]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/evp_extra_test.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Fix a bug in signature self tests in the FIPS module
[thirdparty/openssl.git] / test / evp_extra_test.c
CommitLineData
440e5d80 1/*
4333b89f 2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
71ea6b48 3 *
909f1a2e 4 * Licensed under the Apache License 2.0 (the "License"). You may not use
440e5d80
RS		 5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
71ea6b48
MC		 8 */
9
41bbba53
P		 10/* We need to use some deprecated APIs */
11#define OPENSSL_SUPPRESS_DEPRECATED
12
71ea6b48
MC		 13#include <stdio.h>
14#include <stdlib.h>
bb5f281a 15#include <string.h>
71ea6b48 16#include <openssl/bio.h>
7bb82f92 17#include <openssl/conf.h>
71ea6b48
MC		 18#include <openssl/crypto.h>
19#include <openssl/err.h>
20#include <openssl/evp.h>
71ea6b48 21#include <openssl/x509.h>
4803717f 22#include <openssl/pem.h>
10d5b415 23#include <openssl/kdf.h>
847d0f81 24#include <openssl/provider.h>
9c45222d 25#include <openssl/core_names.h>
f54a4101 26#include <openssl/params.h>
d7e498ac 27#include <openssl/param_build.h>
9c45222d 28#include <openssl/dsa.h>
e295de1d 29#include <openssl/dh.h>
e5bc0ce2 30#include <openssl/aes.h>
d7e498ac 31#include <openssl/decoder.h>
e947a064 32#include <openssl/rsa.h>
0299094c 33#include <openssl/engine.h>
adcd8e37 34#include "testutil.h"
176db6dc 35#include "internal/nelem.h"
00bc1ad9 36#include "internal/sizes.h"
25f2138b 37#include "crypto/evp.h"
f0c62c53 38#include "../e_os.h" /* strcasecmp */
71ea6b48 39
b4250010 40static OSSL_LIB_CTX *testctx = NULL;
062490db
JS		 41static char *testpropq = NULL;
42
43static OSSL_PROVIDER *nullprov = NULL;
44static OSSL_PROVIDER *deflprov = NULL;
45static OSSL_PROVIDER *lgcyprov = NULL;
86dc26ba 46
71ea6b48
MC		 47/*
48 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
49 * should never use this key anywhere but in an example.
50 */
51static const unsigned char kExampleRSAKeyDER[] = {
52 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
53 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
54 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
55 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
56 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
57 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
58 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
59 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
60 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
61 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
62 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
63 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
64 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
65 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
66 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
67 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
68 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
69 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
70 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
71 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
72 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
73 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
74 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
75 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
76 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
77 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
78 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
79 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
80 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
81 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
82 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
83 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
84 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
85 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
86 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
87 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
88 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
89 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
90 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
91 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
92 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
93 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
94 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
95 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
96 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
97 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
98 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
99 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
100 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
101 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
102 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
103};
104
59d0e6c8
MC		 105/*
106* kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
107 * should never use this key anywhere but in an example.
108 */
f650ab47 109#ifndef OPENSSL_NO_DSA
59d0e6c8
MC		 110static const unsigned char kExampleDSAKeyDER[] = {
111 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
112 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
113 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
114 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
115 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
116 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
117 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
118 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
119 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
120 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
121 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
122 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
123 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
124 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
125 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
126 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
127 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
128 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
129 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
130 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
131 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
132 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
133 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
134 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
135 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
136 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
137 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
138 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
139 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
140 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
141 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
142 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
143 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
144 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
145 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
146 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
147 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
148 0x40, 0x48
149};
f650ab47 150#endif
59d0e6c8 151
2aee35d3
PY		 152/*
153 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
154 * components are not correct.
155 */
156static const unsigned char kExampleBadRSAKeyDER[] = {
157 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
158 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
159 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
160 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
161 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
162 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
163 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
164 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
165 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
166 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
167 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
168 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
169 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
170 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
171 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
172 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
173 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
174 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
175 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
176 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
177 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
178 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
179 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
180 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
181 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
182 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
183 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
184 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
185 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
186 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
187 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
188 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
189 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
190 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
191 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
192 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
193 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
194 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
195 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
196 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
197 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
198 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
199 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
200 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
201 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
202 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
203 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
204 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
205 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
206 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
207 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
208 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
209 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
210 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
211 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
212 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
213 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
214 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
215 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
216 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
217 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
218 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
219 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
220 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
221 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
222 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
223 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
224 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
225 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
226 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
227 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
228 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
229 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
230 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
231 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
232 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
233 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
234 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
235 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
236 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
237 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
238 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
239 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
240 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
241 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
242 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
243 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
244 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
245 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
246};
247
71ea6b48
MC		 248static const unsigned char kMsg[] = { 1, 2, 3, 4 };
249
250static const unsigned char kSignature[] = {
251 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
252 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
253 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
254 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
255 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
256 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
257 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
258 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
259 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
260 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
261 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
262};
263
264/*
265 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
266 * PrivateKeyInfo.
267 */
268static const unsigned char kExampleRSAKeyPKCS8[] = {
269 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
270 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
271 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
272 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
273 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
274 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
275 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
276 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
277 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
278 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
279 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
280 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
281 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
282 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
283 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
284 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
285 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
286 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
287 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
288 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
289 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
290 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
291 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
292 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
293 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
294 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
295 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
296 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
297 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
298 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
299 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
300 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
301 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
302 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
303 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
304 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
305 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
306 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
307 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
308 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
309 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
310 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
311 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
312 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
313 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
314 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
315 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
316 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
317 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
318 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
319 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
320 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
321 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
322};
323
a9880362 324#ifndef OPENSSL_NO_EC
71ea6b48
MC		 325/*
326 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
327 * structure.
328 */
329static const unsigned char kExampleECKeyDER[] = {
330 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
331 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
332 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
333 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
334 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
335 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
336 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
337 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
338 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
339 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
340 0xc1,
341};
342
343/*
344 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
345 * structure. The private key is equal to the order and will fail to import
346 */
347static const unsigned char kExampleBadECKeyDER[] = {
348 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
349 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
350 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
351 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
352 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
353 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
354 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
355 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
356 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
357};
b0004708
PY		 358
359/* prime256v1 */
360static const unsigned char kExampleECPubKeyDER[] = {
361 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
362 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
363 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
364 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
365 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
366 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
367 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
368 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
369};
370
5dc40a83 371/*
87762939 372 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
5dc40a83
BE		 373 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
374 */
375static const unsigned char kExampleBadECPubKeyDER[] = {
376 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
377 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
378 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
379 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
380 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
381 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
382 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
383 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
384};
385
b0004708
PY		 386static const unsigned char pExampleECParamDER[] = {
387 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
388};
2cf8bb46
MC		 389
390static const unsigned char kExampleED25519KeyDER[] = {
391 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
392 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
393 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
394 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
395};
396
397static const unsigned char kExampleED25519PubKeyDER[] = {
398 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
399 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
400 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
401 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
402};
403
a983764e
MC		 404# ifndef OPENSSL_NO_DEPRECATED_3_0
405static const unsigned char kExampleX25519KeyDER[] = {
406 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
407 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
408 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
409 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
410};
411# endif
412#endif
413
414/* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
415#ifndef OPENSSL_NO_DEPRECATED_3_0
416# ifndef OPENSSL_NO_DH
417static const unsigned char kExampleDHKeyDER[] = {
418 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
419 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
420 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
421 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
422 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
423 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
424 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
425 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
426 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
427 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
428 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
429 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
430 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
431 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
432 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
433 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
434 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
435 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
436 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
437 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
438 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
439 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
440 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
441 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
442 0x2e, 0x87, 0x2a, 0x0b, 0x7a
443};
444# endif
a9880362 445#endif
71ea6b48 446
063e0197
JC		 447static const unsigned char kCFBDefaultKey[] = {
448 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
449 0x09, 0xCF, 0x4F, 0x3C
450};
451
452static const unsigned char kGCMDefaultKey[32] = { 0 };
453
454static const unsigned char kGCMResetKey[] = {
455 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
456 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
457 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
458};
459
460static const unsigned char iCFBIV[] = {
461 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
462 0x0C, 0x0D, 0x0E, 0x0F
463};
464
465static const unsigned char iGCMDefaultIV[12] = { 0 };
466
467static const unsigned char iGCMResetIV1[] = {
468 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
469};
470
471static const unsigned char iGCMResetIV2[] = {
472 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
473};
474
475static const unsigned char cfbPlaintext[] = {
476 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
477 0x73, 0x93, 0x17, 0x2A
478};
479
480static const unsigned char gcmDefaultPlaintext[16] = { 0 };
481
482static const unsigned char gcmResetPlaintext[] = {
483 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
484 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
485 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
486 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
487 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
488};
489
490static const unsigned char cfbCiphertext[] = {
491 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
492 0xE8, 0x3C, 0xFB, 0x4A
493};
494
495static const unsigned char gcmDefaultCiphertext[] = {
496 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
497 0xba, 0xf3, 0x9d, 0x18
498};
499
500static const unsigned char gcmResetCiphertext1[] = {
501 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
502 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
503 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
504 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
505 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
506};
507
508static const unsigned char gcmResetCiphertext2[] = {
509 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
510 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
511 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
512 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
513 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
514};
515
516static const unsigned char gcmAAD[] = {
517 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
518 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
519};
520
521static const unsigned char gcmDefaultTag[] = {
522 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
523 0xd4, 0x8a, 0xb9, 0x19
524};
525
526static const unsigned char gcmResetTag1[] = {
527 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
528 0xfe, 0x2e, 0xa8, 0xf2
529};
530
531static const unsigned char gcmResetTag2[] = {
532 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
533 0xbb, 0x2d, 0x55, 0x1b
534};
535
adcd8e37
RS		 536typedef struct APK_DATA_st {
537 const unsigned char *kder;
538 size_t size;
5b5eea4b 539 const char *keytype;
adcd8e37 540 int evptype;
2aee35d3 541 int check;
b0004708
PY		 542 int pub_check;
543 int param_check;
544 int type; /* 0 for private, 1 for public, 2 for params */
adcd8e37
RS		 545} APK_DATA;
546
547static APK_DATA keydata[] = {
5b5eea4b
SL		 548 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
549 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
aa24cd1b 550#ifndef OPENSSL_NO_EC
5b5eea4b 551 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
aa24cd1b 552#endif
adcd8e37
RS		 553};
554
2aee35d3 555static APK_DATA keycheckdata[] = {
2cf8bb46
MC		 556 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
557 0},
5b5eea4b 558 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
e6774a72 559 0, 1, 1, 0},
2aee35d3 560#ifndef OPENSSL_NO_EC
5b5eea4b 561 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
b0004708 562 /* group is also associated in our pub key */
2cf8bb46
MC		 563 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
564 1, 1},
565 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
566 2},
567 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
568 EVP_PKEY_ED25519, 1, 1, 1, 0},
569 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
570 EVP_PKEY_ED25519, 0, 1, 1, 1},
2aee35d3
PY		 571#endif
572};
573
d7e498ac
RL		 574static EVP_PKEY *load_example_key(const char *keytype,
575 const unsigned char *data, size_t data_len)
71ea6b48 576{
d7e498ac 577 const unsigned char **pdata = &data;
71ea6b48 578 EVP_PKEY *pkey = NULL;
d7e498ac 579 OSSL_DECODER_CTX *dctx =
fe75766c 580 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
062490db 581 testctx, testpropq);
71ea6b48 582
d7e498ac
RL		 583 /* |pkey| will be NULL on error */
584 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
585 OSSL_DECODER_CTX_free(dctx);
586 return pkey;
587}
71ea6b48 588
d7e498ac
RL		 589static EVP_PKEY *load_example_rsa_key(void)
590{
591 return load_example_key("RSA", kExampleRSAKeyDER,
592 sizeof(kExampleRSAKeyDER));
71ea6b48
MC		 593}
594
f650ab47 595#ifndef OPENSSL_NO_DSA
59d0e6c8
MC		 596static EVP_PKEY *load_example_dsa_key(void)
597{
6ed4022c
RL		 598 return load_example_key("DSA", kExampleDSAKeyDER,
599 sizeof(kExampleDSAKeyDER));
59d0e6c8 600}
f650ab47 601#endif
59d0e6c8 602
15ff7d7c
MC		 603#ifndef OPENSSL_NO_EC
604static EVP_PKEY *load_example_ec_key(void)
605{
606 return load_example_key("EC", kExampleECKeyDER,
607 sizeof(kExampleECKeyDER));
608}
609#endif
610
a983764e
MC		 611#ifndef OPENSSL_NO_DEPRECATED_3_0
612# ifndef OPENSSL_NO_DH
613static EVP_PKEY *load_example_dh_key(void)
614{
615 return load_example_key("DH", kExampleDHKeyDER,
616 sizeof(kExampleDHKeyDER));
617}
618# endif
619
620# ifndef OPENSSL_NO_EC
a983764e
MC		 621static EVP_PKEY *load_example_ed25519_key(void)
622{
623 return load_example_key("ED25519", kExampleED25519KeyDER,
624 sizeof(kExampleED25519KeyDER));
625}
626
627static EVP_PKEY *load_example_x25519_key(void)
628{
629 return load_example_key("X25519", kExampleX25519KeyDER,
630 sizeof(kExampleX25519KeyDER));
631}
632# endif
633#endif /* OPENSSL_NO_DEPRECATED_3_0 */
634
6d242fa5
MC		 635static EVP_PKEY *load_example_hmac_key(void)
636{
637 EVP_PKEY *pkey = NULL;
638 unsigned char key[] = {
639 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
640 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
641 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
642 };
643
5af6e154
TM		 644 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
645 NULL, key, sizeof(key));
6d242fa5
MC		 646 if (!TEST_ptr(pkey))
647 return NULL;
648
649 return pkey;
650}
651
f9e504e8
P		 652static int test_EVP_set_default_properties(void)
653{
b4250010 654 OSSL_LIB_CTX *ctx;
f9e504e8
P		 655 EVP_MD *md = NULL;
656 int res = 0;
657
b4250010 658 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
f9e504e8
P		 659 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
660 goto err;
661 EVP_MD_free(md);
662 md = NULL;
663
664 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
665 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
666 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
667 goto err;
668 EVP_MD_free(md);
669 md = NULL;
670
671 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
672 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
673 goto err;
674 res = 1;
675err:
676 EVP_MD_free(md);
b4250010 677 OSSL_LIB_CTX_free(ctx);
f9e504e8
P		 678 return res;
679}
680
b8a1272d
MC		 681#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
682static int test_fromdata(char *keytype, OSSL_PARAM *params)
683{
684 EVP_PKEY_CTX *pctx = NULL;
685 EVP_PKEY *pkey = NULL;
686 int testresult = 0;
687
062490db 688 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
b8a1272d 689 goto err;
2db985b7
SL		 690 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
691 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
692 params), 0))
b8a1272d
MC		 693 goto err;
694
695 if (!TEST_ptr(pkey))
696 goto err;
697
698 testresult = 1;
699 err:
700 EVP_PKEY_free(pkey);
701 EVP_PKEY_CTX_free(pctx);
702
703 return testresult;
704}
705#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
706
2c04b341 707/*
8a9394c1 708 * Test combinations of private, public, missing and private + public key
2c04b341
JS		 709 * params to ensure they are all accepted
710 */
b8a1272d 711#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
2c04b341
JS		 712static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
713{
714 OSSL_PARAM_BLD *bld = NULL;
715 OSSL_PARAM *params = NULL;
716 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2c04b341
JS		 717 int ret = 0;
718
719 /*
720 * Setup the parameters for our pkey object. For our purposes they don't
721 * have to actually be *valid* parameters. We just need to set something.
