]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/evp_extra_test.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Correct documentation errors in regards to UTF8 params
[thirdparty/openssl.git] / test / evp_extra_test.c
CommitLineData
440e5d80 1/*
4333b89f 2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
71ea6b48 3 *
909f1a2e 4 * Licensed under the Apache License 2.0 (the "License"). You may not use
440e5d80
RS		 5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
71ea6b48
MC		 8 */
9
41bbba53
P		 10/* We need to use some deprecated APIs */
11#define OPENSSL_SUPPRESS_DEPRECATED
12
71ea6b48
MC		 13#include <stdio.h>
14#include <stdlib.h>
bb5f281a 15#include <string.h>
71ea6b48 16#include <openssl/bio.h>
7bb82f92 17#include <openssl/conf.h>
71ea6b48
MC		 18#include <openssl/crypto.h>
19#include <openssl/err.h>
20#include <openssl/evp.h>
71ea6b48 21#include <openssl/x509.h>
4803717f 22#include <openssl/pem.h>
10d5b415 23#include <openssl/kdf.h>
847d0f81 24#include <openssl/provider.h>
9c45222d 25#include <openssl/core_names.h>
f54a4101 26#include <openssl/params.h>
d7e498ac 27#include <openssl/param_build.h>
9c45222d 28#include <openssl/dsa.h>
e295de1d 29#include <openssl/dh.h>
e5bc0ce2 30#include <openssl/aes.h>
d7e498ac 31#include <openssl/decoder.h>
e947a064 32#include <openssl/rsa.h>
adcd8e37 33#include "testutil.h"
176db6dc 34#include "internal/nelem.h"
00bc1ad9 35#include "internal/sizes.h"
25f2138b 36#include "crypto/evp.h"
f0c62c53 37#include "../e_os.h" /* strcasecmp */
71ea6b48 38
b4250010 39static OSSL_LIB_CTX *testctx = NULL;
062490db
JS		 40static char *testpropq = NULL;
41
42static OSSL_PROVIDER *nullprov = NULL;
43static OSSL_PROVIDER *deflprov = NULL;
44static OSSL_PROVIDER *lgcyprov = NULL;
86dc26ba 45
71ea6b48
MC		 46/*
47 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
48 * should never use this key anywhere but in an example.
49 */
50static const unsigned char kExampleRSAKeyDER[] = {
51 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
52 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
53 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
54 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
55 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
56 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
57 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
58 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
59 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
60 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
61 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
62 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
63 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
64 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
65 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
66 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
67 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
68 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
69 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
70 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
71 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
72 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
73 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
74 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
75 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
76 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
77 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
78 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
79 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
80 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
81 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
82 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
83 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
84 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
85 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
86 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
87 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
88 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
89 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
90 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
91 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
92 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
93 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
94 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
95 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
96 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
97 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
98 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
99 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
100 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
101 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
102};
103
59d0e6c8
MC		 104/*
105* kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
106 * should never use this key anywhere but in an example.
107 */
f650ab47 108#ifndef OPENSSL_NO_DSA
59d0e6c8
MC		 109static const unsigned char kExampleDSAKeyDER[] = {
110 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
111 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
112 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
113 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
114 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
115 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
116 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
117 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
118 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
119 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
120 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
121 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
122 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
123 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
124 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
125 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
126 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
127 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
128 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
129 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
130 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
131 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
132 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
133 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
134 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
135 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
136 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
137 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
138 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
139 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
140 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
141 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
142 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
143 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
144 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
145 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
146 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
147 0x40, 0x48
148};
f650ab47 149#endif
59d0e6c8 150
2aee35d3
PY		 151/*
152 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
153 * components are not correct.
154 */
155static const unsigned char kExampleBadRSAKeyDER[] = {
156 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
157 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
158 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
159 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
160 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
161 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
162 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
163 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
164 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
165 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
166 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
167 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
168 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
169 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
170 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
171 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
172 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
173 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
174 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
175 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
176 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
177 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
178 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
179 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
180 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
181 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
182 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
183 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
184 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
185 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
186 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
187 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
188 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
189 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
190 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
191 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
192 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
193 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
194 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
195 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
196 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
197 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
198 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
199 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
200 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
201 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
202 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
203 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
204 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
205 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
206 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
207 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
208 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
209 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
210 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
211 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
212 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
213 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
214 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
215 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
216 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
217 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
218 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
219 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
220 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
221 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
222 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
223 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
224 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
225 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
226 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
227 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
228 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
229 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
230 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
231 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
232 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
233 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
234 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
235 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
236 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
237 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
238 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
239 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
240 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
241 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
242 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
243 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
244 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
245};
246
71ea6b48
MC		 247static const unsigned char kMsg[] = { 1, 2, 3, 4 };
248
249static const unsigned char kSignature[] = {
250 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
251 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
252 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
253 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
254 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
255 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
256 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
257 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
258 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
259 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
260 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
261};
262
263/*
264 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
265 * PrivateKeyInfo.
266 */
267static const unsigned char kExampleRSAKeyPKCS8[] = {
268 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
269 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
270 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
271 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
272 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
273 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
274 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
275 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
276 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
277 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
278 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
279 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
280 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
281 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
282 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
283 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
284 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
285 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
286 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
287 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
288 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
289 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
290 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
291 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
292 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
293 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
294 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
295 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
296 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
297 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
298 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
299 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
300 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
301 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
302 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
303 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
304 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
305 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
306 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
307 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
308 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
309 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
310 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
311 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
312 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
313 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
314 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
315 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
316 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
317 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
318 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
319 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
320 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
321};
322
a9880362 323#ifndef OPENSSL_NO_EC
71ea6b48
MC		 324/*
325 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
326 * structure.
327 */
328static const unsigned char kExampleECKeyDER[] = {
329 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
330 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
331 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
332 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
333 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
334 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
335 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
336 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
337 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
338 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
339 0xc1,
340};
341
342/*
343 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
344 * structure. The private key is equal to the order and will fail to import
345 */
346static const unsigned char kExampleBadECKeyDER[] = {
347 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
348 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
349 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
350 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
351 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
352 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
353 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
354 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
355 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
356};
b0004708
PY		 357
358/* prime256v1 */
359static const unsigned char kExampleECPubKeyDER[] = {
360 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
361 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
362 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
363 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
364 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
365 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
366 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
367 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
368};
369
5dc40a83 370/*
87762939 371 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
5dc40a83
BE		 372 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
373 */
374static const unsigned char kExampleBadECPubKeyDER[] = {
375 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
376 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
377 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
378 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
379 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
380 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
381 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
382 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
383};
384
b0004708
PY		 385static const unsigned char pExampleECParamDER[] = {
386 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
387};
2cf8bb46
MC		 388
389static const unsigned char kExampleED25519KeyDER[] = {
390 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
391 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
392 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
393 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
394};
395
396static const unsigned char kExampleED25519PubKeyDER[] = {
397 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
398 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
399 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
400 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
401};
402
a983764e
MC		 403# ifndef OPENSSL_NO_DEPRECATED_3_0
404static const unsigned char kExampleX25519KeyDER[] = {
405 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
406 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
407 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
408 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
409};
410# endif
411#endif
412
413/* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
414#ifndef OPENSSL_NO_DEPRECATED_3_0
415# ifndef OPENSSL_NO_DH
416static const unsigned char kExampleDHKeyDER[] = {
417 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
418 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
419 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
420 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
421 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
422 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
423 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
424 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
425 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
426 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
427 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
428 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
429 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
430 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
431 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
432 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
433 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
434 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
435 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
436 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
437 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
438 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
439 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
440 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
441 0x2e, 0x87, 0x2a, 0x0b, 0x7a
442};
443# endif
a9880362 444#endif
71ea6b48 445
063e0197
JC		 446static const unsigned char kCFBDefaultKey[] = {
447 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
448 0x09, 0xCF, 0x4F, 0x3C
449};
450
451static const unsigned char kGCMDefaultKey[32] = { 0 };
452
453static const unsigned char kGCMResetKey[] = {
454 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
455 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
456 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
457};
458
459static const unsigned char iCFBIV[] = {
460 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
461 0x0C, 0x0D, 0x0E, 0x0F
462};
463
464static const unsigned char iGCMDefaultIV[12] = { 0 };
465
466static const unsigned char iGCMResetIV1[] = {
467 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
468};
469
470static const unsigned char iGCMResetIV2[] = {
471 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
472};
473
474static const unsigned char cfbPlaintext[] = {
475 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
476 0x73, 0x93, 0x17, 0x2A
477};
478
479static const unsigned char gcmDefaultPlaintext[16] = { 0 };
480
481static const unsigned char gcmResetPlaintext[] = {
482 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
483 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
484 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
485 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
486 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
487};
488
489static const unsigned char cfbCiphertext[] = {
490 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
491 0xE8, 0x3C, 0xFB, 0x4A
492};
493
494static const unsigned char gcmDefaultCiphertext[] = {
495 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
496 0xba, 0xf3, 0x9d, 0x18
497};
498
499static const unsigned char gcmResetCiphertext1[] = {
500 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
501 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
502 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
503 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
504 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
505};
506
507static const unsigned char gcmResetCiphertext2[] = {
508 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
509 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
510 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
511 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
512 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
513};
514
515static const unsigned char gcmAAD[] = {
516 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
517 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
518};
519
520static const unsigned char gcmDefaultTag[] = {
521 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
522 0xd4, 0x8a, 0xb9, 0x19
523};
524
525static const unsigned char gcmResetTag1[] = {
526 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
527 0xfe, 0x2e, 0xa8, 0xf2
528};
529
530static const unsigned char gcmResetTag2[] = {
531 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
532 0xbb, 0x2d, 0x55, 0x1b
533};
534
adcd8e37
RS		 535typedef struct APK_DATA_st {
536 const unsigned char *kder;
537 size_t size;
5b5eea4b 538 const char *keytype;
adcd8e37 539 int evptype;
2aee35d3 540 int check;
b0004708
PY		 541 int pub_check;
542 int param_check;
543 int type; /* 0 for private, 1 for public, 2 for params */
adcd8e37
RS		 544} APK_DATA;
545
546static APK_DATA keydata[] = {
5b5eea4b
SL		 547 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
548 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
aa24cd1b 549#ifndef OPENSSL_NO_EC
5b5eea4b 550 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
aa24cd1b 551#endif
adcd8e37
RS		 552};
553
2aee35d3 554static APK_DATA keycheckdata[] = {
2cf8bb46
MC		 555 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
556 0},
5b5eea4b 557 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
e6774a72 558 0, 1, 1, 0},
2aee35d3 559#ifndef OPENSSL_NO_EC
5b5eea4b 560 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
b0004708 561 /* group is also associated in our pub key */
2cf8bb46
MC		 562 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
563 1, 1},
564 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
565 2},
566 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
567 EVP_PKEY_ED25519, 1, 1, 1, 0},
568 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
569 EVP_PKEY_ED25519, 0, 1, 1, 1},
2aee35d3
PY		 570#endif
571};
572
d7e498ac
RL		 573static EVP_PKEY *load_example_key(const char *keytype,
574 const unsigned char *data, size_t data_len)
71ea6b48 575{
d7e498ac 576 const unsigned char **pdata = &data;
71ea6b48 577 EVP_PKEY *pkey = NULL;
d7e498ac 578 OSSL_DECODER_CTX *dctx =
fe75766c 579 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
062490db 580 testctx, testpropq);
71ea6b48 581
d7e498ac
RL		 582 /* |pkey| will be NULL on error */
583 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
584 OSSL_DECODER_CTX_free(dctx);
585 return pkey;
586}
71ea6b48 587
d7e498ac
RL		 588static EVP_PKEY *load_example_rsa_key(void)
589{
590 return load_example_key("RSA", kExampleRSAKeyDER,
591 sizeof(kExampleRSAKeyDER));
71ea6b48
MC		 592}
593
f650ab47 594#ifndef OPENSSL_NO_DSA
59d0e6c8
MC		 595static EVP_PKEY *load_example_dsa_key(void)
596{
6ed4022c
RL		 597 return load_example_key("DSA", kExampleDSAKeyDER,
598 sizeof(kExampleDSAKeyDER));
59d0e6c8 599}
f650ab47 600#endif
59d0e6c8 601
a983764e
MC		 602#ifndef OPENSSL_NO_DEPRECATED_3_0
603# ifndef OPENSSL_NO_DH
604static EVP_PKEY *load_example_dh_key(void)
605{
606 return load_example_key("DH", kExampleDHKeyDER,
607 sizeof(kExampleDHKeyDER));
608}
609# endif
610
611# ifndef OPENSSL_NO_EC
612static EVP_PKEY *load_example_ec_key(void)
613{
614 return load_example_key("EC", kExampleECKeyDER,
615 sizeof(kExampleECKeyDER));
616}
617
618static EVP_PKEY *load_example_ed25519_key(void)
619{
620 return load_example_key("ED25519", kExampleED25519KeyDER,
621 sizeof(kExampleED25519KeyDER));
622}
623
624static EVP_PKEY *load_example_x25519_key(void)
625{
626 return load_example_key("X25519", kExampleX25519KeyDER,
627 sizeof(kExampleX25519KeyDER));
628}
629# endif
630#endif /* OPENSSL_NO_DEPRECATED_3_0 */
631
6d242fa5
MC		 632static EVP_PKEY *load_example_hmac_key(void)
633{
634 EVP_PKEY *pkey = NULL;
635 unsigned char key[] = {
636 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
637 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
638 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
639 };
640
5af6e154
TM		 641 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
642 NULL, key, sizeof(key));
6d242fa5
MC		 643 if (!TEST_ptr(pkey))
644 return NULL;
645
646 return pkey;
647}
648
f9e504e8
P		 649static int test_EVP_set_default_properties(void)
650{
b4250010 651 OSSL_LIB_CTX *ctx;
f9e504e8
P		 652 EVP_MD *md = NULL;
653 int res = 0;
654
b4250010 655 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
f9e504e8
P		 656 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
657 goto err;
658 EVP_MD_free(md);
659 md = NULL;
660
661 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
662 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
663 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
664 goto err;
665 EVP_MD_free(md);
666 md = NULL;
667
668 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
669 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
670 goto err;
671 res = 1;
672err:
673 EVP_MD_free(md);
b4250010 674 OSSL_LIB_CTX_free(ctx);
f9e504e8
P		 675 return res;
676}
677
b8a1272d
MC		 678#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
679static int test_fromdata(char *keytype, OSSL_PARAM *params)
680{
681 EVP_PKEY_CTX *pctx = NULL;
682 EVP_PKEY *pkey = NULL;
683 int testresult = 0;
684
062490db 685 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
b8a1272d 686 goto err;
2db985b7
SL		 687 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
688 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
689 params), 0))
b8a1272d
MC		 690 goto err;
691
692 if (!TEST_ptr(pkey))
693 goto err;
694
695 testresult = 1;
696 err:
697 EVP_PKEY_free(pkey);
698 EVP_PKEY_CTX_free(pctx);
699
700 return testresult;
701}
702#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
703
2c04b341 704/*
8a9394c1 705 * Test combinations of private, public, missing and private + public key
2c04b341
JS		 706 * params to ensure they are all accepted
707 */
b8a1272d 708#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
2c04b341
JS		 709static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
710{
711 OSSL_PARAM_BLD *bld = NULL;
712 OSSL_PARAM *params = NULL;
713 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2c04b341
JS		 714 int ret = 0;
715
716 /*
717 * Setup the parameters for our pkey object. For our purposes they don't
718 * have to actually be *valid* parameters. We just need to set something.
