_ptr(pubkey = BN_new())
2902 || !TEST_true(BN_set_word(p, 9999))
2903 || !TEST_true(BN_set_word(g, 2))
2904 || !TEST_true(BN_set_word(pubkey, 4321))
ca2bf555 2905 || !TEST_ptr(noqdh = DH_new())
0ec73843
TM		 2906 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
2907 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
2908 || !TEST_ptr(pubkey = BN_new())
2909 || !TEST_true(BN_set_word(pubkey, 4321)))
ca2bf555
SL		 2910 goto err;
2911 p = g = NULL;
e295de1d
MC		 2912
2913 x942dh = DH_get_2048_256();
e295de1d
MC		 2914 pkey1 = EVP_PKEY_new();
2915 pkey2 = EVP_PKEY_new();
2916 if (!TEST_ptr(x942dh)
ca2bf555 2917 || !TEST_ptr(noqdh)
e295de1d 2918 || !TEST_ptr(pkey1)
0ec73843
TM		 2919 || !TEST_ptr(pkey2)
2920 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
e295de1d 2921 goto err;
0ec73843 2922 pubkey = NULL;
e295de1d 2923
0ec73843 2924 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
ed576acd 2925 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
e295de1d
MC		 2926 goto err;
2927
0ec73843
TM		 2928 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
2929 &pubkey))
2930 || !TEST_ptr(pubkey))
2931 goto err;
2932
2933 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
ed576acd 2934 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
e295de1d
MC		 2935 goto err;
2936
0ec73843
TM		 2937 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
2938 OSSL_PKEY_PARAM_PUB_KEY,
2939 pub, sizeof(pub), &len))
2940 || !TEST_size_t_ne(len, 0))
2941 goto err;
2942
e295de1d
MC		 2943 ret = 1;
2944 err:
ca2bf555
SL		 2945 BN_free(p);
2946 BN_free(g);
0ec73843 2947 BN_free(pubkey);
e295de1d
MC		 2948 EVP_PKEY_free(pkey1);
2949 EVP_PKEY_free(pkey2);
2950 DH_free(x942dh);
ca2bf555 2951 DH_free(noqdh);
e295de1d
MC		 2952
2953 return ret;
2954}
2c04b341
JS		 2955# endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2956#endif /* !OPENSSL_NO_DH */
e295de1d 2957
8a5cb596
RL		 2958/*
2959 * We test what happens with an empty template. For the sake of this test,
2960 * the template must be ignored, and we know that's the case for RSA keys
2961 * (this might arguably be a misfeature, but that's what we currently do,
2962 * even in provider code, since that's how the legacy RSA implementation
2963 * does things)
2964 */
2965static int test_keygen_with_empty_template(int n)
2966{
2967 EVP_PKEY_CTX *ctx = NULL;
2968 EVP_PKEY *pkey = NULL;
2969 EVP_PKEY *tkey = NULL;
2970 int ret = 0;
2971
062490db
JS		 2972 if (nullprov != NULL)
2973 return TEST_skip("Test does not support a non-default library context");
2974
8a5cb596
RL		 2975 switch (n) {
2976 case 0:
2977 /* We do test with no template at all as well */
2978 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2979 goto err;
2980 break;
2981 case 1:
2982 /* Here we create an empty RSA key that serves as our template */
2983 if (!TEST_ptr(tkey = EVP_PKEY_new())
2984 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2985 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2986 goto err;
2987 break;
2988 }
2989
2990 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2991 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2992 goto err;
2993
2994 ret = 1;
2995 err:
2996 EVP_PKEY_CTX_free(ctx);
2997 EVP_PKEY_free(pkey);
2998 EVP_PKEY_free(tkey);
2999 return ret;
3000}
3001
5ddec6a7
MC		 3002/*
3003 * Test that we fail if we attempt to use an algorithm that is not available
08497fc6
RL		 3004 * in the current library context (unless we are using an algorithm that
3005 * should be made available via legacy codepaths).
3006 *
3007 * 0: RSA
3008 * 1: SM2
5ddec6a7
MC		 3009 */
3010static int test_pkey_ctx_fail_without_provider(int tst)
3011{
b4250010 3012 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
062490db 3013 OSSL_PROVIDER *tmpnullprov = NULL;
5ddec6a7 3014 EVP_PKEY_CTX *pctx = NULL;
08497fc6
RL		 3015 const char *keytype = NULL;
3016 int expect_null = 0;
5ddec6a7
MC		 3017 int ret = 0;
3018
3019 if (!TEST_ptr(tmpctx))
3020 goto err;
3021
062490db
JS		 3022 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
3023 if (!TEST_ptr(tmpnullprov))
5ddec6a7
MC		 3024 goto err;
3025
5ddec6a7 3026 /*
08497fc6 3027 * We check for certain algos in the null provider.
e304aa87 3028 * If an algo is expected to have a provider keymgmt, constructing an
08497fc6 3029 * EVP_PKEY_CTX is expected to fail (return NULL).
e304aa87 3030 * Otherwise, if it's expected to have legacy support, constructing an
08497fc6 3031 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
5ddec6a7 3032 */
08497fc6
RL		 3033 switch (tst) {
3034 case 0:
3035 keytype = "RSA";
3036 expect_null = 1;
3037 break;
3038 case 1:
3039 keytype = "SM2";
d0b79f86 3040 expect_null = 1;
08497fc6
RL		 3041#ifdef OPENSSL_NO_EC
3042 TEST_info("EC disable, skipping SM2 check...");
3043 goto end;
3044#endif
3045#ifdef OPENSSL_NO_SM2
3046 TEST_info("SM2 disable, skipping SM2 check...");
3047 goto end;
3048#endif
3049 break;
3050 default:
3051 TEST_error("No test for case %d", tst);
3052 goto err;
3053 }
3054
3055 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
3056 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
5ddec6a7
MC		 3057 goto err;
3058
08497fc6
RL		 3059#if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
3060 end:
3061#endif
5ddec6a7
MC		 3062 ret = 1;
3063
3064 err:
3065 EVP_PKEY_CTX_free(pctx);
062490db 3066 OSSL_PROVIDER_unload(tmpnullprov);
b4250010 3067 OSSL_LIB_CTX_free(tmpctx);
5ddec6a7
MC		 3068 return ret;
3069}
3070
1c19ff3c
P		 3071static int test_rand_agglomeration(void)
3072{
3073 EVP_RAND *rand;
3074 EVP_RAND_CTX *ctx;
3075 OSSL_PARAM params[3], *p = params;
3076 int res;
3077 unsigned int step = 7;
3078 static unsigned char seed[] = "It does not matter how slowly you go "
3079 "as long as you do not stop.";
3080 unsigned char out[sizeof(seed)];
3081
3082 if (!TEST_int_ne(sizeof(seed) % step, 0)
062490db 3083 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
1c19ff3c
P		 3084 return 0;
3085 ctx = EVP_RAND_CTX_new(rand, NULL);
3086 EVP_RAND_free(rand);
3087 if (!TEST_ptr(ctx))
3088 return 0;
3089
3090 memset(out, 0, sizeof(out));
3091 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
3092 seed, sizeof(seed));
0d4460d2 3093 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
1c19ff3c 3094 *p = OSSL_PARAM_construct_end();
e494fac7 3095 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
1c19ff3c
P		 3096 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
3097 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
3098 EVP_RAND_CTX_free(ctx);
3099 return res;
3100}
3101
440b852a
BK		 3102/*
3103 * Test that we correctly return the original or "running" IV after
3104 * an encryption operation.