722 */
b8a1272d 723 if (!TEST_ptr(p = BN_new())
2c04b341
JS		 724 || !TEST_ptr(q = BN_new())
725 || !TEST_ptr(g = BN_new())
726 || !TEST_ptr(pub = BN_new())
727 || !TEST_ptr(priv = BN_new()))
728 goto err;
729
730 /* Test !priv and !pub */
731 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
732 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
733 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
734 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
735 goto err;
736 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
737 goto err;
738
b8a1272d 739 if (!test_fromdata(keytype, params))
2c04b341 740 goto err;
3f883c7c 741 OSSL_PARAM_free(params);
6bcbc369 742 params = NULL;
2c04b341
JS		 743 OSSL_PARAM_BLD_free(bld);
744
745 /* Test priv and !pub */
746 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
747 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
748 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
749 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
750 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
751 priv)))
752 goto err;
753 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
754 goto err;
755
b8a1272d 756 if (!test_fromdata(keytype, params))
2c04b341 757 goto err;
3f883c7c 758 OSSL_PARAM_free(params);
6bcbc369 759 params = NULL;
2c04b341
JS		 760 OSSL_PARAM_BLD_free(bld);
761
762 /* Test !priv and pub */
763 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
764 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
765 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
766 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
767 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
768 pub)))
769 goto err;
770 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
771 goto err;
772
b8a1272d 773 if (!test_fromdata(keytype, params))
2c04b341 774 goto err;
3f883c7c 775 OSSL_PARAM_free(params);
6bcbc369 776 params = NULL;
2c04b341
JS		 777 OSSL_PARAM_BLD_free(bld);
778
779 /* Test priv and pub */
780 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
781 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
782 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
783 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
784 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
785 pub))
786 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
787 priv)))
788 goto err;
789 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
790 goto err;
791
b8a1272d 792 if (!test_fromdata(keytype, params))
2c04b341
JS		 793 goto err;
794
795 ret = 1;
796 err:
3f883c7c 797 OSSL_PARAM_free(params);
2c04b341
JS		 798 OSSL_PARAM_BLD_free(bld);
799 BN_free(p);
800 BN_free(q);
801 BN_free(g);
802 BN_free(pub);
803 BN_free(priv);
804
805 return ret;
806}
8a9394c1 807#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
2c04b341 808
b8a1272d
MC		 809/*
810 * Test combinations of private, public, missing and private + public key
811 * params to ensure they are all accepted for EC keys
812 */
813#ifndef OPENSSL_NO_EC
814static unsigned char ec_priv[] = {
815 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
816 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
817 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
818};
819static unsigned char ec_pub[] = {
820 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
821 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
822 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
823 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
824 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
825 0x08, 0x09, 0xb8, 0xdb, 0x03
826};
827
828static int test_EC_priv_pub(void)
829{
830 OSSL_PARAM_BLD *bld = NULL;
831 OSSL_PARAM *params = NULL;
832 BIGNUM *priv = NULL;
833 int ret = 0;
834
835 /*
836 * Setup the parameters for our pkey object. For our purposes they don't
837 * have to actually be *valid* parameters. We just need to set something.
838 */
839 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
840 goto err;
841
842 /* Test !priv and !pub */
843 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
844 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
845 OSSL_PKEY_PARAM_GROUP_NAME,
846 "P-256", 0)))
847 goto err;
848 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
849 goto err;
850
851 if (!test_fromdata("EC", params))
852 goto err;
3f883c7c 853 OSSL_PARAM_free(params);
bfe2fcc8 854 params = NULL;
b8a1272d
MC		 855 OSSL_PARAM_BLD_free(bld);
856
857 /* Test priv and !pub */
858 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
859 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
860 OSSL_PKEY_PARAM_GROUP_NAME,
861 "P-256", 0))
862 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
863 priv)))
864 goto err;
865 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
866 goto err;
867
868 if (!test_fromdata("EC", params))
869 goto err;
3f883c7c 870 OSSL_PARAM_free(params);
bfe2fcc8 871 params = NULL;
b8a1272d
MC		 872 OSSL_PARAM_BLD_free(bld);
873
874 /* Test !priv and pub */
875 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
876 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
877 OSSL_PKEY_PARAM_GROUP_NAME,
878 "P-256", 0))
879 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
880 OSSL_PKEY_PARAM_PUB_KEY,
881 ec_pub, sizeof(ec_pub))))
882 goto err;
883 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
884 goto err;
885
886 if (!test_fromdata("EC", params))
887 goto err;
3f883c7c 888 OSSL_PARAM_free(params);
bfe2fcc8 889 params = NULL;
b8a1272d
MC		 890 OSSL_PARAM_BLD_free(bld);
891
892 /* Test priv and pub */
893 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
894 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
895 OSSL_PKEY_PARAM_GROUP_NAME,
896 "P-256", 0))
897 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
898 OSSL_PKEY_PARAM_PUB_KEY,
899 ec_pub, sizeof(ec_pub)))
d36a5dd0
MC		 900 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
901 priv)))
b8a1272d
MC		 902 goto err;
903 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
904 goto err;
905
906 if (!test_fromdata("EC", params))
907 goto err;
908
909 ret = 1;
910 err:
3f883c7c 911 OSSL_PARAM_free(params);
b8a1272d
MC		 912 OSSL_PARAM_BLD_free(bld);
913 BN_free(priv);
914
915 return ret;
916}
917
918/* Test that using a legacy EC key with only a private key in it works */
919# ifndef OPENSSL_NO_DEPRECATED_3_0
920static int test_EC_priv_only_legacy(void)
921{
922 BIGNUM *priv = NULL;
923 int ret = 0;
924 EC_KEY *eckey = NULL;
2145ba5e 925 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
b8a1272d
MC		 926 EVP_MD_CTX *ctx = NULL;
927
928 /* Create the low level EC_KEY */
929 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
930 goto err;
931
932 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
933 if (!TEST_ptr(eckey))
934 goto err;
935
936 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
937 goto err;
938
939 pkey = EVP_PKEY_new();
940 if (!TEST_ptr(pkey))
941 goto err;
942
943 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
944 goto err;
945 eckey = NULL;
946
2145ba5e
TM		 947 while (dup_pk == NULL) {
948 ret = 0;
949 ctx = EVP_MD_CTX_new();
950 if (!TEST_ptr(ctx))
951 goto err;
952
953 /*
954 * The EVP_DigestSignInit function should create the key on the
955 * provider side which is sufficient for this test.