719 */
b8a1272d 720 if (!TEST_ptr(p = BN_new())
2c04b341
JS		 721 || !TEST_ptr(q = BN_new())
722 || !TEST_ptr(g = BN_new())
723 || !TEST_ptr(pub = BN_new())
724 || !TEST_ptr(priv = BN_new()))
725 goto err;
726
727 /* Test !priv and !pub */
728 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
729 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
730 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
731 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
732 goto err;
733 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
734 goto err;
735
b8a1272d 736 if (!test_fromdata(keytype, params))
2c04b341 737 goto err;
3f883c7c 738 OSSL_PARAM_free(params);
6bcbc369 739 params = NULL;
2c04b341
JS		 740 OSSL_PARAM_BLD_free(bld);
741
742 /* Test priv and !pub */
743 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
744 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
745 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
746 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
747 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
748 priv)))
749 goto err;
750 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
751 goto err;
752
b8a1272d 753 if (!test_fromdata(keytype, params))
2c04b341 754 goto err;
3f883c7c 755 OSSL_PARAM_free(params);
6bcbc369 756 params = NULL;
2c04b341
JS		 757 OSSL_PARAM_BLD_free(bld);
758
759 /* Test !priv and pub */
760 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
761 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
762 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
763 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
764 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
765 pub)))
766 goto err;
767 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
768 goto err;
769
b8a1272d 770 if (!test_fromdata(keytype, params))
2c04b341 771 goto err;
3f883c7c 772 OSSL_PARAM_free(params);
6bcbc369 773 params = NULL;
2c04b341
JS		 774 OSSL_PARAM_BLD_free(bld);
775
776 /* Test priv and pub */
777 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
778 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
779 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
780 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
781 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
782 pub))
783 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
784 priv)))
785 goto err;
786 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
787 goto err;
788
b8a1272d 789 if (!test_fromdata(keytype, params))
2c04b341
JS		 790 goto err;
791
792 ret = 1;
793 err:
3f883c7c 794 OSSL_PARAM_free(params);
2c04b341
JS		 795 OSSL_PARAM_BLD_free(bld);
796 BN_free(p);
797 BN_free(q);
798 BN_free(g);
799 BN_free(pub);
800 BN_free(priv);
801
802 return ret;
803}
8a9394c1 804#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
2c04b341 805
b8a1272d
MC		 806/*
807 * Test combinations of private, public, missing and private + public key
808 * params to ensure they are all accepted for EC keys
809 */
810#ifndef OPENSSL_NO_EC
811static unsigned char ec_priv[] = {
812 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
813 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
814 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
815};
816static unsigned char ec_pub[] = {
817 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
818 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
819 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
820 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
821 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
822 0x08, 0x09, 0xb8, 0xdb, 0x03
823};
824
825static int test_EC_priv_pub(void)
826{
827 OSSL_PARAM_BLD *bld = NULL;
828 OSSL_PARAM *params = NULL;
829 BIGNUM *priv = NULL;
830 int ret = 0;
831
832 /*
833 * Setup the parameters for our pkey object. For our purposes they don't
834 * have to actually be *valid* parameters. We just need to set something.
835 */
836 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
837 goto err;
838
839 /* Test !priv and !pub */
840 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
841 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
842 OSSL_PKEY_PARAM_GROUP_NAME,
843 "P-256", 0)))
844 goto err;
845 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
846 goto err;
847
848 if (!test_fromdata("EC", params))
849 goto err;
3f883c7c 850 OSSL_PARAM_free(params);
bfe2fcc8 851 params = NULL;
b8a1272d
MC		 852 OSSL_PARAM_BLD_free(bld);
853
854 /* Test priv and !pub */
855 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
856 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
857 OSSL_PKEY_PARAM_GROUP_NAME,
858 "P-256", 0))
859 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
860 priv)))
861 goto err;
862 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
863 goto err;
864
865 if (!test_fromdata("EC", params))
866 goto err;
3f883c7c 867 OSSL_PARAM_free(params);
bfe2fcc8 868 params = NULL;
b8a1272d
MC		 869 OSSL_PARAM_BLD_free(bld);
870
871 /* Test !priv and pub */
872 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
873 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
874 OSSL_PKEY_PARAM_GROUP_NAME,
875 "P-256", 0))
876 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
877 OSSL_PKEY_PARAM_PUB_KEY,
878 ec_pub, sizeof(ec_pub))))
879 goto err;
880 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
881 goto err;
882
883 if (!test_fromdata("EC", params))
884 goto err;
3f883c7c 885 OSSL_PARAM_free(params);
bfe2fcc8 886 params = NULL;
b8a1272d
MC		 887 OSSL_PARAM_BLD_free(bld);
888
889 /* Test priv and pub */
890 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
891 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
892 OSSL_PKEY_PARAM_GROUP_NAME,
893 "P-256", 0))
894 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
895 OSSL_PKEY_PARAM_PUB_KEY,
896 ec_pub, sizeof(ec_pub)))
d36a5dd0
MC		 897 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
898 priv)))
b8a1272d
MC		 899 goto err;
900 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
901 goto err;
902
903 if (!test_fromdata("EC", params))
904 goto err;
905
906 ret = 1;
907 err:
3f883c7c 908 OSSL_PARAM_free(params);
b8a1272d
MC		 909 OSSL_PARAM_BLD_free(bld);
910 BN_free(priv);
911
912 return ret;
913}
914
915/* Test that using a legacy EC key with only a private key in it works */
916# ifndef OPENSSL_NO_DEPRECATED_3_0
917static int test_EC_priv_only_legacy(void)
918{
919 BIGNUM *priv = NULL;
920 int ret = 0;
921 EC_KEY *eckey = NULL;
2145ba5e 922 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
b8a1272d
MC		 923 EVP_MD_CTX *ctx = NULL;
924
925 /* Create the low level EC_KEY */
926 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
927 goto err;
928
929 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
930 if (!TEST_ptr(eckey))
931 goto err;
932
933 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
934 goto err;
935
936 pkey = EVP_PKEY_new();
937 if (!TEST_ptr(pkey))
938 goto err;
939
940 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
941 goto err;
942 eckey = NULL;
943
2145ba5e
TM		 944 while (dup_pk == NULL) {
945 ret = 0;
946 ctx = EVP_MD_CTX_new();
947 if (!TEST_ptr(ctx))
948 goto err;
949
950 /*
951 * The EVP_DigestSignInit function should create the key on the
952 * provider side which is sufficient for this test.
953 */
954 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
955 testpropq, pkey, NULL)))
956 goto err;
957 EVP_MD_CTX_free(ctx);
958 ctx = NULL;
959
960 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
961 goto err;
962 /* EVP_PKEY_eq() returns -2 with missing public keys */
963 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
964 EVP_PKEY_free(pkey);
965 pkey = dup_pk;
966 if (!ret)
967 goto err;
968 }
b8a1272d
MC		 969
970 err:
971 EVP_MD_CTX_free(ctx);
972 EVP_PKEY_free(pkey);
973 EC_KEY_free(eckey);
974 BN_free(priv);
975
976 return ret;
977}
978# endif /* OPENSSL_NO_DEPRECATED_3_0 */
979#endif /* OPENSSL_NO_EC */
980
4547a719
P		 981/*
982 * n = 0 => test using legacy cipher
983 * n = 1 => test using fetched cipher
984 */
985static int test_EVP_Enveloped(int n)
2eb2b4f3
SL		 986{
987 int ret = 0;
988 EVP_CIPHER_CTX *ctx = NULL;
989 EVP_PKEY *keypair = NULL;
990 unsigned char *kek = NULL;
991 unsigned char iv[EVP_MAX_IV_LENGTH];
992 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
993 int len, kek_len, ciphertext_len, plaintext_len;
994 unsigned char ciphertext[32], plaintext[16];
4547a719 995 EVP_CIPHER *type = NULL;
062490db
JS		 996
997 if (nullprov != NULL)
998 return TEST_skip("Test does not support a non-default library context");
999
4547a719
P		 1000 if (n == 0)
1001 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1002 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1003 testpropq)))
1004 goto err;
2eb2b4f3
SL		 1005
1006 if (!TEST_ptr(keypair = load_example_rsa_key())
ed576acd 1007 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
2eb2b4f3
SL		 1008 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1009 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1010 &keypair, 1))
1011 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1012 msg, sizeof(msg)))
1013 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1014 &len)))
1015 goto err;
1016
1017 ciphertext_len += len;
1018
1019 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1020 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1021 ciphertext, ciphertext_len))
1022 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1023 goto err;
1024
1025 plaintext_len += len;
1026 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1027 goto err;
1028
1029 ret = 1;
1030err:
4547a719
P		 1031 if (n != 0)
1032 EVP_CIPHER_free(type);
2eb2b4f3
SL		 1033 OPENSSL_free(kek);
1034 EVP_PKEY_free(keypair);
1035 EVP_CIPHER_CTX_free(ctx);
1036 return ret;
1037}
1038
59d0e6c8 1039/*
6d242fa5
MC		 1040 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1041 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1042 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1043 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1044 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1045 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1046 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1047 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1048 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
59d0e6c8
MC		 1049 */
1050static int test_EVP_DigestSignInit(int tst)
71ea6b48
MC		 1051{
1052 int ret = 0;
1053 EVP_PKEY *pkey = NULL;
1054 unsigned char *sig = NULL;
1055 size_t sig_len = 0;
59d0e6c8
MC		 1056 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1057 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1058 BIO *mdbio = NULL, *membio = NULL;
1059 size_t written;
6d242fa5
MC		 1060 const EVP_MD *md;
1061 EVP_MD *mdexp = NULL;
59d0e6c8 1062
062490db
JS		 1063 if (nullprov != NULL)
1064 return TEST_skip("Test does not support a non-default library context");
1065
6d242fa5 1066 if (tst >= 6) {
59d0e6c8
MC		 1067 membio = BIO_new(BIO_s_mem());
1068 mdbio = BIO_new(BIO_f_md());
1069 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1070 goto out;
1071 BIO_push(mdbio, membio);
1072 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1073 goto out;
1074 } else {
1075 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1076 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1077 goto out;
1078 }
71ea6b48 1079
6d242fa5 1080 if (tst == 0 || tst == 3 || tst == 6) {
59d0e6c8
MC		 1081 if (!TEST_ptr(pkey = load_example_rsa_key()))
1082 goto out;
6d242fa5 1083 } else if (tst == 1 || tst == 4 || tst == 7) {
f650ab47 1084#ifndef OPENSSL_NO_DSA
59d0e6c8
MC		 1085 if (!TEST_ptr(pkey = load_example_dsa_key()))
1086 goto out;
f650ab47
MC		 1087#else
1088 ret = 1;
1089 goto out;
1090#endif
6d242fa5
MC		 1091 } else {
1092 if (!TEST_ptr(pkey = load_example_hmac_key()))
1093 goto out;
59d0e6c8 1094 }
71ea6b48 1095
6d242fa5
MC		 1096 if (tst >= 3 && tst <= 5)
1097 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1098 else
1099 md = EVP_sha256();
1100
1101 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
71ea6b48 1102 goto out;
adcd8e37 1103
6d242fa5 1104 if (tst >= 6) {
59d0e6c8
MC		 1105 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1106 goto out;
1107 } else {
1108 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1109 goto out;
1110 }
1111
71ea6b48 1112 /* Determine the size of the signature. */
adcd8e37 1113 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
0a054d2a 1114 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
adcd8e37 1115 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
71ea6b48 1116 goto out;
71ea6b48 1117
6d242fa5 1118 if (tst >= 6) {
59d0e6c8
MC		 1119 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1120 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1121 goto out;
1122 }
1123
6d242fa5
MC		 1124 /*
1125 * Ensure that the signature round-trips (Verification isn't supported for
1126 * HMAC via EVP_DigestVerify*)
1127 */
1128 if (tst != 2 && tst != 5 && tst != 8) {
1129 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1130 NULL, pkey)))
59d0e6c8 1131 goto out;
6d242fa5
MC		 1132
1133 if (tst >= 6) {
1134 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1135 goto out;
1136 } else {
1137 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1138 sizeof(kMsg))))
1139 goto out;
1140 }
1141 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
59d0e6c8
MC		 1142 goto out;
1143 }
71ea6b48
MC		 1144
1145 ret = 1;
1146
1147 out:
59d0e6c8
MC		 1148 BIO_free(membio);
1149 BIO_free(mdbio);
1150 EVP_MD_CTX_free(a_md_ctx);
1151 EVP_MD_CTX_free(a_md_ctx_verify);
c5ba2d99 1152 EVP_PKEY_free(pkey);
b548a1f1 1153 OPENSSL_free(sig);
6d242fa5 1154 EVP_MD_free(mdexp);
71ea6b48
MC		 1155
1156 return ret;
1157}
1158
1159static int test_EVP_DigestVerifyInit(void)
1160{
1161 int ret = 0;
1162 EVP_PKEY *pkey = NULL;
adcd8e37 1163 EVP_MD_CTX *md_ctx = NULL;
71ea6b48 1164
062490db
JS		 1165 if (nullprov != NULL)
1166 return TEST_skip("Test does not support a non-default library context");
1167
adcd8e37
RS		 1168 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1169 || !TEST_ptr(pkey = load_example_rsa_key()))
1170 goto out;
71ea6b48 1171
adcd8e37
RS		 1172 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1173 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1174 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
1175 sizeof(kSignature))))
71ea6b48 1176 goto out;
71ea6b48
MC		 1177 ret = 1;
1178
1179 out:
bfb0641f 1180 EVP_MD_CTX_free(md_ctx);
c5ba2d99 1181 EVP_PKEY_free(pkey);
71ea6b48
MC		 1182 return ret;
1183}
1184
8d8dd09b
TM		 1185/*
1186 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1187 */
1188static int test_EVP_Digest(void)
1189{
1190 int ret = 0;
1191 EVP_MD_CTX *md_ctx = NULL;
1192 unsigned char md[EVP_MAX_MD_SIZE];
062490db
JS		 1193 EVP_MD *sha256 = NULL;
1194 EVP_MD *shake256 = NULL;
8d8dd09b
TM		 1195
1196 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1197 goto out;
1198
062490db
JS		 1199 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1200 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1201 goto out;
1202
1203 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
8d8dd09b
TM		 1204 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1205 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1206 /* EVP_DigestFinal resets the EVP_MD_CTX. */
f6c95e46 1207 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
8d8dd09b
TM		 1208 goto out;
1209
062490db 1210 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
8d8dd09b
TM		 1211 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1212 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1213 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
f6c95e46 1214 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
8d8dd09b
TM		 1215 /*
1216 * EVP_DigestInit_ex with NULL type should work on
1217 * pre-initialized context.