3105 * Run multiple times for some different relevant algorithms/modes.
3106 */
a4afa6c1 3107static int test_evp_iv_aes(int idx)
440b852a
BK		 3108{
3109 int ret = 0;
3110 EVP_CIPHER_CTX *ctx = NULL;
3111 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
3112 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
3113 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
3114 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
3115 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
3116 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3117 9, 10, 11, 12, 13, 14, 15, 16 };
3118 unsigned char ciphertext[32], oiv[16], iv[16];
3119 unsigned char *ref_iv;
3120 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
3121 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
3122
3123 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
3124 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
4ec4b063
TM		 3125 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
3126 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
440b852a
BK		 3127 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3128 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3129 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
3130#ifndef OPENSSL_NO_OCB
3131 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3132 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3133#endif
3134 int len = sizeof(ciphertext);
3135 size_t ivlen, ref_len;
3136 const EVP_CIPHER *type = NULL;
4ec4b063 3137 int iv_reset = 0;
440b852a 3138
4ec4b063 3139 if (nullprov != NULL && idx < 6)
062490db
JS		 3140 return TEST_skip("Test does not support a non-default library context");
3141
1287dabd 3142 switch (idx) {
440b852a
BK		 3143 case 0:
3144 type = EVP_aes_128_cbc();
3145 /* FALLTHROUGH */
4ec4b063 3146 case 6:
440b852a 3147 type = (type != NULL) ? type :
062490db 3148 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
440b852a
BK		 3149 ref_iv = cbc_state;
3150 ref_len = sizeof(cbc_state);
4ec4b063 3151 iv_reset = 1;
440b852a
BK		 3152 break;
3153 case 1:
3154 type = EVP_aes_128_ofb();
3155 /* FALLTHROUGH */
4ec4b063 3156 case 7:
440b852a 3157 type = (type != NULL) ? type :
062490db 3158 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
440b852a
BK		 3159 ref_iv = ofb_state;
3160 ref_len = sizeof(ofb_state);
4ec4b063 3161 iv_reset = 1;
440b852a
BK		 3162 break;
3163 case 2:
4ec4b063
TM		 3164 type = EVP_aes_128_cfb();
3165 /* FALLTHROUGH */
3166 case 8:
3167 type = (type != NULL) ? type :
3168 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
3169 ref_iv = cfb_state;
3170 ref_len = sizeof(cfb_state);
3171 iv_reset = 1;
3172 break;
3173 case 3:
440b852a
BK		 3174 type = EVP_aes_128_gcm();
3175 /* FALLTHROUGH */
4ec4b063 3176 case 9:
440b852a 3177 type = (type != NULL) ? type :
062490db 3178 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
440b852a
BK		 3179 ref_iv = gcm_state;
3180 ref_len = sizeof(gcm_state);
3181 break;
4ec4b063 3182 case 4:
440b852a
BK		 3183 type = EVP_aes_128_ccm();
3184 /* FALLTHROUGH */
4ec4b063 3185 case 10:
440b852a 3186 type = (type != NULL) ? type :
062490db 3187 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
440b852a
BK		 3188 ref_iv = ccm_state;
3189 ref_len = sizeof(ccm_state);
3190 break;
3191#ifdef OPENSSL_NO_OCB
4ec4b063
TM		 3192 case 5:
3193 case 11:
440b852a
BK		 3194 return 1;
3195#else
4ec4b063 3196 case 5:
440b852a
BK		 3197 type = EVP_aes_128_ocb();
3198 /* FALLTHROUGH */
4ec4b063 3199 case 11:
440b852a 3200 type = (type != NULL) ? type :
062490db 3201 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
440b852a
BK		 3202 ref_iv = ocb_state;
3203 ref_len = sizeof(ocb_state);
3204 break;
3205#endif
3206 default:
3207 return 0;
3208 }
3209
3210 if (!TEST_ptr(type)
3211 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3212 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3213 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3214 (int)sizeof(msg)))
0d83b7b9
TM		 3215 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3216 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
440b852a
BK		 3217 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3218 goto err;
ed576acd 3219 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
440b852a
BK		 3220 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3221 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3222 goto err;
3223
4ec4b063
TM		 3224 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3225 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3226 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3227 goto err;
3228 if (iv_reset) {
3229 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3230 goto err;
3231 } else {
3232 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
3233 goto err;
3234 }
3235
440b852a
BK		 3236 ret = 1;
3237err:
3238 EVP_CIPHER_CTX_free(ctx);
4ec4b063 3239 if (idx >= 6)
440b852a
BK		 3240 EVP_CIPHER_free((EVP_CIPHER *)type);
3241 return ret;
3242}
3243
a4afa6c1
TM		 3244#ifndef OPENSSL_NO_DES
3245static int test_evp_iv_des(int idx)
3246{
3247 int ret = 0;
3248 EVP_CIPHER_CTX *ctx = NULL;
3249 static const unsigned char key[24] = {
3250 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3251 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3252 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3253 };
3254 static const unsigned char init_iv[8] = {
3255 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3256 };
3257 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3258 9, 10, 11, 12, 13, 14, 15, 16 };
3259 unsigned char ciphertext[32], oiv[8], iv[8];
3260 unsigned const char *ref_iv;
3261 static const unsigned char cbc_state_des[8] = {
3262 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3263 };
3264 static const unsigned char cbc_state_3des[8] = {
3265 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3266 };
3267 static const unsigned char ofb_state_des[8] = {
3268 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3269 };
3270 static const unsigned char ofb_state_3des[8] = {
3271 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3272 };
3273 static const unsigned char cfb_state_des[8] = {
3274 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3275 };
3276 static const unsigned char cfb_state_3des[8] = {
3277 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3278 };
3279 int len = sizeof(ciphertext);
3280 size_t ivlen, ref_len;
3281 EVP_CIPHER *type = NULL;
3282
3283 if (lgcyprov == NULL && idx < 3)
3284 return TEST_skip("Test requires legacy provider to be loaded");
3285
1287dabd 3286 switch (idx) {
a4afa6c1
TM		 3287 case 0:
3288 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
3289 ref_iv = cbc_state_des;
3290 ref_len = sizeof(cbc_state_des);
3291 break;
3292 case 1:
3293 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
3294 ref_iv = ofb_state_des;
3295 ref_len = sizeof(ofb_state_des);
3296 break;
3297 case 2:
3298 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
3299 ref_iv = cfb_state_des;
3300 ref_len = sizeof(cfb_state_des);
3301 break;
3302 case 3:
3303 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
3304 ref_iv = cbc_state_3des;
3305 ref_len = sizeof(cbc_state_3des);
