]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/evp_extra_test.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Fix the check of evp_pkey_ctx_set_params_strict
[thirdparty/openssl.git] / test / evp_extra_test.c
CommitLineData
440e5d80 1/*
fecb3aae 2 * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
71ea6b48 3 *
909f1a2e 4 * Licensed under the Apache License 2.0 (the "License"). You may not use
440e5d80
RS		 5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
71ea6b48
MC		 8 */
9
41bbba53
P		 10/* We need to use some deprecated APIs */
11#define OPENSSL_SUPPRESS_DEPRECATED
12
71ea6b48
MC		 13#include <stdio.h>
14#include <stdlib.h>
bb5f281a 15#include <string.h>
71ea6b48 16#include <openssl/bio.h>
7bb82f92 17#include <openssl/conf.h>
71ea6b48
MC		 18#include <openssl/crypto.h>
19#include <openssl/err.h>
20#include <openssl/evp.h>
71ea6b48 21#include <openssl/x509.h>
4803717f 22#include <openssl/pem.h>
10d5b415 23#include <openssl/kdf.h>
847d0f81 24#include <openssl/provider.h>
9c45222d 25#include <openssl/core_names.h>
f54a4101 26#include <openssl/params.h>
d7e498ac 27#include <openssl/param_build.h>
9c45222d 28#include <openssl/dsa.h>
e295de1d 29#include <openssl/dh.h>
e5bc0ce2 30#include <openssl/aes.h>
d7e498ac 31#include <openssl/decoder.h>
e947a064 32#include <openssl/rsa.h>
0299094c 33#include <openssl/engine.h>
adcd8e37 34#include "testutil.h"
176db6dc 35#include "internal/nelem.h"
00bc1ad9 36#include "internal/sizes.h"
25f2138b 37#include "crypto/evp.h"
71ea6b48 38
b4250010 39static OSSL_LIB_CTX *testctx = NULL;
062490db
JS		 40static char *testpropq = NULL;
41
42static OSSL_PROVIDER *nullprov = NULL;
43static OSSL_PROVIDER *deflprov = NULL;
44static OSSL_PROVIDER *lgcyprov = NULL;
86dc26ba 45
71ea6b48
MC		 46/*
47 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
48 * should never use this key anywhere but in an example.
49 */
50static const unsigned char kExampleRSAKeyDER[] = {
51 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
52 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
53 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
54 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
55 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
56 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
57 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
58 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
59 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
60 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
61 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
62 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
63 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
64 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
65 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
66 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
67 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
68 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
69 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
70 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
71 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
72 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
73 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
74 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
75 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
76 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
77 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
78 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
79 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
80 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
81 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
82 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
83 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
84 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
85 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
86 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
87 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
88 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
89 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
90 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
91 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
92 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
93 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
94 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
95 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
96 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
97 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
98 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
99 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
100 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
101 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
102};
103
59d0e6c8
MC		 104/*
105* kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
106 * should never use this key anywhere but in an example.
107 */
f650ab47 108#ifndef OPENSSL_NO_DSA
59d0e6c8
MC		 109static const unsigned char kExampleDSAKeyDER[] = {
110 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
111 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
112 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
113 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
114 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
115 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
116 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
117 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
118 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
119 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
120 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
121 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
122 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
123 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
124 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
125 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
126 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
127 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
128 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
129 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
130 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
131 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
132 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
133 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
134 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
135 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
136 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
137 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
138 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
139 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
140 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
141 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
142 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
143 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
144 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
145 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
146 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
147 0x40, 0x48
148};
f650ab47 149#endif
59d0e6c8 150
2aee35d3
PY		 151/*
152 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
153 * components are not correct.
154 */
155static const unsigned char kExampleBadRSAKeyDER[] = {
156 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
157 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
158 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
159 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
160 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
161 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
162 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
163 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
164 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
165 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
166 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
167 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
168 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
169 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
170 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
171 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
172 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
173 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
174 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
175 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
176 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
177 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
178 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
179 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
180 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
181 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
182 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
183 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
184 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
185 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
186 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
187 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
188 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
189 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
190 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
191 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
192 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
193 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
194 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
195 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
196 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
197 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
198 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
199 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
200 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
201 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
202 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
203 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
204 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
205 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
206 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
207 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
208 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
209 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
210 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
211 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
212 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
213 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
214 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
215 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
216 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
217 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
218 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
219 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
220 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
221 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
222 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
223 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
224 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
225 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
226 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
227 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
228 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
229 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
230 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
231 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
232 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
233 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
234 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
235 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
236 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
237 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
238 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
239 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
240 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
241 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
242 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
243 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
244 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
245};
246
71ea6b48
MC		 247static const unsigned char kMsg[] = { 1, 2, 3, 4 };
248
249static const unsigned char kSignature[] = {
250 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
251 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
252 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
253 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
254 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
255 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
256 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
257 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
258 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
259 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
260 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
261};
262
263/*
264 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
265 * PrivateKeyInfo.
266 */
267static const unsigned char kExampleRSAKeyPKCS8[] = {
268 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
269 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
270 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
271 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
272 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
273 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
274 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
275 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
276 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
277 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
278 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
279 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
280 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
281 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
282 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
283 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
284 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
285 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
286 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
287 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
288 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
289 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
290 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
291 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
292 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
293 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
294 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
295 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
296 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
297 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
298 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
299 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
300 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
301 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
302 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
303 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
304 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
305 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
306 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
307 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
308 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
309 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
310 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
311 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
312 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
313 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
314 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
315 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
316 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
317 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
318 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
319 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
320 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
321};
322
a9880362 323#ifndef OPENSSL_NO_EC
71ea6b48
MC		 324/*
325 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
326 * structure.
327 */
328static const unsigned char kExampleECKeyDER[] = {
329 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
330 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
331 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
332 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
333 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
334 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
335 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
336 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
337 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
338 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
339 0xc1,
340};
341
342/*
343 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
344 * structure. The private key is equal to the order and will fail to import
345 */
346static const unsigned char kExampleBadECKeyDER[] = {
347 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
348 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
349 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
350 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
351 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
352 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
353 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
354 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
355 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
356};
b0004708
PY		 357
358/* prime256v1 */
359static const unsigned char kExampleECPubKeyDER[] = {
360 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
361 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
362 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
363 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
364 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
365 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
366 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
367 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
368};
369
5dc40a83 370/*
87762939 371 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
5dc40a83
BE		 372 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
373 */
374static const unsigned char kExampleBadECPubKeyDER[] = {
375 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
376 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
377 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
378 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
379 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
380 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
381 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
382 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
383};
384
b0004708
PY		 385static const unsigned char pExampleECParamDER[] = {
386 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
387};
2cf8bb46
MC		 388
389static const unsigned char kExampleED25519KeyDER[] = {
390 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
391 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
392 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
393 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
394};
395
396static const unsigned char kExampleED25519PubKeyDER[] = {
397 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
398 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
399 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
400 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
401};
402
a983764e
MC		 403# ifndef OPENSSL_NO_DEPRECATED_3_0
404static const unsigned char kExampleX25519KeyDER[] = {
405 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
406 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
407 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
408 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
409};
410# endif
411#endif
412
413/* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
414#ifndef OPENSSL_NO_DEPRECATED_3_0
415# ifndef OPENSSL_NO_DH
416static const unsigned char kExampleDHKeyDER[] = {
417 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
418 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
419 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
420 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
421 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
422 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
423 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
424 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
425 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
426 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
427 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
428 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
429 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
430 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
431 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
432 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
433 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
434 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
435 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
436 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
437 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
438 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
439 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
440 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
441 0x2e, 0x87, 0x2a, 0x0b, 0x7a
442};
443# endif
a9880362 444#endif
71ea6b48 445
063e0197
JC		 446static const unsigned char kCFBDefaultKey[] = {
447 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
448 0x09, 0xCF, 0x4F, 0x3C
449};
450
451static const unsigned char kGCMDefaultKey[32] = { 0 };
452
453static const unsigned char kGCMResetKey[] = {
454 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
455 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
456 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
457};
458
459static const unsigned char iCFBIV[] = {
460 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
461 0x0C, 0x0D, 0x0E, 0x0F
462};
463
464static const unsigned char iGCMDefaultIV[12] = { 0 };
465
466static const unsigned char iGCMResetIV1[] = {
467 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
468};
469
470static const unsigned char iGCMResetIV2[] = {
471 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
472};
473
474static const unsigned char cfbPlaintext[] = {
475 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
476 0x73, 0x93, 0x17, 0x2A
477};
478
479static const unsigned char gcmDefaultPlaintext[16] = { 0 };
480
481static const unsigned char gcmResetPlaintext[] = {
482 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
483 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
484 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
485 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
486 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
487};
488
489static const unsigned char cfbCiphertext[] = {
490 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
491 0xE8, 0x3C, 0xFB, 0x4A
492};
493
494static const unsigned char gcmDefaultCiphertext[] = {
495 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
496 0xba, 0xf3, 0x9d, 0x18
497};
498
499static const unsigned char gcmResetCiphertext1[] = {
500 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
501 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
502 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
503 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
504 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
505};
506
507static const unsigned char gcmResetCiphertext2[] = {
508 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
509 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
510 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
511 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
512 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
513};
514
515static const unsigned char gcmAAD[] = {
516 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
517 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
518};
519
520static const unsigned char gcmDefaultTag[] = {
521 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
522 0xd4, 0x8a, 0xb9, 0x19
523};
524
525static const unsigned char gcmResetTag1[] = {
526 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
527 0xfe, 0x2e, 0xa8, 0xf2
528};
529
530static const unsigned char gcmResetTag2[] = {
531 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
532 0xbb, 0x2d, 0x55, 0x1b
533};
534
adcd8e37
RS		 535typedef struct APK_DATA_st {
536 const unsigned char *kder;
537 size_t size;
5b5eea4b 538 const char *keytype;
adcd8e37 539 int evptype;
2aee35d3 540 int check;
b0004708
PY		 541 int pub_check;
542 int param_check;
543 int type; /* 0 for private, 1 for public, 2 for params */
adcd8e37
RS		 544} APK_DATA;
545
546static APK_DATA keydata[] = {
5b5eea4b
SL		 547 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
548 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
aa24cd1b 549#ifndef OPENSSL_NO_EC
5b5eea4b 550 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
aa24cd1b 551#endif
adcd8e37
RS		 552};
553
2aee35d3 554static APK_DATA keycheckdata[] = {
2cf8bb46
MC		 555 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
556 0},
5b5eea4b 557 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
e6774a72 558 0, 1, 1, 0},
2aee35d3 559#ifndef OPENSSL_NO_EC
5b5eea4b 560 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
b0004708 561 /* group is also associated in our pub key */
2cf8bb46
MC		 562 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
563 1, 1},
564 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
565 2},
566 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
567 EVP_PKEY_ED25519, 1, 1, 1, 0},
568 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
569 EVP_PKEY_ED25519, 0, 1, 1, 1},
2aee35d3
PY		 570#endif
571};
572
d7e498ac
RL		 573static EVP_PKEY *load_example_key(const char *keytype,
574 const unsigned char *data, size_t data_len)
71ea6b48 575{
d7e498ac 576 const unsigned char **pdata = &data;
71ea6b48 577 EVP_PKEY *pkey = NULL;
d7e498ac 578 OSSL_DECODER_CTX *dctx =
fe75766c 579 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
062490db 580 testctx, testpropq);
71ea6b48 581
d7e498ac
RL		 582 /* |pkey| will be NULL on error */
583 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
584 OSSL_DECODER_CTX_free(dctx);
585 return pkey;
586}
71ea6b48 587
d7e498ac
RL		 588static EVP_PKEY *load_example_rsa_key(void)
589{
590 return load_example_key("RSA", kExampleRSAKeyDER,
591 sizeof(kExampleRSAKeyDER));
71ea6b48
MC		 592}
593
f650ab47 594#ifndef OPENSSL_NO_DSA
59d0e6c8
MC		 595static EVP_PKEY *load_example_dsa_key(void)
596{
6ed4022c
RL		 597 return load_example_key("DSA", kExampleDSAKeyDER,
598 sizeof(kExampleDSAKeyDER));
59d0e6c8 599}
f650ab47 600#endif
59d0e6c8 601
15ff7d7c
MC		 602#ifndef OPENSSL_NO_EC
603static EVP_PKEY *load_example_ec_key(void)
604{
605 return load_example_key("EC", kExampleECKeyDER,
606 sizeof(kExampleECKeyDER));
607}
608#endif
609
a983764e
MC		 610#ifndef OPENSSL_NO_DEPRECATED_3_0
611# ifndef OPENSSL_NO_DH
612static EVP_PKEY *load_example_dh_key(void)
613{
614 return load_example_key("DH", kExampleDHKeyDER,
615 sizeof(kExampleDHKeyDER));
616}
617# endif
618
619# ifndef OPENSSL_NO_EC
a983764e
MC		 620static EVP_PKEY *load_example_ed25519_key(void)
621{
622 return load_example_key("ED25519", kExampleED25519KeyDER,
623 sizeof(kExampleED25519KeyDER));
624}
625
626static EVP_PKEY *load_example_x25519_key(void)
627{
628 return load_example_key("X25519", kExampleX25519KeyDER,
629 sizeof(kExampleX25519KeyDER));
630}
631# endif
632#endif /* OPENSSL_NO_DEPRECATED_3_0 */
633
6d242fa5
MC		 634static EVP_PKEY *load_example_hmac_key(void)
635{
636 EVP_PKEY *pkey = NULL;
637 unsigned char key[] = {
638 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
639 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
640 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
641 };
642
5af6e154
TM		 643 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
644 NULL, key, sizeof(key));
6d242fa5
MC		 645 if (!TEST_ptr(pkey))
646 return NULL;
647
648 return pkey;
649}
650
f9e504e8
P		 651static int test_EVP_set_default_properties(void)
652{
b4250010 653 OSSL_LIB_CTX *ctx;
f9e504e8
P		 654 EVP_MD *md = NULL;
655 int res = 0;
656
b4250010 657 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
f9e504e8
P		 658 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
659 goto err;
660 EVP_MD_free(md);
661 md = NULL;
662
663 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
664 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
665 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
666 goto err;
667 EVP_MD_free(md);
668 md = NULL;
669
670 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
671 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
672 goto err;
673 res = 1;
674err:
675 EVP_MD_free(md);
b4250010 676 OSSL_LIB_CTX_free(ctx);
f9e504e8
P		 677 return res;
678}
679
b8a1272d 680#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
5fbe15fd 681static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
b8a1272d
MC		 682{
683 EVP_PKEY_CTX *pctx = NULL;
5fbe15fd 684 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL;
b8a1272d 685
062490db 686 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
b8a1272d 687 goto err;
2db985b7 688 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
5fbe15fd 689 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
2db985b7 690 params), 0))
b8a1272d
MC		 691 goto err;
692
5fbe15fd 693 if (!TEST_ptr(tmp_pkey))
b8a1272d
MC		 694 goto err;
695
5fbe15fd
RL		 696 pkey = tmp_pkey;
697 tmp_pkey = NULL;
698 err:
699 EVP_PKEY_free(tmp_pkey);
700 EVP_PKEY_CTX_free(pctx);
701 return pkey;
702}
703
704static int test_selection(EVP_PKEY *pkey, int selection)
705{
706 int testresult = 0;
707 int ret;
708 BIO *bio = BIO_new(BIO_s_mem());
709
fd19fc4c
MC		 710 ret = PEM_write_bio_PUBKEY(bio, pkey);
711 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
712 if (!TEST_true(ret))
713 goto err;
714 } else {
715 if (!TEST_false(ret))
716 goto err;
717 }
718 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
719 testctx, NULL);
720 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
721 if (!TEST_true(ret))
722 goto err;
723 } else {
724 if (!TEST_false(ret))
725 goto err;
726 }
727
b8a1272d
MC		 728 testresult = 1;
729 err:
fd19fc4c 730 BIO_free(bio);
b8a1272d
MC		 731
732 return testresult;
733}
734#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
735
2c04b341 736/*
8a9394c1 737 * Test combinations of private, public, missing and private + public key
2c04b341
JS		 738 * params to ensure they are all accepted
739 */
b8a1272d 740#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
2c04b341
JS		 741static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
742{
743 OSSL_PARAM_BLD *bld = NULL;
744 OSSL_PARAM *params = NULL;
5fbe15fd
RL		 745 EVP_PKEY *just_params = NULL;
746 EVP_PKEY *params_and_priv = NULL;
747 EVP_PKEY *params_and_pub = NULL;
748 EVP_PKEY *params_and_keypair = NULL;
2c04b341 749 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2c04b341
JS		 750 int ret = 0;
751
752 /*
753 * Setup the parameters for our pkey object. For our purposes they don't
754 * have to actually be *valid* parameters. We just need to set something.