1218 */
1219 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1220 goto out;
1221
062490db 1222 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
8d8dd09b
TM		 1223 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1224 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1225 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
f6c95e46 1226 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
8d8dd09b
TM		 1227 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1228 goto out;
1229 ret = 1;
1230
1231 out:
1232 EVP_MD_CTX_free(md_ctx);
062490db
JS		 1233 EVP_MD_free(sha256);
1234 EVP_MD_free(shake256);
8d8dd09b
TM		 1235 return ret;
1236}
1237
adcd8e37 1238static int test_d2i_AutoPrivateKey(int i)
71ea6b48
MC		 1239{
1240 int ret = 0;
1241 const unsigned char *p;
1242 EVP_PKEY *pkey = NULL;
adcd8e37
RS		 1243 const APK_DATA *ak = &keydata[i];
1244 const unsigned char *input = ak->kder;
1245 size_t input_len = ak->size;
1246 int expected_id = ak->evptype;
71ea6b48
MC		 1247
1248 p = input;
adcd8e37
RS		 1249 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1250 || !TEST_ptr_eq(p, input + input_len)
ed576acd 1251 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
71ea6b48 1252 goto done;
71ea6b48
MC		 1253
1254 ret = 1;
1255
1256 done:
c5ba2d99 1257 EVP_PKEY_free(pkey);
71ea6b48
MC		 1258 return ret;
1259}
1260
a9880362 1261#ifndef OPENSSL_NO_EC
cad8347b
SL		 1262
1263static const unsigned char ec_public_sect163k1_validxy[] = {
1264 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1265 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1266 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1267 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1268 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1269 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1270};
1271
1272static const unsigned char ec_public_sect163k1_badx[] = {
1273 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1274 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1275 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1276 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1277 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1278 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1279};
1280
1281static const unsigned char ec_public_sect163k1_bady[] = {
1282 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1283 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1284 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1285 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1286 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1287 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1288};
1289
1290static struct ec_der_pub_keys_st {
1291 const unsigned char *der;
1292 size_t len;
1293 int valid;
1294} ec_der_pub_keys[] = {
1295 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1296 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1297 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1298};
1299
1300/*
1301 * Tests the range of the decoded EC char2 public point.
1302 * See ec_GF2m_simple_oct2point().
1303 */
1304static int test_invalide_ec_char2_pub_range_decode(int id)
1305{
1306 int ret = 0;
5b5eea4b 1307 EVP_PKEY *pkey;
cad8347b 1308
5b5eea4b
SL		 1309 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1310 ec_der_pub_keys[id].len);
1311
1312 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1313 || TEST_ptr_null(pkey);
1314 EVP_PKEY_free(pkey);
cad8347b
SL		 1315 return ret;
1316}
1317
71ea6b48
MC		 1318/* Tests loading a bad key in PKCS8 format */
1319static int test_EVP_PKCS82PKEY(void)
1320{
1321 int ret = 0;
1322 const unsigned char *derp = kExampleBadECKeyDER;
1323 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1324 EVP_PKEY *pkey = NULL;
1325
adcd8e37
RS		 1326 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1327 sizeof(kExampleBadECKeyDER))))
1328 goto done;
71ea6b48 1329
adcd8e37
RS		 1330 if (!TEST_ptr_eq(derp,
1331 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
71ea6b48 1332 goto done;
71ea6b48 1333
adcd8e37 1334 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
71ea6b48 1335 goto done;
71ea6b48
MC		 1336
1337 ret = 1;
1338
1339 done:
e0e920b1 1340 PKCS8_PRIV_KEY_INFO_free(p8inf);
c5ba2d99 1341 EVP_PKEY_free(pkey);
71ea6b48
MC		 1342
1343 return ret;
1344}
8be513ae 1345
a9880362 1346#endif
8be513ae
DB		 1347static int test_EVP_PKCS82PKEY_wrong_tag(void)
1348{
1349 EVP_PKEY *pkey = NULL;
1350 EVP_PKEY *pkey2 = NULL;
1351 BIO *membio = NULL;
1352 char *membuf = NULL;
1353 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1354 int ok = 0;
1355
1356 if (testctx != NULL)
1357 /* test not supported with non-default context */
1358 return 1;
1359
1360 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1361 || !TEST_ptr(pkey = load_example_rsa_key())
1362 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1363 NULL, 0, NULL, NULL),
1364 0)
1365 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1366 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1367 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
5d8ad7d3 1368 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
8be513ae
DB		 1369 goto done;
1370 }
1371
1372 ok = 1;
1373 done:
1374 EVP_PKEY_free(pkey);
1375 EVP_PKEY_free(pkey2);
1376 PKCS8_PRIV_KEY_INFO_free(p8inf);
1377 BIO_free_all(membio);
1378 return ok;
1379}
71ea6b48 1380
29c49b25
RL		 1381/* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1382static int test_privatekey_to_pkcs8(void)
1383{
1384 EVP_PKEY *pkey = NULL;
1385 BIO *membio = NULL;
1386 char *membuf = NULL;
e2cc68c8 1387 long membuf_len = 0;
29c49b25
RL		 1388 int ok = 0;
1389
1390 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1391 || !TEST_ptr(pkey = load_example_rsa_key())
1392 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1393 NULL, 0, NULL, NULL),
1394 0)
e2cc68c8
SL		 1395 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1396 || !TEST_ptr(membuf)
1397 || !TEST_mem_eq(membuf, (size_t)membuf_len,
29c49b25
RL		 1398 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1399 /*
1400 * We try to write PEM as well, just to see that it doesn't err, but
1401 * assume that the result is correct.
1402 */
1403 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1404 NULL, 0, NULL, NULL),
1405 0))
1406 goto done;
1407
1408 ok = 1;
1409 done:
1410 EVP_PKEY_free(pkey);
1411 BIO_free_all(membio);
1412 return ok;
1413}
1414
f0c62c53
RL		 1415#ifndef OPENSSL_NO_EC
1416static const struct {
1417 int encoding;
1418 const char *encoding_name;
1419} ec_encodings[] = {
1420 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1421 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1422};
1423
1424static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1425{
1426 const OSSL_PARAM *p;
1427 const char *enc_name = NULL;
1428 int *enc = arg;
1429 size_t i;
1430
1431 *enc = -1;
1432
1433 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1434 OSSL_PKEY_PARAM_EC_ENCODING))
1435 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1436 return 0;
1437
1438 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1439 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1440 *enc = ec_encodings[i].encoding;
1441 break;
1442 }
1443 }
1444
1445 return (*enc != -1);
1446}
1447
1448static int test_EC_keygen_with_enc(int idx)
1449{
1450 EVP_PKEY *params = NULL, *key = NULL;
1451 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1452 int enc;
1453 int ret = 0;
1454
1455 enc = ec_encodings[idx].encoding;
1456
1457 /* Create key parameters */
1458 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1459 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
1460 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
1461 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1462 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
1463 || !TEST_ptr(params))
1464 goto done;
1465
1466 /* Create key */
1467 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1468 || !TEST_true(EVP_PKEY_keygen_init(kctx))
1469 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1470 || !TEST_ptr(key))
1471 goto done;
1472
1473 /* Check that the encoding got all the way into the key */
1474 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1475 ec_export_get_encoding_cb, &enc))
1476 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1477 goto done;
1478
1479 ret = 1;
1480 done:
1481 EVP_PKEY_free(key);
1482 EVP_PKEY_free(params);
1483 EVP_PKEY_CTX_free(kctx);
1484 EVP_PKEY_CTX_free(pctx);
1485 return ret;
1486}
1487#endif
1488
f844f9eb 1489#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
ddb634fe 1490
a6c4cb84
JL		 1491static int test_EVP_SM2_verify(void)
1492{
a6c4cb84 1493 const char *pubkey =
d0b79f86
PY		 1494 "-----BEGIN PUBLIC KEY-----\n"
1495 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1496 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1497 "-----END PUBLIC KEY-----\n";
a6c4cb84
JL		 1498
1499 const char *msg = "message digest";
1500 const char *id = "ALICE123@YAHOO.COM";
1501
1502 const uint8_t signature[] = {
d0b79f86
PY		 1503 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1504 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1505 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1506 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1507 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1508 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1509 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
a6c4cb84
JL		 1510 };
1511
1512 int rc = 0;
1513 BIO *bio = NULL;
1514 EVP_PKEY *pkey = NULL;
1515 EVP_MD_CTX *mctx = NULL;
1516 EVP_PKEY_CTX *pctx = NULL;
062490db 1517 EVP_MD *sm3 = NULL;
a6c4cb84
JL		 1518
1519 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1520 if (!TEST_true(bio != NULL))
1521 goto done;
1522
062490db 1523 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
a6c4cb84
JL		 1524 if (!TEST_true(pkey != NULL))
1525 goto done;
1526
8a288609 1527 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
a6c4cb84
JL		 1528 goto done;
1529
1530 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1531 goto done;
1532
062490db 1533 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
a6c4cb84
JL		 1534 goto done;
1535
a6c4cb84
JL		 1536 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1537
062490db
JS		 1538 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1539 goto done;
1540
1541 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
a6c4cb84
JL		 1542 goto done;
1543
d0b79f86
PY		 1544 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1545 goto done;
1546
a6c4cb84
JL		 1547 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1548 goto done;
1549
1550 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
1551 goto done;
1552 rc = 1;
1553
1554 done:
1555 BIO_free(bio);
1556 EVP_PKEY_free(pkey);
1557 EVP_PKEY_CTX_free(pctx);
1558 EVP_MD_CTX_free(mctx);
062490db 1559 EVP_MD_free(sm3);
a6c4cb84
JL		 1560 return rc;
1561}
1562
ddb634fe
JL		 1563static int test_EVP_SM2(void)
1564{
1565 int ret = 0;
1566 EVP_PKEY *pkey = NULL;
bfb56a97 1567 EVP_PKEY *pkeyparams = NULL;
ddb634fe
JL		 1568 EVP_PKEY_CTX *pctx = NULL;
1569 EVP_PKEY_CTX *kctx = NULL;
4803717f 1570 EVP_PKEY_CTX *sctx = NULL;
ddb634fe
JL		 1571 size_t sig_len = 0;
1572 unsigned char *sig = NULL;
1573 EVP_MD_CTX *md_ctx = NULL;
1574 EVP_MD_CTX *md_ctx_verify = NULL;
1575 EVP_PKEY_CTX *cctx = NULL;
42423ac9 1576 EVP_MD *check_md = NULL;
ddb634fe
JL		 1577
1578 uint8_t ciphertext[128];
1579 size_t ctext_len = sizeof(ciphertext);
1580
1581 uint8_t plaintext[8];
1582 size_t ptext_len = sizeof(plaintext);
1583
4803717f
PY		 1584 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1585
bfb56a97
MC		 1586 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1587 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1588 int i;
a0fff549 1589 char mdname[OSSL_MAX_NAME_SIZE];
bfb56a97 1590
42423ac9
RL		 1591 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
1592 "SM2", testpropq)))
ddb634fe
JL		 1593 goto done;
1594
1595 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1596 goto done;
1597
1598 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1599 goto done;
1600
bfb56a97 1601 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
ddb634fe
JL		 1602 goto done;
1603
42423ac9
RL		 1604 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1605 pkeyparams, testpropq)))
ddb634fe
JL		 1606 goto done;
1607
1608 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1609 goto done;
1610
1611 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1612 goto done;
1613
ddb634fe
JL		 1614 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1615 goto done;
1616
1617 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1618 goto done;
1619
062490db 1620 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
4803717f
PY		 1621 goto done;
1622
1623 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1624 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1625
42423ac9 1626 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
062490db
JS		 1627 goto done;
1628
42423ac9 1629 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
4803717f
PY		 1630 goto done;
1631
d0b79f86 1632 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
ddb634fe
JL		 1633 goto done;
1634
42423ac9 1635 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
ddb634fe
JL		 1636 goto done;
1637
1638 /* Determine the size of the signature. */
1639 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1640 goto done;
1641
ddb634fe
JL		 1642 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1643 goto done;
1644
1645 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1646 goto done;
1647
1648 /* Ensure that the signature round-trips. */
1649
42423ac9
RL		 1650 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1651 pkey)))
ddb634fe
JL		 1652 goto done;
1653
d0b79f86
PY		 1654 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1655 goto done;
1656
ddb634fe
JL		 1657 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1658 goto done;
1659
1660 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1661 goto done;
1662
1663 /* now check encryption/decryption */
1664
bfb56a97
MC		 1665 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1666 mdname, sizeof(mdname));
1667 for (i = 0; i < 2; i++) {
42423ac9
RL		 1668 const char *mdnames[] = {
1669#ifndef OPENSSL_NO_SM3
1670 "SM3",
1671#else
1672 NULL,
1673#endif
1674 "SHA2-256" };
bfb56a97 1675 EVP_PKEY_CTX_free(cctx);
ddb634fe 1676
42423ac9
RL		 1677 if (mdnames[i] == NULL)
1678 continue;
1679
1680 sparams[0] =
1681 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1682 (char *)mdnames[i], 0);
ddb634fe 1683
42423ac9
RL		 1684 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1685 pkey, testpropq)))
bfb56a97 1686 goto done;
ddb634fe 1687
bfb56a97
MC		 1688 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1689 goto done;
ddb634fe 1690
bfb56a97
MC		 1691 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1692 goto done;
ddb634fe 1693
bfb56a97
MC		 1694 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1695 sizeof(kMsg))))
1696 goto done;
ddb634fe 1697
bfb56a97
MC		 1698 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1699 goto done;
1700
1701 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1702 goto done;
1703
1704 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1705 ctext_len)))
1706 goto done;
1707
1708 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1709 goto done;
1710
42423ac9
RL		 1711 /*
1712 * Test we're still using the digest we think we are.