3306 break;
3307 case 4:
3308 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
3309 ref_iv = ofb_state_3des;
3310 ref_len = sizeof(ofb_state_3des);
3311 break;
3312 case 5:
3313 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
3314 ref_iv = cfb_state_3des;
3315 ref_len = sizeof(cfb_state_3des);
3316 break;
3317 default:
3318 return 0;
3319 }
3320
3321 if (!TEST_ptr(type)
3322 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3323 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3324 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3325 (int)sizeof(msg)))
3326 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3327 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3328 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3329 goto err;
ed576acd 3330 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
a4afa6c1
TM		 3331 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3332 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3333 goto err;
3334
3335 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3336 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3337 goto err;
3338 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3339 goto err;
3340
3341 ret = 1;
3342err:
3343 EVP_CIPHER_CTX_free(ctx);
3344 EVP_CIPHER_free(type);
3345 return ret;
3346}
3347#endif
3348
091e60c4
TM		 3349#ifndef OPENSSL_NO_BF
3350static int test_evp_bf_default_keylen(int idx)
3351{
3352 int ret = 0;
3353 static const char *algos[4] = {
3354 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb"
3355 };
3356 int ivlen[4] = { 0, 8, 8, 8 };
3357 EVP_CIPHER *cipher = NULL;
3358
3359 if (lgcyprov == NULL)
3360 return TEST_skip("Test requires legacy provider to be loaded");
3361
3362 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq))
3363 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16)
3364 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx]))
3365 goto err;
3366
3367 ret = 1;
3368err:
3369 EVP_CIPHER_free(cipher);
3370 return ret;
3371}
3372#endif
3373
c0ff1932 3374#ifndef OPENSSL_NO_EC
da671c41
P		 3375static int ecpub_nids[] = {
3376 NID_brainpoolP256r1, NID_X9_62_prime256v1,
3377 NID_secp384r1, NID_secp521r1,
3378# ifndef OPENSSL_NO_EC2M
3379 NID_sect233k1, NID_sect233r1, NID_sect283r1,
c0ff1932 3380 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
da671c41
P		 3381# endif
3382 NID_brainpoolP384r1, NID_brainpoolP512r1
3383};
c0ff1932
BK		 3384
3385static int test_ecpub(int idx)
3386{
ad7cb0bf 3387 int ret = 0, len, savelen;
c0ff1932
BK		 3388 int nid;
3389 unsigned char buf[1024];
3390 unsigned char *p;
3391 EVP_PKEY *pkey = NULL;
3392 EVP_PKEY_CTX *ctx = NULL;
3d364726
BK		 3393# ifndef OPENSSL_NO_DEPRECATED_3_0
3394 const unsigned char *q;
3395 EVP_PKEY *pkey2 = NULL;
3396 EC_KEY *ec = NULL;
3397# endif
c0ff1932 3398
062490db
JS		 3399 if (nullprov != NULL)
3400 return TEST_skip("Test does not support a non-default library context");
3401
c0ff1932
BK		 3402 nid = ecpub_nids[idx];
3403
3404 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
3405 if (!TEST_ptr(ctx)
bf4ceede 3406 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2cba2e16 3407 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0)
c0ff1932
BK		 3408 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
3409 goto done;
3410 len = i2d_PublicKey(pkey, NULL);
ad7cb0bf 3411 savelen = len;
c0ff1932
BK		 3412 if (!TEST_int_ge(len, 1)
3413 || !TEST_int_lt(len, 1024))
3414 goto done;
3415 p = buf;
3416 len = i2d_PublicKey(pkey, &p);
ad7cb0bf
BK		 3417 if (!TEST_int_ge(len, 1)
3418 || !TEST_int_eq(len, savelen))
c0ff1932
BK		 3419 goto done;
3420
3d364726
BK		 3421# ifndef OPENSSL_NO_DEPRECATED_3_0
3422 /* Now try to decode the just-created DER. */
3423 q = buf;
3424 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
3425 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
3426 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
3427 goto done;
3428 /* EC_KEY ownership transferred */
3429 ec = NULL;
3430 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
3431 goto done;
3432 /* The keys should match. */
c85c5e1a 3433 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
3d364726
BK		 3434 goto done;
3435# endif
3436
c0ff1932
BK		 3437 ret = 1;
3438
3439 done:
3440 EVP_PKEY_CTX_free(ctx);
3441 EVP_PKEY_free(pkey);
3d364726
BK		 3442# ifndef OPENSSL_NO_DEPRECATED_3_0
3443 EVP_PKEY_free(pkey2);
3444 EC_KEY_free(ec);
3445# endif
c0ff1932
BK		 3446 return ret;
3447}
3448#endif
3449
e947a064
DB		 3450static int test_EVP_rsa_pss_with_keygen_bits(void)
3451{
062490db
JS		 3452 int ret = 0;
3453 EVP_PKEY_CTX *ctx = NULL;
3454 EVP_PKEY *pkey = NULL;
3455 EVP_MD *md;
e947a064 3456
062490db
JS		 3457 md = EVP_MD_fetch(testctx, "sha256", testpropq);
3458 ret = TEST_ptr(md)
2cba2e16 3459 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq)))
bf4ceede 3460 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
e947a064 3461 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
2cba2e16 3462 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0)
e947a064
DB		 3463 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
3464
062490db 3465 EVP_MD_free(md);
e947a064
DB		 3466 EVP_PKEY_free(pkey);
3467 EVP_PKEY_CTX_free(ctx);
e947a064
DB		 3468 return ret;
3469}
3470
6f87463b
TC		 3471static int test_EVP_rsa_pss_set_saltlen(void)
3472{
3473 int ret = 0;
3474 EVP_PKEY *pkey = NULL;
3475 EVP_PKEY_CTX *pkey_ctx = NULL;
3476 EVP_MD *sha256 = NULL;
3477 EVP_MD_CTX *sha256_ctx = NULL;
3478 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
3479 const int test_value = 32;
3480
3481 ret = TEST_ptr(pkey = load_example_rsa_key())
3482 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
3483 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
3484 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
3485 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
7263a7fc
PH		 3486 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0)
3487 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0)
6f87463b
TC		 3488 && TEST_int_eq(saltlen, test_value);
3489
3490 EVP_MD_CTX_free(sha256_ctx);
3491 EVP_PKEY_free(pkey);
3492 EVP_MD_free(sha256);
3493
3494 return ret;
3495}
3496
5eb73cfb
MC		 3497static int success = 1;
3498static void md_names(const char *name, void *vctx)
3499{
3500 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
3501 /* Force a namemap update */
3502 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
3503
3504 if (!TEST_ptr(aes128))
3505 success = 0;
3506
3507 EVP_CIPHER_free(aes128);
3508}
3509
3510/*
3511 * Test that changing the namemap in a user callback works in a names_do_all
3512 * function.
3513 */
3514static int test_names_do_all(void)
3515{
3516 /* We use a custom libctx so that we know the state of the namemap */
3517 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
3518 EVP_MD *sha256 = NULL;
3519 int testresult = 0;
3520
3521 if (!TEST_ptr(ctx))
3522 goto err;
3523
3524 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
3525 if (!TEST_ptr(sha256))
3526 goto err;
3527
3528 /*
3529 * We loop through all the names for a given digest. This should still work
3530 * even if the namemap changes part way through.