956 */
957 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
958 testpropq, pkey, NULL)))
959 goto err;
960 EVP_MD_CTX_free(ctx);
961 ctx = NULL;
962
963 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
964 goto err;
965 /* EVP_PKEY_eq() returns -2 with missing public keys */
966 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
967 EVP_PKEY_free(pkey);
968 pkey = dup_pk;
969 if (!ret)
970 goto err;
971 }
b8a1272d
MC		 972
973 err:
974 EVP_MD_CTX_free(ctx);
975 EVP_PKEY_free(pkey);
976 EC_KEY_free(eckey);
977 BN_free(priv);
978
979 return ret;
980}
981# endif /* OPENSSL_NO_DEPRECATED_3_0 */
982#endif /* OPENSSL_NO_EC */
983
15ff7d7c
MC		 984static int test_EVP_PKEY_sign(int tst)
985{
986 int ret = 0;
987 EVP_PKEY *pkey = NULL;
988 unsigned char *sig = NULL;
989 size_t sig_len = 0, shortsig_len = 1;
990 EVP_PKEY_CTX *ctx = NULL;
991 unsigned char tbs[] = {
992 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
993 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
994 };
995
996 if (tst == 0 ) {
997 if (!TEST_ptr(pkey = load_example_rsa_key()))
998 goto out;
999 } else if (tst == 1) {
1000#ifndef OPENSSL_NO_DSA
1001 if (!TEST_ptr(pkey = load_example_dsa_key()))
1002 goto out;
1003#else
1004 ret = 1;
1005 goto out;
1006#endif
1007 } else {
1008#ifndef OPENSSL_NO_EC
1009 if (!TEST_ptr(pkey = load_example_ec_key()))
1010 goto out;
1011#else
1012 ret = 1;
1013 goto out;
1014#endif
1015 }
1016
1017 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1018 if (!TEST_ptr(ctx)
1019 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1020 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1021 sizeof(tbs)), 0))
1022 goto out;
1023 sig = OPENSSL_malloc(sig_len);
1024 if (!TEST_ptr(sig)
1025 /* Test sending a signature buffer that is too short is rejected */
1026 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1027 sizeof(tbs)), 0)
1028 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1029 0)
1030 /* Test the signature round-trips */
1031 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1032 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1033 0))
1034 goto out;
1035
1036 ret = 1;
1037 out:
1038 EVP_PKEY_CTX_free(ctx);
1039 OPENSSL_free(sig);
1040 EVP_PKEY_free(pkey);
1041 return ret;
1042}
1043
4547a719
P		 1044/*
1045 * n = 0 => test using legacy cipher
1046 * n = 1 => test using fetched cipher
1047 */
1048static int test_EVP_Enveloped(int n)
2eb2b4f3
SL		 1049{
1050 int ret = 0;
1051 EVP_CIPHER_CTX *ctx = NULL;
1052 EVP_PKEY *keypair = NULL;
1053 unsigned char *kek = NULL;
1054 unsigned char iv[EVP_MAX_IV_LENGTH];
1055 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1056 int len, kek_len, ciphertext_len, plaintext_len;
1057 unsigned char ciphertext[32], plaintext[16];
4547a719 1058 EVP_CIPHER *type = NULL;
062490db
JS		 1059
1060 if (nullprov != NULL)
1061 return TEST_skip("Test does not support a non-default library context");
1062
4547a719
P		 1063 if (n == 0)
1064 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1065 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1066 testpropq)))
1067 goto err;
2eb2b4f3
SL		 1068
1069 if (!TEST_ptr(keypair = load_example_rsa_key())
ed576acd 1070 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
2eb2b4f3
SL		 1071 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1072 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1073 &keypair, 1))
1074 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1075 msg, sizeof(msg)))
1076 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1077 &len)))
1078 goto err;
1079
1080 ciphertext_len += len;
1081
1082 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1083 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1084 ciphertext, ciphertext_len))
1085 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1086 goto err;
1087
1088 plaintext_len += len;
1089 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1090 goto err;
1091
1092 ret = 1;
1093err:
4547a719
P		 1094 if (n != 0)
1095 EVP_CIPHER_free(type);
2eb2b4f3
SL		 1096 OPENSSL_free(kek);
1097 EVP_PKEY_free(keypair);
1098 EVP_CIPHER_CTX_free(ctx);
1099 return ret;
1100}
1101
59d0e6c8 1102/*
6d242fa5
MC		 1103 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1104 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1105 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1106 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1107 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1108 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1109 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1110 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1111 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
15ff7d7c
MC		 1112 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1113 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1114 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1115 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1116 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1117 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
59d0e6c8
MC		 1118 */
1119static int test_EVP_DigestSignInit(int tst)
71ea6b48
MC		 1120{
1121 int ret = 0;
1122 EVP_PKEY *pkey = NULL;
78539b25 1123 unsigned char *sig = NULL, *sig2 = NULL;
15ff7d7c 1124 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
59d0e6c8
MC		 1125 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1126 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1127 BIO *mdbio = NULL, *membio = NULL;
1128 size_t written;
6d242fa5
MC		 1129 const EVP_MD *md;
1130 EVP_MD *mdexp = NULL;
59d0e6c8 1131
062490db
JS		 1132 if (nullprov != NULL)
1133 return TEST_skip("Test does not support a non-default library context");
1134
15ff7d7c 1135 if (tst >= 6 && tst <= 8) {
59d0e6c8
MC		 1136 membio = BIO_new(BIO_s_mem());
1137 mdbio = BIO_new(BIO_f_md());
1138 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1139 goto out;
1140 BIO_push(mdbio, membio);
1141 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1142 goto out;
1143 } else {
1144 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1145 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1146 goto out;
1147 }
71ea6b48 1148
15ff7d7c 1149 if (tst % 3 == 0) {
59d0e6c8
MC		 1150 if (!TEST_ptr(pkey = load_example_rsa_key()))
1151 goto out;
15ff7d7c 1152 } else if (tst % 3 == 1) {
f650ab47 1153#ifndef OPENSSL_NO_DSA
59d0e6c8
MC		 1154 if (!TEST_ptr(pkey = load_example_dsa_key()))
1155 goto out;
f650ab47
MC		 1156#else
1157 ret = 1;
1158 goto out;
1159#endif
6d242fa5
MC		 1160 } else {
1161 if (!TEST_ptr(pkey = load_example_hmac_key()))
1162 goto out;
59d0e6c8 1163 }
71ea6b48 1164
6d242fa5
MC		 1165 if (tst >= 3 && tst <= 5)
1166 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1167 else
1168 md = EVP_sha256();
1169
1170 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
71ea6b48 1171 goto out;
adcd8e37 1172
15ff7d7c 1173 if (tst >= 6 && tst <= 8) {
59d0e6c8
MC		 1174 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1175 goto out;
15ff7d7c 1176 } else if (tst < 6) {
59d0e6c8
MC		 1177 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1178 goto out;
1179 }
1180
15ff7d7c
MC		 1181 if (tst >= 9) {
1182 /* Determine the size of the signature. */
1183 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1184 sizeof(kMsg)))
1185 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1186 goto out;
1187 if (tst <= 11) {
1188 /* Test that supply a short sig buffer fails */
1189 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1190 sizeof(kMsg))))
1191 goto out;
1192 /*
1193 * We end here because once EVP_DigestSign() has failed you should
1194 * not call it again without re-initing the ctx
1195 */
1196 ret = 1;
1197 goto out;
1198 }
1199 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1200 sizeof(kMsg))))
1201 goto out;
1202 } else {
1203 /* Determine the size of the signature. */
1204 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1205 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1206 /*
1207 * Trying to create a signature with a deliberately short
1208 * buffer should fail.
1209 */
1210 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1211 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1212 goto out;
1213 }
71ea6b48 1214
6d242fa5
MC		 1215 /*
1216 * Ensure that the signature round-trips (Verification isn't supported for
1217 * HMAC via EVP_DigestVerify*)
1218 */
15ff7d7c
MC		 1219 if (tst % 3 != 2) {
1220 if (tst >= 6 && tst <= 8) {
78539b25
TM		 1221 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1222 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1223 goto out;
1224 }
1225
6d242fa5
MC		 1226 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1227 NULL, pkey)))
59d0e6c8 1228 goto out;
6d242fa5 1229
15ff7d7c 1230 if (tst >= 6 && tst <= 8) {
6d242fa5
MC		 1231 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1232 goto out;
1233 } else {
1234 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1235 sizeof(kMsg))))
1236 goto out;
1237 }
1238 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
59d0e6c8 1239 goto out;
78539b25
TM		 1240
1241 /* Multiple calls to EVP_DigestVerifyFinal should work */
1242 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1243 goto out;
1244 } else {
1245 /*
1246 * For HMAC a doubled call to DigestSignFinal should produce the same
1247 * value as finalization should not happen.
1248 */
1249 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1250 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1251 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1252 goto out;
1253
1254 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1255 goto out;
59d0e6c8 1256 }
71ea6b48
MC		 1257
1258 ret = 1;
1259
1260 out:
59d0e6c8
MC		 1261 BIO_free(membio);
1262 BIO_free(mdbio);
1263 EVP_MD_CTX_free(a_md_ctx);
1264 EVP_MD_CTX_free(a_md_ctx_verify);
c5ba2d99 1265 EVP_PKEY_free(pkey);
b548a1f1 1266 OPENSSL_free(sig);
78539b25 1267 OPENSSL_free(sig2);
6d242fa5 1268 EVP_MD_free(mdexp);
71ea6b48
MC		 1269
1270 return ret;
1271}
1272
1273static int test_EVP_DigestVerifyInit(void)
1274{
1275 int ret = 0;
1276 EVP_PKEY *pkey = NULL;
adcd8e37 1277 EVP_MD_CTX *md_ctx = NULL;
71ea6b48 1278
062490db
JS		 1279 if (nullprov != NULL)
1280 return TEST_skip("Test does not support a non-default library context");
1281
adcd8e37
RS		 1282 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1283 || !TEST_ptr(pkey = load_example_rsa_key()))
1284 goto out;
71ea6b48 1285
adcd8e37
RS		 1286 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1287 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1288 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
1289 sizeof(kSignature))))
71ea6b48 1290 goto out;
71ea6b48
MC		 1291 ret = 1;
1292
1293 out:
bfb0641f 1294 EVP_MD_CTX_free(md_ctx);
c5ba2d99 1295 EVP_PKEY_free(pkey);
71ea6b48
MC		 1296 return ret;
1297}
1298
8d8dd09b
TM		 1299/*
1300 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1301 */
1302static int test_EVP_Digest(void)
1303{
1304 int ret = 0;
1305 EVP_MD_CTX *md_ctx = NULL;
1306 unsigned char md[EVP_MAX_MD_SIZE];
062490db
JS		 1307 EVP_MD *sha256 = NULL;
1308 EVP_MD *shake256 = NULL;
8d8dd09b
TM		 1309
1310 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1311 goto out;
1312
062490db
JS		 1313 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1314 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1315 goto out;
1316
1317 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
8d8dd09b
TM		 1318 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1319 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1320 /* EVP_DigestFinal resets the EVP_MD_CTX. */
f6c95e46 1321 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
8d8dd09b
TM		 1322 goto out;
1323
062490db 1324 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
8d8dd09b
TM		 1325 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1326 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1327 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
f6c95e46 1328 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
8d8dd09b
TM		 1329 /*
1330 * EVP_DigestInit_ex with NULL type should work on
1331 * pre-initialized context.
1332 */
1333 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1334 goto out;
1335
062490db 1336 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
8d8dd09b
TM		 1337 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1338 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1339 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
f6c95e46 1340 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
8d8dd09b
TM		 1341 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1342 goto out;
1343 ret = 1;
1344
1345 out:
1346 EVP_MD_CTX_free(md_ctx);
062490db
JS		 1347 EVP_MD_free(sha256);
1348 EVP_MD_free(shake256);
8d8dd09b
TM		 1349 return ret;
1350}
1351
adcd8e37 1352static int test_d2i_AutoPrivateKey(int i)
71ea6b48
MC		 1353{
1354 int ret = 0;
1355 const unsigned char *p;
1356 EVP_PKEY *pkey = NULL;
adcd8e37
RS		 1357 const APK_DATA *ak = &keydata[i];
1358 const unsigned char *input = ak->kder;
1359 size_t input_len = ak->size;
1360 int expected_id = ak->evptype;
71ea6b48
MC		 1361
1362 p = input;
adcd8e37
RS		 1363 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1364 || !TEST_ptr_eq(p, input + input_len)
ed576acd 1365 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
71ea6b48 1366 goto done;
71ea6b48
MC		 1367
1368 ret = 1;
1369
1370 done:
c5ba2d99 1371 EVP_PKEY_free(pkey);
71ea6b48
MC		 1372 return ret;
1373}
1374
a9880362 1375#ifndef OPENSSL_NO_EC
cad8347b
SL		 1376
1377static const unsigned char ec_public_sect163k1_validxy[] = {
1378 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1379 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1380 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1381 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1382 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1383 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1384};
1385
1386static const unsigned char ec_public_sect163k1_badx[] = {
1387 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1388 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1389 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1390 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1391 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1392 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1393};
1394
1395static const unsigned char ec_public_sect163k1_bady[] = {
1396 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1397 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1398 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1399 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1400 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1401 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1402};
1403
1404static struct ec_der_pub_keys_st {
1405 const unsigned char *der;
1406 size_t len;
1407 int valid;
1408} ec_der_pub_keys[] = {
1409 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1410 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1411 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1412};
1413
1414/*
1415 * Tests the range of the decoded EC char2 public point.
1416 * See ec_GF2m_simple_oct2point().
1417 */
1418static int test_invalide_ec_char2_pub_range_decode(int id)
1419{
1420 int ret = 0;
5b5eea4b 1421 EVP_PKEY *pkey;
cad8347b 1422
5b5eea4b
SL		 1423 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1424 ec_der_pub_keys[id].len);
1425
1426 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1427 || TEST_ptr_null(pkey);
1428 EVP_PKEY_free(pkey);
cad8347b
SL		 1429 return ret;
1430}
1431
71ea6b48
MC		 1432/* Tests loading a bad key in PKCS8 format */
1433static int test_EVP_PKCS82PKEY(void)
1434{
1435 int ret = 0;
1436 const unsigned char *derp = kExampleBadECKeyDER;
1437 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1438 EVP_PKEY *pkey = NULL;
1439
adcd8e37
RS		 1440 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1441 sizeof(kExampleBadECKeyDER))))
1442 goto done;
71ea6b48 1443
adcd8e37
RS		 1444 if (!TEST_ptr_eq(derp,
1445 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
71ea6b48 1446 goto done;
71ea6b48 1447
adcd8e37 1448 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
71ea6b48 1449 goto done;
71ea6b48
MC		 1450
1451 ret = 1;
1452
1453 done:
e0e920b1 1454 PKCS8_PRIV_KEY_INFO_free(p8inf);
c5ba2d99 1455 EVP_PKEY_free(pkey);
71ea6b48
MC		 1456
1457 return ret;
1458}
8be513ae 1459
a9880362 1460#endif
8be513ae
DB		 1461static int test_EVP_PKCS82PKEY_wrong_tag(void)
1462{
1463 EVP_PKEY *pkey = NULL;
1464 EVP_PKEY *pkey2 = NULL;
1465 BIO *membio = NULL;
1466 char *membuf = NULL;
1467 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1468 int ok = 0;
1469
1470 if (testctx != NULL)
1471 /* test not supported with non-default context */
1472 return 1;
1473
1474 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1475 || !TEST_ptr(pkey = load_example_rsa_key())
1476 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1477 NULL, 0, NULL, NULL),
1478 0)
1479 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1480 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1481 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
5d8ad7d3 1482 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
8be513ae
DB		 1483 goto done;
1484 }
1485
1486 ok = 1;
1487 done:
1488 EVP_PKEY_free(pkey);
1489 EVP_PKEY_free(pkey2);
1490 PKCS8_PRIV_KEY_INFO_free(p8inf);
1491 BIO_free_all(membio);
1492 return ok;
1493}
71ea6b48 1494
29c49b25
RL		 1495/* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1496static int test_privatekey_to_pkcs8(void)
1497{
1498 EVP_PKEY *pkey = NULL;
1499 BIO *membio = NULL;
1500 char *membuf = NULL;
e2cc68c8 1501 long membuf_len = 0;
29c49b25
RL		 1502 int ok = 0;
1503
1504 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1505 || !TEST_ptr(pkey = load_example_rsa_key())
1506 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1507 NULL, 0, NULL, NULL),
1508 0)
e2cc68c8
SL		 1509 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1510 || !TEST_ptr(membuf)
1511 || !TEST_mem_eq(membuf, (size_t)membuf_len,
29c49b25
RL		 1512 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1513 /*
1514 * We try to write PEM as well, just to see that it doesn't err, but
1515 * assume that the result is correct.