1713 * Because of aliases, the easiest is to fetch the digest and
1714 * check the name with EVP_MD_is_a().
1715 */
1716 EVP_MD_free(check_md);
1717 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
bfb56a97 1718 goto done;
42423ac9
RL		 1719 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
1720 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
bfb56a97 1721 goto done;
42423ac9 1722 }
bfb56a97
MC		 1723
1724 if (!TEST_true(ptext_len == sizeof(kMsg)))
1725 goto done;
1726
1727 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1728 goto done;
1729 }
ddb634fe
JL		 1730
1731 ret = 1;
1732done:
1733 EVP_PKEY_CTX_free(pctx);
1734 EVP_PKEY_CTX_free(kctx);
4803717f 1735 EVP_PKEY_CTX_free(sctx);
ddb634fe
JL		 1736 EVP_PKEY_CTX_free(cctx);
1737 EVP_PKEY_free(pkey);
bfb56a97 1738 EVP_PKEY_free(pkeyparams);
ddb634fe
JL		 1739 EVP_MD_CTX_free(md_ctx);
1740 EVP_MD_CTX_free(md_ctx_verify);
42423ac9 1741 EVP_MD_free(check_md);
ddb634fe
JL		 1742 OPENSSL_free(sig);
1743 return ret;
1744}
1745
1746#endif
1747
bb5f281a
MC		 1748static struct keys_st {
1749 int type;
1750 char *priv;
1751 char *pub;
1752} keys[] = {
1753 {
1754 EVP_PKEY_HMAC, "0123456789", NULL
92b83537
TM		 1755 },
1756 {
1757 EVP_PKEY_HMAC, "", NULL
5af6e154 1758#ifndef OPENSSL_NO_POLY1305
bb5f281a
MC		 1759 }, {
1760 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
5af6e154
TM		 1761#endif
1762#ifndef OPENSSL_NO_SIPHASH
bb5f281a
MC		 1763 }, {
1764 EVP_PKEY_SIPHASH, "0123456789012345", NULL
5af6e154 1765#endif
896dcb80
MC		 1766 },
1767#ifndef OPENSSL_NO_EC
1768 {
bb5f281a
MC		 1769 EVP_PKEY_X25519, "01234567890123456789012345678901",
1770 "abcdefghijklmnopqrstuvwxyzabcdef"
1771 }, {
1772 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1773 "abcdefghijklmnopqrstuvwxyzabcdef"
1774 }, {
1775 EVP_PKEY_X448,
1776 "01234567890123456789012345678901234567890123456789012345",
1777 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1778 }, {
1779 EVP_PKEY_ED448,
1780 "012345678901234567890123456789012345678901234567890123456",
1781 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1782 }
896dcb80 1783#endif
bb5f281a
MC		 1784};
1785
86dc26ba 1786static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
bb5f281a
MC		 1787{
1788 int ret = 0;
1789 unsigned char buf[80];
1790 unsigned char *in;
1791 size_t inlen, len = 0;
1792 EVP_PKEY *pkey;
1793
1794 /* Check if this algorithm supports public keys */
5af6e154 1795 if (pub && keys[tst].pub == NULL)
bb5f281a
MC		 1796 return 1;
1797
1798 memset(buf, 0, sizeof(buf));
1799
1800 if (pub) {
5af6e154 1801#ifndef OPENSSL_NO_EC
bb5f281a
MC		 1802 inlen = strlen(keys[tst].pub);
1803 in = (unsigned char *)keys[tst].pub;
86dc26ba 1804 if (uselibctx) {
d8652be0 1805 pkey = EVP_PKEY_new_raw_public_key_ex(
86dc26ba
MC		 1806 testctx,
1807 OBJ_nid2sn(keys[tst].type),
1808 NULL,
1809 in,
1810 inlen);
1811 } else {
1812 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1813 NULL,
1814 in,
1815 inlen);
1816 }
5af6e154
TM		 1817#else
1818 return 1;
1819#endif
bb5f281a
MC		 1820 } else {
1821 inlen = strlen(keys[tst].priv);
1822 in = (unsigned char *)keys[tst].priv;
86dc26ba 1823 if (uselibctx) {
d8652be0 1824 pkey = EVP_PKEY_new_raw_private_key_ex(
86dc26ba
MC		 1825 testctx, OBJ_nid2sn(keys[tst].type),
1826 NULL,
1827 in,
1828 inlen);
1829 } else {
1830 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1831 NULL,
1832 in,
1833 inlen);
1834 }
bb5f281a
MC		 1835 }
1836
1837 if (!TEST_ptr(pkey)
5af6e154 1838 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
bb5f281a
MC		 1839 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1840 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1841 || !TEST_true(len == inlen)
1842 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1843 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1844 || !TEST_mem_eq(in, inlen, buf, len))
1845 goto done;
1846
1847 ret = 1;
1848 done:
1849 EVP_PKEY_free(pkey);
1850 return ret;
1851}
1852
1853static int test_set_get_raw_keys(int tst)
1854{
5af6e154 1855 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
86dc26ba 1856 && test_set_get_raw_keys_int(tst, 0, 1)
5af6e154 1857 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
86dc26ba 1858 && test_set_get_raw_keys_int(tst, 1, 1);
bb5f281a
MC		 1859}
1860
41bbba53 1861#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3
PY		 1862static int pkey_custom_check(EVP_PKEY *pkey)
1863{
1864 return 0xbeef;
1865}
1866
b0004708
PY		 1867static int pkey_custom_pub_check(EVP_PKEY *pkey)
1868{
1869 return 0xbeef;
1870}
1871
1872static int pkey_custom_param_check(EVP_PKEY *pkey)
1873{
1874 return 0xbeef;
1875}
1876
2aee35d3 1877static EVP_PKEY_METHOD *custom_pmeth;
41bbba53 1878#endif
2aee35d3
PY		 1879
1880static int test_EVP_PKEY_check(int i)
1881{
1882 int ret = 0;
2aee35d3
PY		 1883 EVP_PKEY *pkey = NULL;
1884 EVP_PKEY_CTX *ctx = NULL;
41bbba53 1885#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3 1886 EVP_PKEY_CTX *ctx2 = NULL;
41bbba53 1887#endif
2aee35d3
PY		 1888 const APK_DATA *ak = &keycheckdata[i];
1889 const unsigned char *input = ak->kder;
1890 size_t input_len = ak->size;
1891 int expected_id = ak->evptype;
1892 int expected_check = ak->check;
b0004708
PY		 1893 int expected_pub_check = ak->pub_check;
1894 int expected_param_check = ak->param_check;
1895 int type = ak->type;
b0004708 1896
5b5eea4b
SL		 1897 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
1898 goto done;
1899 if (type == 0
ed576acd 1900 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
5b5eea4b 1901 goto done;
2aee35d3 1902
062490db 1903 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2aee35d3
PY		 1904 goto done;
1905
b0004708
PY		 1906 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1907 goto done;
1908
1909 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1910 goto done;
1911
1912 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1913 goto done;
2aee35d3 1914
41bbba53 1915#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3
PY		 1916 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1917 /* assign the pkey directly, as an internal test */
1918 EVP_PKEY_up_ref(pkey);
1919 ctx2->pkey = pkey;
1920
1921 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1922 goto done;
1923
b0004708
PY		 1924 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1925 goto done;
1926
1927 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1928 goto done;
41bbba53 1929#endif
b0004708 1930
2aee35d3
PY		 1931 ret = 1;
1932
1933 done:
1934 EVP_PKEY_CTX_free(ctx);
41bbba53 1935#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3 1936 EVP_PKEY_CTX_free(ctx2);
41bbba53 1937#endif
2aee35d3
PY		 1938 EVP_PKEY_free(pkey);
1939 return ret;
1940}
1941
fab8fde3 1942#ifndef OPENSSL_NO_CMAC
e5bc0ce2
MC		 1943static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
1944{
1945 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
1946 const char msg[] = "Hello World";
1947 size_t maclen;
1948 int ret = 1;
1949
1950 if (!TEST_ptr(mdctx)
062490db
JS		 1951 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
1952 testpropq, pkey, NULL))
e5bc0ce2
MC		 1953 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
1954 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
1955 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
1956 ret = 0;
1957
1958 EVP_MD_CTX_free(mdctx);
1959
1960 return ret;
1961}
a87820e1
RL		 1962static int test_CMAC_keygen(void)
1963{
e5bc0ce2
MC		 1964 static unsigned char key[] = {
1965 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1966 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1967 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1968 };
062490db 1969 EVP_PKEY_CTX *kctx = NULL;
a87820e1 1970 int ret = 0;
e5bc0ce2 1971 EVP_PKEY *pkey = NULL;
a3d267f1
RS		 1972 unsigned char mac[AES_BLOCK_SIZE];
1973# if !defined(OPENSSL_NO_DEPRECATED_3_0)
1974 unsigned char mac2[AES_BLOCK_SIZE];
1975# endif
e5bc0ce2 1976
062490db
JS		 1977 if (nullprov != NULL)
1978 return TEST_skip("Test does not support a non-default library context");
1979
1980 /*
1981 * This is a legacy method for CMACs, but should still work.
1982 * This verifies that it works without an ENGINE.
1983 */
1984 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
1985
e5bc0ce2
MC		 1986 /* Test a CMAC key created using the "generated" method */
1987 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1988 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1989 EVP_PKEY_CTRL_CIPHER,
1990 0, (void *)EVP_aes_256_ecb()), 0)
1991 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1992 EVP_PKEY_CTRL_SET_MAC_KEY,
1993 sizeof(key), (void *)key), 0)
1994 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
1995 || !TEST_ptr(pkey)
1996 || !TEST_true(get_cmac_val(pkey, mac)))
1997 goto done;
a87820e1 1998
a3d267f1 1999# if !defined(OPENSSL_NO_DEPRECATED_3_0)
e5bc0ce2
MC		 2000 EVP_PKEY_free(pkey);
2001
2002 /*
2003 * Test a CMAC key using the direct method, and compare with the mac
2004 * created above.