3531 */
3532 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
3533 goto err;
3534
3535 if (!TEST_true(success))
3536 goto err;
3537
3538 testresult = 1;
3539 err:
3540 EVP_MD_free(sha256);
3541 OSSL_LIB_CTX_free(ctx);
3542 return testresult;
3543}
e947a064 3544
063e0197
JC		 3545typedef struct {
3546 const char *cipher;
3547 const unsigned char *key;
3548 const unsigned char *iv;
3549 const unsigned char *input;
3550 const unsigned char *expected;
3551 const unsigned char *tag;
3552 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3553 size_t inlen;
3554 size_t expectedlen;
3555 size_t taglen;
3556 int keyfirst;
3557 int initenc;
3558 int finalenc;
3559} EVP_INIT_TEST_st;
3560
3561static const EVP_INIT_TEST_st evp_init_tests[] = {
3562 {
3563 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3564 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3565 0, 1, 0, 1
3566 },
3567 {
3568 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3569 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3570 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3571 sizeof(gcmDefaultTag), 1, 0, 1
3572 },
3573 {
3574 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3575 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3576 0, 0, 0, 1
3577 },
3578 {
3579 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3580 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3581 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3582 sizeof(gcmDefaultTag), 0, 0, 1
3583 },
3584 {
3585 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3586 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3587 0, 1, 1, 0
3588 },
3589 {
3590 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3591 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3592 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3593 sizeof(gcmDefaultTag), 1, 1, 0
3594 },
3595 {
3596 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3597 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3598 0, 0, 1, 0
3599 },
3600 {
3601 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3602 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3603 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3604 sizeof(gcmDefaultTag), 0, 1, 0
3605 }
3606};
3607
3608static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
3609{
3610 int res = 0;
1287dabd 3611
063e0197 3612 if (t->ivlen != 0) {
d649c51a 3613 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0))
063e0197
JC		 3614 goto err;
3615 }
3616 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
3617 goto err;
3618 res = 1;
3619 err:
3620 return res;
3621}
3622
3623/*
3624 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3625 * arguments are given one at a time and a final adjustment to the enc
3626 * parameter sets the correct operation.
3627 */
3628static int test_evp_init_seq(int idx)
3629{
3630 int outlen1, outlen2;
3631 int testresult = 0;
3632 unsigned char outbuf[1024];
3633 unsigned char tag[16];
3634 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
3635 EVP_CIPHER_CTX *ctx = NULL;
3636 EVP_CIPHER *type = NULL;
3637 size_t taglen = sizeof(tag);
3638 char *errmsg = NULL;
3639
3640 ctx = EVP_CIPHER_CTX_new();
3641 if (ctx == NULL) {
3642 errmsg = "CTX_ALLOC";
3643 goto err;
3644 }
3645 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
3646 errmsg = "CIPHER_FETCH";
3647 goto err;
3648 }
3649 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
3650 errmsg = "EMPTY_ENC_INIT";
3651 goto err;
3652 }
3653 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3654 errmsg = "PADDING";
3655 goto err;
3656 }
3657 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3658 errmsg = "KEY_INIT (before iv)";
3659 goto err;
3660 }
3661 if (!evp_init_seq_set_iv(ctx, t)) {
3662 errmsg = "IV_INIT";
3663 goto err;
3664 }
3665 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3666 errmsg = "KEY_INIT (after iv)";
3667 goto err;
3668 }
3669 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
3670 errmsg = "FINAL_ENC_INIT";
3671 goto err;
3672 }
3673 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3674 errmsg = "CIPHER_UPDATE";
3675 goto err;
3676 }
3677 if (t->finalenc == 0 && t->tag != NULL) {
3678 /* Set expected tag */
d649c51a
PH		 3679 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
3680 t->taglen, (void *)t->tag), 0)) {
063e0197
JC		 3681 errmsg = "SET_TAG";
3682 goto err;
3683 }
3684 }
3685 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3686 errmsg = "CIPHER_FINAL";
3687 goto err;
3688 }
3689 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3690 errmsg = "WRONG_RESULT";
3691 goto err;
3692 }
3693 if (t->finalenc != 0 && t->tag != NULL) {
d649c51a 3694 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
063e0197
JC		 3695 errmsg = "GET_TAG";
3696 goto err;
3697 }
3698 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
3699 errmsg = "TAG_ERROR";
3700 goto err;
3701 }
3702 }
3703 testresult = 1;
3704 err:
3705 if (errmsg != NULL)
3706 TEST_info("evp_init_test %d: %s", idx, errmsg);
3707 EVP_CIPHER_CTX_free(ctx);
3708 EVP_CIPHER_free(type);
3709 return testresult;
3710}
3711
3712typedef struct {
3713 const unsigned char *input;
3714 const unsigned char *expected;
3715 size_t inlen;
3716 size_t expectedlen;
3717 int enc;
3718} EVP_RESET_TEST_st;
3719
3720static const EVP_RESET_TEST_st evp_reset_tests[] = {
3721 {
3722 cfbPlaintext, cfbCiphertext,
3723 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
3724 },
3725 {
3726 cfbCiphertext, cfbPlaintext,
3727 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
3728 }
3729};
3730
3731/*
3732 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3733 * been used.
3734 */
3735static int test_evp_reset(int idx)
3736{
3737 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
3738 int outlen1, outlen2;
3739 int testresult = 0;
3740 unsigned char outbuf[1024];
3741 EVP_CIPHER_CTX *ctx = NULL;
3742 EVP_CIPHER *type = NULL;
3743 char *errmsg = NULL;
3744
3745 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3746 errmsg = "CTX_ALLOC";
3747 goto err;
3748 }
3749 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
3750 errmsg = "CIPHER_FETCH";
3751 goto err;
3752 }
3753 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3754 errmsg = "CIPHER_INIT";
3755 goto err;
3756 }
3757 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3758 errmsg = "PADDING";
3759 goto err;
3760 }
3761 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3762 errmsg = "CIPHER_UPDATE";
3763 goto err;
3764 }
3765 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3766 errmsg = "CIPHER_FINAL";
3767 goto err;
3768 }
3769 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3770 errmsg = "WRONG_RESULT";
3771 goto err;
3772 }
3773 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
3774 errmsg = "CIPHER_REINIT";
3775 goto err;
3776 }
3777 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3778 errmsg = "CIPHER_UPDATE (reinit)";
3779 goto err;
3780 }
3781 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3782 errmsg = "CIPHER_FINAL (reinit)";
3783 goto err;
3784 }
3785 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3786 errmsg = "WRONG_RESULT (reinit)";
3787 goto err;
3788 }
3789 testresult = 1;
3790 err:
3791 if (errmsg != NULL)
3792 TEST_info("test_evp_reset %d: %s", idx, errmsg);
3793 EVP_CIPHER_CTX_free(ctx);
3794 EVP_CIPHER_free(type);
3795 return testresult;
3796}
3797
f17e5277
IF		 3798typedef struct {
3799 const char *cipher;
3800 int enc;
3801} EVP_UPDATED_IV_TEST_st;
3802
3803static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
3804 {
3805 "aes-128-cfb", 1
3806 },
3807 {
3808 "aes-128-cfb", 0
3809 },
3810 {
3811 "aes-128-cfb1", 1
3812 },
3813 {
3814 "aes-128-cfb1", 0
3815 },
3816 {
3817 "aes-128-cfb8", 1
3818 },
3819 {
3820 "aes-128-cfb8", 0
3821 },
3822 {
3823 "aes-128-ofb", 1
3824 },
3825 {
3826 "aes-128-ofb", 0
3827 },
3828 {
3829 "aes-128-ctr", 1
3830 },
3831 {
3832 "aes-128-ctr", 0
3833 },
3834 {
3835 "aes-128-cbc", 1
3836 },
3837 {
3838 "aes-128-cbc", 0
3839 }
3840};
3841
3842/*
3843 * Test that the IV in the context is updated during a crypto operation for CFB
3844 * and OFB.