1516 */
1517 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1518 NULL, 0, NULL, NULL),
1519 0))
1520 goto done;
1521
1522 ok = 1;
1523 done:
1524 EVP_PKEY_free(pkey);
1525 BIO_free_all(membio);
1526 return ok;
1527}
1528
f0c62c53
RL		 1529#ifndef OPENSSL_NO_EC
1530static const struct {
1531 int encoding;
1532 const char *encoding_name;
1533} ec_encodings[] = {
1534 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1535 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1536};
1537
1538static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1539{
1540 const OSSL_PARAM *p;
1541 const char *enc_name = NULL;
1542 int *enc = arg;
1543 size_t i;
1544
1545 *enc = -1;
1546
1547 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1548 OSSL_PKEY_PARAM_EC_ENCODING))
1549 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1550 return 0;
1551
1552 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1553 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1554 *enc = ec_encodings[i].encoding;
1555 break;
1556 }
1557 }
1558
1559 return (*enc != -1);
1560}
1561
1562static int test_EC_keygen_with_enc(int idx)
1563{
1564 EVP_PKEY *params = NULL, *key = NULL;
1565 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1566 int enc;
1567 int ret = 0;
1568
1569 enc = ec_encodings[idx].encoding;
1570
1571 /* Create key parameters */
1572 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1573 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
1574 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
1575 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1576 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
1577 || !TEST_ptr(params))
1578 goto done;
1579
1580 /* Create key */
1581 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1582 || !TEST_true(EVP_PKEY_keygen_init(kctx))
1583 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1584 || !TEST_ptr(key))
1585 goto done;
1586
1587 /* Check that the encoding got all the way into the key */
1588 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1589 ec_export_get_encoding_cb, &enc))
1590 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1591 goto done;
1592
1593 ret = 1;
1594 done:
1595 EVP_PKEY_free(key);
1596 EVP_PKEY_free(params);
1597 EVP_PKEY_CTX_free(kctx);
1598 EVP_PKEY_CTX_free(pctx);
1599 return ret;
1600}
1601#endif
1602
f844f9eb 1603#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
ddb634fe 1604
a6c4cb84
JL		 1605static int test_EVP_SM2_verify(void)
1606{
a6c4cb84 1607 const char *pubkey =
d0b79f86
PY		 1608 "-----BEGIN PUBLIC KEY-----\n"
1609 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1610 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1611 "-----END PUBLIC KEY-----\n";
a6c4cb84
JL		 1612
1613 const char *msg = "message digest";
1614 const char *id = "ALICE123@YAHOO.COM";
1615
1616 const uint8_t signature[] = {
d0b79f86
PY		 1617 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1618 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1619 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1620 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1621 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1622 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1623 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
a6c4cb84
JL		 1624 };
1625
1626 int rc = 0;
1627 BIO *bio = NULL;
1628 EVP_PKEY *pkey = NULL;
1629 EVP_MD_CTX *mctx = NULL;
1630 EVP_PKEY_CTX *pctx = NULL;
062490db 1631 EVP_MD *sm3 = NULL;
a6c4cb84
JL		 1632
1633 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1634 if (!TEST_true(bio != NULL))
1635 goto done;
1636
062490db 1637 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
a6c4cb84
JL		 1638 if (!TEST_true(pkey != NULL))
1639 goto done;
1640
8a288609 1641 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
a6c4cb84
JL		 1642 goto done;
1643
1644 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1645 goto done;
1646
062490db 1647 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
a6c4cb84
JL		 1648 goto done;
1649
a6c4cb84
JL		 1650 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1651
062490db
JS		 1652 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1653 goto done;
1654
1655 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
a6c4cb84
JL		 1656 goto done;
1657
d0b79f86
PY		 1658 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1659 goto done;
1660
a6c4cb84
JL		 1661 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1662 goto done;
1663
1664 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
1665 goto done;
1666 rc = 1;
1667
1668 done:
1669 BIO_free(bio);
1670 EVP_PKEY_free(pkey);
1671 EVP_PKEY_CTX_free(pctx);
1672 EVP_MD_CTX_free(mctx);
062490db 1673 EVP_MD_free(sm3);
a6c4cb84
JL		 1674 return rc;
1675}
1676
ddb634fe
JL		 1677static int test_EVP_SM2(void)
1678{
1679 int ret = 0;
1680 EVP_PKEY *pkey = NULL;
bfb56a97 1681 EVP_PKEY *pkeyparams = NULL;
ddb634fe
JL		 1682 EVP_PKEY_CTX *pctx = NULL;
1683 EVP_PKEY_CTX *kctx = NULL;
4803717f 1684 EVP_PKEY_CTX *sctx = NULL;
ddb634fe
JL		 1685 size_t sig_len = 0;
1686 unsigned char *sig = NULL;
1687 EVP_MD_CTX *md_ctx = NULL;
1688 EVP_MD_CTX *md_ctx_verify = NULL;
1689 EVP_PKEY_CTX *cctx = NULL;
42423ac9 1690 EVP_MD *check_md = NULL;
ddb634fe
JL		 1691
1692 uint8_t ciphertext[128];
1693 size_t ctext_len = sizeof(ciphertext);
1694
1695 uint8_t plaintext[8];
1696 size_t ptext_len = sizeof(plaintext);
1697
4803717f
PY		 1698 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1699
bfb56a97
MC		 1700 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1701 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1702 int i;
a0fff549 1703 char mdname[OSSL_MAX_NAME_SIZE];
bfb56a97 1704
42423ac9
RL		 1705 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
1706 "SM2", testpropq)))
ddb634fe
JL		 1707 goto done;
1708
1709 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1710 goto done;
1711
1712 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1713 goto done;
1714
bfb56a97 1715 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
ddb634fe
JL		 1716 goto done;
1717
42423ac9
RL		 1718 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1719 pkeyparams, testpropq)))
ddb634fe
JL		 1720 goto done;
1721
1722 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1723 goto done;
1724
1725 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1726 goto done;
1727
ddb634fe
JL		 1728 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1729 goto done;
1730
1731 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1732 goto done;
1733
062490db 1734 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
4803717f
PY		 1735 goto done;
1736
1737 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1738 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1739
42423ac9 1740 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
062490db
JS		 1741 goto done;
1742
42423ac9 1743 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
4803717f
PY		 1744 goto done;
1745
d0b79f86 1746 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
ddb634fe
JL		 1747 goto done;
1748
42423ac9 1749 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
ddb634fe
JL		 1750 goto done;
1751
1752 /* Determine the size of the signature. */
1753 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1754 goto done;
1755
ddb634fe
JL		 1756 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1757 goto done;
1758
1759 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1760 goto done;
1761
1762 /* Ensure that the signature round-trips. */
1763
42423ac9
RL		 1764 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1765 pkey)))
ddb634fe
JL		 1766 goto done;
1767
d0b79f86
PY		 1768 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1769 goto done;
1770
ddb634fe
JL		 1771 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1772 goto done;
1773
1774 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1775 goto done;
1776
1777 /* now check encryption/decryption */
1778
bfb56a97
MC		 1779 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1780 mdname, sizeof(mdname));
1781 for (i = 0; i < 2; i++) {
42423ac9
RL		 1782 const char *mdnames[] = {
1783#ifndef OPENSSL_NO_SM3
1784 "SM3",
1785#else
1786 NULL,
1787#endif
1788 "SHA2-256" };
bfb56a97 1789 EVP_PKEY_CTX_free(cctx);
ddb634fe 1790
42423ac9
RL		 1791 if (mdnames[i] == NULL)
1792 continue;
1793
1794 sparams[0] =
1795 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1796 (char *)mdnames[i], 0);
ddb634fe 1797
42423ac9
RL		 1798 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1799 pkey, testpropq)))
bfb56a97 1800 goto done;
ddb634fe 1801
bfb56a97
MC		 1802 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1803 goto done;
ddb634fe 1804
bfb56a97
MC		 1805 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1806 goto done;
ddb634fe 1807
bfb56a97
MC		 1808 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1809 sizeof(kMsg))))
1810 goto done;
ddb634fe 1811
bfb56a97
MC		 1812 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1813 goto done;
1814
1815 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1816 goto done;
1817
1818 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1819 ctext_len)))
1820 goto done;
1821
1822 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1823 goto done;
1824
42423ac9
RL		 1825 /*
1826 * Test we're still using the digest we think we are.
1827 * Because of aliases, the easiest is to fetch the digest and
1828 * check the name with EVP_MD_is_a().