755 */
b8a1272d 756 if (!TEST_ptr(p = BN_new())
2c04b341
JS		 757 || !TEST_ptr(q = BN_new())
758 || !TEST_ptr(g = BN_new())
759 || !TEST_ptr(pub = BN_new())
760 || !TEST_ptr(priv = BN_new()))
761 goto err;
762
763 /* Test !priv and !pub */
764 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
765 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
766 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
767 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
768 goto err;
5fbe15fd
RL		 769 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
770 || !TEST_ptr(just_params = make_key_fromdata(keytype, params)))
2c04b341
JS		 771 goto err;
772
3f883c7c 773 OSSL_PARAM_free(params);
2c04b341 774 OSSL_PARAM_BLD_free(bld);
5fbe15fd
RL		 775 params = NULL;
776 bld = NULL;
777
778 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
779 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
780 goto err;
2c04b341
JS		 781
782 /* Test priv and !pub */
783 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
784 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
785 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
786 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
787 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
788 priv)))
789 goto err;
5fbe15fd
RL		 790 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
791 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params)))
2c04b341
JS		 792 goto err;
793
3f883c7c 794 OSSL_PARAM_free(params);
2c04b341 795 OSSL_PARAM_BLD_free(bld);
5fbe15fd
RL		 796 params = NULL;
797 bld = NULL;
798
799 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
800 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
801 goto err;
2c04b341
JS		 802
803 /* Test !priv and pub */
804 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
805 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
806 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
807 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
808 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
809 pub)))
810 goto err;
5fbe15fd
RL		 811 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
812 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params)))
2c04b341
JS		 813 goto err;
814
3f883c7c 815 OSSL_PARAM_free(params);
2c04b341 816 OSSL_PARAM_BLD_free(bld);
5fbe15fd
RL		 817 params = NULL;
818 bld = NULL;
819
820 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
821 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
822 goto err;
2c04b341
JS		 823
824 /* Test priv and pub */
825 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
826 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
827 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
828 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
829 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
830 pub))
831 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
832 priv)))
833 goto err;
5fbe15fd
RL		 834 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
835 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params)))
2c04b341
JS		 836 goto err;
837
5fbe15fd 838 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
2c04b341
JS		 839 goto err;
840
841 ret = 1;
842 err:
3f883c7c 843 OSSL_PARAM_free(params);
2c04b341 844 OSSL_PARAM_BLD_free(bld);
5fbe15fd
RL		 845 EVP_PKEY_free(just_params);
846 EVP_PKEY_free(params_and_priv);
847 EVP_PKEY_free(params_and_pub);
848 EVP_PKEY_free(params_and_keypair);
2c04b341
JS		 849 BN_free(p);
850 BN_free(q);
851 BN_free(g);
852 BN_free(pub);
853 BN_free(priv);
854
855 return ret;
856}
8a9394c1 857#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
2c04b341 858
b8a1272d
MC		 859/*
860 * Test combinations of private, public, missing and private + public key
861 * params to ensure they are all accepted for EC keys
862 */
863#ifndef OPENSSL_NO_EC
864static unsigned char ec_priv[] = {
865 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
866 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
867 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
868};
869static unsigned char ec_pub[] = {
870 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
871 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
872 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
873 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
874 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
875 0x08, 0x09, 0xb8, 0xdb, 0x03
876};
877
878static int test_EC_priv_pub(void)
879{
880 OSSL_PARAM_BLD *bld = NULL;
881 OSSL_PARAM *params = NULL;
5fbe15fd
RL		 882 EVP_PKEY *just_params = NULL;
883 EVP_PKEY *params_and_priv = NULL;
884 EVP_PKEY *params_and_pub = NULL;
885 EVP_PKEY *params_and_keypair = NULL;
b8a1272d
MC		 886 BIGNUM *priv = NULL;
887 int ret = 0;
888
889 /*
890 * Setup the parameters for our pkey object. For our purposes they don't
891 * have to actually be *valid* parameters. We just need to set something.
892 */
893 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
894 goto err;
895
896 /* Test !priv and !pub */
897 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
898 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
899 OSSL_PKEY_PARAM_GROUP_NAME,
900 "P-256", 0)))
901 goto err;
5fbe15fd
RL		 902 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
903 || !TEST_ptr(just_params = make_key_fromdata("EC", params)))
b8a1272d
MC		 904 goto err;
905
3f883c7c 906 OSSL_PARAM_free(params);
b8a1272d 907 OSSL_PARAM_BLD_free(bld);
5fbe15fd
RL		 908 params = NULL;
909 bld = NULL;
910
911 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
912 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
913 goto err;
b8a1272d
MC		 914
915 /* Test priv and !pub */
916 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
917 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
918 OSSL_PKEY_PARAM_GROUP_NAME,
919 "P-256", 0))
920 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
921 priv)))
922 goto err;
5fbe15fd
RL		 923 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
924 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params)))
b8a1272d
MC		 925 goto err;
926
5fbe15fd
RL		 927 OSSL_PARAM_free(params);
928 OSSL_PARAM_BLD_free(bld);
929 params = NULL;
930 bld = NULL;
931
fd19fc4c 932 /*
5fbe15fd
RL		 933 * We indicate only parameters here, in spite of having built a key that
934 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
935 * expected to fail because it does not support exporting a private EC
936 * key without a corresponding public key
fd19fc4c 937 */
5fbe15fd
RL		 938 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
939 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
b8a1272d 940 goto err;
b8a1272d
MC		 941
942 /* Test !priv and pub */
943 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
944 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
945 OSSL_PKEY_PARAM_GROUP_NAME,
946 "P-256", 0))
947 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
948 OSSL_PKEY_PARAM_PUB_KEY,
949 ec_pub, sizeof(ec_pub))))
950 goto err;
5fbe15fd
RL		 951 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
952 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params)))
b8a1272d
MC		 953 goto err;
954
3f883c7c 955 OSSL_PARAM_free(params);
b8a1272d 956 OSSL_PARAM_BLD_free(bld);
5fbe15fd
RL		 957 params = NULL;
958 bld = NULL;
959
960 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
961 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
962 goto err;
b8a1272d
MC		 963
964 /* Test priv and pub */
965 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
966 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
967 OSSL_PKEY_PARAM_GROUP_NAME,
968 "P-256", 0))
969 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
970 OSSL_PKEY_PARAM_PUB_KEY,
971 ec_pub, sizeof(ec_pub)))
d36a5dd0
MC		 972 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
973 priv)))
b8a1272d 974 goto err;
5fbe15fd
RL		 975 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
976 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params)))
b8a1272d
MC		 977 goto err;
978
5fbe15fd 979 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
b8a1272d
MC		 980 goto err;
981
edc8566f
RL		 982 /* Try key equality */
983 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0)
984 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub),
985 0)
986 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv),
987 0)
988 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair),
989 0)
990 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0)
991 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0)
992 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0)
993 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0))
994 goto err;
995
b8a1272d
MC		 996 ret = 1;
997 err:
3f883c7c 998 OSSL_PARAM_free(params);
b8a1272d 999 OSSL_PARAM_BLD_free(bld);
5fbe15fd
RL		 1000 EVP_PKEY_free(just_params);
1001 EVP_PKEY_free(params_and_priv);
1002 EVP_PKEY_free(params_and_pub);
1003 EVP_PKEY_free(params_and_keypair);
b8a1272d
MC		 1004 BN_free(priv);
1005
1006 return ret;
1007}
1008
1009/* Test that using a legacy EC key with only a private key in it works */
1010# ifndef OPENSSL_NO_DEPRECATED_3_0
1011static int test_EC_priv_only_legacy(void)
1012{
1013 BIGNUM *priv = NULL;
1014 int ret = 0;
1015 EC_KEY *eckey = NULL;
2145ba5e 1016 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
b8a1272d
MC		 1017 EVP_MD_CTX *ctx = NULL;
1018
1019 /* Create the low level EC_KEY */
1020 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1021 goto err;
1022
1023 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1024 if (!TEST_ptr(eckey))
1025 goto err;
1026
1027 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1028 goto err;
1029
1030 pkey = EVP_PKEY_new();
1031 if (!TEST_ptr(pkey))
1032 goto err;
1033
1034 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1035 goto err;
1036 eckey = NULL;
1037
2145ba5e
TM		 1038 while (dup_pk == NULL) {
1039 ret = 0;
1040 ctx = EVP_MD_CTX_new();
1041 if (!TEST_ptr(ctx))
1042 goto err;
1043
1044 /*
1045 * The EVP_DigestSignInit function should create the key on the
1046 * provider side which is sufficient for this test.
1047 */
1048 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
1049 testpropq, pkey, NULL)))
1050 goto err;
1051 EVP_MD_CTX_free(ctx);
1052 ctx = NULL;
1053
1054 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
1055 goto err;
1056 /* EVP_PKEY_eq() returns -2 with missing public keys */
1057 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
1058 EVP_PKEY_free(pkey);
1059 pkey = dup_pk;
1060 if (!ret)
1061 goto err;
1062 }
b8a1272d
MC		 1063
1064 err:
1065 EVP_MD_CTX_free(ctx);
1066 EVP_PKEY_free(pkey);
1067 EC_KEY_free(eckey);
1068 BN_free(priv);
1069
1070 return ret;
1071}
1072# endif /* OPENSSL_NO_DEPRECATED_3_0 */
1073#endif /* OPENSSL_NO_EC */
1074
15ff7d7c
MC		 1075static int test_EVP_PKEY_sign(int tst)
1076{
1077 int ret = 0;
1078 EVP_PKEY *pkey = NULL;
1079 unsigned char *sig = NULL;
1080 size_t sig_len = 0, shortsig_len = 1;
1081 EVP_PKEY_CTX *ctx = NULL;
1082 unsigned char tbs[] = {
1083 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1084 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1085 };
1086
1287dabd 1087 if (tst == 0) {
15ff7d7c
MC		 1088 if (!TEST_ptr(pkey = load_example_rsa_key()))
1089 goto out;
1090 } else if (tst == 1) {
1091#ifndef OPENSSL_NO_DSA
1092 if (!TEST_ptr(pkey = load_example_dsa_key()))
1093 goto out;
1094#else
1095 ret = 1;
1096 goto out;
1097#endif
1098 } else {
1099#ifndef OPENSSL_NO_EC
1100 if (!TEST_ptr(pkey = load_example_ec_key()))
1101 goto out;
1102#else
1103 ret = 1;
1104 goto out;
1105#endif
1106 }
1107
1108 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1109 if (!TEST_ptr(ctx)
1110 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1111 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1112 sizeof(tbs)), 0))
1113 goto out;
1114 sig = OPENSSL_malloc(sig_len);
1115 if (!TEST_ptr(sig)
1116 /* Test sending a signature buffer that is too short is rejected */
1117 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1118 sizeof(tbs)), 0)
1119 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1120 0)
1121 /* Test the signature round-trips */
1122 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1123 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1124 0))
1125 goto out;
1126
1127 ret = 1;
1128 out:
1129 EVP_PKEY_CTX_free(ctx);
1130 OPENSSL_free(sig);
1131 EVP_PKEY_free(pkey);
1132 return ret;
1133}
1134
4547a719
P		 1135/*
1136 * n = 0 => test using legacy cipher
1137 * n = 1 => test using fetched cipher
1138 */
1139static int test_EVP_Enveloped(int n)
2eb2b4f3
SL		 1140{
1141 int ret = 0;
1142 EVP_CIPHER_CTX *ctx = NULL;
1143 EVP_PKEY *keypair = NULL;
1144 unsigned char *kek = NULL;
1145 unsigned char iv[EVP_MAX_IV_LENGTH];
1146 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1147 int len, kek_len, ciphertext_len, plaintext_len;
1148 unsigned char ciphertext[32], plaintext[16];
4547a719 1149 EVP_CIPHER *type = NULL;
062490db
JS		 1150
1151 if (nullprov != NULL)
1152 return TEST_skip("Test does not support a non-default library context");
1153
4547a719
P		 1154 if (n == 0)
1155 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1156 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1157 testpropq)))
1158 goto err;
2eb2b4f3
SL		 1159
1160 if (!TEST_ptr(keypair = load_example_rsa_key())
ed576acd 1161 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
2eb2b4f3
SL		 1162 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1163 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1164 &keypair, 1))
1165 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1166 msg, sizeof(msg)))
1167 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1168 &len)))
1169 goto err;
1170
1171 ciphertext_len += len;
1172
1173 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1174 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1175 ciphertext, ciphertext_len))
1176 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1177 goto err;
1178
1179 plaintext_len += len;
1180 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1181 goto err;
1182
1183 ret = 1;
1184err:
4547a719
P		 1185 if (n != 0)
1186 EVP_CIPHER_free(type);
2eb2b4f3
SL		 1187 OPENSSL_free(kek);
1188 EVP_PKEY_free(keypair);
1189 EVP_CIPHER_CTX_free(ctx);
1190 return ret;
1191}
1192
59d0e6c8 1193/*
6d242fa5
MC		 1194 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1195 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1196 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1197 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1198 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1199 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1200 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1201 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1202 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
15ff7d7c
MC		 1203 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1204 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1205 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1206 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1207 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1208 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
816f72d0 1209 * Test 15-29: Same as above with reinitialization
59d0e6c8
MC		 1210 */
1211static int test_EVP_DigestSignInit(int tst)
71ea6b48
MC		 1212{
1213 int ret = 0;
1214 EVP_PKEY *pkey = NULL;
78539b25 1215 unsigned char *sig = NULL, *sig2 = NULL;
15ff7d7c 1216 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
59d0e6c8
MC		 1217 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1218 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1219 BIO *mdbio = NULL, *membio = NULL;
1220 size_t written;
6d242fa5
MC		 1221 const EVP_MD *md;
1222 EVP_MD *mdexp = NULL;
816f72d0 1223 int reinit = 0;
59d0e6c8 1224
062490db
JS		 1225 if (nullprov != NULL)
1226 return TEST_skip("Test does not support a non-default library context");
1227
816f72d0
TM		 1228 if (tst >= 15) {
1229 reinit = 1;
1230 tst -= 15;
1231 }
1232
15ff7d7c 1233 if (tst >= 6 && tst <= 8) {
59d0e6c8
MC		 1234 membio = BIO_new(BIO_s_mem());
1235 mdbio = BIO_new(BIO_f_md());
1236 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1237 goto out;
1238 BIO_push(mdbio, membio);
1239 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1240 goto out;
1241 } else {
1242 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1243 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1244 goto out;
1245 }
71ea6b48 1246
15ff7d7c 1247 if (tst % 3 == 0) {
59d0e6c8
MC		 1248 if (!TEST_ptr(pkey = load_example_rsa_key()))
1249 goto out;
15ff7d7c 1250 } else if (tst % 3 == 1) {
f650ab47 1251#ifndef OPENSSL_NO_DSA
59d0e6c8
MC		 1252 if (!TEST_ptr(pkey = load_example_dsa_key()))
1253 goto out;
f650ab47
MC		 1254#else
1255 ret = 1;
1256 goto out;
1257#endif
6d242fa5
MC		 1258 } else {
1259 if (!TEST_ptr(pkey = load_example_hmac_key()))
1260 goto out;
59d0e6c8 1261 }
71ea6b48 1262
6d242fa5
MC		 1263 if (tst >= 3 && tst <= 5)
1264 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1265 else
1266 md = EVP_sha256();
1267
1268 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
71ea6b48 1269 goto out;
adcd8e37 1270
816f72d0
TM		 1271 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
1272 goto out;
1273
15ff7d7c 1274 if (tst >= 6 && tst <= 8) {
59d0e6c8
MC		 1275 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1276 goto out;
15ff7d7c 1277 } else if (tst < 6) {
59d0e6c8
MC		 1278 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1279 goto out;
1280 }
1281
15ff7d7c
MC		 1282 if (tst >= 9) {
1283 /* Determine the size of the signature. */
1284 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1285 sizeof(kMsg)))
1286 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1287 goto out;
1288 if (tst <= 11) {
1289 /* Test that supply a short sig buffer fails */
1290 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1291 sizeof(kMsg))))
1292 goto out;
1293 /*
1294 * We end here because once EVP_DigestSign() has failed you should
1295 * not call it again without re-initing the ctx
1296 */
1297 ret = 1;
1298 goto out;
1299 }
1300 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1301 sizeof(kMsg))))
1302 goto out;
1303 } else {
1304 /* Determine the size of the signature. */
1305 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1306 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1307 /*
1308 * Trying to create a signature with a deliberately short
1309 * buffer should fail.