3845 */
3846static int test_evp_updated_iv(int idx)
3847{
3848 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
3849 int outlen1, outlen2;
3850 int testresult = 0;
3851 unsigned char outbuf[1024];
3852 EVP_CIPHER_CTX *ctx = NULL;
3853 EVP_CIPHER *type = NULL;
3854 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
3855 int iv_len;
3856 char *errmsg = NULL;
3857
3858 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3859 errmsg = "CTX_ALLOC";
3860 goto err;
3861 }
3862 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
3863 TEST_info("cipher %s not supported, skipping", t->cipher);
3864 goto ok;
3865 }
3866
3867 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3868 errmsg = "CIPHER_INIT";
3869 goto err;
3870 }
3871 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3872 errmsg = "PADDING";
3873 goto err;
3874 }
3875 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
3876 errmsg = "CIPHER_UPDATE";
3877 goto err;
3878 }
3879 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
3880 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
3881 goto err;
3882 }
3883 if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) {
3884 errmsg = "CIPHER_CTX_GET_IV_LEN";
3885 goto err;
3886 }
3887 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
3888 errmsg = "IV_NOT_UPDATED";
3889 goto err;
3890 }
3891 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3892 errmsg = "CIPHER_FINAL";
3893 goto err;
3894 }
3895 ok:
3896 testresult = 1;
3897 err:
3898 if (errmsg != NULL)
3899 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
3900 EVP_CIPHER_CTX_free(ctx);
3901 EVP_CIPHER_free(type);
3902 return testresult;
3903}
3904
063e0197
JC		 3905typedef struct {
3906 const unsigned char *iv1;
3907 const unsigned char *iv2;
3908 const unsigned char *expected1;
3909 const unsigned char *expected2;
3910 const unsigned char *tag1;
3911 const unsigned char *tag2;
3912 size_t ivlen1;
3913 size_t ivlen2;
3914 size_t expectedlen1;
3915 size_t expectedlen2;
3916} TEST_GCM_IV_REINIT_st;
3917
3918static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
3919 {
3920 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
3921 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
3922 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
3923 },
3924 {
3925 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
3926 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
3927 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
3928 }
3929};
3930
3931static int test_gcm_reinit(int idx)
3932{
3933 int outlen1, outlen2, outlen3;
3934 int testresult = 0;
3935 unsigned char outbuf[1024];
3936 unsigned char tag[16];
3937 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
3938 EVP_CIPHER_CTX *ctx = NULL;
3939 EVP_CIPHER *type = NULL;
3940 size_t taglen = sizeof(tag);
3941 char *errmsg = NULL;
3942
3943 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3944 errmsg = "CTX_ALLOC";
3945 goto err;
3946 }
3947 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
3948 errmsg = "CIPHER_FETCH";
3949 goto err;
3950 }
3951 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
3952 errmsg = "ENC_INIT";
3953 goto err;
3954 }
d649c51a 3955 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) {
063e0197
JC		 3956 errmsg = "SET_IVLEN1";
3957 goto err;
3958 }
3959 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
3960 errmsg = "SET_IV1";
3961 goto err;
3962 }
3963 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3964 errmsg = "AAD1";
3965 goto err;
3966 }
3967 EVP_CIPHER_CTX_set_padding(ctx, 0);
3968 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3969 sizeof(gcmResetPlaintext)))) {
3970 errmsg = "CIPHER_UPDATE1";
3971 goto err;
3972 }
3973 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3974 errmsg = "CIPHER_FINAL1";
3975 goto err;
3976 }
3977 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
3978 errmsg = "WRONG_RESULT1";
3979 goto err;
3980 }
d649c51a 3981 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
063e0197
JC		 3982 errmsg = "GET_TAG1";
3983 goto err;
3984 }
3985 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
3986 errmsg = "TAG_ERROR1";
3987 goto err;
3988 }
3989 /* Now reinit */
d649c51a 3990 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) {
063e0197
JC		 3991 errmsg = "SET_IVLEN2";
3992 goto err;
3993 }
3994 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
3995 errmsg = "SET_IV2";
3996 goto err;
3997 }
3998 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3999 errmsg = "AAD2";
4000 goto err;
4001 }
4002 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
4003 sizeof(gcmResetPlaintext)))) {
4004 errmsg = "CIPHER_UPDATE2";
4005 goto err;
4006 }
4007 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4008 errmsg = "CIPHER_FINAL2";
4009 goto err;
4010 }
4011 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
4012 errmsg = "WRONG_RESULT2";
4013 goto err;
4014 }
d649c51a 4015 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
063e0197
JC		 4016 errmsg = "GET_TAG2";
4017 goto err;
4018 }
4019 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
4020 errmsg = "TAG_ERROR2";
4021 goto err;
4022 }
4023 testresult = 1;
4024 err:
4025 if (errmsg != NULL)
4026 TEST_info("evp_init_test %d: %s", idx, errmsg);
4027 EVP_CIPHER_CTX_free(ctx);
4028 EVP_CIPHER_free(type);
4029 return testresult;
4030}
4031
a983764e
MC		 4032#ifndef OPENSSL_NO_DEPRECATED_3_0
4033static EVP_PKEY_METHOD *custom_pmeth = NULL;
4034static const EVP_PKEY_METHOD *orig_pmeth = NULL;
4035
4036# define EVP_PKEY_CTRL_MY_COMMAND 9999
4037
4038static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
4039{
4040 int (*pinit)(EVP_PKEY_CTX *ctx);
4041
4042 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
4043 return pinit(ctx);
4044}
4045
4046static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
4047{
4048 void (*pcleanup)(EVP_PKEY_CTX *ctx);
4049
4050 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
4051 pcleanup(ctx);
4052}
4053
4054static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
4055 size_t *outlen, const unsigned char *in,
4056 size_t inlen)
4057{
4058 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
4059 const unsigned char *tbs, size_t tbslen);
4060
4061 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
4062 return psign(ctx, out, outlen, in, inlen);
4063}
4064
4065static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
4066 size_t *siglen, const unsigned char *tbs,
4067 size_t tbslen)
4068{
4069 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
4070 const unsigned char *tbs, size_t tbslen);
4071
c6fcd88f 4072 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
a983764e
MC		 4073 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
4074}
4075
4076static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
4077 size_t *keylen)
4078{