2005 */
2006 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
2007 if (!TEST_ptr(pkey)
2008 || !TEST_true(get_cmac_val(pkey, mac2))
2009 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
a87820e1 2010 goto done;
a3d267f1 2011# endif
e5bc0ce2 2012
a87820e1
RL		 2013 ret = 1;
2014
2015 done:
e5bc0ce2 2016 EVP_PKEY_free(pkey);
a87820e1
RL		 2017 EVP_PKEY_CTX_free(kctx);
2018 return ret;
2019}
fab8fde3 2020#endif
a87820e1 2021
10d5b415
MC		 2022static int test_HKDF(void)
2023{
2024 EVP_PKEY_CTX *pctx;
2025 unsigned char out[20];
2026 size_t outlen;
2027 int i, ret = 0;
2028 unsigned char salt[] = "0123456789";
2029 unsigned char key[] = "012345678901234567890123456789";
2030 unsigned char info[] = "infostring";
2031 const unsigned char expected[] = {
2032 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2033 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2034 };
2035 size_t expectedlen = sizeof(expected);
2036
062490db 2037 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
10d5b415
MC		 2038 goto done;
2039
2040 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2041 for (i = 0; i < 2; i++) {
2042 outlen = sizeof(out);
2043 memset(out, 0, outlen);
2044
2045 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2046 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2047 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2048 sizeof(salt) - 1), 0)
2049 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2050 sizeof(key) - 1), 0)
2051 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2052 sizeof(info) - 1), 0)
2053 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2054 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2055 goto done;
2056 }
2057
2058 ret = 1;
2059
2060 done:
2061 EVP_PKEY_CTX_free(pctx);
2062
2063 return ret;
2064}
2065
2cd3ebc7
BK		 2066static int test_emptyikm_HKDF(void)
2067{
2068 EVP_PKEY_CTX *pctx;
2069 unsigned char out[20];
2070 size_t outlen;
2071 int ret = 0;
2072 unsigned char salt[] = "9876543210";
2073 unsigned char key[] = "";
2074 unsigned char info[] = "stringinfo";
2075 const unsigned char expected[] = {
2076 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2077 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2078 };
2079 size_t expectedlen = sizeof(expected);
2080
062490db 2081 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2cd3ebc7
BK		 2082 goto done;
2083
2084 outlen = sizeof(out);
2085 memset(out, 0, outlen);
2086
2087 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2088 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2089 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2090 sizeof(salt) - 1), 0)
2091 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2092 sizeof(key) - 1), 0)
2093 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2094 sizeof(info) - 1), 0)
2095 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2096 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2097 goto done;
2098
2099 ret = 1;
2100
2101 done:
2102 EVP_PKEY_CTX_free(pctx);
2103
2104 return ret;
2105}
2106
5dc40a83
BE		 2107#ifndef OPENSSL_NO_EC
2108static int test_X509_PUBKEY_inplace(void)
2109{
808c63c5 2110 int ret = 0;
62653483 2111 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
808c63c5
P		 2112 const unsigned char *p = kExampleECPubKeyDER;
2113 size_t input_len = sizeof(kExampleECPubKeyDER);
5dc40a83 2114
62653483
MC		 2115 if (!TEST_ptr(xp))
2116 goto done;
2117 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
808c63c5 2118 goto done;
5dc40a83 2119
808c63c5
P		 2120 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2121 goto done;
5dc40a83 2122
808c63c5
P		 2123 p = kExampleBadECPubKeyDER;
2124 input_len = sizeof(kExampleBadECPubKeyDER);
5dc40a83 2125
808c63c5
P		 2126 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2127 goto done;
5dc40a83 2128
808c63c5
P		 2129 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2130 goto done;
5dc40a83 2131
808c63c5 2132 ret = 1;
5dc40a83 2133
808c63c5
P		 2134 done:
2135 X509_PUBKEY_free(xp);
2136 return ret;
2137}
2138
2139static int test_X509_PUBKEY_dup(void)
2140{
2141 int ret = 0;
2142 X509_PUBKEY *xp = NULL, *xq = NULL;
2143 const unsigned char *p = kExampleECPubKeyDER;
2144 size_t input_len = sizeof(kExampleECPubKeyDER);
2145
62653483
MC		 2146 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2147 if (!TEST_ptr(xp)
2148 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
808c63c5
P		 2149 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2150 || !TEST_ptr_ne(xp, xq))
2151 goto done;
2152
2153 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2154 || !TEST_ptr(X509_PUBKEY_get0(xp))
2155 || !TEST_ptr_eq(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
2156 goto done;
2157
2158 X509_PUBKEY_free(xq);
2159 xq = NULL;
2160 p = kExampleBadECPubKeyDER;
2161 input_len = sizeof(kExampleBadECPubKeyDER);
2162
2163 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2164 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2165 goto done;
2166
2167 X509_PUBKEY_free(xp);
2168 xp = NULL;
2169 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2170 goto done;
2171
2172 ret = 1;
2173
2174 done:
2175 X509_PUBKEY_free(xp);
2176 X509_PUBKEY_free(xq);
2177 return ret;
5dc40a83 2178}
7bb82f92 2179#endif /* OPENSSL_NO_EC */
784883fc 2180
9c45222d 2181/* Test getting and setting parameters on an EVP_PKEY_CTX */
f54a4101 2182static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
9c45222d 2183{
9a071fef 2184 EVP_MD_CTX *mdctx = NULL;
9c45222d 2185 EVP_PKEY_CTX *ctx = NULL;
9c45222d 2186 const OSSL_PARAM *params;
00bc1ad9 2187 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
9c45222d
MC		 2188 int ret = 0;
2189 const EVP_MD *md;
00bc1ad9 2190 char mdname[OSSL_MAX_NAME_SIZE];
9a071fef 2191 char ssl3ms[48];
9c45222d 2192
9c45222d 2193 /* Initialise a sign operation */
062490db 2194 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
9c45222d 2195 if (!TEST_ptr(ctx)
c9c4a356 2196 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
9c45222d
MC		 2197 goto err;
2198
2199 /*
f54a4101 2200 * We should be able to query the parameters now.
9c45222d
MC		 2201 */
2202 params = EVP_PKEY_CTX_settable_params(ctx);
2203 if (!TEST_ptr(params)
0cb3f4f9
RL		 2204 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2205 OSSL_SIGNATURE_PARAM_DIGEST)))
9c45222d
MC		 2206 goto err;
2207
9c45222d
MC		 2208 params = EVP_PKEY_CTX_gettable_params(ctx);
2209 if (!TEST_ptr(params)
0cb3f4f9
RL		 2210 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2211 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
0cb3f4f9
RL		 2212 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2213 OSSL_SIGNATURE_PARAM_DIGEST)))
9c45222d
MC		 2214 goto err;
2215
2216 /*
2217 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2218 * EVP_PKEY_CTX_get_params()
2219 */
00bc1ad9
RL		 2220 strcpy(mdname, "SHA512");
2221 param_md = param;
2222 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2223 mdname, 0);
9c45222d
MC		 2224 *param++ = OSSL_PARAM_construct_end();
2225
2226 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2227 goto err;
2228
00bc1ad9
RL		 2229 mdname[0] = '\0';
2230 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2231 mdname, sizeof(mdname));
9c45222d 2232 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
00bc1ad9 2233 || !TEST_str_eq(mdname, "SHA512"))
9c45222d
MC		 2234 goto err;
2235
2236 /*
2237 * Test the TEST_PKEY_CTX_set_signature_md() and
2238 * TEST_PKEY_CTX_get_signature_md() functions
2239 */
2240 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2241 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2242 || !TEST_ptr_eq(md, EVP_sha256()))
2243 goto err;
2244
9a071fef
MC		 2245 /*
2246 * Test getting MD parameters via an associated EVP_PKEY_CTX
2247 */
2248 mdctx = EVP_MD_CTX_new();
2249 if (!TEST_ptr(mdctx)
062490db 2250 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
af6171b3 2251 pkey, NULL)))
9a071fef
MC		 2252 goto err;
2253
2254 /*
2255 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2256 * able to obtain the digest's settable parameters from the provider.
2257 */
2258 params = EVP_MD_CTX_settable_params(mdctx);
2259 if (!TEST_ptr(params)
2260 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2261 /* The final key should be NULL */
2262 || !TEST_ptr_null(params[1].key))
2263 goto err;
2264
2265 param = ourparams;
2266 memset(ssl3ms, 0, sizeof(ssl3ms));
2267 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2268 ssl3ms, sizeof(ssl3ms));
2269 *param++ = OSSL_PARAM_construct_end();
2270
2271 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2272 goto err;
2273
9c45222d
MC		 2274 ret = 1;
2275
2276 err:
9a071fef 2277 EVP_MD_CTX_free(mdctx);
9c45222d 2278 EVP_PKEY_CTX_free(ctx);
f54a4101
RL		 2279
2280 return ret;
2281}
2282
2283#ifndef OPENSSL_NO_DSA
2284static int test_DSA_get_set_params(void)
2285{
6ed4022c
RL		 2286 OSSL_PARAM_BLD *bld = NULL;
2287 OSSL_PARAM *params = NULL;
f54a4101 2288 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
6ed4022c 2289 EVP_PKEY_CTX *pctx = NULL;
f54a4101
RL		 2290 EVP_PKEY *pkey = NULL;
2291 int ret = 0;
2292
2293 /*
2294 * Setup the parameters for our DSA object. For our purposes they don't
2295 * have to actually be *valid* parameters. We just need to set something.
2296 */
6ed4022c
RL		 2297 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2298 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2299 || !TEST_ptr(p = BN_new())
2300 || !TEST_ptr(q = BN_new())
2301 || !TEST_ptr(g = BN_new())
2302 || !TEST_ptr(pub = BN_new())
2303 || !TEST_ptr(priv = BN_new()))
2304 goto err;
2305 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2306 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2307 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2308 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2309 pub))
2310 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2311 priv)))
2312 goto err;
2313 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
f54a4101 2314 goto err;
f54a4101 2315
2db985b7
SL		 2316 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2317 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2318 params), 0))
f54a4101
RL		 2319 goto err;
2320
6ed4022c
RL		 2321 if (!TEST_ptr(pkey))
2322 goto err;
f54a4101
RL		 2323
2324 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2325
2326 err:
9c45222d 2327 EVP_PKEY_free(pkey);
6ed4022c 2328 EVP_PKEY_CTX_free(pctx);
3f883c7c 2329 OSSL_PARAM_free(params);
6ed4022c 2330 OSSL_PARAM_BLD_free(bld);
9c45222d
MC		 2331 BN_free(p);
2332 BN_free(q);
2333 BN_free(g);
cd32a0f5
RL		 2334 BN_free(pub);
2335 BN_free(priv);
9c45222d
MC		 2336
2337 return ret;
2338}
2c04b341
JS		 2339
2340/*
8a9394c1 2341 * Test combinations of private, public, missing and private + public key
2c04b341
JS		 2342 * params to ensure they are all accepted
2343 */
2344static int test_DSA_priv_pub(void)
2345{
2346 return test_EVP_PKEY_ffc_priv_pub("DSA");
2347}
2348
2349#endif /* !OPENSSL_NO_DSA */
9c45222d 2350
f54a4101
RL		 2351static int test_RSA_get_set_params(void)
2352{
d7e498ac
RL		 2353 OSSL_PARAM_BLD *bld = NULL;
2354 OSSL_PARAM *params = NULL;
f54a4101 2355 BIGNUM *n = NULL, *e = NULL, *d = NULL;
d7e498ac 2356 EVP_PKEY_CTX *pctx = NULL;
f54a4101
RL		 2357 EVP_PKEY *pkey = NULL;
2358 int ret = 0;
2359
2360 /*
2361 * Setup the parameters for our RSA object. For our purposes they don't
2362 * have to actually be *valid* parameters. We just need to set something.
2363 */
d7e498ac
RL		 2364 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2365 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2366 || !TEST_ptr(n = BN_new())
2367 || !TEST_ptr(e = BN_new())
2368 || !TEST_ptr(d = BN_new()))
2369 goto err;
2370 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2371 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2372 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2373 goto err;
2374 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
f54a4101 2375 goto err;
f54a4101 2376
2db985b7
SL		 2377 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2378 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2379 params), 0))
f54a4101
RL		 2380 goto err;
2381
d7e498ac
RL		 2382 if (!TEST_ptr(pkey))
2383 goto err;
f54a4101
RL		 2384
2385 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2386
2387 err:
2388 EVP_PKEY_free(pkey);
d7e498ac 2389 EVP_PKEY_CTX_free(pctx);
3f883c7c 2390 OSSL_PARAM_free(params);
d7e498ac 2391 OSSL_PARAM_BLD_free(bld);
f54a4101
RL		 2392 BN_free(n);
2393 BN_free(e);
2394 BN_free(d);
2395
2396 return ret;
2397}
2398
b4be6937
MC		 2399#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2400static int test_decrypt_null_chunks(void)
2401{
2402 EVP_CIPHER_CTX* ctx = NULL;
062490db 2403 EVP_CIPHER *cipher = NULL;
b4be6937
MC		 2404 const unsigned char key[32] = {
2405 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2406 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2407 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2408 };
2409 unsigned char iv[12] = {
2410 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2411 };
2412 unsigned char msg[] = "It was the best of times, it was the worst of times";
2413 unsigned char ciphertext[80];
2414 unsigned char plaintext[80];
2415 /* We initialise tmp to a non zero value on purpose */
2416 int ctlen, ptlen, tmp = 99;
2417 int ret = 0;
2418 const int enc_offset = 10, dec_offset = 20;
2419
062490db
JS		 2420 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2421 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2422 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
b4be6937
MC		 2423 key, iv))
2424 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2425 enc_offset))
2426 /* Deliberate add a zero length update */
2427 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2428 0))
2429 || !TEST_int_eq(tmp, 0)
2430 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2431 msg + enc_offset,
2432 sizeof(msg) - enc_offset))
2433 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2434 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2435 || !TEST_int_eq(tmp, 0))
2436 goto err;
2437
2438 /* Deliberately initialise tmp to a non zero value */
2439 tmp = 99;
062490db 2440 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
b4be6937
MC		 2441 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2442 dec_offset))
2443 /*
2444 * Deliberately add a zero length update. We also deliberately do
2445 * this at a different offset than for encryption.