1829 */
1830 EVP_MD_free(check_md);
1831 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
bfb56a97 1832 goto done;
42423ac9
RL		 1833 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
1834 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
bfb56a97 1835 goto done;
42423ac9 1836 }
bfb56a97
MC		 1837
1838 if (!TEST_true(ptext_len == sizeof(kMsg)))
1839 goto done;
1840
1841 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1842 goto done;
1843 }
ddb634fe
JL		 1844
1845 ret = 1;
1846done:
1847 EVP_PKEY_CTX_free(pctx);
1848 EVP_PKEY_CTX_free(kctx);
4803717f 1849 EVP_PKEY_CTX_free(sctx);
ddb634fe
JL		 1850 EVP_PKEY_CTX_free(cctx);
1851 EVP_PKEY_free(pkey);
bfb56a97 1852 EVP_PKEY_free(pkeyparams);
ddb634fe
JL		 1853 EVP_MD_CTX_free(md_ctx);
1854 EVP_MD_CTX_free(md_ctx_verify);
42423ac9 1855 EVP_MD_free(check_md);
ddb634fe
JL		 1856 OPENSSL_free(sig);
1857 return ret;
1858}
1859
1860#endif
1861
bb5f281a
MC		 1862static struct keys_st {
1863 int type;
1864 char *priv;
1865 char *pub;
1866} keys[] = {
1867 {
1868 EVP_PKEY_HMAC, "0123456789", NULL
92b83537
TM		 1869 },
1870 {
1871 EVP_PKEY_HMAC, "", NULL
5af6e154 1872#ifndef OPENSSL_NO_POLY1305
bb5f281a
MC		 1873 }, {
1874 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
5af6e154
TM		 1875#endif
1876#ifndef OPENSSL_NO_SIPHASH
bb5f281a
MC		 1877 }, {
1878 EVP_PKEY_SIPHASH, "0123456789012345", NULL
5af6e154 1879#endif
896dcb80
MC		 1880 },
1881#ifndef OPENSSL_NO_EC
1882 {
bb5f281a
MC		 1883 EVP_PKEY_X25519, "01234567890123456789012345678901",
1884 "abcdefghijklmnopqrstuvwxyzabcdef"
1885 }, {
1886 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1887 "abcdefghijklmnopqrstuvwxyzabcdef"
1888 }, {
1889 EVP_PKEY_X448,
1890 "01234567890123456789012345678901234567890123456789012345",
1891 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1892 }, {
1893 EVP_PKEY_ED448,
1894 "012345678901234567890123456789012345678901234567890123456",
1895 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1896 }
896dcb80 1897#endif
bb5f281a
MC		 1898};
1899
86dc26ba 1900static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
bb5f281a
MC		 1901{
1902 int ret = 0;
1903 unsigned char buf[80];
1904 unsigned char *in;
15ff7d7c 1905 size_t inlen, len = 0, shortlen = 1;
bb5f281a
MC		 1906 EVP_PKEY *pkey;
1907
1908 /* Check if this algorithm supports public keys */
5af6e154 1909 if (pub && keys[tst].pub == NULL)
bb5f281a
MC		 1910 return 1;
1911
1912 memset(buf, 0, sizeof(buf));
1913
1914 if (pub) {
5af6e154 1915#ifndef OPENSSL_NO_EC
bb5f281a
MC		 1916 inlen = strlen(keys[tst].pub);
1917 in = (unsigned char *)keys[tst].pub;
86dc26ba 1918 if (uselibctx) {
d8652be0 1919 pkey = EVP_PKEY_new_raw_public_key_ex(
86dc26ba
MC		 1920 testctx,
1921 OBJ_nid2sn(keys[tst].type),
1922 NULL,
1923 in,
1924 inlen);
1925 } else {
1926 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1927 NULL,
1928 in,
1929 inlen);
1930 }
5af6e154
TM		 1931#else
1932 return 1;
1933#endif
bb5f281a
MC		 1934 } else {
1935 inlen = strlen(keys[tst].priv);
1936 in = (unsigned char *)keys[tst].priv;
86dc26ba 1937 if (uselibctx) {
d8652be0 1938 pkey = EVP_PKEY_new_raw_private_key_ex(
86dc26ba
MC		 1939 testctx, OBJ_nid2sn(keys[tst].type),
1940 NULL,
1941 in,
1942 inlen);
1943 } else {
1944 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1945 NULL,
1946 in,
1947 inlen);
1948 }
bb5f281a
MC		 1949 }
1950
1951 if (!TEST_ptr(pkey)
5af6e154 1952 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
bb5f281a
MC		 1953 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1954 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
15ff7d7c
MC		 1955 || !TEST_true(len == inlen))
1956 goto done;
1957 if (tst != 1) {
1958 /*
1959 * Test that supplying a buffer that is too small fails. Doesn't apply
1960 * to HMAC with a zero length key
1961 */
1962 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
1963 &shortlen)))
1964 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
1965 &shortlen))))
1966 goto done;
1967 }
1968 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
bb5f281a
MC		 1969 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1970 || !TEST_mem_eq(in, inlen, buf, len))
1971 goto done;
1972
1973 ret = 1;
1974 done:
1975 EVP_PKEY_free(pkey);
1976 return ret;
1977}
1978
1979static int test_set_get_raw_keys(int tst)
1980{
5af6e154 1981 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
86dc26ba 1982 && test_set_get_raw_keys_int(tst, 0, 1)
5af6e154 1983 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
86dc26ba 1984 && test_set_get_raw_keys_int(tst, 1, 1);
bb5f281a
MC		 1985}
1986
41bbba53 1987#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3
PY		 1988static int pkey_custom_check(EVP_PKEY *pkey)
1989{
1990 return 0xbeef;
1991}
1992
b0004708
PY		 1993static int pkey_custom_pub_check(EVP_PKEY *pkey)
1994{
1995 return 0xbeef;
1996}
1997
1998static int pkey_custom_param_check(EVP_PKEY *pkey)
1999{
2000 return 0xbeef;
2001}
2002
2aee35d3 2003static EVP_PKEY_METHOD *custom_pmeth;
41bbba53 2004#endif
2aee35d3
PY		 2005
2006static int test_EVP_PKEY_check(int i)
2007{
2008 int ret = 0;
2aee35d3
PY		 2009 EVP_PKEY *pkey = NULL;
2010 EVP_PKEY_CTX *ctx = NULL;
41bbba53 2011#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3 2012 EVP_PKEY_CTX *ctx2 = NULL;
41bbba53 2013#endif
2aee35d3
PY		 2014 const APK_DATA *ak = &keycheckdata[i];
2015 const unsigned char *input = ak->kder;
2016 size_t input_len = ak->size;
2017 int expected_id = ak->evptype;
2018 int expected_check = ak->check;
b0004708
PY		 2019 int expected_pub_check = ak->pub_check;
2020 int expected_param_check = ak->param_check;
2021 int type = ak->type;
b0004708 2022
5b5eea4b
SL		 2023 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
2024 goto done;
2025 if (type == 0
ed576acd 2026 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
5b5eea4b 2027 goto done;
2aee35d3 2028
062490db 2029 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2aee35d3
PY		 2030 goto done;
2031
b0004708
PY		 2032 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
2033 goto done;
2034
2035 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
2036 goto done;
2037
2038 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
2039 goto done;
2aee35d3 2040
41bbba53 2041#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3
PY		 2042 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
2043 /* assign the pkey directly, as an internal test */
2044 EVP_PKEY_up_ref(pkey);
2045 ctx2->pkey = pkey;
2046
2047 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
2048 goto done;
2049
b0004708
PY		 2050 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
2051 goto done;
2052
2053 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
2054 goto done;
41bbba53 2055#endif
b0004708 2056
2aee35d3
PY		 2057 ret = 1;
2058
2059 done:
2060 EVP_PKEY_CTX_free(ctx);
41bbba53 2061#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3 2062 EVP_PKEY_CTX_free(ctx2);
41bbba53 2063#endif
2aee35d3
PY		 2064 EVP_PKEY_free(pkey);
2065 return ret;
2066}
2067
fab8fde3 2068#ifndef OPENSSL_NO_CMAC
e5bc0ce2
MC		 2069static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
2070{
2071 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
2072 const char msg[] = "Hello World";
2073 size_t maclen;
2074 int ret = 1;
2075
2076 if (!TEST_ptr(mdctx)
062490db
JS		 2077 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
2078 testpropq, pkey, NULL))
e5bc0ce2
MC		 2079 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
2080 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
2081 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
2082 ret = 0;
2083
2084 EVP_MD_CTX_free(mdctx);
2085
2086 return ret;
2087}
a87820e1
RL		 2088static int test_CMAC_keygen(void)
2089{
e5bc0ce2
MC		 2090 static unsigned char key[] = {
2091 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2092 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2093 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2094 };
062490db 2095 EVP_PKEY_CTX *kctx = NULL;
a87820e1 2096 int ret = 0;
e5bc0ce2 2097 EVP_PKEY *pkey = NULL;
a3d267f1
RS		 2098 unsigned char mac[AES_BLOCK_SIZE];
2099# if !defined(OPENSSL_NO_DEPRECATED_3_0)
2100 unsigned char mac2[AES_BLOCK_SIZE];
2101# endif
e5bc0ce2 2102
062490db
JS		 2103 if (nullprov != NULL)
2104 return TEST_skip("Test does not support a non-default library context");
2105
2106 /*
2107 * This is a legacy method for CMACs, but should still work.
2108 * This verifies that it works without an ENGINE.
2109 */
2110 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2111
e5bc0ce2
MC		 2112 /* Test a CMAC key created using the "generated" method */
2113 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2114 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2115 EVP_PKEY_CTRL_CIPHER,
2116 0, (void *)EVP_aes_256_ecb()), 0)
2117 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2118 EVP_PKEY_CTRL_SET_MAC_KEY,
2119 sizeof(key), (void *)key), 0)
2120 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2121 || !TEST_ptr(pkey)
2122 || !TEST_true(get_cmac_val(pkey, mac)))
2123 goto done;
a87820e1 2124
a3d267f1 2125# if !defined(OPENSSL_NO_DEPRECATED_3_0)
e5bc0ce2
MC		 2126 EVP_PKEY_free(pkey);
2127
2128 /*
2129 * Test a CMAC key using the direct method, and compare with the mac
2130 * created above.
2131 */
2132 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
2133 if (!TEST_ptr(pkey)
2134 || !TEST_true(get_cmac_val(pkey, mac2))
2135 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
a87820e1 2136 goto done;
a3d267f1 2137# endif
e5bc0ce2 2138
a87820e1
RL		 2139 ret = 1;
2140
2141 done:
e5bc0ce2 2142 EVP_PKEY_free(pkey);
a87820e1
RL		 2143 EVP_PKEY_CTX_free(kctx);
2144 return ret;
2145}
fab8fde3 2146#endif
a87820e1 2147
10d5b415
MC		 2148static int test_HKDF(void)
2149{
2150 EVP_PKEY_CTX *pctx;
2151 unsigned char out[20];
2152 size_t outlen;
2153 int i, ret = 0;
2154 unsigned char salt[] = "0123456789";
2155 unsigned char key[] = "012345678901234567890123456789";
2156 unsigned char info[] = "infostring";
2157 const unsigned char expected[] = {
2158 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2159 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2160 };
2161 size_t expectedlen = sizeof(expected);
2162
062490db 2163 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
10d5b415
MC		 2164 goto done;
2165
2166 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2167 for (i = 0; i < 2; i++) {
2168 outlen = sizeof(out);
2169 memset(out, 0, outlen);
2170
2171 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2172 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2173 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2174 sizeof(salt) - 1), 0)
2175 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2176 sizeof(key) - 1), 0)
2177 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2178 sizeof(info) - 1), 0)
2179 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2180 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2181 goto done;
2182 }
2183
2184 ret = 1;
2185
2186 done:
2187 EVP_PKEY_CTX_free(pctx);
2188
2189 return ret;
2190}
2191
2cd3ebc7
BK		 2192static int test_emptyikm_HKDF(void)
2193{
2194 EVP_PKEY_CTX *pctx;
2195 unsigned char out[20];
2196 size_t outlen;
2197 int ret = 0;
2198 unsigned char salt[] = "9876543210";
2199 unsigned char key[] = "";
2200 unsigned char info[] = "stringinfo";
2201 const unsigned char expected[] = {
2202 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2203 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2204 };
2205 size_t expectedlen = sizeof(expected);
2206
062490db 2207 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2cd3ebc7
BK		 2208 goto done;
2209
2210 outlen = sizeof(out);
2211 memset(out, 0, outlen);
2212
2213 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2214 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2215 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2216 sizeof(salt) - 1), 0)
2217 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2218 sizeof(key) - 1), 0)
2219 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2220 sizeof(info) - 1), 0)
2221 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2222 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2223 goto done;
2224
2225 ret = 1;
2226
2227 done:
2228 EVP_PKEY_CTX_free(pctx);
2229
2230 return ret;
2231}
2232
5dc40a83
BE		 2233#ifndef OPENSSL_NO_EC
2234static int test_X509_PUBKEY_inplace(void)
2235{
808c63c5 2236 int ret = 0;
62653483 2237 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
808c63c5
P		 2238 const unsigned char *p = kExampleECPubKeyDER;
2239 size_t input_len = sizeof(kExampleECPubKeyDER);
5dc40a83 2240
62653483
MC		 2241 if (!TEST_ptr(xp))
2242 goto done;
2243 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
808c63c5 2244 goto done;
5dc40a83 2245
808c63c5
P		 2246 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2247 goto done;
5dc40a83 2248
808c63c5
P		 2249 p = kExampleBadECPubKeyDER;
2250 input_len = sizeof(kExampleBadECPubKeyDER);
5dc40a83 2251
808c63c5
P		 2252 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2253 goto done;
5dc40a83 2254
808c63c5
P		 2255 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2256 goto done;
5dc40a83 2257
808c63c5 2258 ret = 1;
5dc40a83 2259
808c63c5
P		 2260 done:
2261 X509_PUBKEY_free(xp);
2262 return ret;
2263}
2264
2265static int test_X509_PUBKEY_dup(void)
2266{
2267 int ret = 0;
2268 X509_PUBKEY *xp = NULL, *xq = NULL;
2269 const unsigned char *p = kExampleECPubKeyDER;
2270 size_t input_len = sizeof(kExampleECPubKeyDER);
2271
62653483
MC		 2272 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2273 if (!TEST_ptr(xp)
2274 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
808c63c5
P		 2275 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2276 || !TEST_ptr_ne(xp, xq))
2277 goto done;
2278
2279 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2280 || !TEST_ptr(X509_PUBKEY_get0(xp))
2281 || !TEST_ptr_eq(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
2282 goto done;
2283
2284 X509_PUBKEY_free(xq);
2285 xq = NULL;
2286 p = kExampleBadECPubKeyDER;
2287 input_len = sizeof(kExampleBadECPubKeyDER);
2288
2289 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2290 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2291 goto done;
2292
2293 X509_PUBKEY_free(xp);
2294 xp = NULL;
2295 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2296 goto done;
2297
2298 ret = 1;
2299
2300 done:
2301 X509_PUBKEY_free(xp);
2302 X509_PUBKEY_free(xq);
2303 return ret;
5dc40a83 2304}
7bb82f92 2305#endif /* OPENSSL_NO_EC */
784883fc 2306
9c45222d 2307/* Test getting and setting parameters on an EVP_PKEY_CTX */
f54a4101 2308static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
9c45222d 2309{
9a071fef 2310 EVP_MD_CTX *mdctx = NULL;
9c45222d 2311 EVP_PKEY_CTX *ctx = NULL;
9c45222d 2312 const OSSL_PARAM *params;
00bc1ad9 2313 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
9c45222d
MC		 2314 int ret = 0;
2315 const EVP_MD *md;
00bc1ad9 2316 char mdname[OSSL_MAX_NAME_SIZE];
9a071fef 2317 char ssl3ms[48];
9c45222d 2318
9c45222d 2319 /* Initialise a sign operation */
062490db 2320 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
9c45222d 2321 if (!TEST_ptr(ctx)
c9c4a356 2322 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
9c45222d
MC		 2323 goto err;
2324
2325 /*
f54a4101 2326 * We should be able to query the parameters now.