4079 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
4080
4081 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
4082 return pderive(ctx, key, keylen);
4083}
4084
4085static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
4086{
4087 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
4088
4089 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
4090 return pcopy(dst, src);
4091}
4092
4093static int ctrl_called;
4094
4095static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
4096{
4097 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
4098
4099 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
4100
4101 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
4102 ctrl_called = 1;
4103 return 1;
4104 }
4105
4106 return pctrl(ctx, type, p1, p2);
4107}
4108
4109static int test_custom_pmeth(int idx)
4110{
4111 EVP_PKEY_CTX *pctx = NULL;
4112 EVP_MD_CTX *ctx = NULL;
4113 EVP_PKEY *pkey = NULL;
4114 int id, orig_id, orig_flags;
4115 int testresult = 0;
4116 size_t reslen;
4117 unsigned char *res = NULL;
4118 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
4119 const EVP_MD *md = EVP_sha256();
4120 int doderive = 0;
4121
4122 ctrl_called = 0;
4123
4124 /* We call deprecated APIs so this test doesn't support a custom libctx */
4125 if (testctx != NULL)
4126 return 1;
4127
1287dabd 4128 switch (idx) {
a983764e
MC		 4129 case 0:
4130 case 6:
4131 id = EVP_PKEY_RSA;
4132 pkey = load_example_rsa_key();
4133 break;
4134 case 1:
4135 case 7:
4136# ifndef OPENSSL_NO_DSA
4137 id = EVP_PKEY_DSA;
4138 pkey = load_example_dsa_key();
4139 break;
4140# else
4141 return 1;
4142# endif
4143 case 2:
4144 case 8:
4145# ifndef OPENSSL_NO_EC
4146 id = EVP_PKEY_EC;
4147 pkey = load_example_ec_key();
4148 break;
4149# else
4150 return 1;
4151# endif
4152 case 3:
4153 case 9:
4154# ifndef OPENSSL_NO_EC
4155 id = EVP_PKEY_ED25519;
4156 md = NULL;
4157 pkey = load_example_ed25519_key();
4158 break;
4159# else
4160 return 1;
4161# endif
4162 case 4:
4163 case 10:
4164# ifndef OPENSSL_NO_DH
4165 id = EVP_PKEY_DH;
4166 doderive = 1;
4167 pkey = load_example_dh_key();
4168 break;
4169# else
4170 return 1;
4171# endif
4172 case 5:
4173 case 11:
4174# ifndef OPENSSL_NO_EC
4175 id = EVP_PKEY_X25519;
4176 doderive = 1;
4177 pkey = load_example_x25519_key();
4178 break;
4179# else
4180 return 1;
4181# endif
4182 default:
4183 TEST_error("Should not happen");
4184 goto err;
4185 }
4186
4187 if (!TEST_ptr(pkey))
4188 goto err;
4189
4190 if (idx < 6) {
4191 if (!TEST_true(evp_pkey_is_provided(pkey)))
4192 goto err;
4193 } else {
4194 EVP_PKEY *tmp = pkey;
4195
4196 /* Convert to a legacy key */
4197 pkey = EVP_PKEY_new();
4198 if (!TEST_ptr(pkey)) {
4199 pkey = tmp;
4200 goto err;
4201 }
4202 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
4203 EVP_PKEY_free(tmp);
4204 goto err;
4205 }
4206 EVP_PKEY_free(tmp);
4207 if (!TEST_true(evp_pkey_is_legacy(pkey)))
4208 goto err;
4209 }
4210
4211 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
4212 || !TEST_ptr(pkey))
4213 goto err;
4214
4215 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
4216 if (!TEST_int_eq(orig_id, id)
4217 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
4218 goto err;
4219
4220 if (id == EVP_PKEY_ED25519) {
4221 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
4222 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
4223 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
4224 } else {
4225 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
4226 }
4227 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
4228 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
4229 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
4230 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
4231 }
4232 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
4233 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
4234 goto err;
4235
4236 if (doderive) {
4237 pctx = EVP_PKEY_CTX_new(pkey, NULL);
4238 if (!TEST_ptr(pctx)
4239 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
4240 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4241 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4242 1)
4243 || !TEST_int_eq(ctrl_called, 1)
4244 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
4245 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
4246 || !TEST_ptr(res = OPENSSL_malloc(reslen))
4247 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
4248 goto err;
4249 } else {
4250 ctx = EVP_MD_CTX_new();
4251 reslen = EVP_PKEY_size(pkey);
4252 res = OPENSSL_malloc(reslen);
4253 if (!TEST_ptr(ctx)
4254 || !TEST_ptr(res)
4255 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
4256 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4257 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4258 1)
4259 || !TEST_int_eq(ctrl_called, 1))
4260 goto err;
4261
4262 if (id == EVP_PKEY_ED25519) {
4263 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
4264 goto err;
4265 } else {
4266 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
4267 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
4268 goto err;
4269 }
4270 }
4271
4272 testresult = 1;
4273 err:
4274 OPENSSL_free(res);
4275 EVP_MD_CTX_free(ctx);
4276 if (doderive)
4277 EVP_PKEY_CTX_free(pctx);
4278 EVP_PKEY_free(pkey);
4279 EVP_PKEY_meth_remove(custom_pmeth);
4280 EVP_PKEY_meth_free(custom_pmeth);
4281 custom_pmeth = NULL;
4282 return testresult;
4283}
03c2f21b
MC		 4284
4285static int test_evp_md_cipher_meth(void)
4286{
4287 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
4288 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
4289 int testresult = 0;
4290
4291 if (!TEST_ptr(md) || !TEST_ptr(ciph))
4292 goto err;
4293
4294 testresult = 1;
4295
4296 err:
4297 EVP_MD_meth_free(md);
4298 EVP_CIPHER_meth_free(ciph);
4299
4300 return testresult;
4301}
0299094c 4302
fbbe7202
MC		 4303typedef struct {
4304 int data;
4305} custom_dgst_ctx;
4306
4307static int custom_md_init_called = 0;
4308static int custom_md_cleanup_called = 0;
4309
4310static int custom_md_init(EVP_MD_CTX *ctx)
4311{
4312 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4313
4314 if (p == NULL)
4315 return 0;
4316
4317 custom_md_init_called++;
4318 return 1;
4319}
4320
4321static int custom_md_cleanup(EVP_MD_CTX *ctx)
4322{
4323 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4324
4325 if (p == NULL)
4326 /* Nothing to do */
4327 return 1;
4328
4329 custom_md_cleanup_called++;
4330 return 1;
4331}
4332
4333static int test_custom_md_meth(void)
4334{
4335 EVP_MD_CTX *mdctx = NULL;
4336 EVP_MD *tmp = NULL;
4337 char mess[] = "Test Message\n";
4338 unsigned char md_value[EVP_MAX_MD_SIZE];
4339 unsigned int md_len;
4340 int testresult = 0;
4341 int nid;
4342
4343 /*
4344 * We are testing deprecated functions. We don't support a non-default
4345 * library context in this test.