2446 */
2447 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2448 0))
2449 || !TEST_int_eq(tmp, 0)
2450 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2451 ciphertext + dec_offset,
2452 ctlen - dec_offset))
2453 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2454 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2455 || !TEST_int_eq(tmp, 0)
2456 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2457 goto err;
2458
2459 ret = 1;
2460 err:
2461 EVP_CIPHER_CTX_free(ctx);
062490db 2462 EVP_CIPHER_free(cipher);
b4be6937
MC		 2463 return ret;
2464}
2465#endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2466
2c04b341
JS		 2467#ifndef OPENSSL_NO_DH
2468/*
8a9394c1 2469 * Test combinations of private, public, missing and private + public key
2c04b341
JS		 2470 * params to ensure they are all accepted
2471 */
2472static int test_DH_priv_pub(void)
2473{
2474 return test_EVP_PKEY_ffc_priv_pub("DH");
2475}
2476
2477# ifndef OPENSSL_NO_DEPRECATED_3_0
e295de1d
MC		 2478static int test_EVP_PKEY_set1_DH(void)
2479{
ca2bf555
SL		 2480 DH *x942dh = NULL, *noqdh = NULL;
2481 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
e295de1d 2482 int ret = 0;
ca2bf555
SL		 2483 BIGNUM *p, *g = NULL;
2484
2485 if (!TEST_ptr(p = BN_new())
2486 || !TEST_ptr(g = BN_new())
2487 || !BN_set_word(p, 9999)
2488 || !BN_set_word(g, 2)
2489 || !TEST_ptr(noqdh = DH_new())
2490 || !DH_set0_pqg(noqdh, p, NULL, g))
2491 goto err;
2492 p = g = NULL;
e295de1d
MC		 2493
2494 x942dh = DH_get_2048_256();
e295de1d
MC		 2495 pkey1 = EVP_PKEY_new();
2496 pkey2 = EVP_PKEY_new();
2497 if (!TEST_ptr(x942dh)
ca2bf555 2498 || !TEST_ptr(noqdh)
e295de1d
MC		 2499 || !TEST_ptr(pkey1)
2500 || !TEST_ptr(pkey2))
2501 goto err;
2502
2503 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
ed576acd 2504 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
e295de1d
MC		 2505 goto err;
2506
ca2bf555 2507 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
ed576acd 2508 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
e295de1d
MC		 2509 goto err;
2510
2511 ret = 1;
2512 err:
ca2bf555
SL		 2513 BN_free(p);
2514 BN_free(g);
e295de1d
MC		 2515 EVP_PKEY_free(pkey1);
2516 EVP_PKEY_free(pkey2);
2517 DH_free(x942dh);
ca2bf555 2518 DH_free(noqdh);
e295de1d
MC		 2519
2520 return ret;
2521}
2c04b341
JS		 2522# endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2523#endif /* !OPENSSL_NO_DH */
e295de1d 2524
8a5cb596
RL		 2525/*
2526 * We test what happens with an empty template. For the sake of this test,
2527 * the template must be ignored, and we know that's the case for RSA keys
2528 * (this might arguably be a misfeature, but that's what we currently do,
2529 * even in provider code, since that's how the legacy RSA implementation
2530 * does things)
2531 */
2532static int test_keygen_with_empty_template(int n)
2533{
2534 EVP_PKEY_CTX *ctx = NULL;
2535 EVP_PKEY *pkey = NULL;
2536 EVP_PKEY *tkey = NULL;
2537 int ret = 0;
2538
062490db
JS		 2539 if (nullprov != NULL)
2540 return TEST_skip("Test does not support a non-default library context");
2541
8a5cb596
RL		 2542 switch (n) {
2543 case 0:
2544 /* We do test with no template at all as well */
2545 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2546 goto err;
2547 break;
2548 case 1:
2549 /* Here we create an empty RSA key that serves as our template */
2550 if (!TEST_ptr(tkey = EVP_PKEY_new())
2551 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2552 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2553 goto err;
2554 break;
2555 }
2556
2557 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2558 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2559 goto err;
2560
2561 ret = 1;
2562 err:
2563 EVP_PKEY_CTX_free(ctx);
2564 EVP_PKEY_free(pkey);
2565 EVP_PKEY_free(tkey);
2566 return ret;
2567}
2568
5ddec6a7
MC		 2569/*
2570 * Test that we fail if we attempt to use an algorithm that is not available
08497fc6
RL		 2571 * in the current library context (unless we are using an algorithm that
2572 * should be made available via legacy codepaths).
2573 *
2574 * 0: RSA
2575 * 1: SM2
5ddec6a7
MC		 2576 */
2577static int test_pkey_ctx_fail_without_provider(int tst)
2578{
b4250010 2579 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
062490db 2580 OSSL_PROVIDER *tmpnullprov = NULL;
5ddec6a7 2581 EVP_PKEY_CTX *pctx = NULL;
08497fc6
RL		 2582 const char *keytype = NULL;
2583 int expect_null = 0;
5ddec6a7
MC		 2584 int ret = 0;
2585
2586 if (!TEST_ptr(tmpctx))
2587 goto err;
2588
062490db
JS		 2589 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
2590 if (!TEST_ptr(tmpnullprov))
5ddec6a7
MC		 2591 goto err;
2592
5ddec6a7 2593 /*
08497fc6
RL		 2594 * We check for certain algos in the null provider.
2595 * If an algo is expected to have a provider keymgmt, contructing an
2596 * EVP_PKEY_CTX is expected to fail (return NULL).
2597 * Otherwise, if it's expected to have legacy support, contructing an
2598 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
5ddec6a7 2599 */
08497fc6
RL		 2600 switch (tst) {
2601 case 0:
2602 keytype = "RSA";
2603 expect_null = 1;
2604 break;
2605 case 1:
2606 keytype = "SM2";
d0b79f86 2607 expect_null = 1;
08497fc6
RL		 2608#ifdef OPENSSL_NO_EC
2609 TEST_info("EC disable, skipping SM2 check...");
2610 goto end;
2611#endif
2612#ifdef OPENSSL_NO_SM2
2613 TEST_info("SM2 disable, skipping SM2 check...");
2614 goto end;
2615#endif
2616 break;
2617 default:
2618 TEST_error("No test for case %d", tst);
2619 goto err;
2620 }
2621
2622 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2623 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
5ddec6a7
MC		 2624 goto err;
2625
08497fc6
RL		 2626#if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2627 end:
2628#endif
5ddec6a7
MC		 2629 ret = 1;
2630
2631 err:
2632 EVP_PKEY_CTX_free(pctx);
062490db 2633 OSSL_PROVIDER_unload(tmpnullprov);
b4250010 2634 OSSL_LIB_CTX_free(tmpctx);
5ddec6a7
MC		 2635 return ret;
2636}
2637
1c19ff3c
P		 2638static int test_rand_agglomeration(void)
2639{
2640 EVP_RAND *rand;
2641 EVP_RAND_CTX *ctx;
2642 OSSL_PARAM params[3], *p = params;
2643 int res;
2644 unsigned int step = 7;
2645 static unsigned char seed[] = "It does not matter how slowly you go "
2646 "as long as you do not stop.";
2647 unsigned char out[sizeof(seed)];
2648
2649 if (!TEST_int_ne(sizeof(seed) % step, 0)
062490db 2650 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
1c19ff3c
P		 2651 return 0;
2652 ctx = EVP_RAND_CTX_new(rand, NULL);
2653 EVP_RAND_free(rand);
2654 if (!TEST_ptr(ctx))
2655 return 0;
2656
2657 memset(out, 0, sizeof(out));
2658 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2659 seed, sizeof(seed));
0d4460d2 2660 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
1c19ff3c 2661 *p = OSSL_PARAM_construct_end();
e494fac7 2662 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
1c19ff3c
P		 2663 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
2664 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
2665 EVP_RAND_CTX_free(ctx);
2666 return res;
2667}
2668
440b852a
BK		 2669/*
2670 * Test that we correctly return the original or "running" IV after
2671 * an encryption operation.
2672 * Run multiple times for some different relevant algorithms/modes.
2673 */
a4afa6c1 2674static int test_evp_iv_aes(int idx)
440b852a
BK		 2675{
2676 int ret = 0;
2677 EVP_CIPHER_CTX *ctx = NULL;
2678 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2679 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2680 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
2681 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2682 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2683 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2684 9, 10, 11, 12, 13, 14, 15, 16 };
2685 unsigned char ciphertext[32], oiv[16], iv[16];
2686 unsigned char *ref_iv;
2687 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2688 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2689
2690 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2691 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
4ec4b063
TM		 2692 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
2693 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
440b852a
BK		 2694 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2695 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2696 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2697#ifndef OPENSSL_NO_OCB
2698 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2699 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2700#endif
2701 int len = sizeof(ciphertext);
2702 size_t ivlen, ref_len;
2703 const EVP_CIPHER *type = NULL;
4ec4b063 2704 int iv_reset = 0;
440b852a 2705
4ec4b063 2706 if (nullprov != NULL && idx < 6)
062490db
JS		 2707 return TEST_skip("Test does not support a non-default library context");
2708
440b852a
BK		 2709 switch(idx) {
2710 case 0:
2711 type = EVP_aes_128_cbc();
2712 /* FALLTHROUGH */
4ec4b063 2713 case 6:
440b852a 2714 type = (type != NULL) ? type :
062490db 2715 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
440b852a
BK		 2716 ref_iv = cbc_state;
2717 ref_len = sizeof(cbc_state);
4ec4b063 2718 iv_reset = 1;
440b852a
BK		 2719 break;
2720 case 1:
2721 type = EVP_aes_128_ofb();
2722 /* FALLTHROUGH */
4ec4b063 2723 case 7:
440b852a 2724 type = (type != NULL) ? type :
062490db 2725 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
440b852a
BK		 2726 ref_iv = ofb_state;
2727 ref_len = sizeof(ofb_state);
4ec4b063 2728 iv_reset = 1;
440b852a
BK		 2729 break;
2730 case 2:
4ec4b063
TM		 2731 type = EVP_aes_128_cfb();
2732 /* FALLTHROUGH */
2733 case 8:
2734 type = (type != NULL) ? type :
2735 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
2736 ref_iv = cfb_state;
2737 ref_len = sizeof(cfb_state);
2738 iv_reset = 1;
2739 break;
2740 case 3:
440b852a
BK		 2741 type = EVP_aes_128_gcm();
2742 /* FALLTHROUGH */
4ec4b063 2743 case 9:
440b852a 2744 type = (type != NULL) ? type :
062490db 2745 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
440b852a
BK		 2746 ref_iv = gcm_state;
2747 ref_len = sizeof(gcm_state);
2748 break;
4ec4b063 2749 case 4:
440b852a
BK		 2750 type = EVP_aes_128_ccm();
2751 /* FALLTHROUGH */
4ec4b063 2752 case 10:
440b852a 2753 type = (type != NULL) ? type :
062490db 2754 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
440b852a
BK		 2755 ref_iv = ccm_state;
2756 ref_len = sizeof(ccm_state);
2757 break;
2758#ifdef OPENSSL_NO_OCB
4ec4b063
TM		 2759 case 5:
2760 case 11:
440b852a
BK		 2761 return 1;
2762#else
4ec4b063 2763 case 5:
440b852a
BK		 2764 type = EVP_aes_128_ocb();
2765 /* FALLTHROUGH */
4ec4b063 2766 case 11:
440b852a 2767 type = (type != NULL) ? type :
062490db 2768 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
440b852a
BK		 2769 ref_iv = ocb_state;
2770 ref_len = sizeof(ocb_state);
2771 break;
2772#endif
2773 default:
2774 return 0;
2775 }
2776
2777 if (!TEST_ptr(type)
2778 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2779 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2780 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2781 (int)sizeof(msg)))
0d83b7b9
TM		 2782 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2783 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
440b852a
BK		 2784 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2785 goto err;
ed576acd 2786 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
440b852a
BK		 2787 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2788 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2789 goto err;
2790
4ec4b063
TM		 2791 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
2792 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
2793 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
2794 goto err;
2795 if (iv_reset) {
2796 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
2797 goto err;
2798 } else {
2799 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
2800 goto err;
2801 }
2802
440b852a
BK		 2803 ret = 1;
2804err:
2805 EVP_CIPHER_CTX_free(ctx);
4ec4b063 2806 if (idx >= 6)
440b852a
BK		 2807 EVP_CIPHER_free((EVP_CIPHER *)type);
2808 return ret;
2809}
2810
a4afa6c1
TM		 2811#ifndef OPENSSL_NO_DES
2812static int test_evp_iv_des(int idx)
2813{
2814 int ret = 0;
2815 EVP_CIPHER_CTX *ctx = NULL;
2816 static const unsigned char key[24] = {
2817 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
2818 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
2819 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2820 };
2821 static const unsigned char init_iv[8] = {
2822 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2823 };
2824 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2825 9, 10, 11, 12, 13, 14, 15, 16 };