1310 */
1311 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1312 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1313 goto out;
1314 }
71ea6b48 1315
6d242fa5
MC		 1316 /*
1317 * Ensure that the signature round-trips (Verification isn't supported for
1318 * HMAC via EVP_DigestVerify*)
1319 */
15ff7d7c
MC		 1320 if (tst % 3 != 2) {
1321 if (tst >= 6 && tst <= 8) {
78539b25
TM		 1322 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1323 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1324 goto out;
1325 }
1326
6d242fa5
MC		 1327 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1328 NULL, pkey)))
59d0e6c8 1329 goto out;
6d242fa5 1330
15ff7d7c 1331 if (tst >= 6 && tst <= 8) {
6d242fa5
MC		 1332 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1333 goto out;
1334 } else {
1335 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1336 sizeof(kMsg))))
1337 goto out;
1338 }
e2e5e72d 1339 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
59d0e6c8 1340 goto out;
78539b25
TM		 1341
1342 /* Multiple calls to EVP_DigestVerifyFinal should work */
e2e5e72d 1343 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
78539b25
TM		 1344 goto out;
1345 } else {
1346 /*
1347 * For HMAC a doubled call to DigestSignFinal should produce the same
1348 * value as finalization should not happen.
1349 */
1350 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1351 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1352 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1353 goto out;
1354
1355 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1356 goto out;
59d0e6c8 1357 }
71ea6b48
MC		 1358
1359 ret = 1;
1360
1361 out:
59d0e6c8
MC		 1362 BIO_free(membio);
1363 BIO_free(mdbio);
1364 EVP_MD_CTX_free(a_md_ctx);
1365 EVP_MD_CTX_free(a_md_ctx_verify);
c5ba2d99 1366 EVP_PKEY_free(pkey);
b548a1f1 1367 OPENSSL_free(sig);
78539b25 1368 OPENSSL_free(sig2);
6d242fa5 1369 EVP_MD_free(mdexp);
71ea6b48
MC		 1370
1371 return ret;
1372}
1373
1374static int test_EVP_DigestVerifyInit(void)
1375{
1376 int ret = 0;
1377 EVP_PKEY *pkey = NULL;
adcd8e37 1378 EVP_MD_CTX *md_ctx = NULL;
71ea6b48 1379
062490db
JS		 1380 if (nullprov != NULL)
1381 return TEST_skip("Test does not support a non-default library context");
1382
adcd8e37
RS		 1383 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1384 || !TEST_ptr(pkey = load_example_rsa_key()))
1385 goto out;
71ea6b48 1386
adcd8e37
RS		 1387 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1388 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
e2e5e72d
PH		 1389 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1390 sizeof(kSignature)), 0))
71ea6b48 1391 goto out;
ae6b68b7
TM		 1392
1393 /* test with reinitialization */
1394 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
1395 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
e2e5e72d
PH		 1396 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1397 sizeof(kSignature)), 0))
ae6b68b7 1398 goto out;
71ea6b48
MC		 1399 ret = 1;
1400
1401 out:
bfb0641f 1402 EVP_MD_CTX_free(md_ctx);
c5ba2d99 1403 EVP_PKEY_free(pkey);
71ea6b48
MC		 1404 return ret;
1405}
1406
8cbfc4f6
TM		 1407#ifndef OPENSSL_NO_SIPHASH
1408/* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
1409static int test_siphash_digestsign(void)
1410{
1411 unsigned char key[16];
1412 unsigned char buf[8], digest[8];
1413 unsigned char expected[8] = {
1414 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1415 };
1416 EVP_PKEY *pkey = NULL;
1417 EVP_MD_CTX *mdctx = NULL;
1418 EVP_PKEY_CTX *ctx = NULL;
1419 int ret = 0;
1420 size_t len = 8;
1421
1422 if (nullprov != NULL)
1423 return TEST_skip("Test does not support a non-default library context");
1424
1425 memset(buf, 0, 8);
1426 memset(key, 1, 16);
1427 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
1428 key, 16)))
1429 goto out;
1430
1431 if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
1432 goto out;
1433
1434 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
1435 goto out;
1436 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
1437 EVP_PKEY_CTRL_SET_DIGEST_SIZE,
1438 8, NULL), 1))
1439 goto out;
1440 /* reinitialize */
1441 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
1442 goto out;
1443 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
1444 goto out;
1445 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
1446 goto out;
1447 if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
1448 goto out;
1449
1450 ret = 1;
1451 out:
1452 EVP_PKEY_free(pkey);
1453 EVP_MD_CTX_free(mdctx);
1454 return ret;
1455}
1456#endif
1457
8d8dd09b
TM		 1458/*
1459 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1460 */
1461static int test_EVP_Digest(void)
1462{
1463 int ret = 0;
1464 EVP_MD_CTX *md_ctx = NULL;
1465 unsigned char md[EVP_MAX_MD_SIZE];
062490db
JS		 1466 EVP_MD *sha256 = NULL;
1467 EVP_MD *shake256 = NULL;
8d8dd09b
TM		 1468
1469 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1470 goto out;
1471
062490db
JS		 1472 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1473 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1474 goto out;
1475
1476 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
8d8dd09b
TM		 1477 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1478 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1479 /* EVP_DigestFinal resets the EVP_MD_CTX. */
f6c95e46 1480 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
8d8dd09b
TM		 1481 goto out;
1482
062490db 1483 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
8d8dd09b
TM		 1484 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1485 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1486 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
f6c95e46 1487 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
8d8dd09b
TM		 1488 /*
1489 * EVP_DigestInit_ex with NULL type should work on
1490 * pre-initialized context.
1491 */
1492 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1493 goto out;
1494
062490db 1495 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
8d8dd09b
TM		 1496 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1497 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1498 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
f6c95e46 1499 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
8d8dd09b
TM		 1500 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1501 goto out;
1502 ret = 1;
1503
1504 out:
1505 EVP_MD_CTX_free(md_ctx);
062490db
JS		 1506 EVP_MD_free(sha256);
1507 EVP_MD_free(shake256);
8d8dd09b
TM		 1508 return ret;
1509}
1510
bef9b48e
TM		 1511static int test_EVP_md_null(void)
1512{
1513 int ret = 0;
1514 EVP_MD_CTX *md_ctx = NULL;
1515 const EVP_MD *md_null = EVP_md_null();
1516 unsigned char md_value[EVP_MAX_MD_SIZE];
1517 unsigned int md_len = sizeof(md_value);
1518
1519 if (nullprov != NULL)
1520 return TEST_skip("Test does not support a non-default library context");
1521
1522 if (!TEST_ptr(md_null)
1523 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1524 goto out;
1525
1526 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
1527 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
1528 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
1529 goto out;
1530
1531 if (!TEST_uint_eq(md_len, 0))
1532 goto out;
1533
1534 ret = 1;
1535 out:
1536 EVP_MD_CTX_free(md_ctx);
1537 return ret;
1538}
1539
adcd8e37 1540static int test_d2i_AutoPrivateKey(int i)
71ea6b48
MC		 1541{
1542 int ret = 0;
1543 const unsigned char *p;
1544 EVP_PKEY *pkey = NULL;
adcd8e37
RS		 1545 const APK_DATA *ak = &keydata[i];
1546 const unsigned char *input = ak->kder;
1547 size_t input_len = ak->size;
1548 int expected_id = ak->evptype;
71ea6b48
MC		 1549
1550 p = input;
adcd8e37
RS		 1551 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1552 || !TEST_ptr_eq(p, input + input_len)
ed576acd 1553 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
71ea6b48 1554 goto done;
71ea6b48
MC		 1555
1556 ret = 1;
1557
1558 done:
c5ba2d99 1559 EVP_PKEY_free(pkey);
71ea6b48
MC		 1560 return ret;
1561}
1562
a9880362 1563#ifndef OPENSSL_NO_EC
cad8347b
SL		 1564
1565static const unsigned char ec_public_sect163k1_validxy[] = {
1566 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1567 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1568 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1569 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1570 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1571 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1572};
1573
1574static const unsigned char ec_public_sect163k1_badx[] = {
1575 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1576 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1577 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1578 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1579 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1580 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1581};
1582
1583static const unsigned char ec_public_sect163k1_bady[] = {
1584 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1585 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1586 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1587 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1588 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1589 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1590};
1591
1592static struct ec_der_pub_keys_st {
1593 const unsigned char *der;
1594 size_t len;
1595 int valid;
1596} ec_der_pub_keys[] = {
1597 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1598 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1599 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1600};
1601
1602/*
1603 * Tests the range of the decoded EC char2 public point.
1604 * See ec_GF2m_simple_oct2point().
1605 */
1606static int test_invalide_ec_char2_pub_range_decode(int id)
1607{
1608 int ret = 0;
5b5eea4b 1609 EVP_PKEY *pkey;
cad8347b 1610
5b5eea4b
SL		 1611 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1612 ec_der_pub_keys[id].len);
1613
1614 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1615 || TEST_ptr_null(pkey);
1616 EVP_PKEY_free(pkey);
cad8347b
SL		 1617 return ret;
1618}
1619
71ea6b48
MC		 1620/* Tests loading a bad key in PKCS8 format */
1621static int test_EVP_PKCS82PKEY(void)
1622{
1623 int ret = 0;
1624 const unsigned char *derp = kExampleBadECKeyDER;
1625 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1626 EVP_PKEY *pkey = NULL;
1627
adcd8e37
RS		 1628 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1629 sizeof(kExampleBadECKeyDER))))
1630 goto done;
71ea6b48 1631
adcd8e37
RS		 1632 if (!TEST_ptr_eq(derp,
1633 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
71ea6b48 1634 goto done;
71ea6b48 1635
adcd8e37 1636 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
71ea6b48 1637 goto done;
71ea6b48
MC		 1638
1639 ret = 1;
1640
1641 done:
e0e920b1 1642 PKCS8_PRIV_KEY_INFO_free(p8inf);
c5ba2d99 1643 EVP_PKEY_free(pkey);
71ea6b48
MC		 1644
1645 return ret;
1646}
8be513ae 1647
a9880362 1648#endif
8be513ae
DB		 1649static int test_EVP_PKCS82PKEY_wrong_tag(void)
1650{
1651 EVP_PKEY *pkey = NULL;
1652 EVP_PKEY *pkey2 = NULL;
1653 BIO *membio = NULL;
1654 char *membuf = NULL;
1655 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1656 int ok = 0;
1657
1658 if (testctx != NULL)
1659 /* test not supported with non-default context */
1660 return 1;
1661
1662 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1663 || !TEST_ptr(pkey = load_example_rsa_key())
1664 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1665 NULL, 0, NULL, NULL),
1666 0)
1667 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1668 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1669 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
5d8ad7d3 1670 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
8be513ae
DB		 1671 goto done;
1672 }
1673
1674 ok = 1;
1675 done:
1676 EVP_PKEY_free(pkey);
1677 EVP_PKEY_free(pkey2);
1678 PKCS8_PRIV_KEY_INFO_free(p8inf);
1679 BIO_free_all(membio);
1680 return ok;
1681}
71ea6b48 1682
29c49b25
RL		 1683/* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1684static int test_privatekey_to_pkcs8(void)
1685{
1686 EVP_PKEY *pkey = NULL;
1687 BIO *membio = NULL;
1688 char *membuf = NULL;
e2cc68c8 1689 long membuf_len = 0;
29c49b25
RL		 1690 int ok = 0;
1691
1692 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1693 || !TEST_ptr(pkey = load_example_rsa_key())
1694 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1695 NULL, 0, NULL, NULL),
1696 0)
e2cc68c8
SL		 1697 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1698 || !TEST_ptr(membuf)
1699 || !TEST_mem_eq(membuf, (size_t)membuf_len,
29c49b25
RL		 1700 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1701 /*
1702 * We try to write PEM as well, just to see that it doesn't err, but
1703 * assume that the result is correct.
1704 */
1705 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1706 NULL, 0, NULL, NULL),
1707 0))
1708 goto done;
1709
1710 ok = 1;
1711 done:
1712 EVP_PKEY_free(pkey);
1713 BIO_free_all(membio);
1714 return ok;
1715}
1716
f0c62c53
RL		 1717#ifndef OPENSSL_NO_EC
1718static const struct {
1719 int encoding;
1720 const char *encoding_name;
1721} ec_encodings[] = {
1722 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1723 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1724};
1725
1726static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1727{
1728 const OSSL_PARAM *p;
1729 const char *enc_name = NULL;
1730 int *enc = arg;
1731 size_t i;
1732
1733 *enc = -1;
1734
1735 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1736 OSSL_PKEY_PARAM_EC_ENCODING))
1737 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1738 return 0;
1739
1740 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
fba140c7 1741 if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
f0c62c53
RL		 1742 *enc = ec_encodings[i].encoding;
1743 break;
1744 }
1745 }
1746
1747 return (*enc != -1);
1748}
1749
1750static int test_EC_keygen_with_enc(int idx)
1751{
1752 EVP_PKEY *params = NULL, *key = NULL;
1753 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1754 int enc;
1755 int ret = 0;
1756
1757 enc = ec_encodings[idx].encoding;
1758
1759 /* Create key parameters */
1760 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
6e0b05f3 1761 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
56876ae9 1762 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0)
f0c62c53
RL		 1763 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1764 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
1765 || !TEST_ptr(params))
1766 goto done;
1767
1768 /* Create key */
1769 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
bf4ceede 1770 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
f0c62c53
RL		 1771 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1772 || !TEST_ptr(key))
1773 goto done;
1774
1775 /* Check that the encoding got all the way into the key */
1776 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1777 ec_export_get_encoding_cb, &enc))
1778 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1779 goto done;
1780
1781 ret = 1;
1782 done:
1783 EVP_PKEY_free(key);
1784 EVP_PKEY_free(params);
1785 EVP_PKEY_CTX_free(kctx);
1786 EVP_PKEY_CTX_free(pctx);
1787 return ret;
1788}
1789#endif
1790
f844f9eb 1791#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
ddb634fe 1792
a6c4cb84
JL		 1793static int test_EVP_SM2_verify(void)
1794{
a6c4cb84 1795 const char *pubkey =
d0b79f86
PY		 1796 "-----BEGIN PUBLIC KEY-----\n"
1797 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1798 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1799 "-----END PUBLIC KEY-----\n";
a6c4cb84
JL		 1800
1801 const char *msg = "message digest";
1802 const char *id = "ALICE123@YAHOO.COM";
1803
1804 const uint8_t signature[] = {
d0b79f86
PY		 1805 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1806 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1807 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1808 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1809 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1810 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1811 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
a6c4cb84
JL		 1812 };
1813
1814 int rc = 0;
1815 BIO *bio = NULL;
1816 EVP_PKEY *pkey = NULL;
1817 EVP_MD_CTX *mctx = NULL;
1818 EVP_PKEY_CTX *pctx = NULL;
062490db 1819 EVP_MD *sm3 = NULL;
a6c4cb84
JL		 1820
1821 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1822 if (!TEST_true(bio != NULL))
1823 goto done;
1824
062490db 1825 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
a6c4cb84
JL		 1826 if (!TEST_true(pkey != NULL))
1827 goto done;
1828
8a288609 1829 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
a6c4cb84
JL		 1830 goto done;
1831
1832 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1833 goto done;
1834
062490db 1835 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
a6c4cb84
JL		 1836 goto done;
1837
a6c4cb84
JL		 1838 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1839
062490db
JS		 1840 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1841 goto done;
1842
1843 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
a6c4cb84
JL		 1844 goto done;
1845
d0b79f86
PY		 1846 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1847 goto done;
1848
a6c4cb84
JL		 1849 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1850 goto done;
1851
e2e5e72d 1852 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
a6c4cb84
JL		 1853 goto done;
1854 rc = 1;
1855
1856 done:
1857 BIO_free(bio);
1858 EVP_PKEY_free(pkey);
1859 EVP_PKEY_CTX_free(pctx);
1860 EVP_MD_CTX_free(mctx);
062490db 1861 EVP_MD_free(sm3);
a6c4cb84
JL		 1862 return rc;
1863}
1864
ddb634fe
JL		 1865static int test_EVP_SM2(void)
1866{
1867 int ret = 0;
1868 EVP_PKEY *pkey = NULL;
bfb56a97 1869 EVP_PKEY *pkeyparams = NULL;
ddb634fe
JL		 1870 EVP_PKEY_CTX *pctx = NULL;
1871 EVP_PKEY_CTX *kctx = NULL;
4803717f 1872 EVP_PKEY_CTX *sctx = NULL;
ddb634fe
JL		 1873 size_t sig_len = 0;
1874 unsigned char *sig = NULL;
1875 EVP_MD_CTX *md_ctx = NULL;
1876 EVP_MD_CTX *md_ctx_verify = NULL;
1877 EVP_PKEY_CTX *cctx = NULL;
42423ac9 1878 EVP_MD *check_md = NULL;
ddb634fe
JL		 1879
1880 uint8_t ciphertext[128];
1881 size_t ctext_len = sizeof(ciphertext);
1882
1883 uint8_t plaintext[8];
1884 size_t ptext_len = sizeof(plaintext);
1885
4803717f
PY		 1886 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1887
bfb56a97
MC		 1888 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1889 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1890 int i;
a0fff549 1891 char mdname[OSSL_MAX_NAME_SIZE];
bfb56a97 1892
42423ac9
RL		 1893 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
1894 "SM2", testpropq)))
ddb634fe
JL		 1895 goto done;
1896
1897 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1898 goto done;
1899
1900 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1901 goto done;
1902
bfb56a97 1903 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
ddb634fe
JL		 1904 goto done;
1905
42423ac9
RL		 1906 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1907 pkeyparams, testpropq)))
ddb634fe
JL		 1908 goto done;
1909
bf4ceede 1910 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0))
ddb634fe
JL		 1911 goto done;
1912
1913 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1914 goto done;
1915
ddb634fe
JL		 1916 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1917 goto done;
1918
1919 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1920 goto done;
1921
062490db 1922 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
4803717f
PY		 1923 goto done;
1924
1925 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1926 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1927
42423ac9 1928 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
062490db
JS		 1929 goto done;
1930
42423ac9 1931 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
4803717f
PY		 1932 goto done;
1933
d0b79f86 1934 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
ddb634fe
JL		 1935 goto done;
1936
42423ac9 1937 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
ddb634fe
JL		 1938 goto done;
1939
1940 /* Determine the size of the signature. */
1941 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1942 goto done;
1943
ddb634fe
JL		 1944 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1945 goto done;
1946
1947 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1948 goto done;
1949
1950 /* Ensure that the signature round-trips. */
1951
42423ac9
RL		 1952 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1953 pkey)))
ddb634fe
JL		 1954 goto done;
1955
d0b79f86
PY		 1956 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1957 goto done;
1958
ddb634fe
JL		 1959 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1960 goto done;
1961
e2e5e72d 1962 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
ddb634fe
JL		 1963 goto done;
1964
707d4e06
TM		 1965 /*
1966 * Try verify again with non-matching 0 length id but ensure that it can
1967 * be set on the context and overrides the previous value.