4346 */
4347 if (testctx != NULL)
8c7d847e 4348 return TEST_skip("Non-default libctx");
fbbe7202
MC		 4349
4350 custom_md_init_called = custom_md_cleanup_called = 0;
4351
4352 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
4353 if (!TEST_int_ne(nid, NID_undef))
4354 goto err;
4355 tmp = EVP_MD_meth_new(nid, NID_undef);
4356 if (!TEST_ptr(tmp))
4357 goto err;
4358
4359 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init))
4360 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup))
4361 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp,
4362 sizeof(custom_dgst_ctx))))
4363 goto err;
4364
4365 mdctx = EVP_MD_CTX_new();
4366 if (!TEST_ptr(mdctx)
4367 /*
4368 * Initing our custom md and then initing another md should
4369 * result in the init and cleanup functions of the custom md
8c7d847e 4370 * being called.
fbbe7202
MC		 4371 */
4372 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL))
4373 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
4374 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess)))
4375 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len))
4376 || !TEST_int_eq(custom_md_init_called, 1)
4377 || !TEST_int_eq(custom_md_cleanup_called, 1))
4378 goto err;
4379
4380 testresult = 1;
4381 err:
4382 EVP_MD_CTX_free(mdctx);
4383 EVP_MD_meth_free(tmp);
4384 return testresult;
4385}
4386
8c7d847e
MC		 4387typedef struct {
4388 int data;
4389} custom_ciph_ctx;
4390
4391static int custom_ciph_init_called = 0;
4392static int custom_ciph_cleanup_called = 0;
4393
4394static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
4395 const unsigned char *iv, int enc)
4396{
4397 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
4398
4399 if (p == NULL)
4400 return 0;
4401
4402 custom_ciph_init_called++;
4403 return 1;
4404}
4405
4406static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx)
4407{
4408 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
4409
4410 if (p == NULL)
4411 /* Nothing to do */
4412 return 1;
4413
4414 custom_ciph_cleanup_called++;
4415 return 1;
4416}
4417
4418static int test_custom_ciph_meth(void)
4419{
4420 EVP_CIPHER_CTX *ciphctx = NULL;
4421 EVP_CIPHER *tmp = NULL;
4422 int testresult = 0;
4423 int nid;
4424
4425 /*
4426 * We are testing deprecated functions. We don't support a non-default
4427 * library context in this test.
4428 */
4429 if (testctx != NULL)
4430 return TEST_skip("Non-default libctx");
4431
4432 custom_ciph_init_called = custom_ciph_cleanup_called = 0;
4433
4434 nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph");
4435 if (!TEST_int_ne(nid, NID_undef))
4436 goto err;
4437 tmp = EVP_CIPHER_meth_new(nid, 16, 16);
4438 if (!TEST_ptr(tmp))
4439 goto err;
4440
4441 if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init))
4442 || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT))
4443 || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup))
4444 || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp,
4445 sizeof(custom_ciph_ctx))))
4446 goto err;
4447
4448 ciphctx = EVP_CIPHER_CTX_new();
4449 if (!TEST_ptr(ciphctx)
4450 /*
4451 * Initing our custom cipher and then initing another cipher
4452 * should result in the init and cleanup functions of the custom
4453 * cipher being called.
4454 */
4455 || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1))
4456 || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL,
4457 NULL, NULL, 1))
4458 || !TEST_int_eq(custom_ciph_init_called, 1)
4459 || !TEST_int_eq(custom_ciph_cleanup_called, 1))
4460 goto err;
4461
4462 testresult = 1;
4463 err:
4464 EVP_CIPHER_CTX_free(ciphctx);
4465 EVP_CIPHER_meth_free(tmp);
4466 return testresult;
4467}
4468
0299094c
MC		 4469# ifndef OPENSSL_NO_DYNAMIC_ENGINE
4470/* Test we can create a signature keys with an associated ENGINE */
4471static int test_signatures_with_engine(int tst)
4472{
4473 ENGINE *e;
4474 const char *engine_id = "dasync";
4475 EVP_PKEY *pkey = NULL;
4476 const unsigned char badcmackey[] = { 0x00, 0x01 };
4477 const unsigned char cmackey[] = {
4478 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4479 0x0c, 0x0d, 0x0e, 0x0f
4480 };
4481 const unsigned char ed25519key[] = {
4482 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4483 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4484 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
4485 };
4486 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4487 int testresult = 0;
4488 EVP_MD_CTX *ctx = NULL;
4489 unsigned char *mac = NULL;
4490 size_t maclen = 0;
4491 int ret;
4492
ef2fb64f
MC		 4493# ifdef OPENSSL_NO_CMAC
4494 /* Skip CMAC tests in a no-cmac build */
4495 if (tst <= 1)
4496 return 1;
4497# endif
4498
0299094c
MC		 4499 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4500 return 0;
4501
4502 if (!TEST_true(ENGINE_init(e))) {
4503 ENGINE_free(e);
4504 return 0;
4505 }
4506
4507 switch (tst) {
4508 case 0:
4509 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
4510 EVP_aes_128_cbc());
4511 break;
4512 case 1:
4513 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
4514 EVP_aes_128_cbc());
4515 break;
4516 case 2:
4517 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
4518 sizeof(ed25519key));
4519 break;
4520 default:
4521 TEST_error("Invalid test case");
4522 goto err;
4523 }
4524 if (!TEST_ptr(pkey))
4525 goto err;
4526
4527 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
4528 goto err;
4529
4530 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
4531 pkey);
4532 if (tst == 0) {
4533 if (!TEST_true(ret))
4534 goto err;
4535
4536 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
4537 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
4538 goto err;
4539
4540 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
4541 goto err;
4542
4543 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
4544 goto err;
4545 } else {
4546 /* We used a bad key. We expect a failure here */
4547 if (!TEST_false(ret))
4548 goto err;
4549 }
4550
4551 testresult = 1;
4552 err:
4553 EVP_MD_CTX_free(ctx);
4554 OPENSSL_free(mac);
4555 EVP_PKEY_free(pkey);
4556 ENGINE_finish(e);
4557 ENGINE_free(e);
4558
4559 return testresult;
4560}
4561
4562static int test_cipher_with_engine(void)
4563{
4564 ENGINE *e;
4565 const char *engine_id = "dasync";
4566 const unsigned char keyiv[] = {
4567 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4568 0x0c, 0x0d, 0x0e, 0x0f
4569 };
4570 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4571 int testresult = 0;
4572 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
4573 unsigned char buf[AES_BLOCK_SIZE];
4574 int len = 0;
4575
4576 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4577 return 0;
4578
4579 if (!TEST_true(ENGINE_init(e))) {
4580 ENGINE_free(e);
4581 return 0;
4582 }
4583
4584 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4585 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
4586 goto err;
4587
4588 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
4589 goto err;
4590