2826 unsigned char ciphertext[32], oiv[8], iv[8];
2827 unsigned const char *ref_iv;
2828 static const unsigned char cbc_state_des[8] = {
2829 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
2830 };
2831 static const unsigned char cbc_state_3des[8] = {
2832 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
2833 };
2834 static const unsigned char ofb_state_des[8] = {
2835 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
2836 };
2837 static const unsigned char ofb_state_3des[8] = {
2838 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
2839 };
2840 static const unsigned char cfb_state_des[8] = {
2841 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
2842 };
2843 static const unsigned char cfb_state_3des[8] = {
2844 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
2845 };
2846 int len = sizeof(ciphertext);
2847 size_t ivlen, ref_len;
2848 EVP_CIPHER *type = NULL;
2849
2850 if (lgcyprov == NULL && idx < 3)
2851 return TEST_skip("Test requires legacy provider to be loaded");
2852
2853 switch(idx) {
2854 case 0:
2855 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
2856 ref_iv = cbc_state_des;
2857 ref_len = sizeof(cbc_state_des);
2858 break;
2859 case 1:
2860 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
2861 ref_iv = ofb_state_des;
2862 ref_len = sizeof(ofb_state_des);
2863 break;
2864 case 2:
2865 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
2866 ref_iv = cfb_state_des;
2867 ref_len = sizeof(cfb_state_des);
2868 break;
2869 case 3:
2870 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
2871 ref_iv = cbc_state_3des;
2872 ref_len = sizeof(cbc_state_3des);
2873 break;
2874 case 4:
2875 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
2876 ref_iv = ofb_state_3des;
2877 ref_len = sizeof(ofb_state_3des);
2878 break;
2879 case 5:
2880 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
2881 ref_iv = cfb_state_3des;
2882 ref_len = sizeof(cfb_state_3des);
2883 break;
2884 default:
2885 return 0;
2886 }
2887
2888 if (!TEST_ptr(type)
2889 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2890 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2891 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2892 (int)sizeof(msg)))
2893 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2894 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
2895 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2896 goto err;
ed576acd 2897 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
a4afa6c1
TM		 2898 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2899 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2900 goto err;
2901
2902 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
2903 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
2904 goto err;
2905 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
2906 goto err;
2907
2908 ret = 1;
2909err:
2910 EVP_CIPHER_CTX_free(ctx);
2911 EVP_CIPHER_free(type);
2912 return ret;
2913}
2914#endif
2915
c0ff1932 2916#ifndef OPENSSL_NO_EC
da671c41
P		 2917static int ecpub_nids[] = {
2918 NID_brainpoolP256r1, NID_X9_62_prime256v1,
2919 NID_secp384r1, NID_secp521r1,
2920# ifndef OPENSSL_NO_EC2M
2921 NID_sect233k1, NID_sect233r1, NID_sect283r1,
c0ff1932 2922 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
da671c41
P		 2923# endif
2924 NID_brainpoolP384r1, NID_brainpoolP512r1
2925};
c0ff1932
BK		 2926
2927static int test_ecpub(int idx)
2928{
ad7cb0bf 2929 int ret = 0, len, savelen;
c0ff1932
BK		 2930 int nid;
2931 unsigned char buf[1024];
2932 unsigned char *p;
2933 EVP_PKEY *pkey = NULL;
2934 EVP_PKEY_CTX *ctx = NULL;
3d364726
BK		 2935# ifndef OPENSSL_NO_DEPRECATED_3_0
2936 const unsigned char *q;
2937 EVP_PKEY *pkey2 = NULL;
2938 EC_KEY *ec = NULL;
2939# endif
c0ff1932 2940
062490db
JS		 2941 if (nullprov != NULL)
2942 return TEST_skip("Test does not support a non-default library context");
2943
c0ff1932
BK		 2944 nid = ecpub_nids[idx];
2945
2946 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
2947 if (!TEST_ptr(ctx)
2948 || !TEST_true(EVP_PKEY_keygen_init(ctx))
2949 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid))
2950 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
2951 goto done;
2952 len = i2d_PublicKey(pkey, NULL);
ad7cb0bf 2953 savelen = len;
c0ff1932
BK		 2954 if (!TEST_int_ge(len, 1)
2955 || !TEST_int_lt(len, 1024))
2956 goto done;
2957 p = buf;
2958 len = i2d_PublicKey(pkey, &p);
ad7cb0bf
BK		 2959 if (!TEST_int_ge(len, 1)
2960 || !TEST_int_eq(len, savelen))
c0ff1932
BK		 2961 goto done;
2962
3d364726
BK		 2963# ifndef OPENSSL_NO_DEPRECATED_3_0
2964 /* Now try to decode the just-created DER. */
2965 q = buf;
2966 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
2967 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
2968 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
2969 goto done;
2970 /* EC_KEY ownership transferred */
2971 ec = NULL;
2972 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
2973 goto done;
2974 /* The keys should match. */
c85c5e1a 2975 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
3d364726
BK		 2976 goto done;
2977# endif
2978
c0ff1932
BK		 2979 ret = 1;
2980
2981 done:
2982 EVP_PKEY_CTX_free(ctx);
2983 EVP_PKEY_free(pkey);
3d364726
BK		 2984# ifndef OPENSSL_NO_DEPRECATED_3_0
2985 EVP_PKEY_free(pkey2);
2986 EC_KEY_free(ec);
2987# endif
c0ff1932
BK		 2988 return ret;
2989}
2990#endif
2991
e947a064
DB		 2992static int test_EVP_rsa_pss_with_keygen_bits(void)
2993{
062490db
JS		 2994 int ret = 0;
2995 EVP_PKEY_CTX *ctx = NULL;
2996 EVP_PKEY *pkey = NULL;
2997 EVP_MD *md;
e947a064 2998
062490db
JS		 2999 md = EVP_MD_fetch(testctx, "sha256", testpropq);
3000 ret = TEST_ptr(md)
3001 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", testpropq)))
e947a064
DB		 3002 && TEST_true(EVP_PKEY_keygen_init(ctx))
3003 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
3004 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
3005 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
3006
062490db 3007 EVP_MD_free(md);
e947a064
DB		 3008 EVP_PKEY_free(pkey);
3009 EVP_PKEY_CTX_free(ctx);
e947a064
DB		 3010 return ret;
3011}
3012
5eb73cfb
MC		 3013static int success = 1;
3014static void md_names(const char *name, void *vctx)
3015{
3016 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
3017 /* Force a namemap update */
3018 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
3019
3020 if (!TEST_ptr(aes128))
3021 success = 0;
3022
3023 EVP_CIPHER_free(aes128);
3024}
3025
3026/*
3027 * Test that changing the namemap in a user callback works in a names_do_all
3028 * function.
3029 */
3030static int test_names_do_all(void)
3031{
3032 /* We use a custom libctx so that we know the state of the namemap */
3033 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
3034 EVP_MD *sha256 = NULL;
3035 int testresult = 0;
3036
3037 if (!TEST_ptr(ctx))
3038 goto err;
3039
3040 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
3041 if (!TEST_ptr(sha256))
3042 goto err;
3043
3044 /*
3045 * We loop through all the names for a given digest. This should still work
3046 * even if the namemap changes part way through.
3047 */
3048 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
3049 goto err;
3050
3051 if (!TEST_true(success))
3052 goto err;
3053
3054 testresult = 1;
3055 err:
3056 EVP_MD_free(sha256);
3057 OSSL_LIB_CTX_free(ctx);
3058 return testresult;
3059}
e947a064 3060
063e0197
JC		 3061typedef struct {
3062 const char *cipher;
3063 const unsigned char *key;
3064 const unsigned char *iv;
3065 const unsigned char *input;
3066 const unsigned char *expected;
3067 const unsigned char *tag;
3068 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3069 size_t inlen;
3070 size_t expectedlen;
3071 size_t taglen;
3072 int keyfirst;
3073 int initenc;
3074 int finalenc;
3075} EVP_INIT_TEST_st;
3076
3077static const EVP_INIT_TEST_st evp_init_tests[] = {
3078 {
3079 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3080 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3081 0, 1, 0, 1
3082 },
3083 {
3084 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3085 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3086 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3087 sizeof(gcmDefaultTag), 1, 0, 1
3088 },
3089 {
3090 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3091 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3092 0, 0, 0, 1
3093 },
3094 {
3095 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3096 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3097 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3098 sizeof(gcmDefaultTag), 0, 0, 1
3099 },
3100 {
3101 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3102 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3103 0, 1, 1, 0
3104 },
3105 {
3106 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3107 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3108 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3109 sizeof(gcmDefaultTag), 1, 1, 0
3110 },
3111 {
3112 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3113 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3114 0, 0, 1, 0
3115 },
3116 {
3117 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3118 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3119 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3120 sizeof(gcmDefaultTag), 0, 1, 0
3121 }
3122};
3123
3124static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
3125{
3126 int res = 0;
3127
3128 if (t->ivlen != 0) {
3129 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL)))
3130 goto err;
3131 }
3132 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
3133 goto err;
3134 res = 1;
3135 err:
3136 return res;
3137}
3138
3139/*
3140 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3141 * arguments are given one at a time and a final adjustment to the enc
3142 * parameter sets the correct operation.
3143 */
3144static int test_evp_init_seq(int idx)
3145{
3146 int outlen1, outlen2;
3147 int testresult = 0;
3148 unsigned char outbuf[1024];
3149 unsigned char tag[16];
3150 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
3151 EVP_CIPHER_CTX *ctx = NULL;
3152 EVP_CIPHER *type = NULL;
3153 size_t taglen = sizeof(tag);
3154 char *errmsg = NULL;
3155
3156 ctx = EVP_CIPHER_CTX_new();
3157 if (ctx == NULL) {
3158 errmsg = "CTX_ALLOC";
3159 goto err;
3160 }
3161 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
3162 errmsg = "CIPHER_FETCH";
3163 goto err;
3164 }
3165 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
3166 errmsg = "EMPTY_ENC_INIT";
3167 goto err;
3168 }
3169 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3170 errmsg = "PADDING";
3171 goto err;
3172 }
3173 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3174 errmsg = "KEY_INIT (before iv)";
3175 goto err;
3176 }
3177 if (!evp_init_seq_set_iv(ctx, t)) {
3178 errmsg = "IV_INIT";
3179 goto err;
3180 }
3181 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3182 errmsg = "KEY_INIT (after iv)";
3183 goto err;
3184 }
3185 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
3186 errmsg = "FINAL_ENC_INIT";
3187 goto err;
3188 }
3189 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3190 errmsg = "CIPHER_UPDATE";
3191 goto err;
3192 }
3193 if (t->finalenc == 0 && t->tag != NULL) {
3194 /* Set expected tag */
3195 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
3196 t->taglen, (void *)t->tag))) {
3197 errmsg = "SET_TAG";
3198 goto err;
3199 }
3200 }
3201 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3202 errmsg = "CIPHER_FINAL";
3203 goto err;
3204 }
3205 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3206 errmsg = "WRONG_RESULT";
3207 goto err;
3208 }
3209 if (t->finalenc != 0 && t->tag != NULL) {
3210 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3211 errmsg = "GET_TAG";
3212 goto err;
3213 }
3214 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
3215 errmsg = "TAG_ERROR";
3216 goto err;
3217 }
3218 }
3219 testresult = 1;
3220 err:
3221 if (errmsg != NULL)
3222 TEST_info("evp_init_test %d: %s", idx, errmsg);
3223 EVP_CIPHER_CTX_free(ctx);
3224 EVP_CIPHER_free(type);
3225 return testresult;
3226}
3227
3228typedef struct {
3229 const unsigned char *input;
3230 const unsigned char *expected;
3231 size_t inlen;
3232 size_t expectedlen;
3233 int enc;
3234} EVP_RESET_TEST_st;
3235
3236static const EVP_RESET_TEST_st evp_reset_tests[] = {
3237 {
3238 cfbPlaintext, cfbCiphertext,
3239 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
3240 },
3241 {
3242 cfbCiphertext, cfbPlaintext,
3243 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
3244 }
3245};
3246
3247/*
3248 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3249 * been used.