1968 */
1969
1970 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1971 pkey)))
1972 goto done;
1973
1974 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0))
1975 goto done;
1976
1977 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1978 goto done;
1979
1980 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1981 goto done;
1982
ddb634fe
JL		 1983 /* now check encryption/decryption */
1984
bfb56a97
MC		 1985 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1986 mdname, sizeof(mdname));
1987 for (i = 0; i < 2; i++) {
42423ac9
RL		 1988 const char *mdnames[] = {
1989#ifndef OPENSSL_NO_SM3
1990 "SM3",
1991#else
1992 NULL,
1993#endif
1994 "SHA2-256" };
bfb56a97 1995 EVP_PKEY_CTX_free(cctx);
ddb634fe 1996
42423ac9
RL		 1997 if (mdnames[i] == NULL)
1998 continue;
1999
2000 sparams[0] =
2001 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2002 (char *)mdnames[i], 0);
ddb634fe 2003
42423ac9
RL		 2004 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2005 pkey, testpropq)))
bfb56a97 2006 goto done;
ddb634fe 2007
bfb56a97
MC		 2008 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
2009 goto done;
ddb634fe 2010
bfb56a97
MC		 2011 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2012 goto done;
ddb634fe 2013
bfb56a97
MC		 2014 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
2015 sizeof(kMsg))))
2016 goto done;
ddb634fe 2017
bfb56a97
MC		 2018 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
2019 goto done;
2020
2021 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2022 goto done;
2023
0650ac43
PH		 2024 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
2025 ctext_len), 0))
bfb56a97
MC		 2026 goto done;
2027
2028 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
2029 goto done;
2030
42423ac9
RL		 2031 /*
2032 * Test we're still using the digest we think we are.
2033 * Because of aliases, the easiest is to fetch the digest and
2034 * check the name with EVP_MD_is_a().
2035 */
2036 EVP_MD_free(check_md);
2037 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
bfb56a97 2038 goto done;
42423ac9
RL		 2039 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
2040 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
bfb56a97 2041 goto done;
42423ac9 2042 }
bfb56a97
MC		 2043
2044 if (!TEST_true(ptext_len == sizeof(kMsg)))
2045 goto done;
2046
2047 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
2048 goto done;
2049 }
ddb634fe
JL		 2050
2051 ret = 1;
2052done:
2053 EVP_PKEY_CTX_free(pctx);
2054 EVP_PKEY_CTX_free(kctx);
4803717f 2055 EVP_PKEY_CTX_free(sctx);
ddb634fe
JL		 2056 EVP_PKEY_CTX_free(cctx);
2057 EVP_PKEY_free(pkey);
bfb56a97 2058 EVP_PKEY_free(pkeyparams);
ddb634fe
JL		 2059 EVP_MD_CTX_free(md_ctx);
2060 EVP_MD_CTX_free(md_ctx_verify);
42423ac9 2061 EVP_MD_free(check_md);
ddb634fe
JL		 2062 OPENSSL_free(sig);
2063 return ret;
2064}
2065
2066#endif
2067
bb5f281a
MC		 2068static struct keys_st {
2069 int type;
2070 char *priv;
2071 char *pub;
2072} keys[] = {
2073 {
2074 EVP_PKEY_HMAC, "0123456789", NULL
92b83537
TM		 2075 },
2076 {
2077 EVP_PKEY_HMAC, "", NULL
5af6e154 2078#ifndef OPENSSL_NO_POLY1305
bb5f281a
MC		 2079 }, {
2080 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
5af6e154
TM		 2081#endif
2082#ifndef OPENSSL_NO_SIPHASH
bb5f281a
MC		 2083 }, {
2084 EVP_PKEY_SIPHASH, "0123456789012345", NULL
5af6e154 2085#endif
896dcb80
MC		 2086 },
2087#ifndef OPENSSL_NO_EC
2088 {
bb5f281a
MC		 2089 EVP_PKEY_X25519, "01234567890123456789012345678901",
2090 "abcdefghijklmnopqrstuvwxyzabcdef"
2091 }, {
2092 EVP_PKEY_ED25519, "01234567890123456789012345678901",
2093 "abcdefghijklmnopqrstuvwxyzabcdef"
2094 }, {
2095 EVP_PKEY_X448,
2096 "01234567890123456789012345678901234567890123456789012345",
2097 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2098 }, {
2099 EVP_PKEY_ED448,
2100 "012345678901234567890123456789012345678901234567890123456",
2101 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2102 }
896dcb80 2103#endif
bb5f281a
MC		 2104};
2105
86dc26ba 2106static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
bb5f281a
MC		 2107{
2108 int ret = 0;
2109 unsigned char buf[80];
2110 unsigned char *in;
15ff7d7c 2111 size_t inlen, len = 0, shortlen = 1;
bb5f281a
MC		 2112 EVP_PKEY *pkey;
2113
2114 /* Check if this algorithm supports public keys */
5af6e154 2115 if (pub && keys[tst].pub == NULL)
bb5f281a
MC		 2116 return 1;
2117
2118 memset(buf, 0, sizeof(buf));
2119
2120 if (pub) {
5af6e154 2121#ifndef OPENSSL_NO_EC
bb5f281a
MC		 2122 inlen = strlen(keys[tst].pub);
2123 in = (unsigned char *)keys[tst].pub;
86dc26ba 2124 if (uselibctx) {
d8652be0 2125 pkey = EVP_PKEY_new_raw_public_key_ex(
86dc26ba
MC		 2126 testctx,
2127 OBJ_nid2sn(keys[tst].type),
2128 NULL,
2129 in,
2130 inlen);
2131 } else {
2132 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
2133 NULL,
2134 in,
2135 inlen);
2136 }
5af6e154
TM		 2137#else
2138 return 1;
2139#endif
bb5f281a
MC		 2140 } else {
2141 inlen = strlen(keys[tst].priv);
2142 in = (unsigned char *)keys[tst].priv;
86dc26ba 2143 if (uselibctx) {
d8652be0 2144 pkey = EVP_PKEY_new_raw_private_key_ex(
86dc26ba
MC		 2145 testctx, OBJ_nid2sn(keys[tst].type),
2146 NULL,
2147 in,
2148 inlen);
2149 } else {
2150 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
2151 NULL,
2152 in,
2153 inlen);
2154 }
bb5f281a
MC		 2155 }
2156
2157 if (!TEST_ptr(pkey)
5af6e154 2158 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
bb5f281a
MC		 2159 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
2160 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
15ff7d7c
MC		 2161 || !TEST_true(len == inlen))
2162 goto done;
2163 if (tst != 1) {
2164 /*
2165 * Test that supplying a buffer that is too small fails. Doesn't apply
2166 * to HMAC with a zero length key
2167 */
2168 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
2169 &shortlen)))
2170 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
2171 &shortlen))))
2172 goto done;
2173 }
2174 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
bb5f281a
MC		 2175 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
2176 || !TEST_mem_eq(in, inlen, buf, len))
2177 goto done;
2178
2179 ret = 1;
2180 done:
2181 EVP_PKEY_free(pkey);
2182 return ret;
2183}
2184
2185static int test_set_get_raw_keys(int tst)
2186{
5af6e154 2187 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
86dc26ba 2188 && test_set_get_raw_keys_int(tst, 0, 1)
5af6e154 2189 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
86dc26ba 2190 && test_set_get_raw_keys_int(tst, 1, 1);
bb5f281a
MC		 2191}
2192
41bbba53 2193#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3
PY		 2194static int pkey_custom_check(EVP_PKEY *pkey)
2195{
2196 return 0xbeef;
2197}
2198
b0004708
PY		 2199static int pkey_custom_pub_check(EVP_PKEY *pkey)
2200{
2201 return 0xbeef;
2202}
2203
2204static int pkey_custom_param_check(EVP_PKEY *pkey)
2205{
2206 return 0xbeef;
2207}
2208
2aee35d3 2209static EVP_PKEY_METHOD *custom_pmeth;
41bbba53 2210#endif
2aee35d3
PY		 2211
2212static int test_EVP_PKEY_check(int i)
2213{
2214 int ret = 0;
2aee35d3
PY		 2215 EVP_PKEY *pkey = NULL;
2216 EVP_PKEY_CTX *ctx = NULL;
41bbba53 2217#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3 2218 EVP_PKEY_CTX *ctx2 = NULL;
41bbba53 2219#endif
2aee35d3
PY		 2220 const APK_DATA *ak = &keycheckdata[i];
2221 const unsigned char *input = ak->kder;
2222 size_t input_len = ak->size;
2223 int expected_id = ak->evptype;
2224 int expected_check = ak->check;
b0004708
PY		 2225 int expected_pub_check = ak->pub_check;
2226 int expected_param_check = ak->param_check;
2227 int type = ak->type;
b0004708 2228
5b5eea4b
SL		 2229 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
2230 goto done;
2231 if (type == 0
ed576acd 2232 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
5b5eea4b 2233 goto done;
2aee35d3 2234
062490db 2235 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2aee35d3
PY		 2236 goto done;
2237
b0004708
PY		 2238 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
2239 goto done;
2240
2241 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
2242 goto done;
2243
2244 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
2245 goto done;
2aee35d3 2246
41bbba53 2247#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3
PY		 2248 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
2249 /* assign the pkey directly, as an internal test */
2250 EVP_PKEY_up_ref(pkey);
2251 ctx2->pkey = pkey;
2252
2253 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
2254 goto done;
2255
b0004708
PY		 2256 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
2257 goto done;
2258
2259 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
2260 goto done;
41bbba53 2261#endif
b0004708 2262
2aee35d3
PY		 2263 ret = 1;
2264
2265 done:
2266 EVP_PKEY_CTX_free(ctx);
41bbba53 2267#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3 2268 EVP_PKEY_CTX_free(ctx2);
41bbba53 2269#endif
2aee35d3
PY		 2270 EVP_PKEY_free(pkey);
2271 return ret;
2272}
2273
fab8fde3 2274#ifndef OPENSSL_NO_CMAC
e5bc0ce2
MC		 2275static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
2276{
2277 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
2278 const char msg[] = "Hello World";
cff7d58e 2279 size_t maclen = AES_BLOCK_SIZE;
e5bc0ce2
MC		 2280 int ret = 1;
2281
2282 if (!TEST_ptr(mdctx)
062490db
JS		 2283 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
2284 testpropq, pkey, NULL))
e5bc0ce2
MC		 2285 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
2286 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
2287 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
2288 ret = 0;
2289
2290 EVP_MD_CTX_free(mdctx);
2291
2292 return ret;
2293}
a87820e1
RL		 2294static int test_CMAC_keygen(void)
2295{
e5bc0ce2
MC		 2296 static unsigned char key[] = {
2297 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2298 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2299 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2300 };
062490db 2301 EVP_PKEY_CTX *kctx = NULL;
a87820e1 2302 int ret = 0;
e5bc0ce2 2303 EVP_PKEY *pkey = NULL;
a3d267f1
RS		 2304 unsigned char mac[AES_BLOCK_SIZE];
2305# if !defined(OPENSSL_NO_DEPRECATED_3_0)
2306 unsigned char mac2[AES_BLOCK_SIZE];
2307# endif
e5bc0ce2 2308
062490db
JS		 2309 if (nullprov != NULL)
2310 return TEST_skip("Test does not support a non-default library context");
2311
2312 /*
2313 * This is a legacy method for CMACs, but should still work.
2314 * This verifies that it works without an ENGINE.
2315 */
2316 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2317
e5bc0ce2
MC		 2318 /* Test a CMAC key created using the "generated" method */
2319 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2320 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2321 EVP_PKEY_CTRL_CIPHER,
2322 0, (void *)EVP_aes_256_ecb()), 0)
2323 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2324 EVP_PKEY_CTRL_SET_MAC_KEY,
2325 sizeof(key), (void *)key), 0)
2326 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2327 || !TEST_ptr(pkey)
2328 || !TEST_true(get_cmac_val(pkey, mac)))
2329 goto done;
a87820e1 2330
a3d267f1 2331# if !defined(OPENSSL_NO_DEPRECATED_3_0)
e5bc0ce2
MC		 2332 EVP_PKEY_free(pkey);
2333
2334 /*
2335 * Test a CMAC key using the direct method, and compare with the mac
2336 * created above.