9c45222d
MC		 2327 */
2328 params = EVP_PKEY_CTX_settable_params(ctx);
2329 if (!TEST_ptr(params)
0cb3f4f9
RL		 2330 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2331 OSSL_SIGNATURE_PARAM_DIGEST)))
9c45222d
MC		 2332 goto err;
2333
9c45222d
MC		 2334 params = EVP_PKEY_CTX_gettable_params(ctx);
2335 if (!TEST_ptr(params)
0cb3f4f9
RL		 2336 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2337 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
0cb3f4f9
RL		 2338 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2339 OSSL_SIGNATURE_PARAM_DIGEST)))
9c45222d
MC		 2340 goto err;
2341
2342 /*
2343 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2344 * EVP_PKEY_CTX_get_params()
2345 */
00bc1ad9
RL		 2346 strcpy(mdname, "SHA512");
2347 param_md = param;
2348 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2349 mdname, 0);
9c45222d
MC		 2350 *param++ = OSSL_PARAM_construct_end();
2351
2352 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2353 goto err;
2354
00bc1ad9
RL		 2355 mdname[0] = '\0';
2356 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2357 mdname, sizeof(mdname));
9c45222d 2358 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
00bc1ad9 2359 || !TEST_str_eq(mdname, "SHA512"))
9c45222d
MC		 2360 goto err;
2361
2362 /*
2363 * Test the TEST_PKEY_CTX_set_signature_md() and
2364 * TEST_PKEY_CTX_get_signature_md() functions
2365 */
2366 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2367 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2368 || !TEST_ptr_eq(md, EVP_sha256()))
2369 goto err;
2370
9a071fef
MC		 2371 /*
2372 * Test getting MD parameters via an associated EVP_PKEY_CTX
2373 */
2374 mdctx = EVP_MD_CTX_new();
2375 if (!TEST_ptr(mdctx)
062490db 2376 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
af6171b3 2377 pkey, NULL)))
9a071fef
MC		 2378 goto err;
2379
2380 /*
2381 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2382 * able to obtain the digest's settable parameters from the provider.
2383 */
2384 params = EVP_MD_CTX_settable_params(mdctx);
2385 if (!TEST_ptr(params)
2386 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2387 /* The final key should be NULL */
2388 || !TEST_ptr_null(params[1].key))
2389 goto err;
2390
2391 param = ourparams;
2392 memset(ssl3ms, 0, sizeof(ssl3ms));
2393 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2394 ssl3ms, sizeof(ssl3ms));
2395 *param++ = OSSL_PARAM_construct_end();
2396
2397 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2398 goto err;
2399
9c45222d
MC		 2400 ret = 1;
2401
2402 err:
9a071fef 2403 EVP_MD_CTX_free(mdctx);
9c45222d 2404 EVP_PKEY_CTX_free(ctx);
f54a4101
RL		 2405
2406 return ret;
2407}
2408
2409#ifndef OPENSSL_NO_DSA
2410static int test_DSA_get_set_params(void)
2411{
6ed4022c
RL		 2412 OSSL_PARAM_BLD *bld = NULL;
2413 OSSL_PARAM *params = NULL;
f54a4101 2414 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
6ed4022c 2415 EVP_PKEY_CTX *pctx = NULL;
f54a4101
RL		 2416 EVP_PKEY *pkey = NULL;
2417 int ret = 0;
2418
2419 /*
2420 * Setup the parameters for our DSA object. For our purposes they don't
2421 * have to actually be *valid* parameters. We just need to set something.
2422 */
6ed4022c
RL		 2423 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2424 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2425 || !TEST_ptr(p = BN_new())
2426 || !TEST_ptr(q = BN_new())
2427 || !TEST_ptr(g = BN_new())
2428 || !TEST_ptr(pub = BN_new())
2429 || !TEST_ptr(priv = BN_new()))
2430 goto err;
2431 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2432 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2433 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2434 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2435 pub))
2436 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2437 priv)))
2438 goto err;
2439 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
f54a4101 2440 goto err;
f54a4101 2441
2db985b7
SL		 2442 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2443 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2444 params), 0))
f54a4101
RL		 2445 goto err;
2446
6ed4022c
RL		 2447 if (!TEST_ptr(pkey))
2448 goto err;
f54a4101
RL		 2449
2450 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2451
2452 err:
9c45222d 2453 EVP_PKEY_free(pkey);
6ed4022c 2454 EVP_PKEY_CTX_free(pctx);
3f883c7c 2455 OSSL_PARAM_free(params);
6ed4022c 2456 OSSL_PARAM_BLD_free(bld);
9c45222d
MC		 2457 BN_free(p);
2458 BN_free(q);
2459 BN_free(g);
cd32a0f5
RL		 2460 BN_free(pub);
2461 BN_free(priv);
9c45222d
MC		 2462
2463 return ret;
2464}
2c04b341
JS		 2465
2466/*
8a9394c1 2467 * Test combinations of private, public, missing and private + public key
2c04b341
JS		 2468 * params to ensure they are all accepted
2469 */
2470static int test_DSA_priv_pub(void)
2471{
2472 return test_EVP_PKEY_ffc_priv_pub("DSA");
2473}
2474
2475#endif /* !OPENSSL_NO_DSA */
9c45222d 2476
f54a4101
RL		 2477static int test_RSA_get_set_params(void)
2478{
d7e498ac
RL		 2479 OSSL_PARAM_BLD *bld = NULL;
2480 OSSL_PARAM *params = NULL;
f54a4101 2481 BIGNUM *n = NULL, *e = NULL, *d = NULL;
d7e498ac 2482 EVP_PKEY_CTX *pctx = NULL;
f54a4101
RL		 2483 EVP_PKEY *pkey = NULL;
2484 int ret = 0;
2485
2486 /*
2487 * Setup the parameters for our RSA object. For our purposes they don't
2488 * have to actually be *valid* parameters. We just need to set something.
2489 */
d7e498ac
RL		 2490 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2491 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2492 || !TEST_ptr(n = BN_new())
2493 || !TEST_ptr(e = BN_new())
2494 || !TEST_ptr(d = BN_new()))
2495 goto err;
2496 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2497 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2498 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2499 goto err;
2500 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
f54a4101 2501 goto err;
f54a4101 2502
2db985b7
SL		 2503 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2504 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2505 params), 0))
f54a4101
RL		 2506 goto err;
2507
d7e498ac
RL		 2508 if (!TEST_ptr(pkey))
2509 goto err;
f54a4101
RL		 2510
2511 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2512
2513 err:
2514 EVP_PKEY_free(pkey);
d7e498ac 2515 EVP_PKEY_CTX_free(pctx);
3f883c7c 2516 OSSL_PARAM_free(params);
d7e498ac 2517 OSSL_PARAM_BLD_free(bld);
f54a4101
RL		 2518 BN_free(n);
2519 BN_free(e);
2520 BN_free(d);
2521
2522 return ret;
2523}
2524
b4be6937
MC		 2525#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2526static int test_decrypt_null_chunks(void)
2527{
2528 EVP_CIPHER_CTX* ctx = NULL;
062490db 2529 EVP_CIPHER *cipher = NULL;
b4be6937
MC		 2530 const unsigned char key[32] = {
2531 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2532 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2533 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2534 };
2535 unsigned char iv[12] = {
2536 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2537 };
2538 unsigned char msg[] = "It was the best of times, it was the worst of times";
2539 unsigned char ciphertext[80];
2540 unsigned char plaintext[80];
2541 /* We initialise tmp to a non zero value on purpose */
2542 int ctlen, ptlen, tmp = 99;
2543 int ret = 0;
2544 const int enc_offset = 10, dec_offset = 20;
2545
062490db
JS		 2546 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2547 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2548 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
b4be6937
MC		 2549 key, iv))
2550 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2551 enc_offset))
2552 /* Deliberate add a zero length update */
2553 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2554 0))
2555 || !TEST_int_eq(tmp, 0)
2556 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2557 msg + enc_offset,
2558 sizeof(msg) - enc_offset))
2559 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2560 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2561 || !TEST_int_eq(tmp, 0))
2562 goto err;
2563
2564 /* Deliberately initialise tmp to a non zero value */
2565 tmp = 99;
062490db 2566 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
b4be6937
MC		 2567 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2568 dec_offset))
2569 /*
2570 * Deliberately add a zero length update. We also deliberately do
2571 * this at a different offset than for encryption.
2572 */
2573 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2574 0))
2575 || !TEST_int_eq(tmp, 0)
2576 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2577 ciphertext + dec_offset,
2578 ctlen - dec_offset))
2579 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2580 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2581 || !TEST_int_eq(tmp, 0)
2582 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2583 goto err;
2584
2585 ret = 1;
2586 err:
2587 EVP_CIPHER_CTX_free(ctx);
062490db 2588 EVP_CIPHER_free(cipher);
b4be6937
MC		 2589 return ret;
2590}
2591#endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2592
2c04b341
JS		 2593#ifndef OPENSSL_NO_DH
2594/*
8a9394c1 2595 * Test combinations of private, public, missing and private + public key
2c04b341
JS		 2596 * params to ensure they are all accepted
2597 */
2598static int test_DH_priv_pub(void)
2599{
2600 return test_EVP_PKEY_ffc_priv_pub("DH");
2601}
2602
2603# ifndef OPENSSL_NO_DEPRECATED_3_0
e295de1d
MC		 2604static int test_EVP_PKEY_set1_DH(void)
2605{
ca2bf555
SL		 2606 DH *x942dh = NULL, *noqdh = NULL;
2607 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
e295de1d 2608 int ret = 0;
ca2bf555 2609 BIGNUM *p, *g = NULL;
0ec73843
TM		 2610 BIGNUM *pubkey = NULL;
2611 unsigned char pub[2048 / 8];
2612 size_t len = 0;
ca2bf555
SL		 2613
2614 if (!TEST_ptr(p = BN_new())
2615 || !TEST_ptr(g = BN_new())
0ec73843
TM		 2616 || !TEST_ptr(pubkey = BN_new())
2617 || !TEST_true(BN_set_word(p, 9999))
2618 || !TEST_true(BN_set_word(g, 2))
2619 || !TEST_true(BN_set_word(pubkey, 4321))
ca2bf555 2620 || !TEST_ptr(noqdh = DH_new())
0ec73843
TM		 2621 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
2622 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
2623 || !TEST_ptr(pubkey = BN_new())
2624 || !TEST_true(BN_set_word(pubkey, 4321)))
ca2bf555
SL		 2625 goto err;
2626 p = g = NULL;
e295de1d
MC		 2627
2628 x942dh = DH_get_2048_256();
e295de1d
MC		 2629 pkey1 = EVP_PKEY_new();
2630 pkey2 = EVP_PKEY_new();
2631 if (!TEST_ptr(x942dh)
ca2bf555 2632 || !TEST_ptr(noqdh)
e295de1d 2633 || !TEST_ptr(pkey1)
0ec73843
TM		 2634 || !TEST_ptr(pkey2)
2635 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
e295de1d 2636 goto err;
0ec73843 2637 pubkey = NULL;
e295de1d 2638
0ec73843 2639 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
ed576acd 2640 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
e295de1d
MC		 2641 goto err;
2642
0ec73843
TM		 2643 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
2644 &pubkey))
2645 || !TEST_ptr(pubkey))
2646 goto err;
2647
2648 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
ed576acd 2649 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
e295de1d
MC		 2650 goto err;
2651
0ec73843
TM		 2652 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
2653 OSSL_PKEY_PARAM_PUB_KEY,
2654 pub, sizeof(pub), &len))
2655 || !TEST_size_t_ne(len, 0))
2656 goto err;
2657
e295de1d
MC		 2658 ret = 1;
2659 err:
ca2bf555
SL		 2660 BN_free(p);
2661 BN_free(g);
0ec73843 2662 BN_free(pubkey);
e295de1d
MC		 2663 EVP_PKEY_free(pkey1);
2664 EVP_PKEY_free(pkey2);
2665 DH_free(x942dh);
ca2bf555 2666 DH_free(noqdh);
e295de1d
MC		 2667
2668 return ret;
2669}
2c04b341
JS		 2670# endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2671#endif /* !OPENSSL_NO_DH */
e295de1d 2672
8a5cb596
RL		 2673/*
2674 * We test what happens with an empty template. For the sake of this test,
2675 * the template must be ignored, and we know that's the case for RSA keys
2676 * (this might arguably be a misfeature, but that's what we currently do,
2677 * even in provider code, since that's how the legacy RSA implementation
2678 * does things)
2679 */
2680static int test_keygen_with_empty_template(int n)
2681{
2682 EVP_PKEY_CTX *ctx = NULL;
2683 EVP_PKEY *pkey = NULL;
2684 EVP_PKEY *tkey = NULL;
2685 int ret = 0;
2686
062490db
JS		 2687 if (nullprov != NULL)
2688 return TEST_skip("Test does not support a non-default library context");
2689
8a5cb596
RL		 2690 switch (n) {
2691 case 0:
2692 /* We do test with no template at all as well */
2693 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2694 goto err;
2695 break;
2696 case 1:
2697 /* Here we create an empty RSA key that serves as our template */
2698 if (!TEST_ptr(tkey = EVP_PKEY_new())
2699 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2700 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2701 goto err;
2702 break;
2703 }
2704
2705 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2706 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2707 goto err;
2708
2709 ret = 1;
2710 err:
2711 EVP_PKEY_CTX_free(ctx);
2712 EVP_PKEY_free(pkey);
2713 EVP_PKEY_free(tkey);
2714 return ret;
2715}
2716
5ddec6a7
MC		 2717/*
2718 * Test that we fail if we attempt to use an algorithm that is not available
08497fc6
RL		 2719 * in the current library context (unless we are using an algorithm that
2720 * should be made available via legacy codepaths).