3250 */
3251static int test_evp_reset(int idx)
3252{
3253 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
3254 int outlen1, outlen2;
3255 int testresult = 0;
3256 unsigned char outbuf[1024];
3257 EVP_CIPHER_CTX *ctx = NULL;
3258 EVP_CIPHER *type = NULL;
3259 char *errmsg = NULL;
3260
3261 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3262 errmsg = "CTX_ALLOC";
3263 goto err;
3264 }
3265 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
3266 errmsg = "CIPHER_FETCH";
3267 goto err;
3268 }
3269 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3270 errmsg = "CIPHER_INIT";
3271 goto err;
3272 }
3273 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3274 errmsg = "PADDING";
3275 goto err;
3276 }
3277 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3278 errmsg = "CIPHER_UPDATE";
3279 goto err;
3280 }
3281 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3282 errmsg = "CIPHER_FINAL";
3283 goto err;
3284 }
3285 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3286 errmsg = "WRONG_RESULT";
3287 goto err;
3288 }
3289 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
3290 errmsg = "CIPHER_REINIT";
3291 goto err;
3292 }
3293 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3294 errmsg = "CIPHER_UPDATE (reinit)";
3295 goto err;
3296 }
3297 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3298 errmsg = "CIPHER_FINAL (reinit)";
3299 goto err;
3300 }
3301 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3302 errmsg = "WRONG_RESULT (reinit)";
3303 goto err;
3304 }
3305 testresult = 1;
3306 err:
3307 if (errmsg != NULL)
3308 TEST_info("test_evp_reset %d: %s", idx, errmsg);
3309 EVP_CIPHER_CTX_free(ctx);
3310 EVP_CIPHER_free(type);
3311 return testresult;
3312}
3313
3314typedef struct {
3315 const unsigned char *iv1;
3316 const unsigned char *iv2;
3317 const unsigned char *expected1;
3318 const unsigned char *expected2;
3319 const unsigned char *tag1;
3320 const unsigned char *tag2;
3321 size_t ivlen1;
3322 size_t ivlen2;
3323 size_t expectedlen1;
3324 size_t expectedlen2;
3325} TEST_GCM_IV_REINIT_st;
3326
3327static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
3328 {
3329 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
3330 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
3331 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
3332 },
3333 {
3334 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
3335 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
3336 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
3337 }
3338};
3339
3340static int test_gcm_reinit(int idx)
3341{
3342 int outlen1, outlen2, outlen3;
3343 int testresult = 0;
3344 unsigned char outbuf[1024];
3345 unsigned char tag[16];
3346 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
3347 EVP_CIPHER_CTX *ctx = NULL;
3348 EVP_CIPHER *type = NULL;
3349 size_t taglen = sizeof(tag);
3350 char *errmsg = NULL;
3351
3352 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3353 errmsg = "CTX_ALLOC";
3354 goto err;
3355 }
3356 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
3357 errmsg = "CIPHER_FETCH";
3358 goto err;
3359 }
3360 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
3361 errmsg = "ENC_INIT";
3362 goto err;
3363 }
3364 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL))) {
3365 errmsg = "SET_IVLEN1";
3366 goto err;
3367 }
3368 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
3369 errmsg = "SET_IV1";
3370 goto err;
3371 }
3372 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3373 errmsg = "AAD1";
3374 goto err;
3375 }
3376 EVP_CIPHER_CTX_set_padding(ctx, 0);
3377 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3378 sizeof(gcmResetPlaintext)))) {
3379 errmsg = "CIPHER_UPDATE1";
3380 goto err;
3381 }
3382 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3383 errmsg = "CIPHER_FINAL1";
3384 goto err;
3385 }
3386 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
3387 errmsg = "WRONG_RESULT1";
3388 goto err;
3389 }
3390 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3391 errmsg = "GET_TAG1";
3392 goto err;
3393 }
3394 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
3395 errmsg = "TAG_ERROR1";
3396 goto err;
3397 }
3398 /* Now reinit */
3399 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL))) {
3400 errmsg = "SET_IVLEN2";
3401 goto err;
3402 }
3403 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
3404 errmsg = "SET_IV2";
3405 goto err;
3406 }
3407 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3408 errmsg = "AAD2";
3409 goto err;
3410 }
3411 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3412 sizeof(gcmResetPlaintext)))) {
3413 errmsg = "CIPHER_UPDATE2";
3414 goto err;
3415 }
3416 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3417 errmsg = "CIPHER_FINAL2";
3418 goto err;
3419 }
3420 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
3421 errmsg = "WRONG_RESULT2";
3422 goto err;
3423 }
3424 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3425 errmsg = "GET_TAG2";
3426 goto err;
3427 }
3428 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
3429 errmsg = "TAG_ERROR2";
3430 goto err;
3431 }
3432 testresult = 1;
3433 err:
3434 if (errmsg != NULL)
3435 TEST_info("evp_init_test %d: %s", idx, errmsg);
3436 EVP_CIPHER_CTX_free(ctx);
3437 EVP_CIPHER_free(type);
3438 return testresult;
3439}
3440
a983764e
MC		 3441#ifndef OPENSSL_NO_DEPRECATED_3_0
3442static EVP_PKEY_METHOD *custom_pmeth = NULL;
3443static const EVP_PKEY_METHOD *orig_pmeth = NULL;
3444
3445# define EVP_PKEY_CTRL_MY_COMMAND 9999
3446
3447static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
3448{
3449 int (*pinit)(EVP_PKEY_CTX *ctx);
3450
3451 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
3452 return pinit(ctx);
3453}
3454
3455static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
3456{
3457 void (*pcleanup)(EVP_PKEY_CTX *ctx);
3458
3459 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
3460 pcleanup(ctx);
3461}
3462
3463static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
3464 size_t *outlen, const unsigned char *in,
3465 size_t inlen)
3466{
3467 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
3468 const unsigned char *tbs, size_t tbslen);
3469
3470 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
3471 return psign(ctx, out, outlen, in, inlen);
3472}
3473
3474static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
3475 size_t *siglen, const unsigned char *tbs,
3476 size_t tbslen)
3477{
3478 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
3479 const unsigned char *tbs, size_t tbslen);
3480
c6fcd88f 3481 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
a983764e
MC		 3482 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
3483}
3484
3485static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
3486 size_t *keylen)
3487{
3488 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
3489
3490 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
3491 return pderive(ctx, key, keylen);
3492}
3493
3494static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
3495{
3496 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
3497
3498 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
3499 return pcopy(dst, src);
3500}
3501
3502static int ctrl_called;
3503
3504static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
3505{
3506 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
3507
3508 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
3509
3510 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
3511 ctrl_called = 1;
3512 return 1;
3513 }
3514
3515 return pctrl(ctx, type, p1, p2);
3516}
3517
3518static int test_custom_pmeth(int idx)
3519{
3520 EVP_PKEY_CTX *pctx = NULL;
3521 EVP_MD_CTX *ctx = NULL;
3522 EVP_PKEY *pkey = NULL;
3523 int id, orig_id, orig_flags;
3524 int testresult = 0;
3525 size_t reslen;
3526 unsigned char *res = NULL;
3527 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
3528 const EVP_MD *md = EVP_sha256();
3529 int doderive = 0;
3530
3531 ctrl_called = 0;
3532
3533 /* We call deprecated APIs so this test doesn't support a custom libctx */
3534 if (testctx != NULL)
3535 return 1;
3536
3537 switch(idx) {
3538 case 0:
3539 case 6:
3540 id = EVP_PKEY_RSA;
3541 pkey = load_example_rsa_key();
3542 break;
3543 case 1:
3544 case 7:
3545# ifndef OPENSSL_NO_DSA
3546 id = EVP_PKEY_DSA;
3547 pkey = load_example_dsa_key();
3548 break;
3549# else
3550 return 1;
3551# endif
3552 case 2:
3553 case 8:
3554# ifndef OPENSSL_NO_EC
3555 id = EVP_PKEY_EC;
3556 pkey = load_example_ec_key();
3557 break;
3558# else
3559 return 1;
3560# endif
3561 case 3:
3562 case 9:
3563# ifndef OPENSSL_NO_EC
3564 id = EVP_PKEY_ED25519;
3565 md = NULL;
3566 pkey = load_example_ed25519_key();
3567 break;
3568# else
3569 return 1;
3570# endif
3571 case 4:
3572 case 10:
3573# ifndef OPENSSL_NO_DH
3574 id = EVP_PKEY_DH;
3575 doderive = 1;
3576 pkey = load_example_dh_key();
3577 break;
3578# else
3579 return 1;
3580# endif
3581 case 5:
3582 case 11:
3583# ifndef OPENSSL_NO_EC
3584 id = EVP_PKEY_X25519;
3585 doderive = 1;
3586 pkey = load_example_x25519_key();
3587 break;
3588# else
3589 return 1;
3590# endif
3591 default:
3592 TEST_error("Should not happen");
3593 goto err;
3594 }
3595
3596 if (!TEST_ptr(pkey))
3597 goto err;
3598
3599 if (idx < 6) {
3600 if (!TEST_true(evp_pkey_is_provided(pkey)))
3601 goto err;
3602 } else {
3603 EVP_PKEY *tmp = pkey;
3604
3605 /* Convert to a legacy key */
3606 pkey = EVP_PKEY_new();
3607 if (!TEST_ptr(pkey)) {
3608 pkey = tmp;
3609 goto err;
3610 }
3611 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
3612 EVP_PKEY_free(tmp);
3613 goto err;
3614 }
3615 EVP_PKEY_free(tmp);
3616 if (!TEST_true(evp_pkey_is_legacy(pkey)))
3617 goto err;
3618 }
3619
3620 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
3621 || !TEST_ptr(pkey))
3622 goto err;
3623
3624 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
3625 if (!TEST_int_eq(orig_id, id)
3626 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
3627 goto err;
3628
3629 if (id == EVP_PKEY_ED25519) {
3630 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
3631 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
3632 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
3633 } else {
3634 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
3635 }
3636 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
3637 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
3638 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
3639 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
3640 }
3641 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
3642 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
3643 goto err;
3644
3645 if (doderive) {
3646 pctx = EVP_PKEY_CTX_new(pkey, NULL);
3647 if (!TEST_ptr(pctx)
3648 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
3649 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
3650 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
3651 1)
3652 || !TEST_int_eq(ctrl_called, 1)
3653 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
3654 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
3655 || !TEST_ptr(res = OPENSSL_malloc(reslen))
3656 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
3657 goto err;
3658 } else {
3659 ctx = EVP_MD_CTX_new();
3660 reslen = EVP_PKEY_size(pkey);
3661 res = OPENSSL_malloc(reslen);
3662 if (!TEST_ptr(ctx)
3663 || !TEST_ptr(res)
3664 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
3665 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
3666 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
3667 1)
3668 || !TEST_int_eq(ctrl_called, 1))
3669 goto err;
3670
3671 if (id == EVP_PKEY_ED25519) {
3672 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
3673 goto err;
3674 } else {
3675 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
3676 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
3677 goto err;
3678 }
3679 }
3680
3681 testresult = 1;
3682 err:
3683 OPENSSL_free(res);
3684 EVP_MD_CTX_free(ctx);
3685 if (doderive)
3686 EVP_PKEY_CTX_free(pctx);
3687 EVP_PKEY_free(pkey);
3688 EVP_PKEY_meth_remove(custom_pmeth);
3689 EVP_PKEY_meth_free(custom_pmeth);
3690 custom_pmeth = NULL;
3691 return testresult;
3692}
03c2f21b
MC		 3693
3694static int test_evp_md_cipher_meth(void)
3695{
3696 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
3697 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
3698 int testresult = 0;
3699
3700 if (!TEST_ptr(md) || !TEST_ptr(ciph))
3701 goto err;
3702
3703 testresult = 1;
3704
3705 err:
3706 EVP_MD_meth_free(md);
3707 EVP_CIPHER_meth_free(ciph);
3708
3709 return testresult;
3710}
3711#endif /* OPENSSL_NO_DEPRECATED_3_0 */
063e0197 3712
062490db
JS		 3713typedef enum OPTION_choice {
3714 OPT_ERR = -1,
3715 OPT_EOF = 0,
3716 OPT_CONTEXT,
3717 OPT_TEST_ENUM
3718} OPTION_CHOICE;
3719
3720const OPTIONS *test_get_options(void)
71ea6b48 3721{
062490db
JS		 3722 static const OPTIONS options[] = {
3723 OPT_TEST_OPTIONS_DEFAULT_USAGE,
3724 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
3725 { NULL }
3726 };
3727 return options;
3728}
86dc26ba 3729
062490db
JS		 3730int setup_tests(void)
3731{
3732 OPTION_CHOICE o;
3733
3734 while ((o = opt_next()) != OPT_EOF) {
3735 switch (o) {
3736 case OPT_CONTEXT:
3737 /* Set up an alternate library context */
3738 testctx = OSSL_LIB_CTX_new();
3739 if (!TEST_ptr(testctx))
3740 return 0;
3741 /* Swap the libctx to test non-default context only */
3742 nullprov = OSSL_PROVIDER_load(NULL, "null");
3743 deflprov = OSSL_PROVIDER_load(testctx, "default");
3744 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
3745 break;
3746 case OPT_TEST_CASES:
3747 break;
3748 default:
3749 return 0;
3750 }
3751 }
86dc26ba 3752
f9e504e8 3753 ADD_TEST(test_EVP_set_default_properties);
6d242fa5 3754 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
adcd8e37 3755 ADD_TEST(test_EVP_DigestVerifyInit);
8d8dd09b 3756 ADD_TEST(test_EVP_Digest);
4547a719 3757 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
ad887416 3758 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
29c49b25 3759 ADD_TEST(test_privatekey_to_pkcs8);
8be513ae 3760 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
a9880362 3761#ifndef OPENSSL_NO_EC
adcd8e37 3762 ADD_TEST(test_EVP_PKCS82PKEY);
ddb634fe 3763#endif
f0c62c53
RL		 3764#ifndef OPENSSL_NO_EC
3765 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
3766#endif
f844f9eb 3767#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
ddb634fe 3768 ADD_TEST(test_EVP_SM2);
a6c4cb84 3769 ADD_TEST(test_EVP_SM2_verify);
a9880362 3770#endif
bb5f281a 3771 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
41bbba53 3772#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3
PY		 3773 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
3774 if (!TEST_ptr(custom_pmeth))
3775 return 0;
3776 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
b0004708
PY		 3777 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
3778 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
2aee35d3
PY		 3779 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
3780 return 0;
41bbba53 3781#endif
2aee35d3 3782 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
fab8fde3 3783#ifndef OPENSSL_NO_CMAC
a87820e1 3784 ADD_TEST(test_CMAC_keygen);
fab8fde3 3785#endif
10d5b415 3786 ADD_TEST(test_HKDF);
2cd3ebc7 3787 ADD_TEST(test_emptyikm_HKDF);
5dc40a83
BE		 3788#ifndef OPENSSL_NO_EC
3789 ADD_TEST(test_X509_PUBKEY_inplace);
808c63c5 3790 ADD_TEST(test_X509_PUBKEY_dup);
cad8347b
SL		 3791 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
3792 OSSL_NELEM(ec_der_pub_keys));
5dc40a83 3793#endif
8d0f8c81 3794#ifndef OPENSSL_NO_DSA
f54a4101 3795 ADD_TEST(test_DSA_get_set_params);
2c04b341 3796 ADD_TEST(test_DSA_priv_pub);
b4be6937 3797#endif
f54a4101 3798 ADD_TEST(test_RSA_get_set_params);
b4be6937
MC		 3799#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
3800 ADD_TEST(test_decrypt_null_chunks);
8d0f8c81 3801#endif
2c04b341
JS		 3802#ifndef OPENSSL_NO_DH
3803 ADD_TEST(test_DH_priv_pub);
3804# ifndef OPENSSL_NO_DEPRECATED_3_0
e295de1d 3805 ADD_TEST(test_EVP_PKEY_set1_DH);
2c04b341 3806# endif
b8a1272d
MC		 3807#endif
3808#ifndef OPENSSL_NO_EC
3809 ADD_TEST(test_EC_priv_pub);
3810# ifndef OPENSSL_NO_DEPRECATED_3_0
3811 ADD_TEST(test_EC_priv_only_legacy);
3812# endif
501fcfb8 3813#endif
8a5cb596 3814 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
5ddec6a7 3815 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
e295de1d 3816
1c19ff3c 3817 ADD_TEST(test_rand_agglomeration);
a4afa6c1
TM		 3818 ADD_ALL_TESTS(test_evp_iv_aes, 12);
3819#ifndef OPENSSL_NO_DES
3820 ADD_ALL_TESTS(test_evp_iv_des, 6);
3821#endif
e947a064 3822 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
c0ff1932
BK		 3823#ifndef OPENSSL_NO_EC
3824 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
3825#endif
1c19ff3c 3826
5eb73cfb
MC		 3827 ADD_TEST(test_names_do_all);
3828
063e0197
JC		 3829 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
3830 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
3831 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
3832
a983764e
MC		 3833#ifndef OPENSSL_NO_DEPRECATED_3_0
3834 ADD_ALL_TESTS(test_custom_pmeth, 12);
03c2f21b 3835 ADD_TEST(test_evp_md_cipher_meth);
a983764e
MC		 3836#endif
3837
ad887416 3838 return 1;
71ea6b48 3839}
86dc26ba
MC		 3840
3841void cleanup_tests(void)
3842{
062490db
JS		 3843 OSSL_PROVIDER_unload(nullprov);
3844 OSSL_PROVIDER_unload(deflprov);
3845 OSSL_PROVIDER_unload(lgcyprov);
b4250010 3846 OSSL_LIB_CTX_free(testctx);
86dc26ba 3847}
A mirror of the official openssl repository