2337 */
2338 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
2339 if (!TEST_ptr(pkey)
2340 || !TEST_true(get_cmac_val(pkey, mac2))
2341 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
a87820e1 2342 goto done;
a3d267f1 2343# endif
e5bc0ce2 2344
a87820e1
RL		 2345 ret = 1;
2346
2347 done:
e5bc0ce2 2348 EVP_PKEY_free(pkey);
a87820e1
RL		 2349 EVP_PKEY_CTX_free(kctx);
2350 return ret;
2351}
fab8fde3 2352#endif
a87820e1 2353
10d5b415
MC		 2354static int test_HKDF(void)
2355{
2356 EVP_PKEY_CTX *pctx;
2357 unsigned char out[20];
2358 size_t outlen;
2359 int i, ret = 0;
2360 unsigned char salt[] = "0123456789";
2361 unsigned char key[] = "012345678901234567890123456789";
2362 unsigned char info[] = "infostring";
2363 const unsigned char expected[] = {
2364 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2365 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2366 };
2367 size_t expectedlen = sizeof(expected);
2368
062490db 2369 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
10d5b415
MC		 2370 goto done;
2371
2372 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2373 for (i = 0; i < 2; i++) {
2374 outlen = sizeof(out);
2375 memset(out, 0, outlen);
2376
2377 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2378 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2379 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2380 sizeof(salt) - 1), 0)
2381 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2382 sizeof(key) - 1), 0)
2383 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2384 sizeof(info) - 1), 0)
2385 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2386 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2387 goto done;
2388 }
2389
2390 ret = 1;
2391
2392 done:
2393 EVP_PKEY_CTX_free(pctx);
2394
2395 return ret;
2396}
2397
2cd3ebc7
BK		 2398static int test_emptyikm_HKDF(void)
2399{
2400 EVP_PKEY_CTX *pctx;
2401 unsigned char out[20];
2402 size_t outlen;
2403 int ret = 0;
2404 unsigned char salt[] = "9876543210";
2405 unsigned char key[] = "";
2406 unsigned char info[] = "stringinfo";
2407 const unsigned char expected[] = {
2408 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2409 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2410 };
2411 size_t expectedlen = sizeof(expected);
2412
062490db 2413 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2cd3ebc7
BK		 2414 goto done;
2415
2416 outlen = sizeof(out);
2417 memset(out, 0, outlen);
2418
2419 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2420 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2421 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2422 sizeof(salt) - 1), 0)
2423 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2424 sizeof(key) - 1), 0)
2425 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2426 sizeof(info) - 1), 0)
2427 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2428 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2429 goto done;
2430
2431 ret = 1;
2432
2433 done:
2434 EVP_PKEY_CTX_free(pctx);
2435
2436 return ret;
2437}
2438
5dc40a83
BE		 2439#ifndef OPENSSL_NO_EC
2440static int test_X509_PUBKEY_inplace(void)
2441{
808c63c5 2442 int ret = 0;
62653483 2443 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
808c63c5
P		 2444 const unsigned char *p = kExampleECPubKeyDER;
2445 size_t input_len = sizeof(kExampleECPubKeyDER);
5dc40a83 2446
62653483
MC		 2447 if (!TEST_ptr(xp))
2448 goto done;
2449 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
808c63c5 2450 goto done;
5dc40a83 2451
808c63c5
P		 2452 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2453 goto done;
5dc40a83 2454
808c63c5
P		 2455 p = kExampleBadECPubKeyDER;
2456 input_len = sizeof(kExampleBadECPubKeyDER);
5dc40a83 2457
808c63c5
P		 2458 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2459 goto done;
5dc40a83 2460
808c63c5
P		 2461 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2462 goto done;
5dc40a83 2463
808c63c5 2464 ret = 1;
5dc40a83 2465
808c63c5
P		 2466 done:
2467 X509_PUBKEY_free(xp);
2468 return ret;
2469}
2470
2471static int test_X509_PUBKEY_dup(void)
2472{
2473 int ret = 0;
2474 X509_PUBKEY *xp = NULL, *xq = NULL;
2475 const unsigned char *p = kExampleECPubKeyDER;
2476 size_t input_len = sizeof(kExampleECPubKeyDER);
2477
62653483
MC		 2478 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2479 if (!TEST_ptr(xp)
2480 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
808c63c5
P		 2481 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2482 || !TEST_ptr_ne(xp, xq))
2483 goto done;
2484
2485 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2486 || !TEST_ptr(X509_PUBKEY_get0(xp))
7e35458b 2487 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
808c63c5
P		 2488 goto done;
2489
2490 X509_PUBKEY_free(xq);
2491 xq = NULL;
2492 p = kExampleBadECPubKeyDER;
2493 input_len = sizeof(kExampleBadECPubKeyDER);
2494
2495 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2496 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2497 goto done;
2498
2499 X509_PUBKEY_free(xp);
2500 xp = NULL;
2501 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2502 goto done;
2503
2504 ret = 1;
2505
2506 done:
2507 X509_PUBKEY_free(xp);
2508 X509_PUBKEY_free(xq);
2509 return ret;
5dc40a83 2510}
7bb82f92 2511#endif /* OPENSSL_NO_EC */
784883fc 2512
9c45222d 2513/* Test getting and setting parameters on an EVP_PKEY_CTX */
f54a4101 2514static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
9c45222d 2515{
9a071fef 2516 EVP_MD_CTX *mdctx = NULL;
9c45222d 2517 EVP_PKEY_CTX *ctx = NULL;
9c45222d 2518 const OSSL_PARAM *params;
00bc1ad9 2519 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
9c45222d
MC		 2520 int ret = 0;
2521 const EVP_MD *md;
00bc1ad9 2522 char mdname[OSSL_MAX_NAME_SIZE];
9a071fef 2523 char ssl3ms[48];
9c45222d 2524
9c45222d 2525 /* Initialise a sign operation */
062490db 2526 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
9c45222d 2527 if (!TEST_ptr(ctx)
c9c4a356 2528 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
9c45222d
MC		 2529 goto err;
2530
2531 /*
f54a4101 2532 * We should be able to query the parameters now.
9c45222d
MC		 2533 */
2534 params = EVP_PKEY_CTX_settable_params(ctx);
2535 if (!TEST_ptr(params)
0cb3f4f9
RL		 2536 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2537 OSSL_SIGNATURE_PARAM_DIGEST)))
9c45222d
MC		 2538 goto err;
2539
9c45222d
MC		 2540 params = EVP_PKEY_CTX_gettable_params(ctx);
2541 if (!TEST_ptr(params)
0cb3f4f9
RL		 2542 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2543 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
0cb3f4f9
RL		 2544 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2545 OSSL_SIGNATURE_PARAM_DIGEST)))
9c45222d
MC		 2546 goto err;
2547
2548 /*
2549 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2550 * EVP_PKEY_CTX_get_params()
2551 */
00bc1ad9
RL		 2552 strcpy(mdname, "SHA512");
2553 param_md = param;
2554 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2555 mdname, 0);
9c45222d
MC		 2556 *param++ = OSSL_PARAM_construct_end();
2557
2558 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2559 goto err;
2560
00bc1ad9
RL		 2561 mdname[0] = '\0';
2562 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2563 mdname, sizeof(mdname));
9c45222d 2564 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
00bc1ad9 2565 || !TEST_str_eq(mdname, "SHA512"))
9c45222d
MC		 2566 goto err;
2567
2568 /*
2569 * Test the TEST_PKEY_CTX_set_signature_md() and
2570 * TEST_PKEY_CTX_get_signature_md() functions
2571 */
2572 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2573 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2574 || !TEST_ptr_eq(md, EVP_sha256()))
2575 goto err;
2576
9a071fef
MC		 2577 /*
2578 * Test getting MD parameters via an associated EVP_PKEY_CTX
2579 */
2580 mdctx = EVP_MD_CTX_new();
2581 if (!TEST_ptr(mdctx)
062490db 2582 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
af6171b3 2583 pkey, NULL)))
9a071fef
MC		 2584 goto err;
2585
2586 /*
2587 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2588 * able to obtain the digest's settable parameters from the provider.
2589 */
2590 params = EVP_MD_CTX_settable_params(mdctx);
2591 if (!TEST_ptr(params)
2592 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2593 /* The final key should be NULL */
2594 || !TEST_ptr_null(params[1].key))
2595 goto err;
2596
2597 param = ourparams;
2598 memset(ssl3ms, 0, sizeof(ssl3ms));
2599 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2600 ssl3ms, sizeof(ssl3ms));
2601 *param++ = OSSL_PARAM_construct_end();
2602
2603 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2604 goto err;
2605
9c45222d
MC		 2606 ret = 1;
2607
2608 err:
9a071fef 2609 EVP_MD_CTX_free(mdctx);
9c45222d 2610 EVP_PKEY_CTX_free(ctx);
f54a4101
RL		 2611
2612 return ret;
2613}
2614
2615#ifndef OPENSSL_NO_DSA
2616static int test_DSA_get_set_params(void)
2617{
6ed4022c
RL		 2618 OSSL_PARAM_BLD *bld = NULL;
2619 OSSL_PARAM *params = NULL;
f54a4101 2620 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
6ed4022c 2621 EVP_PKEY_CTX *pctx = NULL;
f54a4101
RL		 2622 EVP_PKEY *pkey = NULL;
2623 int ret = 0;
2624
2625 /*
2626 * Setup the parameters for our DSA object. For our purposes they don't
2627 * have to actually be *valid* parameters. We just need to set something.
2628 */
6ed4022c
RL		 2629 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2630 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2631 || !TEST_ptr(p = BN_new())
2632 || !TEST_ptr(q = BN_new())
2633 || !TEST_ptr(g = BN_new())
2634 || !TEST_ptr(pub = BN_new())
2635 || !TEST_ptr(priv = BN_new()))
2636 goto err;
2637 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2638 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2639 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2640 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2641 pub))
2642 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2643 priv)))
2644 goto err;
2645 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
f54a4101 2646 goto err;
f54a4101 2647
2db985b7
SL		 2648 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2649 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2650 params), 0))
f54a4101
RL		 2651 goto err;
2652
6ed4022c
RL		 2653 if (!TEST_ptr(pkey))
2654 goto err;
f54a4101
RL		 2655
2656 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2657
2658 err:
9c45222d 2659 EVP_PKEY_free(pkey);
6ed4022c 2660 EVP_PKEY_CTX_free(pctx);
3f883c7c 2661 OSSL_PARAM_free(params);
6ed4022c 2662 OSSL_PARAM_BLD_free(bld);
9c45222d
MC		 2663 BN_free(p);
2664 BN_free(q);
2665 BN_free(g);
cd32a0f5
RL		 2666 BN_free(pub);
2667 BN_free(priv);
9c45222d
MC		 2668
2669 return ret;
2670}
2c04b341
JS		 2671
2672/*
8a9394c1 2673 * Test combinations of private, public, missing and private + public key
2c04b341
JS		 2674 * params to ensure they are all accepted
2675 */
2676static int test_DSA_priv_pub(void)
2677{
2678 return test_EVP_PKEY_ffc_priv_pub("DSA");
2679}
2680
2681#endif /* !OPENSSL_NO_DSA */
9c45222d 2682
f54a4101
RL		 2683static int test_RSA_get_set_params(void)
2684{
d7e498ac
RL		 2685 OSSL_PARAM_BLD *bld = NULL;
2686 OSSL_PARAM *params = NULL;
f54a4101 2687 BIGNUM *n = NULL, *e = NULL, *d = NULL;
d7e498ac 2688 EVP_PKEY_CTX *pctx = NULL;
f54a4101
RL		 2689 EVP_PKEY *pkey = NULL;
2690 int ret = 0;
2691
2692 /*
2693 * Setup the parameters for our RSA object. For our purposes they don't
2694 * have to actually be *valid* parameters. We just need to set something.
2695 */
d7e498ac
RL		 2696 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2697 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2698 || !TEST_ptr(n = BN_new())
2699 || !TEST_ptr(e = BN_new())
2700 || !TEST_ptr(d = BN_new()))
2701 goto err;
2702 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2703 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2704 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2705 goto err;
2706 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
f54a4101 2707 goto err;
f54a4101 2708
2db985b7
SL		 2709 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2710 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2711 params), 0))
f54a4101
RL		 2712 goto err;
2713
d7e498ac
RL		 2714 if (!TEST_ptr(pkey))
2715 goto err;
f54a4101
RL		 2716
2717 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2718
2719 err:
2720 EVP_PKEY_free(pkey);
d7e498ac 2721 EVP_PKEY_CTX_free(pctx);
3f883c7c 2722 OSSL_PARAM_free(params);
d7e498ac 2723 OSSL_PARAM_BLD_free(bld);
f54a4101
RL		 2724 BN_free(n);
2725 BN_free(e);
2726 BN_free(d);
2727
2728 return ret;
2729}
2730
b4be6937
MC		 2731#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2732static int test_decrypt_null_chunks(void)
2733{
2734 EVP_CIPHER_CTX* ctx = NULL;
062490db 2735 EVP_CIPHER *cipher = NULL;
b4be6937
MC		 2736 const unsigned char key[32] = {
2737 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2738 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2739 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2740 };
2741 unsigned char iv[12] = {
2742 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2743 };
2744 unsigned char msg[] = "It was the best of times, it was the worst of times";
2745 unsigned char ciphertext[80];
2746 unsigned char plaintext[80];
2747 /* We initialise tmp to a non zero value on purpose */
2748 int ctlen, ptlen, tmp = 99;
2749 int ret = 0;
2750 const int enc_offset = 10, dec_offset = 20;
2751
062490db
JS		 2752 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2753 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2754 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
b4be6937
MC		 2755 key, iv))
2756 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2757 enc_offset))
2758 /* Deliberate add a zero length update */
2759 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2760 0))
2761 || !TEST_int_eq(tmp, 0)
2762 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2763 msg + enc_offset,
2764 sizeof(msg) - enc_offset))
2765 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2766 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2767 || !TEST_int_eq(tmp, 0))
2768 goto err;
2769
2770 /* Deliberately initialise tmp to a non zero value */
2771 tmp = 99;
062490db 2772 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
b4be6937
MC		 2773 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2774 dec_offset))
2775 /*
2776 * Deliberately add a zero length update. We also deliberately do
2777 * this at a different offset than for encryption.
2778 */
2779 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2780 0))
2781 || !TEST_int_eq(tmp, 0)
2782 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2783 ciphertext + dec_offset,
2784 ctlen - dec_offset))
2785 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2786 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2787 || !TEST_int_eq(tmp, 0)
2788 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2789 goto err;
2790
2791 ret = 1;
2792 err:
2793 EVP_CIPHER_CTX_free(ctx);
062490db 2794 EVP_CIPHER_free(cipher);
b4be6937
MC		 2795 return ret;
2796}
2797#endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2798
2c04b341
JS		 2799#ifndef OPENSSL_NO_DH
2800/*
8a9394c1 2801 * Test combinations of private, public, missing and private + public key
2c04b341
JS		 2802 * params to ensure they are all accepted
2803 */
2804static int test_DH_priv_pub(void)
2805{
2806 return test_EVP_PKEY_ffc_priv_pub("DH");
2807}
2808
2809# ifndef OPENSSL_NO_DEPRECATED_3_0
e295de1d
MC		 2810static int test_EVP_PKEY_set1_DH(void)
2811{
ca2bf555
SL		 2812 DH *x942dh = NULL, *noqdh = NULL;
2813 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
e295de1d 2814 int ret = 0;
ca2bf555 2815 BIGNUM *p, *g = NULL;
0ec73843
TM		 2816 BIGNUM *pubkey = NULL;
2817 unsigned char pub[2048 / 8];
2818 size_t len = 0;
ca2bf555
SL		 2819
2820 if (!TEST_ptr(p = BN_new())
2821 || !TEST_ptr(g = BN_new())
0ec73843
TM		 2822 || !TEST_ptr(pubkey = BN_new())
2823 || !TEST_true(BN_set_word(p, 9999))
2824 || !TEST_true(BN_set_word(g, 2))
2825 || !TEST_true(BN_set_word(pubkey, 4321))
ca2bf555 2826 || !TEST_ptr(noqdh = DH_new())
0ec73843
TM		 2827 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
2828 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
2829 || !TEST_ptr(pubkey = BN_new())
2830 || !TEST_true(BN_set_word(pubkey, 4321)))
ca2bf555
SL		 2831 goto err;
2832 p = g = NULL;
e295de1d
MC		 2833
2834 x942dh = DH_get_2048_256();
e295de1d
MC		 2835 pkey1 = EVP_PKEY_new();
2836 pkey2 = EVP_PKEY_new();
2837 if (!TEST_ptr(x942dh)
ca2bf555 2838 || !TEST_ptr(noqdh)
e295de1d 2839 || !TEST_ptr(pkey1)
0ec73843
TM		 2840 || !TEST_ptr(pkey2)
2841 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
e295de1d 2842 goto err;
0ec73843 2843 pubkey = NULL;
e295de1d 2844
0ec73843 2845 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
ed576acd 2846 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
e295de1d
MC		 2847 goto err;
2848
0ec73843
TM		 2849 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
2850 &pubkey))
2851 || !TEST_ptr(pubkey))
2852 goto err;
2853
2854 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
ed576acd 2855 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
e295de1d
MC		 2856 goto err;
2857
0ec73843
TM		 2858 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
2859 OSSL_PKEY_PARAM_PUB_KEY,
2860 pub, sizeof(pub), &len))
2861 || !TEST_size_t_ne(len, 0))
2862 goto err;
2863
e295de1d
MC		 2864 ret = 1;
2865 err:
ca2bf555
SL		 2866 BN_free(p);
2867 BN_free(g);
0ec73843 2868 BN_free(pubkey);
e295de1d
MC		 2869 EVP_PKEY_free(pkey1);
2870 EVP_PKEY_free(pkey2);
2871 DH_free(x942dh);
ca2bf555 2872 DH_free(noqdh);
e295de1d
MC		 2873
2874 return ret;
2875}
2c04b341
JS		 2876# endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2877#endif /* !OPENSSL_NO_DH */
e295de1d 2878
8a5cb596
RL		 2879/*
2880 * We test what happens with an empty template. For the sake of this test,
2881 * the template must be ignored, and we know that's the case for RSA keys
2882 * (this might arguably be a misfeature, but that's what we currently do,
2883 * even in provider code, since that's how the legacy RSA implementation
2884 * does things)
2885 */
2886static int test_keygen_with_empty_template(int n)
2887{
2888 EVP_PKEY_CTX *ctx = NULL;
2889 EVP_PKEY *pkey = NULL;
2890 EVP_PKEY *tkey = NULL;
2891 int ret = 0;
2892
062490db
JS		 2893 if (nullprov != NULL)
2894 return TEST_skip("Test does not support a non-default library context");
2895
8a5cb596
RL		 2896 switch (n) {
2897 case 0:
2898 /* We do test with no template at all as well */
2899 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2900 goto err;
2901 break;
2902 case 1:
2903 /* Here we create an empty RSA key that serves as our template */
2904 if (!TEST_ptr(tkey = EVP_PKEY_new())
2905 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2906 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2907 goto err;
2908 break;
2909 }
2910
2911 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2912 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2913 goto err;
2914
2915 ret = 1;
2916 err:
2917 EVP_PKEY_CTX_free(ctx);
2918 EVP_PKEY_free(pkey);
2919 EVP_PKEY_free(tkey);
2920 return ret;
2921}
2922
5ddec6a7
MC		 2923/*
2924 * Test that we fail if we attempt to use an algorithm that is not available
08497fc6
RL		 2925 * in the current library context (unless we are using an algorithm that
2926 * should be made available via legacy codepaths).