2721 *
2722 * 0: RSA
2723 * 1: SM2
5ddec6a7
MC		 2724 */
2725static int test_pkey_ctx_fail_without_provider(int tst)
2726{
b4250010 2727 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
062490db 2728 OSSL_PROVIDER *tmpnullprov = NULL;
5ddec6a7 2729 EVP_PKEY_CTX *pctx = NULL;
08497fc6
RL		 2730 const char *keytype = NULL;
2731 int expect_null = 0;
5ddec6a7
MC		 2732 int ret = 0;
2733
2734 if (!TEST_ptr(tmpctx))
2735 goto err;
2736
062490db
JS		 2737 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
2738 if (!TEST_ptr(tmpnullprov))
5ddec6a7
MC		 2739 goto err;
2740
5ddec6a7 2741 /*
08497fc6
RL		 2742 * We check for certain algos in the null provider.
2743 * If an algo is expected to have a provider keymgmt, contructing an
2744 * EVP_PKEY_CTX is expected to fail (return NULL).
2745 * Otherwise, if it's expected to have legacy support, contructing an
2746 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
5ddec6a7 2747 */
08497fc6
RL		 2748 switch (tst) {
2749 case 0:
2750 keytype = "RSA";
2751 expect_null = 1;
2752 break;
2753 case 1:
2754 keytype = "SM2";
d0b79f86 2755 expect_null = 1;
08497fc6
RL		 2756#ifdef OPENSSL_NO_EC
2757 TEST_info("EC disable, skipping SM2 check...");
2758 goto end;
2759#endif
2760#ifdef OPENSSL_NO_SM2
2761 TEST_info("SM2 disable, skipping SM2 check...");
2762 goto end;
2763#endif
2764 break;
2765 default:
2766 TEST_error("No test for case %d", tst);
2767 goto err;
2768 }
2769
2770 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2771 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
5ddec6a7
MC		 2772 goto err;
2773
08497fc6
RL		 2774#if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2775 end:
2776#endif
5ddec6a7
MC		 2777 ret = 1;
2778
2779 err:
2780 EVP_PKEY_CTX_free(pctx);
062490db 2781 OSSL_PROVIDER_unload(tmpnullprov);
b4250010 2782 OSSL_LIB_CTX_free(tmpctx);
5ddec6a7
MC		 2783 return ret;
2784}
2785
1c19ff3c
P		 2786static int test_rand_agglomeration(void)
2787{
2788 EVP_RAND *rand;
2789 EVP_RAND_CTX *ctx;
2790 OSSL_PARAM params[3], *p = params;
2791 int res;
2792 unsigned int step = 7;
2793 static unsigned char seed[] = "It does not matter how slowly you go "
2794 "as long as you do not stop.";
2795 unsigned char out[sizeof(seed)];
2796
2797 if (!TEST_int_ne(sizeof(seed) % step, 0)
062490db 2798 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
1c19ff3c
P		 2799 return 0;
2800 ctx = EVP_RAND_CTX_new(rand, NULL);
2801 EVP_RAND_free(rand);
2802 if (!TEST_ptr(ctx))
2803 return 0;
2804
2805 memset(out, 0, sizeof(out));
2806 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2807 seed, sizeof(seed));
0d4460d2 2808 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
1c19ff3c 2809 *p = OSSL_PARAM_construct_end();
e494fac7 2810 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
1c19ff3c
P		 2811 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
2812 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
2813 EVP_RAND_CTX_free(ctx);
2814 return res;
2815}
2816
440b852a
BK		 2817/*
2818 * Test that we correctly return the original or "running" IV after
2819 * an encryption operation.
2820 * Run multiple times for some different relevant algorithms/modes.
2821 */
a4afa6c1 2822static int test_evp_iv_aes(int idx)
440b852a
BK		 2823{
2824 int ret = 0;
2825 EVP_CIPHER_CTX *ctx = NULL;
2826 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2827 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2828 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
2829 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2830 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2831 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2832 9, 10, 11, 12, 13, 14, 15, 16 };
2833 unsigned char ciphertext[32], oiv[16], iv[16];
2834 unsigned char *ref_iv;
2835 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2836 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2837
2838 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2839 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
4ec4b063
TM		 2840 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
2841 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
440b852a
BK		 2842 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2843 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2844 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2845#ifndef OPENSSL_NO_OCB
2846 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2847 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2848#endif
2849 int len = sizeof(ciphertext);
2850 size_t ivlen, ref_len;
2851 const EVP_CIPHER *type = NULL;
4ec4b063 2852 int iv_reset = 0;
440b852a 2853
4ec4b063 2854 if (nullprov != NULL && idx < 6)
062490db
JS		 2855 return TEST_skip("Test does not support a non-default library context");
2856
440b852a
BK		 2857 switch(idx) {
2858 case 0:
2859 type = EVP_aes_128_cbc();
2860 /* FALLTHROUGH */
4ec4b063 2861 case 6:
440b852a 2862 type = (type != NULL) ? type :
062490db 2863 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
440b852a
BK		 2864 ref_iv = cbc_state;
2865 ref_len = sizeof(cbc_state);
4ec4b063 2866 iv_reset = 1;
440b852a
BK		 2867 break;
2868 case 1:
2869 type = EVP_aes_128_ofb();
2870 /* FALLTHROUGH */
4ec4b063 2871 case 7:
440b852a 2872 type = (type != NULL) ? type :
062490db 2873 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
440b852a
BK		 2874 ref_iv = ofb_state;
2875 ref_len = sizeof(ofb_state);
4ec4b063 2876 iv_reset = 1;
440b852a
BK		 2877 break;
2878 case 2:
4ec4b063
TM		 2879 type = EVP_aes_128_cfb();
2880 /* FALLTHROUGH */
2881 case 8:
2882 type = (type != NULL) ? type :
2883 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
2884 ref_iv = cfb_state;
2885 ref_len = sizeof(cfb_state);
2886 iv_reset = 1;
2887 break;
2888 case 3:
440b852a
BK		 2889 type = EVP_aes_128_gcm();
2890 /* FALLTHROUGH */
4ec4b063 2891 case 9:
440b852a 2892 type = (type != NULL) ? type :
062490db 2893 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
440b852a
BK		 2894 ref_iv = gcm_state;
2895 ref_len = sizeof(gcm_state);
2896 break;
4ec4b063 2897 case 4:
440b852a
BK		 2898 type = EVP_aes_128_ccm();
2899 /* FALLTHROUGH */
4ec4b063 2900 case 10:
440b852a 2901 type = (type != NULL) ? type :
062490db 2902 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
440b852a
BK		 2903 ref_iv = ccm_state;
2904 ref_len = sizeof(ccm_state);
2905 break;
2906#ifdef OPENSSL_NO_OCB
4ec4b063
TM		 2907 case 5:
2908 case 11:
440b852a
BK		 2909 return 1;
2910#else
4ec4b063 2911 case 5:
440b852a
BK		 2912 type = EVP_aes_128_ocb();
2913 /* FALLTHROUGH */
4ec4b063 2914 case 11:
440b852a 2915 type = (type != NULL) ? type :
062490db 2916 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
440b852a
BK		 2917 ref_iv = ocb_state;
2918 ref_len = sizeof(ocb_state);
2919 break;
2920#endif
2921 default:
2922 return 0;
2923 }
2924
2925 if (!TEST_ptr(type)
2926 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2927 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2928 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2929 (int)sizeof(msg)))
0d83b7b9
TM		 2930 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2931 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
440b852a
BK		 2932 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2933 goto err;
ed576acd 2934 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
440b852a
BK		 2935 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2936 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2937 goto err;
2938
4ec4b063
TM		 2939 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
2940 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
2941 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
2942 goto err;
2943 if (iv_reset) {
2944 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
2945 goto err;
2946 } else {
2947 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
2948 goto err;
2949 }
2950
440b852a
BK		 2951 ret = 1;
2952err:
2953 EVP_CIPHER_CTX_free(ctx);
4ec4b063 2954 if (idx >= 6)
440b852a
BK		 2955 EVP_CIPHER_free((EVP_CIPHER *)type);
2956 return ret;
2957}
2958
a4afa6c1
TM		 2959#ifndef OPENSSL_NO_DES
2960static int test_evp_iv_des(int idx)
2961{
2962 int ret = 0;
2963 EVP_CIPHER_CTX *ctx = NULL;
2964 static const unsigned char key[24] = {
2965 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
2966 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
2967 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2968 };
2969 static const unsigned char init_iv[8] = {
2970 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2971 };
2972 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2973 9, 10, 11, 12, 13, 14, 15, 16 };
2974 unsigned char ciphertext[32], oiv[8], iv[8];
2975 unsigned const char *ref_iv;
2976 static const unsigned char cbc_state_des[8] = {
2977 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
2978 };
2979 static const unsigned char cbc_state_3des[8] = {
2980 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
2981 };
2982 static const unsigned char ofb_state_des[8] = {
2983 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
2984 };
2985 static const unsigned char ofb_state_3des[8] = {
2986 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
2987 };
2988 static const unsigned char cfb_state_des[8] = {
2989 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
2990 };
2991 static const unsigned char cfb_state_3des[8] = {
2992 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
2993 };
2994 int len = sizeof(ciphertext);
2995 size_t ivlen, ref_len;
2996 EVP_CIPHER *type = NULL;
2997
2998 if (lgcyprov == NULL && idx < 3)
2999 return TEST_skip("Test requires legacy provider to be loaded");
3000
3001 switch(idx) {
3002 case 0:
3003 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
3004 ref_iv = cbc_state_des;
3005 ref_len = sizeof(cbc_state_des);
3006 break;
3007 case 1:
3008 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
3009 ref_iv = ofb_state_des;
3010 ref_len = sizeof(ofb_state_des);
3011 break;
3012 case 2:
3013 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
3014 ref_iv = cfb_state_des;
3015 ref_len = sizeof(cfb_state_des);
3016 break;
3017 case 3:
3018 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
3019 ref_iv = cbc_state_3des;
3020 ref_len = sizeof(cbc_state_3des);
3021 break;
3022 case 4:
3023 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
3024 ref_iv = ofb_state_3des;
3025 ref_len = sizeof(ofb_state_3des);
3026 break;
3027 case 5:
3028 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
3029 ref_iv = cfb_state_3des;
3030 ref_len = sizeof(cfb_state_3des);
3031 break;
3032 default:
3033 return 0;
3034 }
3035
3036 if (!TEST_ptr(type)
3037 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3038 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3039 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3040 (int)sizeof(msg)))
3041 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3042 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3043 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3044 goto err;
ed576acd 3045 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
a4afa6c1
TM		 3046 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3047 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3048 goto err;
3049
3050 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3051 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3052 goto err;
3053 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3054 goto err;
3055
3056 ret = 1;
3057err:
3058 EVP_CIPHER_CTX_free(ctx);
3059 EVP_CIPHER_free(type);
3060 return ret;
3061}
3062#endif
3063
c0ff1932 3064#ifndef OPENSSL_NO_EC
da671c41
P		 3065static int ecpub_nids[] = {
3066 NID_brainpoolP256r1, NID_X9_62_prime256v1,
3067 NID_secp384r1, NID_secp521r1,
3068# ifndef OPENSSL_NO_EC2M
3069 NID_sect233k1, NID_sect233r1, NID_sect283r1,
c0ff1932 3070 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
da671c41
P		 3071# endif
3072 NID_brainpoolP384r1, NID_brainpoolP512r1
3073};
c0ff1932
BK		 3074
3075static int test_ecpub(int idx)
3076{
ad7cb0bf 3077 int ret = 0, len, savelen;
c0ff1932
BK		 3078 int nid;
3079 unsigned char buf[1024];
3080 unsigned char *p;
3081 EVP_PKEY *pkey = NULL;
3082 EVP_PKEY_CTX *ctx = NULL;
3d364726
BK		 3083# ifndef OPENSSL_NO_DEPRECATED_3_0
3084 const unsigned char *q;
3085 EVP_PKEY *pkey2 = NULL;
3086 EC_KEY *ec = NULL;
3087# endif
c0ff1932 3088
062490db
JS		 3089 if (nullprov != NULL)
3090 return TEST_skip("Test does not support a non-default library context");
3091
c0ff1932
BK		 3092 nid = ecpub_nids[idx];
3093
3094 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
3095 if (!TEST_ptr(ctx)
3096 || !TEST_true(EVP_PKEY_keygen_init(ctx))
3097 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid))
3098 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
3099 goto done;
3100 len = i2d_PublicKey(pkey, NULL);
ad7cb0bf 3101 savelen = len;
c0ff1932
BK		 3102 if (!TEST_int_ge(len, 1)
3103 || !TEST_int_lt(len, 1024))
3104 goto done;
3105 p = buf;
3106 len = i2d_PublicKey(pkey, &p);
ad7cb0bf
BK		 3107 if (!TEST_int_ge(len, 1)
3108 || !TEST_int_eq(len, savelen))
c0ff1932
BK		 3109 goto done;
3110
3d364726
BK		 3111# ifndef OPENSSL_NO_DEPRECATED_3_0
3112 /* Now try to decode the just-created DER. */
3113 q = buf;
3114 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
3115 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
3116 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
3117 goto done;
3118 /* EC_KEY ownership transferred */
3119 ec = NULL;
3120 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
3121 goto done;
3122 /* The keys should match. */
c85c5e1a 3123 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
3d364726
BK		 3124 goto done;
3125# endif
3126
c0ff1932
BK		 3127 ret = 1;
3128
3129 done:
3130 EVP_PKEY_CTX_free(ctx);
3131 EVP_PKEY_free(pkey);
3d364726
BK		 3132# ifndef OPENSSL_NO_DEPRECATED_3_0
3133 EVP_PKEY_free(pkey2);
3134 EC_KEY_free(ec);
3135# endif
c0ff1932
BK		 3136 return ret;
3137}
3138#endif
3139
e947a064
DB		 3140static int test_EVP_rsa_pss_with_keygen_bits(void)
3141{
062490db
JS		 3142 int ret = 0;
3143 EVP_PKEY_CTX *ctx = NULL;
3144 EVP_PKEY *pkey = NULL;
3145 EVP_MD *md;
e947a064 3146
062490db
JS		 3147 md = EVP_MD_fetch(testctx, "sha256", testpropq);
3148 ret = TEST_ptr(md)
3149 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", testpropq)))
e947a064
DB		 3150 && TEST_true(EVP_PKEY_keygen_init(ctx))
3151 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
3152 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
3153 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
3154
062490db 3155 EVP_MD_free(md);
e947a064
DB		 3156 EVP_PKEY_free(pkey);
3157 EVP_PKEY_CTX_free(ctx);
e947a064
DB		 3158 return ret;
3159}
3160
5eb73cfb
MC		 3161static int success = 1;
3162static void md_names(const char *name, void *vctx)
3163{
3164 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
3165 /* Force a namemap update */
3166 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
3167
3168 if (!TEST_ptr(aes128))
3169 success = 0;
3170
3171 EVP_CIPHER_free(aes128);
3172}
3173
3174/*
3175 * Test that changing the namemap in a user callback works in a names_do_all
3176 * function.