4591 /* Copy the ctx, and complete the operation with the new ctx */
4592 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
4593 goto err;
4594
4595 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
4596 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
4597 goto err;
4598
4599 testresult = 1;
4600 err:
4601 EVP_CIPHER_CTX_free(ctx);
4602 EVP_CIPHER_CTX_free(ctx2);
4603 ENGINE_finish(e);
4604 ENGINE_free(e);
4605
4606 return testresult;
4607}
4608# endif /* OPENSSL_NO_DYNAMIC_ENGINE */
03c2f21b 4609#endif /* OPENSSL_NO_DEPRECATED_3_0 */
063e0197 4610
8c08c8b3
MC		 4611static int ecxnids[] = {
4612 NID_X25519,
4613 NID_X448,
4614 NID_ED25519,
4615 NID_ED448
4616};
4617
4618/* Test that creating ECX keys with a short private key fails as expected */
4619static int test_ecx_short_keys(int tst)
4620{
4621 unsigned char ecxkeydata = 1;
4622 EVP_PKEY *pkey;
4623
4624
4625 pkey = EVP_PKEY_new_raw_private_key(ecxnids[tst], NULL, &ecxkeydata, 1);
4626 if (!TEST_ptr_null(pkey)) {
4627 EVP_PKEY_free(pkey);
4628 return 0;
4629 }
4630 return 1;
4631}
4632
062490db
JS		 4633typedef enum OPTION_choice {
4634 OPT_ERR = -1,
4635 OPT_EOF = 0,
4636 OPT_CONTEXT,
4637 OPT_TEST_ENUM
4638} OPTION_CHOICE;
4639
4640const OPTIONS *test_get_options(void)
71ea6b48 4641{
062490db
JS		 4642 static const OPTIONS options[] = {
4643 OPT_TEST_OPTIONS_DEFAULT_USAGE,
4644 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
4645 { NULL }
4646 };
4647 return options;
4648}
86dc26ba 4649
062490db
JS		 4650int setup_tests(void)
4651{
4652 OPTION_CHOICE o;
4653
4654 while ((o = opt_next()) != OPT_EOF) {
4655 switch (o) {
4656 case OPT_CONTEXT:
4657 /* Set up an alternate library context */
4658 testctx = OSSL_LIB_CTX_new();
4659 if (!TEST_ptr(testctx))
4660 return 0;
4661 /* Swap the libctx to test non-default context only */
4662 nullprov = OSSL_PROVIDER_load(NULL, "null");
4663 deflprov = OSSL_PROVIDER_load(testctx, "default");
4664 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
4665 break;
4666 case OPT_TEST_CASES:
4667 break;
4668 default:
4669 return 0;
4670 }
4671 }
86dc26ba 4672
f9e504e8 4673 ADD_TEST(test_EVP_set_default_properties);
816f72d0 4674 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
adcd8e37 4675 ADD_TEST(test_EVP_DigestVerifyInit);
8cbfc4f6
TM		 4676#ifndef OPENSSL_NO_SIPHASH
4677 ADD_TEST(test_siphash_digestsign);
4678#endif
8d8dd09b 4679 ADD_TEST(test_EVP_Digest);
bef9b48e 4680 ADD_TEST(test_EVP_md_null);
15ff7d7c 4681 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
4547a719 4682 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
ad887416 4683 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
29c49b25 4684 ADD_TEST(test_privatekey_to_pkcs8);
8be513ae 4685 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
a9880362 4686#ifndef OPENSSL_NO_EC
adcd8e37 4687 ADD_TEST(test_EVP_PKCS82PKEY);
ddb634fe 4688#endif
f0c62c53
RL		 4689#ifndef OPENSSL_NO_EC
4690 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
4691#endif
919adfcf 4692#if !defined(OPENSSL_NO_SM2)
ddb634fe 4693 ADD_TEST(test_EVP_SM2);
a6c4cb84 4694 ADD_TEST(test_EVP_SM2_verify);
a9880362 4695#endif
bb5f281a 4696 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
41bbba53 4697#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3
PY		 4698 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
4699 if (!TEST_ptr(custom_pmeth))
4700 return 0;
4701 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
b0004708
PY		 4702 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
4703 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
2aee35d3
PY		 4704 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
4705 return 0;
41bbba53 4706#endif
2aee35d3 4707 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
fab8fde3 4708#ifndef OPENSSL_NO_CMAC
a87820e1 4709 ADD_TEST(test_CMAC_keygen);
fab8fde3 4710#endif
10d5b415 4711 ADD_TEST(test_HKDF);
2cd3ebc7 4712 ADD_TEST(test_emptyikm_HKDF);
5dc40a83
BE		 4713#ifndef OPENSSL_NO_EC
4714 ADD_TEST(test_X509_PUBKEY_inplace);
808c63c5 4715 ADD_TEST(test_X509_PUBKEY_dup);
cad8347b
SL		 4716 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
4717 OSSL_NELEM(ec_der_pub_keys));
5dc40a83 4718#endif
8d0f8c81 4719#ifndef OPENSSL_NO_DSA
f54a4101 4720 ADD_TEST(test_DSA_get_set_params);
2c04b341 4721 ADD_TEST(test_DSA_priv_pub);
b4be6937 4722#endif
f54a4101 4723 ADD_TEST(test_RSA_get_set_params);
e5a7536e 4724 ADD_TEST(test_RSA_OAEP_set_get_params);
b4be6937
MC		 4725#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
4726 ADD_TEST(test_decrypt_null_chunks);
8d0f8c81 4727#endif
2c04b341
JS		 4728#ifndef OPENSSL_NO_DH
4729 ADD_TEST(test_DH_priv_pub);
4730# ifndef OPENSSL_NO_DEPRECATED_3_0
e295de1d 4731 ADD_TEST(test_EVP_PKEY_set1_DH);
2c04b341 4732# endif
b8a1272d
MC		 4733#endif
4734#ifndef OPENSSL_NO_EC
4735 ADD_TEST(test_EC_priv_pub);
4736# ifndef OPENSSL_NO_DEPRECATED_3_0
4737 ADD_TEST(test_EC_priv_only_legacy);
4738# endif
501fcfb8 4739#endif
8a5cb596 4740 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
5ddec6a7 4741 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
e295de1d 4742
1c19ff3c 4743 ADD_TEST(test_rand_agglomeration);
a4afa6c1
TM		 4744 ADD_ALL_TESTS(test_evp_iv_aes, 12);
4745#ifndef OPENSSL_NO_DES
4746 ADD_ALL_TESTS(test_evp_iv_des, 6);
091e60c4
TM		 4747#endif
4748#ifndef OPENSSL_NO_BF
4749 ADD_ALL_TESTS(test_evp_bf_default_keylen, 4);
a4afa6c1 4750#endif
e947a064 4751 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
6f87463b 4752 ADD_TEST(test_EVP_rsa_pss_set_saltlen);
c0ff1932
BK		 4753#ifndef OPENSSL_NO_EC
4754 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
4755#endif
1c19ff3c 4756
5eb73cfb
MC		 4757 ADD_TEST(test_names_do_all);
4758
063e0197
JC		 4759 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
4760 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
4761 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
f17e5277 4762 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
063e0197 4763
a983764e
MC		 4764#ifndef OPENSSL_NO_DEPRECATED_3_0
4765 ADD_ALL_TESTS(test_custom_pmeth, 12);
03c2f21b 4766 ADD_TEST(test_evp_md_cipher_meth);
fbbe7202 4767 ADD_TEST(test_custom_md_meth);
8c7d847e 4768 ADD_TEST(test_custom_ciph_meth);
0299094c
MC		 4769
4770# ifndef OPENSSL_NO_DYNAMIC_ENGINE
4771 /* Tests only support the default libctx */
4772 if (testctx == NULL) {
4773# ifndef OPENSSL_NO_EC
4774 ADD_ALL_TESTS(test_signatures_with_engine, 3);
4775# else
4776 ADD_ALL_TESTS(test_signatures_with_engine, 2);
4777# endif
4778 ADD_TEST(test_cipher_with_engine);
4779 }
4780# endif
a983764e
MC		 4781#endif
4782
8c08c8b3
MC		 4783 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
4784
ad887416 4785 return 1;
71ea6b48 4786}
86dc26ba
MC		 4787
4788void cleanup_tests(void)
4789{
062490db
JS		 4790 OSSL_PROVIDER_unload(nullprov);
4791 OSSL_PROVIDER_unload(deflprov);
4792 OSSL_PROVIDER_unload(lgcyprov);
b4250010 4793 OSSL_LIB_CTX_free(testctx);
86dc26ba 4794}
A mirror of the official openssl repository