2927 *
2928 * 0: RSA
2929 * 1: SM2
5ddec6a7
MC		 2930 */
2931static int test_pkey_ctx_fail_without_provider(int tst)
2932{
b4250010 2933 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
062490db 2934 OSSL_PROVIDER *tmpnullprov = NULL;
5ddec6a7 2935 EVP_PKEY_CTX *pctx = NULL;
08497fc6
RL		 2936 const char *keytype = NULL;
2937 int expect_null = 0;
5ddec6a7
MC		 2938 int ret = 0;
2939
2940 if (!TEST_ptr(tmpctx))
2941 goto err;
2942
062490db
JS		 2943 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
2944 if (!TEST_ptr(tmpnullprov))
5ddec6a7
MC		 2945 goto err;
2946
5ddec6a7 2947 /*
08497fc6 2948 * We check for certain algos in the null provider.
e304aa87 2949 * If an algo is expected to have a provider keymgmt, constructing an
08497fc6 2950 * EVP_PKEY_CTX is expected to fail (return NULL).
e304aa87 2951 * Otherwise, if it's expected to have legacy support, constructing an
08497fc6 2952 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
5ddec6a7 2953 */
08497fc6
RL		 2954 switch (tst) {
2955 case 0:
2956 keytype = "RSA";
2957 expect_null = 1;
2958 break;
2959 case 1:
2960 keytype = "SM2";
d0b79f86 2961 expect_null = 1;
08497fc6
RL		 2962#ifdef OPENSSL_NO_EC
2963 TEST_info("EC disable, skipping SM2 check...");
2964 goto end;
2965#endif
2966#ifdef OPENSSL_NO_SM2
2967 TEST_info("SM2 disable, skipping SM2 check...");
2968 goto end;
2969#endif
2970 break;
2971 default:
2972 TEST_error("No test for case %d", tst);
2973 goto err;
2974 }
2975
2976 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2977 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
5ddec6a7
MC		 2978 goto err;
2979
08497fc6
RL		 2980#if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2981 end:
2982#endif
5ddec6a7
MC		 2983 ret = 1;
2984
2985 err:
2986 EVP_PKEY_CTX_free(pctx);
062490db 2987 OSSL_PROVIDER_unload(tmpnullprov);
b4250010 2988 OSSL_LIB_CTX_free(tmpctx);
5ddec6a7
MC		 2989 return ret;
2990}
2991
1c19ff3c
P		 2992static int test_rand_agglomeration(void)
2993{
2994 EVP_RAND *rand;
2995 EVP_RAND_CTX *ctx;
2996 OSSL_PARAM params[3], *p = params;
2997 int res;
2998 unsigned int step = 7;
2999 static unsigned char seed[] = "It does not matter how slowly you go "
3000 "as long as you do not stop.";
3001 unsigned char out[sizeof(seed)];
3002
3003 if (!TEST_int_ne(sizeof(seed) % step, 0)
062490db 3004 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
1c19ff3c
P		 3005 return 0;
3006 ctx = EVP_RAND_CTX_new(rand, NULL);
3007 EVP_RAND_free(rand);
3008 if (!TEST_ptr(ctx))
3009 return 0;
3010
3011 memset(out, 0, sizeof(out));
3012 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
3013 seed, sizeof(seed));
0d4460d2 3014 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
1c19ff3c 3015 *p = OSSL_PARAM_construct_end();
e494fac7 3016 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
1c19ff3c
P		 3017 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
3018 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
3019 EVP_RAND_CTX_free(ctx);
3020 return res;
3021}
3022
440b852a
BK		 3023/*
3024 * Test that we correctly return the original or "running" IV after
3025 * an encryption operation.
3026 * Run multiple times for some different relevant algorithms/modes.
3027 */
a4afa6c1 3028static int test_evp_iv_aes(int idx)
440b852a
BK		 3029{
3030 int ret = 0;
3031 EVP_CIPHER_CTX *ctx = NULL;
3032 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
3033 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
3034 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
3035 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
3036 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
3037 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3038 9, 10, 11, 12, 13, 14, 15, 16 };
3039 unsigned char ciphertext[32], oiv[16], iv[16];
3040 unsigned char *ref_iv;
3041 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
3042 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
3043
3044 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
3045 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
4ec4b063
TM		 3046 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
3047 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
440b852a
BK		 3048 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3049 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3050 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
3051#ifndef OPENSSL_NO_OCB
3052 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3053 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3054#endif
3055 int len = sizeof(ciphertext);
3056 size_t ivlen, ref_len;
3057 const EVP_CIPHER *type = NULL;
4ec4b063 3058 int iv_reset = 0;
440b852a 3059
4ec4b063 3060 if (nullprov != NULL && idx < 6)
062490db
JS		 3061 return TEST_skip("Test does not support a non-default library context");
3062
1287dabd 3063 switch (idx) {
440b852a
BK		 3064 case 0:
3065 type = EVP_aes_128_cbc();
3066 /* FALLTHROUGH */
4ec4b063 3067 case 6:
440b852a 3068 type = (type != NULL) ? type :
062490db 3069 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
440b852a
BK		 3070 ref_iv = cbc_state;
3071 ref_len = sizeof(cbc_state);
4ec4b063 3072 iv_reset = 1;
440b852a
BK		 3073 break;
3074 case 1:
3075 type = EVP_aes_128_ofb();
3076 /* FALLTHROUGH */
4ec4b063 3077 case 7:
440b852a 3078 type = (type != NULL) ? type :
062490db 3079 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
440b852a
BK		 3080 ref_iv = ofb_state;
3081 ref_len = sizeof(ofb_state);
4ec4b063 3082 iv_reset = 1;
440b852a
BK		 3083 break;
3084 case 2:
4ec4b063
TM		 3085 type = EVP_aes_128_cfb();
3086 /* FALLTHROUGH */
3087 case 8:
3088 type = (type != NULL) ? type :
3089 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
3090 ref_iv = cfb_state;
3091 ref_len = sizeof(cfb_state);
3092 iv_reset = 1;
3093 break;
3094 case 3:
440b852a
BK		 3095 type = EVP_aes_128_gcm();
3096 /* FALLTHROUGH */
4ec4b063 3097 case 9:
440b852a 3098 type = (type != NULL) ? type :
062490db 3099 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
440b852a
BK		 3100 ref_iv = gcm_state;
3101 ref_len = sizeof(gcm_state);
3102 break;
4ec4b063 3103 case 4:
440b852a
BK		 3104 type = EVP_aes_128_ccm();
3105 /* FALLTHROUGH */
4ec4b063 3106 case 10:
440b852a 3107 type = (type != NULL) ? type :
062490db 3108 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
440b852a
BK		 3109 ref_iv = ccm_state;
3110 ref_len = sizeof(ccm_state);
3111 break;
3112#ifdef OPENSSL_NO_OCB
4ec4b063
TM		 3113 case 5:
3114 case 11:
440b852a
BK		 3115 return 1;
3116#else
4ec4b063 3117 case 5:
440b852a
BK		 3118 type = EVP_aes_128_ocb();
3119 /* FALLTHROUGH */
4ec4b063 3120 case 11:
440b852a 3121 type = (type != NULL) ? type :
062490db 3122 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
440b852a
BK		 3123 ref_iv = ocb_state;
3124 ref_len = sizeof(ocb_state);
3125 break;
3126#endif
3127 default:
3128 return 0;
3129 }
3130
3131 if (!TEST_ptr(type)
3132 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3133 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3134 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3135 (int)sizeof(msg)))
0d83b7b9
TM		 3136 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3137 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
440b852a
BK		 3138 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3139 goto err;
ed576acd 3140 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
440b852a
BK		 3141 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3142 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3143 goto err;
3144
4ec4b063
TM		 3145 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3146 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3147 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3148 goto err;
3149 if (iv_reset) {
3150 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3151 goto err;
3152 } else {
3153 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
3154 goto err;
3155 }
3156
440b852a
BK		 3157 ret = 1;
3158err:
3159 EVP_CIPHER_CTX_free(ctx);
4ec4b063 3160 if (idx >= 6)
440b852a
BK		 3161 EVP_CIPHER_free((EVP_CIPHER *)type);
3162 return ret;
3163}
3164
a4afa6c1
TM		 3165#ifndef OPENSSL_NO_DES
3166static int test_evp_iv_des(int idx)
3167{
3168 int ret = 0;
3169 EVP_CIPHER_CTX *ctx = NULL;
3170 static const unsigned char key[24] = {
3171 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3172 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3173 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3174 };
3175 static const unsigned char init_iv[8] = {
3176 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3177 };
3178 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3179 9, 10, 11, 12, 13, 14, 15, 16 };
3180 unsigned char ciphertext[32], oiv[8], iv[8];
3181 unsigned const char *ref_iv;
3182 static const unsigned char cbc_state_des[8] = {
3183 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3184 };
3185 static const unsigned char cbc_state_3des[8] = {
3186 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3187 };
3188 static const unsigned char ofb_state_des[8] = {
3189 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3190 };
3191 static const unsigned char ofb_state_3des[8] = {
3192 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3193 };
3194 static const unsigned char cfb_state_des[8] = {
3195 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3196 };
3197 static const unsigned char cfb_state_3des[8] = {
3198 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3199 };
3200 int len = sizeof(ciphertext);
3201 size_t ivlen, ref_len;
3202 EVP_CIPHER *type = NULL;
3203
3204 if (lgcyprov == NULL && idx < 3)
3205 return TEST_skip("Test requires legacy provider to be loaded");
3206
1287dabd 3207 switch (idx) {
a4afa6c1
TM		 3208 case 0:
3209 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
3210 ref_iv = cbc_state_des;
3211 ref_len = sizeof(cbc_state_des);
3212 break;
3213 case 1:
3214 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
3215 ref_iv = ofb_state_des;
3216 ref_len = sizeof(ofb_state_des);
3217 break;
3218 case 2:
3219 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
3220 ref_iv = cfb_state_des;
3221 ref_len = sizeof(cfb_state_des);
3222 break;
3223 case 3:
3224 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
3225 ref_iv = cbc_state_3des;
3226 ref_len = sizeof(cbc_state_3des);
3227 break;
3228 case 4:
3229 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
3230 ref_iv = ofb_state_3des;
3231 ref_len = sizeof(ofb_state_3des);
3232 break;
3233 case 5:
3234 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
3235 ref_iv = cfb_state_3des;
3236 ref_len = sizeof(cfb_state_3des);
3237 break;
3238 default:
3239 return 0;
3240 }
3241
3242 if (!TEST_ptr(type)
3243 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3244 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3245 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3246 (int)sizeof(msg)))
3247 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3248 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3249 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3250 goto err;
ed576acd 3251 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
a4afa6c1
TM		 3252 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3253 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3254 goto err;
3255
3256 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3257 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3258 goto err;
3259 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3260 goto err;
3261
3262 ret = 1;
3263err:
3264 EVP_CIPHER_CTX_free(ctx);
3265 EVP_CIPHER_free(type);
3266 return ret;
3267}
3268#endif
3269
091e60c4
TM		 3270#ifndef OPENSSL_NO_BF
3271static int test_evp_bf_default_keylen(int idx)
3272{
3273 int ret = 0;
3274 static const char *algos[4] = {
3275 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb"
3276 };
3277 int ivlen[4] = { 0, 8, 8, 8 };
3278 EVP_CIPHER *cipher = NULL;
3279
3280 if (lgcyprov == NULL)
3281 return TEST_skip("Test requires legacy provider to be loaded");
3282
3283 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq))
3284 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16)
3285 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx]))
3286 goto err;
3287
3288 ret = 1;
3289err:
3290 EVP_CIPHER_free(cipher);
3291 return ret;
3292}
3293#endif
3294
c0ff1932 3295#ifndef OPENSSL_NO_EC
da671c41
P		 3296static int ecpub_nids[] = {
3297 NID_brainpoolP256r1, NID_X9_62_prime256v1,
3298 NID_secp384r1, NID_secp521r1,
3299# ifndef OPENSSL_NO_EC2M
3300 NID_sect233k1, NID_sect233r1, NID_sect283r1,
c0ff1932 3301 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
da671c41
P		 3302# endif
3303 NID_brainpoolP384r1, NID_brainpoolP512r1
3304};
c0ff1932
BK		 3305
3306static int test_ecpub(int idx)
3307{
ad7cb0bf 3308 int ret = 0, len, savelen;
c0ff1932
BK		 3309 int nid;
3310 unsigned char buf[1024];
3311 unsigned char *p;
3312 EVP_PKEY *pkey = NULL;
3313 EVP_PKEY_CTX *ctx = NULL;
3d364726
BK		 3314# ifndef OPENSSL_NO_DEPRECATED_3_0
3315 const unsigned char *q;
3316 EVP_PKEY *pkey2 = NULL;
3317 EC_KEY *ec = NULL;
3318# endif
c0ff1932 3319
062490db
JS		 3320 if (nullprov != NULL)
3321 return TEST_skip("Test does not support a non-default library context");
3322
c0ff1932
BK		 3323 nid = ecpub_nids[idx];
3324
3325 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
3326 if (!TEST_ptr(ctx)
bf4ceede 3327 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
c0ff1932
BK		 3328 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid))
3329 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
3330 goto done;
3331 len = i2d_PublicKey(pkey, NULL);
ad7cb0bf 3332 savelen = len;
c0ff1932
BK		 3333 if (!TEST_int_ge(len, 1)
3334 || !TEST_int_lt(len, 1024))
3335 goto done;
3336 p = buf;
3337 len = i2d_PublicKey(pkey, &p);
ad7cb0bf
BK		 3338 if (!TEST_int_ge(len, 1)
3339 || !TEST_int_eq(len, savelen))
c0ff1932
BK		 3340 goto done;
3341
3d364726
BK		 3342# ifndef OPENSSL_NO_DEPRECATED_3_0
3343 /* Now try to decode the just-created DER. */
3344 q = buf;
3345 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
3346 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
3347 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
3348 goto done;
3349 /* EC_KEY ownership transferred */
3350 ec = NULL;
3351 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
3352 goto done;
3353 /* The keys should match. */
c85c5e1a 3354 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
3d364726
BK		 3355 goto done;
3356# endif
3357
c0ff1932
BK		 3358 ret = 1;
3359
3360 done:
3361 EVP_PKEY_CTX_free(ctx);
3362 EVP_PKEY_free(pkey);
3d364726
BK		 3363# ifndef OPENSSL_NO_DEPRECATED_3_0
3364 EVP_PKEY_free(pkey2);
3365 EC_KEY_free(ec);
3366# endif
c0ff1932
BK		 3367 return ret;
3368}
3369#endif
3370
e947a064
DB		 3371static int test_EVP_rsa_pss_with_keygen_bits(void)
3372{
062490db
JS		 3373 int ret = 0;
3374 EVP_PKEY_CTX *ctx = NULL;
3375 EVP_PKEY *pkey = NULL;
3376 EVP_MD *md;
e947a064 3377
062490db
JS		 3378 md = EVP_MD_fetch(testctx, "sha256", testpropq);
3379 ret = TEST_ptr(md)
3380 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", testpropq)))
bf4ceede 3381 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
e947a064
DB		 3382 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
3383 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
3384 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
3385
062490db 3386 EVP_MD_free(md);
e947a064
DB		 3387 EVP_PKEY_free(pkey);
3388 EVP_PKEY_CTX_free(ctx);
e947a064
DB		 3389 return ret;
3390}
3391
6f87463b
TC		 3392static int test_EVP_rsa_pss_set_saltlen(void)
3393{
3394 int ret = 0;
3395 EVP_PKEY *pkey = NULL;
3396 EVP_PKEY_CTX *pkey_ctx = NULL;
3397 EVP_MD *sha256 = NULL;
3398 EVP_MD_CTX *sha256_ctx = NULL;
3399 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
3400 const int test_value = 32;
3401
3402 ret = TEST_ptr(pkey = load_example_rsa_key())
3403 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
3404 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
3405 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
3406 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
7263a7fc
PH		 3407 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0)
3408 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0)
6f87463b
TC		 3409 && TEST_int_eq(saltlen, test_value);
3410
3411 EVP_MD_CTX_free(sha256_ctx);
3412 EVP_PKEY_free(pkey);
3413 EVP_MD_free(sha256);
3414
3415 return ret;
3416}
3417
5eb73cfb
MC		 3418static int success = 1;
3419static void md_names(const char *name, void *vctx)
3420{
3421 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
3422 /* Force a namemap update */
3423 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
3424
3425 if (!TEST_ptr(aes128))
3426 success = 0;
3427
3428 EVP_CIPHER_free(aes128);
3429}
3430
3431/*
3432 * Test that changing the namemap in a user callback works in a names_do_all
3433 * function.
3434 */
3435static int test_names_do_all(void)
3436{
3437 /* We use a custom libctx so that we know the state of the namemap */
3438 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
3439 EVP_MD *sha256 = NULL;
3440 int testresult = 0;
3441
3442 if (!TEST_ptr(ctx))
3443 goto err;
3444
3445 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
3446 if (!TEST_ptr(sha256))
3447 goto err;
3448
3449 /*
3450 * We loop through all the names for a given digest. This should still work
3451 * even if the namemap changes part way through.
3452 */
3453 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
3454 goto err;
3455
3456 if (!TEST_true(success))
3457 goto err;
3458
3459 testresult = 1;
3460 err:
3461 EVP_MD_free(sha256);
3462 OSSL_LIB_CTX_free(ctx);
3463 return testresult;
3464}
e947a064 3465
063e0197
JC		 3466typedef struct {
3467 const char *cipher;
3468 const unsigned char *key;
3469 const unsigned char *iv;
3470 const unsigned char *input;
3471 const unsigned char *expected;
3472 const unsigned char *tag;
3473 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3474 size_t inlen;
3475 size_t expectedlen;
3476 size_t taglen;
3477 int keyfirst;
3478 int initenc;
3479 int finalenc;
3480} EVP_INIT_TEST_st;
3481
3482static const EVP_INIT_TEST_st evp_init_tests[] = {
3483 {
3484 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3485 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3486 0, 1, 0, 1
3487 },
3488 {
3489 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3490 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3491 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3492 sizeof(gcmDefaultTag), 1, 0, 1
3493 },
3494 {
3495 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3496 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3497 0, 0, 0, 1
3498 },
3499 {
3500 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3501 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3502 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3503 sizeof(gcmDefaultTag), 0, 0, 1
3504 },
3505 {
3506 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3507 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3508 0, 1, 1, 0
3509 },
3510 {
3511 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3512 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3513 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3514 sizeof(gcmDefaultTag), 1, 1, 0
3515 },
3516 {
3517 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3518 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3519 0, 0, 1, 0
3520 },
3521 {
3522 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3523 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3524 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3525 sizeof(gcmDefaultTag), 0, 1, 0
3526 }
3527};
3528
3529static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
3530{
3531 int res = 0;
1287dabd 3532
063e0197 3533 if (t->ivlen != 0) {
d649c51a 3534 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0))
063e0197
JC		 3535 goto err;
3536 }
3537 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
3538 goto err;
3539 res = 1;
3540 err:
3541 return res;
3542}
3543
3544/*
3545 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3546 * arguments are given one at a time and a final adjustment to the enc
3547 * parameter sets the correct operation.
3548 */
3549static int test_evp_init_seq(int idx)
3550{
3551 int outlen1, outlen2;
3552 int testresult = 0;
3553 unsigned char outbuf[1024];
3554 unsigned char tag[16];
3555 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
3556 EVP_CIPHER_CTX *ctx = NULL;
3557 EVP_CIPHER *type = NULL;
3558 size_t taglen = sizeof(tag);
3559 char *errmsg = NULL;
3560
3561 ctx = EVP_CIPHER_CTX_new();
3562 if (ctx == NULL) {
3563 errmsg = "CTX_ALLOC";
3564 goto err;
3565 }
3566 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
3567 errmsg = "CIPHER_FETCH";
3568 goto err;
3569 }
3570 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
3571 errmsg = "EMPTY_ENC_INIT";
3572 goto err;
3573 }
3574 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3575 errmsg = "PADDING";
3576 goto err;
3577 }
3578 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3579 errmsg = "KEY_INIT (before iv)";
3580 goto err;
3581 }
3582 if (!evp_init_seq_set_iv(ctx, t)) {
3583 errmsg = "IV_INIT";
3584 goto err;
3585 }
3586 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3587 errmsg = "KEY_INIT (after iv)";
3588 goto err;
3589 }
3590 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
3591 errmsg = "FINAL_ENC_INIT";
3592 goto err;
3593 }
3594 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3595 errmsg = "CIPHER_UPDATE";
3596 goto err;
3597 }
3598 if (t->finalenc == 0 && t->tag != NULL) {
3599 /* Set expected tag */
d649c51a
PH		 3600 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
3601 t->taglen, (void *)t->tag), 0)) {
063e0197
JC		 3602 errmsg = "SET_TAG";
3603 goto err;
3604 }
3605 }
3606 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3607 errmsg = "CIPHER_FINAL";
3608 goto err;
3609 }
3610 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3611 errmsg = "WRONG_RESULT";
3612 goto err;
3613 }
3614 if (t->finalenc != 0 && t->tag != NULL) {
d649c51a 3615 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
063e0197
JC		 3616 errmsg = "GET_TAG";
3617 goto err;
3618 }
3619 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
3620 errmsg = "TAG_ERROR";
3621 goto err;
3622 }
3623 }
3624 testresult = 1;
3625 err:
3626 if (errmsg != NULL)
3627 TEST_info("evp_init_test %d: %s", idx, errmsg);
3628 EVP_CIPHER_CTX_free(ctx);
3629 EVP_CIPHER_free(type);
3630 return testresult;
3631}
3632
3633typedef struct {
3634 const unsigned char *input;
3635 const unsigned char *expected;
3636 size_t inlen;
3637 size_t expectedlen;
3638 int enc;
3639} EVP_RESET_TEST_st;
3640
3641static const EVP_RESET_TEST_st evp_reset_tests[] = {
3642 {
3643 cfbPlaintext, cfbCiphertext,
3644 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
3645 },
3646 {
3647 cfbCiphertext, cfbPlaintext,
3648 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
3649 }
3650};
3651
3652/*
3653 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3654 * been used.
3655 */
3656static int test_evp_reset(int idx)
3657{
3658 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
3659 int outlen1, outlen2;
3660 int testresult = 0;
3661 unsigned char outbuf[1024];
3662 EVP_CIPHER_CTX *ctx = NULL;
3663 EVP_CIPHER *type = NULL;
3664 char *errmsg = NULL;
3665
3666 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3667 errmsg = "CTX_ALLOC";
3668 goto err;
3669 }
3670 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
3671 errmsg = "CIPHER_FETCH";
3672 goto err;
3673 }
3674 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3675 errmsg = "CIPHER_INIT";
3676 goto err;
3677 }
3678 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3679 errmsg = "PADDING";
3680 goto err;
3681 }
3682 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3683 errmsg = "CIPHER_UPDATE";
3684 goto err;
3685 }
3686 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3687 errmsg = "CIPHER_FINAL";
3688 goto err;
3689 }
3690 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3691 errmsg = "WRONG_RESULT";
3692 goto err;
3693 }
3694 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
3695 errmsg = "CIPHER_REINIT";
3696 goto err;
3697 }
3698 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3699 errmsg = "CIPHER_UPDATE (reinit)";
3700 goto err;
3701 }
3702 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3703 errmsg = "CIPHER_FINAL (reinit)";
3704 goto err;
3705 }
3706 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3707 errmsg = "WRONG_RESULT (reinit)";
3708 goto err;
3709 }
3710 testresult = 1;
3711 err:
3712 if (errmsg != NULL)
3713 TEST_info("test_evp_reset %d: %s", idx, errmsg);
3714 EVP_CIPHER_CTX_free(ctx);
3715 EVP_CIPHER_free(type);
3716 return testresult;
3717}
3718
f17e5277
IF		 3719typedef struct {
3720 const char *cipher;
3721 int enc;
3722} EVP_UPDATED_IV_TEST_st;
3723
3724static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
3725 {
3726 "aes-128-cfb", 1
3727 },
3728 {
3729 "aes-128-cfb", 0
3730 },
3731 {
3732 "aes-128-cfb1", 1
3733 },
3734 {
3735 "aes-128-cfb1", 0
3736 },
3737 {
3738 "aes-128-cfb8", 1
3739 },
3740 {
3741 "aes-128-cfb8", 0
3742 },
3743 {
3744 "aes-128-ofb", 1
3745 },
3746 {
3747 "aes-128-ofb", 0
3748 },
3749 {
3750 "aes-128-ctr", 1
3751 },
3752 {
3753 "aes-128-ctr", 0
3754 },
3755 {
3756 "aes-128-cbc", 1
3757 },
3758 {
3759 "aes-128-cbc", 0
3760 }
3761};
3762
3763/*
3764 * Test that the IV in the context is updated during a crypto operation for CFB
3765 * and OFB.
3766 */
3767static int test_evp_updated_iv(int idx)
3768{
3769 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
3770 int outlen1, outlen2;
3771 int testresult = 0;
3772 unsigned char outbuf[1024];
3773 EVP_CIPHER_CTX *ctx = NULL;
3774 EVP_CIPHER *type = NULL;
3775 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
3776 int iv_len;
3777 char *errmsg = NULL;
3778
3779 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3780 errmsg = "CTX_ALLOC";
3781 goto err;
3782 }
3783 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
3784 TEST_info("cipher %s not supported, skipping", t->cipher);
3785 goto ok;
3786 }
3787
3788 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3789 errmsg = "CIPHER_INIT";
3790 goto err;
3791 }
3792 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3793 errmsg = "PADDING";
3794 goto err;
3795 }
3796 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
3797 errmsg = "CIPHER_UPDATE";
3798 goto err;
3799 }
3800 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
3801 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
3802 goto err;
3803 }
3804 if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) {
3805 errmsg = "CIPHER_CTX_GET_IV_LEN";
3806 goto err;
3807 }
3808 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
3809 errmsg = "IV_NOT_UPDATED";
3810 goto err;
3811 }
3812 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3813 errmsg = "CIPHER_FINAL";
3814 goto err;
3815 }
3816 ok:
3817 testresult = 1;
3818 err:
3819 if (errmsg != NULL)
3820 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
3821 EVP_CIPHER_CTX_free(ctx);
3822 EVP_CIPHER_free(type);
3823 return testresult;
3824}
3825
063e0197
JC		 3826typedef struct {
3827 const unsigned char *iv1;
3828 const unsigned char *iv2;
3829 const unsigned char *expected1;
3830 const unsigned char *expected2;
3831 const unsigned char *tag1;
3832 const unsigned char *tag2;
3833 size_t ivlen1;
3834 size_t ivlen2;
3835 size_t expectedlen1;
3836 size_t expectedlen2;
3837} TEST_GCM_IV_REINIT_st;
3838
3839static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
3840 {
3841 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
3842 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
3843 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
3844 },
3845 {
3846 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
3847 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
3848 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
3849 }
3850};
3851
3852static int test_gcm_reinit(int idx)
3853{
3854 int outlen1, outlen2, outlen3;
3855 int testresult = 0;
3856 unsigned char outbuf[1024];
3857 unsigned char tag[16];
3858 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
3859 EVP_CIPHER_CTX *ctx = NULL;
3860 EVP_CIPHER *type = NULL;
3861 size_t taglen = sizeof(tag);
3862 char *errmsg = NULL;
3863
3864 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3865 errmsg = "CTX_ALLOC";
3866 goto err;
3867 }
3868 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
3869 errmsg = "CIPHER_FETCH";
3870 goto err;
3871 }
3872 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
3873 errmsg = "ENC_INIT";
3874 goto err;
3875 }
d649c51a 3876 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) {
063e0197
JC		 3877 errmsg = "SET_IVLEN1";
3878 goto err;
3879 }
3880 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
3881 errmsg = "SET_IV1";
3882 goto err;
3883 }
3884 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3885 errmsg = "AAD1";
3886 goto err;
3887 }
3888 EVP_CIPHER_CTX_set_padding(ctx, 0);
3889 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3890 sizeof(gcmResetPlaintext)))) {
3891 errmsg = "CIPHER_UPDATE1";
3892 goto err;
3893 }
3894 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3895 errmsg = "CIPHER_FINAL1";
3896 goto err;
3897 }
3898 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
3899 errmsg = "WRONG_RESULT1";
3900 goto err;
3901 }
d649c51a 3902 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
063e0197
JC		 3903 errmsg = "GET_TAG1";
3904 goto err;
3905 }
3906 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
3907 errmsg = "TAG_ERROR1";
3908 goto err;
3909 }
3910 /* Now reinit */
d649c51a 3911 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) {
063e0197
JC		 3912 errmsg = "SET_IVLEN2";
3913 goto err;
3914 }
3915 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
3916 errmsg = "SET_IV2";
3917 goto err;
3918 }
3919 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3920 errmsg = "AAD2";
3921 goto err;
3922 }
3923 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3924 sizeof(gcmResetPlaintext)))) {
3925 errmsg = "CIPHER_UPDATE2";
3926 goto err;
3927 }
3928 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3929 errmsg = "CIPHER_FINAL2";
3930 goto err;
3931 }
3932 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
3933 errmsg = "WRONG_RESULT2";
3934 goto err;
3935 }
d649c51a 3936 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
063e0197
JC		 3937 errmsg = "GET_TAG2";
3938 goto err;
3939 }
3940 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
3941 errmsg = "TAG_ERROR2";
3942 goto err;
3943 }
3944 testresult = 1;
3945 err:
3946 if (errmsg != NULL)
3947 TEST_info("evp_init_test %d: %s", idx, errmsg);
3948 EVP_CIPHER_CTX_free(ctx);
3949 EVP_CIPHER_free(type);
3950 return testresult;
3951}
3952
a983764e
MC		 3953#ifndef OPENSSL_NO_DEPRECATED_3_0
3954static EVP_PKEY_METHOD *custom_pmeth = NULL;
3955static const EVP_PKEY_METHOD *orig_pmeth = NULL;
3956
3957# define EVP_PKEY_CTRL_MY_COMMAND 9999
3958
3959static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
3960{
3961 int (*pinit)(EVP_PKEY_CTX *ctx);
3962
3963 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
3964 return pinit(ctx);
3965}
3966
3967static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
3968{
3969 void (*pcleanup)(EVP_PKEY_CTX *ctx);
3970
3971 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
3972 pcleanup(ctx);
3973}
3974
3975static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
3976 size_t *outlen, const unsigned char *in,
3977 size_t inlen)
3978{
3979 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
3980 const unsigned char *tbs, size_t tbslen);
3981
3982 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
3983 return psign(ctx, out, outlen, in, inlen);
3984}
3985
3986static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
3987 size_t *siglen, const unsigned char *tbs,
3988 size_t tbslen)
3989{
3990 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
3991 const unsigned char *tbs, size_t tbslen);
3992
c6fcd88f 3993 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
a983764e
MC		 3994 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
3995}
3996
3997static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
3998 size_t *keylen)
3999{
4000 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
4001
4002 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
4003 return pderive(ctx, key, keylen);
4004}
4005
4006static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
4007{
4008 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
4009
4010 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
4011 return pcopy(dst, src);
4012}
4013
4014static int ctrl_called;
4015
4016static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
4017{
4018 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
4019
4020 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
4021
4022 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
4023 ctrl_called = 1;
4024 return 1;
4025 }
4026
4027 return pctrl(ctx, type, p1, p2);
4028}
4029
4030static int test_custom_pmeth(int idx)
4031{
4032 EVP_PKEY_CTX *pctx = NULL;
4033 EVP_MD_CTX *ctx = NULL;
4034 EVP_PKEY *pkey = NULL;
4035 int id, orig_id, orig_flags;
4036 int testresult = 0;
4037 size_t reslen;
4038 unsigned char *res = NULL;
4039 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
4040 const EVP_MD *md = EVP_sha256();
4041 int doderive = 0;
4042
4043 ctrl_called = 0;
4044
4045 /* We call deprecated APIs so this test doesn't support a custom libctx */
4046 if (testctx != NULL)
4047 return 1;
4048
1287dabd 4049 switch (idx) {
a983764e
MC		 4050 case 0:
4051 case 6:
4052 id = EVP_PKEY_RSA;
4053 pkey = load_example_rsa_key();
4054 break;
4055 case 1:
4056 case 7:
4057# ifndef OPENSSL_NO_DSA
4058 id = EVP_PKEY_DSA;
4059 pkey = load_example_dsa_key();
4060 break;
4061# else
4062 return 1;
4063# endif
4064 case 2:
4065 case 8:
4066# ifndef OPENSSL_NO_EC
4067 id = EVP_PKEY_EC;
4068 pkey = load_example_ec_key();
4069 break;
4070# else
4071 return 1;
4072# endif
4073 case 3:
4074 case 9:
4075# ifndef OPENSSL_NO_EC
4076 id = EVP_PKEY_ED25519;
4077 md = NULL;
4078 pkey = load_example_ed25519_key();
4079 break;
4080# else
4081 return 1;
4082# endif
4083 case 4:
4084 case 10:
4085# ifndef OPENSSL_NO_DH
4086 id = EVP_PKEY_DH;
4087 doderive = 1;
4088 pkey = load_example_dh_key();
4089 break;
4090# else
4091 return 1;
4092# endif
4093 case 5:
4094 case 11:
4095# ifndef OPENSSL_NO_EC
4096 id = EVP_PKEY_X25519;
4097 doderive = 1;
4098 pkey = load_example_x25519_key();
4099 break;
4100# else
4101 return 1;
4102# endif
4103 default:
4104 TEST_error("Should not happen");
4105 goto err;
4106 }
4107
4108 if (!TEST_ptr(pkey))
4109 goto err;
4110
4111 if (idx < 6) {
4112 if (!TEST_true(evp_pkey_is_provided(pkey)))
4113 goto err;
4114 } else {
4115 EVP_PKEY *tmp = pkey;
4116
4117 /* Convert to a legacy key */
4118 pkey = EVP_PKEY_new();
4119 if (!TEST_ptr(pkey)) {
4120 pkey = tmp;
4121 goto err;
4122 }
4123 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
4124 EVP_PKEY_free(tmp);
4125 goto err;
4126 }
4127 EVP_PKEY_free(tmp);
4128 if (!TEST_true(evp_pkey_is_legacy(pkey)))
4129 goto err;
4130 }
4131
4132 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
4133 || !TEST_ptr(pkey))
4134 goto err;
4135
4136 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
4137 if (!TEST_int_eq(orig_id, id)
4138 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
4139 goto err;
4140
4141 if (id == EVP_PKEY_ED25519) {
4142 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
4143 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
4144 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
4145 } else {
4146 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
4147 }
4148 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
4149 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
4150 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
4151 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
4152 }
4153 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
4154 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
4155 goto err;
4156
4157 if (doderive) {
4158 pctx = EVP_PKEY_CTX_new(pkey, NULL);
4159 if (!TEST_ptr(pctx)
4160 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
4161 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4162 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4163 1)
4164 || !TEST_int_eq(ctrl_called, 1)
4165 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
4166 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
4167 || !TEST_ptr(res = OPENSSL_malloc(reslen))
4168 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
4169 goto err;
4170 } else {
4171 ctx = EVP_MD_CTX_new();
4172 reslen = EVP_PKEY_size(pkey);
4173 res = OPENSSL_malloc(reslen);
4174 if (!TEST_ptr(ctx)
4175 || !TEST_ptr(res)
4176 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
4177 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4178 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4179 1)
4180 || !TEST_int_eq(ctrl_called, 1))
4181 goto err;
4182
4183 if (id == EVP_PKEY_ED25519) {
4184 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
4185 goto err;
4186 } else {
4187 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
4188 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
4189 goto err;
4190 }
4191 }
4192
4193 testresult = 1;
4194 err:
4195 OPENSSL_free(res);
4196 EVP_MD_CTX_free(ctx);
4197 if (doderive)
4198 EVP_PKEY_CTX_free(pctx);
4199 EVP_PKEY_free(pkey);
4200 EVP_PKEY_meth_remove(custom_pmeth);
4201 EVP_PKEY_meth_free(custom_pmeth);
4202 custom_pmeth = NULL;
4203 return testresult;
4204}
03c2f21b
MC		 4205
4206static int test_evp_md_cipher_meth(void)
4207{
4208 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
4209 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
4210 int testresult = 0;
4211
4212 if (!TEST_ptr(md) || !TEST_ptr(ciph))
4213 goto err;
4214
4215 testresult = 1;
4216
4217 err:
4218 EVP_MD_meth_free(md);
4219 EVP_CIPHER_meth_free(ciph);
4220
4221 return testresult;
4222}
0299094c 4223
fbbe7202
MC		 4224typedef struct {
4225 int data;
4226} custom_dgst_ctx;
4227
4228static int custom_md_init_called = 0;
4229static int custom_md_cleanup_called = 0;
4230
4231static int custom_md_init(EVP_MD_CTX *ctx)
4232{
4233 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4234
4235 if (p == NULL)
4236 return 0;
4237
4238 custom_md_init_called++;
4239 return 1;
4240}
4241
4242static int custom_md_cleanup(EVP_MD_CTX *ctx)
4243{
4244 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4245
4246 if (p == NULL)
4247 /* Nothing to do */
4248 return 1;
4249
4250 custom_md_cleanup_called++;
4251 return 1;
4252}
4253
4254static int test_custom_md_meth(void)
4255{
4256 EVP_MD_CTX *mdctx = NULL;
4257 EVP_MD *tmp = NULL;
4258 char mess[] = "Test Message\n";
4259 unsigned char md_value[EVP_MAX_MD_SIZE];
4260 unsigned int md_len;
4261 int testresult = 0;
4262 int nid;
4263
4264 /*
4265 * We are testing deprecated functions. We don't support a non-default
4266 * library context in this test.
4267 */
4268 if (testctx != NULL)
4269 return 1;
4270
4271 custom_md_init_called = custom_md_cleanup_called = 0;
4272
4273 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
4274 if (!TEST_int_ne(nid, NID_undef))
4275 goto err;
4276 tmp = EVP_MD_meth_new(nid, NID_undef);
4277 if (!TEST_ptr(tmp))
4278 goto err;
4279
4280 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init))
4281 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup))
4282 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp,
4283 sizeof(custom_dgst_ctx))))
4284 goto err;
4285
4286 mdctx = EVP_MD_CTX_new();
4287 if (!TEST_ptr(mdctx)
4288 /*
4289 * Initing our custom md and then initing another md should
4290 * result in the init and cleanup functions of the custom md
4291 * from being called.
4292 */
4293 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL))
4294 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
4295 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess)))
4296 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len))
4297 || !TEST_int_eq(custom_md_init_called, 1)
4298 || !TEST_int_eq(custom_md_cleanup_called, 1))
4299 goto err;
4300
4301 testresult = 1;
4302 err:
4303 EVP_MD_CTX_free(mdctx);
4304 EVP_MD_meth_free(tmp);
4305 return testresult;
4306}
4307
0299094c
MC		 4308# ifndef OPENSSL_NO_DYNAMIC_ENGINE
4309/* Test we can create a signature keys with an associated ENGINE */
4310static int test_signatures_with_engine(int tst)
4311{
4312 ENGINE *e;
4313 const char *engine_id = "dasync";
4314 EVP_PKEY *pkey = NULL;
4315 const unsigned char badcmackey[] = { 0x00, 0x01 };
4316 const unsigned char cmackey[] = {
4317 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4318 0x0c, 0x0d, 0x0e, 0x0f
4319 };
4320 const unsigned char ed25519key[] = {
4321 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4322 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4323 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
4324 };
4325 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4326 int testresult = 0;
4327 EVP_MD_CTX *ctx = NULL;
4328 unsigned char *mac = NULL;
4329 size_t maclen = 0;
4330 int ret;
4331
ef2fb64f
MC		 4332# ifdef OPENSSL_NO_CMAC
4333 /* Skip CMAC tests in a no-cmac build */
4334 if (tst <= 1)
4335 return 1;
4336# endif
4337
0299094c
MC		 4338 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4339 return 0;
4340
4341 if (!TEST_true(ENGINE_init(e))) {
4342 ENGINE_free(e);
4343 return 0;
4344 }
4345
4346 switch (tst) {
4347 case 0:
4348 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
4349 EVP_aes_128_cbc());
4350 break;
4351 case 1:
4352 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
4353 EVP_aes_128_cbc());
4354 break;
4355 case 2:
4356 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
4357 sizeof(ed25519key));
4358 break;
4359 default:
4360 TEST_error("Invalid test case");
4361 goto err;
4362 }
4363 if (!TEST_ptr(pkey))
4364 goto err;
4365
4366 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
4367 goto err;
4368
4369 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
4370 pkey);
4371 if (tst == 0) {
4372 if (!TEST_true(ret))
4373 goto err;
4374
4375 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
4376 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
4377 goto err;
4378
4379 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
4380 goto err;
4381
4382 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
4383 goto err;
4384 } else {
4385 /* We used a bad key. We expect a failure here */
4386 if (!TEST_false(ret))
4387 goto err;
4388 }
4389
4390 testresult = 1;
4391 err:
4392 EVP_MD_CTX_free(ctx);
4393 OPENSSL_free(mac);
4394 EVP_PKEY_free(pkey);
4395 ENGINE_finish(e);
4396 ENGINE_free(e);
4397
4398 return testresult;
4399}
4400
4401static int test_cipher_with_engine(void)
4402{
4403 ENGINE *e;
4404 const char *engine_id = "dasync";
4405 const unsigned char keyiv[] = {
4406 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4407 0x0c, 0x0d, 0x0e, 0x0f
4408 };
4409 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4410 int testresult = 0;
4411 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
4412 unsigned char buf[AES_BLOCK_SIZE];
4413 int len = 0;
4414
4415 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4416 return 0;
4417
4418 if (!TEST_true(ENGINE_init(e))) {
4419 ENGINE_free(e);
4420 return 0;
4421 }
4422
4423 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4424 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
4425 goto err;
4426
4427 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
4428 goto err;
4429
4430 /* Copy the ctx, and complete the operation with the new ctx */
4431 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
4432 goto err;
4433
4434 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
4435 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
4436 goto err;
4437
4438 testresult = 1;
4439 err:
4440 EVP_CIPHER_CTX_free(ctx);
4441 EVP_CIPHER_CTX_free(ctx2);
4442 ENGINE_finish(e);
4443 ENGINE_free(e);
4444
4445 return testresult;
4446}
4447# endif /* OPENSSL_NO_DYNAMIC_ENGINE */
03c2f21b 4448#endif /* OPENSSL_NO_DEPRECATED_3_0 */
063e0197 4449
8c08c8b3
MC		 4450static int ecxnids[] = {
4451 NID_X25519,
4452 NID_X448,
4453 NID_ED25519,
4454 NID_ED448
4455};
4456
4457/* Test that creating ECX keys with a short private key fails as expected */
4458static int test_ecx_short_keys(int tst)
4459{
4460 unsigned char ecxkeydata = 1;
4461 EVP_PKEY *pkey;
4462
4463
4464 pkey = EVP_PKEY_new_raw_private_key(ecxnids[tst], NULL, &ecxkeydata, 1);
4465 if (!TEST_ptr_null(pkey)) {
4466 EVP_PKEY_free(pkey);
4467 return 0;
4468 }
4469 return 1;
4470}
4471
062490db
JS		 4472typedef enum OPTION_choice {
4473 OPT_ERR = -1,
4474 OPT_EOF = 0,
4475 OPT_CONTEXT,
4476 OPT_TEST_ENUM
4477} OPTION_CHOICE;
4478
4479const OPTIONS *test_get_options(void)
71ea6b48 4480{
062490db
JS		 4481 static const OPTIONS options[] = {
4482 OPT_TEST_OPTIONS_DEFAULT_USAGE,
4483 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
4484 { NULL }
4485 };
4486 return options;
4487}
86dc26ba 4488
062490db
JS		 4489int setup_tests(void)
4490{
4491 OPTION_CHOICE o;
4492
4493 while ((o = opt_next()) != OPT_EOF) {
4494 switch (o) {
4495 case OPT_CONTEXT:
4496 /* Set up an alternate library context */
4497 testctx = OSSL_LIB_CTX_new();
4498 if (!TEST_ptr(testctx))
4499 return 0;
4500 /* Swap the libctx to test non-default context only */
4501 nullprov = OSSL_PROVIDER_load(NULL, "null");
4502 deflprov = OSSL_PROVIDER_load(testctx, "default");
4503 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
4504 break;
4505 case OPT_TEST_CASES:
4506 break;
4507 default:
4508 return 0;
4509 }
4510 }
86dc26ba 4511
f9e504e8 4512 ADD_TEST(test_EVP_set_default_properties);
816f72d0 4513 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
adcd8e37 4514 ADD_TEST(test_EVP_DigestVerifyInit);
8cbfc4f6
TM		 4515#ifndef OPENSSL_NO_SIPHASH
4516 ADD_TEST(test_siphash_digestsign);
4517#endif
8d8dd09b 4518 ADD_TEST(test_EVP_Digest);
bef9b48e 4519 ADD_TEST(test_EVP_md_null);
15ff7d7c 4520 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
4547a719 4521 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
ad887416 4522 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
29c49b25 4523 ADD_TEST(test_privatekey_to_pkcs8);
8be513ae 4524 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
a9880362 4525#ifndef OPENSSL_NO_EC
adcd8e37 4526 ADD_TEST(test_EVP_PKCS82PKEY);
ddb634fe 4527#endif
f0c62c53
RL		 4528#ifndef OPENSSL_NO_EC
4529 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
4530#endif
f844f9eb 4531#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
ddb634fe 4532 ADD_TEST(test_EVP_SM2);
a6c4cb84 4533 ADD_TEST(test_EVP_SM2_verify);
a9880362 4534#endif
bb5f281a 4535 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
41bbba53 4536#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3
PY		 4537 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
4538 if (!TEST_ptr(custom_pmeth))
4539 return 0;
4540 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
b0004708
PY		 4541 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
4542 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
2aee35d3
PY		 4543 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
4544 return 0;
41bbba53 4545#endif
2aee35d3 4546 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
fab8fde3 4547#ifndef OPENSSL_NO_CMAC
a87820e1 4548 ADD_TEST(test_CMAC_keygen);
fab8fde3 4549#endif
10d5b415 4550 ADD_TEST(test_HKDF);
2cd3ebc7 4551 ADD_TEST(test_emptyikm_HKDF);
5dc40a83
BE		 4552#ifndef OPENSSL_NO_EC
4553 ADD_TEST(test_X509_PUBKEY_inplace);
808c63c5 4554 ADD_TEST(test_X509_PUBKEY_dup);
cad8347b
SL		 4555 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
4556 OSSL_NELEM(ec_der_pub_keys));
5dc40a83 4557#endif
8d0f8c81 4558#ifndef OPENSSL_NO_DSA
f54a4101 4559 ADD_TEST(test_DSA_get_set_params);
2c04b341 4560 ADD_TEST(test_DSA_priv_pub);
b4be6937 4561#endif
f54a4101 4562 ADD_TEST(test_RSA_get_set_params);
b4be6937
MC		 4563#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
4564 ADD_TEST(test_decrypt_null_chunks);
8d0f8c81 4565#endif
2c04b341
JS		 4566#ifndef OPENSSL_NO_DH
4567 ADD_TEST(test_DH_priv_pub);
4568# ifndef OPENSSL_NO_DEPRECATED_3_0
e295de1d 4569 ADD_TEST(test_EVP_PKEY_set1_DH);
2c04b341 4570# endif
b8a1272d
MC		 4571#endif
4572#ifndef OPENSSL_NO_EC
4573 ADD_TEST(test_EC_priv_pub);
4574# ifndef OPENSSL_NO_DEPRECATED_3_0
4575 ADD_TEST(test_EC_priv_only_legacy);
4576# endif
501fcfb8 4577#endif
8a5cb596 4578 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
5ddec6a7 4579 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
e295de1d 4580
1c19ff3c 4581 ADD_TEST(test_rand_agglomeration);
a4afa6c1
TM		 4582 ADD_ALL_TESTS(test_evp_iv_aes, 12);
4583#ifndef OPENSSL_NO_DES
4584 ADD_ALL_TESTS(test_evp_iv_des, 6);
091e60c4
TM		 4585#endif
4586#ifndef OPENSSL_NO_BF
4587 ADD_ALL_TESTS(test_evp_bf_default_keylen, 4);
a4afa6c1 4588#endif
e947a064 4589 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
6f87463b 4590 ADD_TEST(test_EVP_rsa_pss_set_saltlen);
c0ff1932
BK		 4591#ifndef OPENSSL_NO_EC
4592 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
4593#endif
1c19ff3c 4594
5eb73cfb
MC		 4595 ADD_TEST(test_names_do_all);
4596
063e0197
JC		 4597 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
4598 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
4599 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
f17e5277 4600 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
063e0197 4601
a983764e
MC		 4602#ifndef OPENSSL_NO_DEPRECATED_3_0
4603 ADD_ALL_TESTS(test_custom_pmeth, 12);
03c2f21b 4604 ADD_TEST(test_evp_md_cipher_meth);
fbbe7202 4605 ADD_TEST(test_custom_md_meth);
0299094c
MC		 4606
4607# ifndef OPENSSL_NO_DYNAMIC_ENGINE
4608 /* Tests only support the default libctx */
4609 if (testctx == NULL) {
4610# ifndef OPENSSL_NO_EC
4611 ADD_ALL_TESTS(test_signatures_with_engine, 3);
4612# else
4613 ADD_ALL_TESTS(test_signatures_with_engine, 2);
4614# endif
4615 ADD_TEST(test_cipher_with_engine);
4616 }
4617# endif
a983764e
MC		 4618#endif
4619
8c08c8b3
MC		 4620 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
4621
ad887416 4622 return 1;
71ea6b48 4623}
86dc26ba
MC		 4624
4625void cleanup_tests(void)
4626{
062490db
JS		 4627 OSSL_PROVIDER_unload(nullprov);
4628 OSSL_PROVIDER_unload(deflprov);
4629 OSSL_PROVIDER_unload(lgcyprov);
b4250010 4630 OSSL_LIB_CTX_free(testctx);
86dc26ba 4631}
A mirror of the official openssl repository