3177 */
3178static int test_names_do_all(void)
3179{
3180 /* We use a custom libctx so that we know the state of the namemap */
3181 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
3182 EVP_MD *sha256 = NULL;
3183 int testresult = 0;
3184
3185 if (!TEST_ptr(ctx))
3186 goto err;
3187
3188 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
3189 if (!TEST_ptr(sha256))
3190 goto err;
3191
3192 /*
3193 * We loop through all the names for a given digest. This should still work
3194 * even if the namemap changes part way through.
3195 */
3196 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
3197 goto err;
3198
3199 if (!TEST_true(success))
3200 goto err;
3201
3202 testresult = 1;
3203 err:
3204 EVP_MD_free(sha256);
3205 OSSL_LIB_CTX_free(ctx);
3206 return testresult;
3207}
e947a064 3208
063e0197
JC		 3209typedef struct {
3210 const char *cipher;
3211 const unsigned char *key;
3212 const unsigned char *iv;
3213 const unsigned char *input;
3214 const unsigned char *expected;
3215 const unsigned char *tag;
3216 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3217 size_t inlen;
3218 size_t expectedlen;
3219 size_t taglen;
3220 int keyfirst;
3221 int initenc;
3222 int finalenc;
3223} EVP_INIT_TEST_st;
3224
3225static const EVP_INIT_TEST_st evp_init_tests[] = {
3226 {
3227 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3228 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3229 0, 1, 0, 1
3230 },
3231 {
3232 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3233 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3234 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3235 sizeof(gcmDefaultTag), 1, 0, 1
3236 },
3237 {
3238 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3239 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3240 0, 0, 0, 1
3241 },
3242 {
3243 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3244 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3245 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3246 sizeof(gcmDefaultTag), 0, 0, 1
3247 },
3248 {
3249 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3250 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3251 0, 1, 1, 0
3252 },
3253 {
3254 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3255 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3256 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3257 sizeof(gcmDefaultTag), 1, 1, 0
3258 },
3259 {
3260 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3261 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3262 0, 0, 1, 0
3263 },
3264 {
3265 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3266 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3267 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3268 sizeof(gcmDefaultTag), 0, 1, 0
3269 }
3270};
3271
3272static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
3273{
3274 int res = 0;
3275
3276 if (t->ivlen != 0) {
3277 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL)))
3278 goto err;
3279 }
3280 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
3281 goto err;
3282 res = 1;
3283 err:
3284 return res;
3285}
3286
3287/*
3288 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3289 * arguments are given one at a time and a final adjustment to the enc
3290 * parameter sets the correct operation.
3291 */
3292static int test_evp_init_seq(int idx)
3293{
3294 int outlen1, outlen2;
3295 int testresult = 0;
3296 unsigned char outbuf[1024];
3297 unsigned char tag[16];
3298 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
3299 EVP_CIPHER_CTX *ctx = NULL;
3300 EVP_CIPHER *type = NULL;
3301 size_t taglen = sizeof(tag);
3302 char *errmsg = NULL;
3303
3304 ctx = EVP_CIPHER_CTX_new();
3305 if (ctx == NULL) {
3306 errmsg = "CTX_ALLOC";
3307 goto err;
3308 }
3309 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
3310 errmsg = "CIPHER_FETCH";
3311 goto err;
3312 }
3313 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
3314 errmsg = "EMPTY_ENC_INIT";
3315 goto err;
3316 }
3317 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3318 errmsg = "PADDING";
3319 goto err;
3320 }
3321 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3322 errmsg = "KEY_INIT (before iv)";
3323 goto err;
3324 }
3325 if (!evp_init_seq_set_iv(ctx, t)) {
3326 errmsg = "IV_INIT";
3327 goto err;
3328 }
3329 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3330 errmsg = "KEY_INIT (after iv)";
3331 goto err;
3332 }
3333 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
3334 errmsg = "FINAL_ENC_INIT";
3335 goto err;
3336 }
3337 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3338 errmsg = "CIPHER_UPDATE";
3339 goto err;
3340 }
3341 if (t->finalenc == 0 && t->tag != NULL) {
3342 /* Set expected tag */
3343 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
3344 t->taglen, (void *)t->tag))) {
3345 errmsg = "SET_TAG";
3346 goto err;
3347 }
3348 }
3349 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3350 errmsg = "CIPHER_FINAL";
3351 goto err;
3352 }
3353 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3354 errmsg = "WRONG_RESULT";
3355 goto err;
3356 }
3357 if (t->finalenc != 0 && t->tag != NULL) {
3358 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3359 errmsg = "GET_TAG";
3360 goto err;
3361 }
3362 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
3363 errmsg = "TAG_ERROR";
3364 goto err;
3365 }
3366 }
3367 testresult = 1;
3368 err:
3369 if (errmsg != NULL)
3370 TEST_info("evp_init_test %d: %s", idx, errmsg);
3371 EVP_CIPHER_CTX_free(ctx);
3372 EVP_CIPHER_free(type);
3373 return testresult;
3374}
3375
3376typedef struct {
3377 const unsigned char *input;
3378 const unsigned char *expected;
3379 size_t inlen;
3380 size_t expectedlen;
3381 int enc;
3382} EVP_RESET_TEST_st;
3383
3384static const EVP_RESET_TEST_st evp_reset_tests[] = {
3385 {
3386 cfbPlaintext, cfbCiphertext,
3387 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
3388 },
3389 {
3390 cfbCiphertext, cfbPlaintext,
3391 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
3392 }
3393};
3394
3395/*
3396 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3397 * been used.
3398 */
3399static int test_evp_reset(int idx)
3400{
3401 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
3402 int outlen1, outlen2;
3403 int testresult = 0;
3404 unsigned char outbuf[1024];
3405 EVP_CIPHER_CTX *ctx = NULL;
3406 EVP_CIPHER *type = NULL;
3407 char *errmsg = NULL;
3408
3409 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3410 errmsg = "CTX_ALLOC";
3411 goto err;
3412 }
3413 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
3414 errmsg = "CIPHER_FETCH";
3415 goto err;
3416 }
3417 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3418 errmsg = "CIPHER_INIT";
3419 goto err;
3420 }
3421 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3422 errmsg = "PADDING";
3423 goto err;
3424 }
3425 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3426 errmsg = "CIPHER_UPDATE";
3427 goto err;
3428 }
3429 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3430 errmsg = "CIPHER_FINAL";
3431 goto err;
3432 }
3433 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3434 errmsg = "WRONG_RESULT";
3435 goto err;
3436 }
3437 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
3438 errmsg = "CIPHER_REINIT";
3439 goto err;
3440 }
3441 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3442 errmsg = "CIPHER_UPDATE (reinit)";
3443 goto err;
3444 }
3445 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3446 errmsg = "CIPHER_FINAL (reinit)";
3447 goto err;
3448 }
3449 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3450 errmsg = "WRONG_RESULT (reinit)";
3451 goto err;
3452 }
3453 testresult = 1;
3454 err:
3455 if (errmsg != NULL)
3456 TEST_info("test_evp_reset %d: %s", idx, errmsg);
3457 EVP_CIPHER_CTX_free(ctx);
3458 EVP_CIPHER_free(type);
3459 return testresult;
3460}
3461
f17e5277
IF		 3462typedef struct {
3463 const char *cipher;
3464 int enc;
3465} EVP_UPDATED_IV_TEST_st;
3466
3467static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
3468 {
3469 "aes-128-cfb", 1
3470 },
3471 {
3472 "aes-128-cfb", 0
3473 },
3474 {
3475 "aes-128-cfb1", 1
3476 },
3477 {
3478 "aes-128-cfb1", 0
3479 },
3480 {
3481 "aes-128-cfb8", 1
3482 },
3483 {
3484 "aes-128-cfb8", 0
3485 },
3486 {
3487 "aes-128-ofb", 1
3488 },
3489 {
3490 "aes-128-ofb", 0
3491 },
3492 {
3493 "aes-128-ctr", 1
3494 },
3495 {
3496 "aes-128-ctr", 0
3497 },
3498 {
3499 "aes-128-cbc", 1
3500 },
3501 {
3502 "aes-128-cbc", 0
3503 }
3504};
3505
3506/*
3507 * Test that the IV in the context is updated during a crypto operation for CFB
3508 * and OFB.
3509 */
3510static int test_evp_updated_iv(int idx)
3511{
3512 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
3513 int outlen1, outlen2;
3514 int testresult = 0;
3515 unsigned char outbuf[1024];
3516 EVP_CIPHER_CTX *ctx = NULL;
3517 EVP_CIPHER *type = NULL;
3518 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
3519 int iv_len;
3520 char *errmsg = NULL;
3521
3522 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3523 errmsg = "CTX_ALLOC";
3524 goto err;
3525 }
3526 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
3527 TEST_info("cipher %s not supported, skipping", t->cipher);
3528 goto ok;
3529 }
3530
3531 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3532 errmsg = "CIPHER_INIT";
3533 goto err;
3534 }
3535 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3536 errmsg = "PADDING";
3537 goto err;
3538 }
3539 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
3540 errmsg = "CIPHER_UPDATE";
3541 goto err;
3542 }
3543 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
3544 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
3545 goto err;
3546 }
3547 if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) {
3548 errmsg = "CIPHER_CTX_GET_IV_LEN";
3549 goto err;
3550 }
3551 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
3552 errmsg = "IV_NOT_UPDATED";
3553 goto err;
3554 }
3555 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3556 errmsg = "CIPHER_FINAL";
3557 goto err;
3558 }
3559 ok:
3560 testresult = 1;
3561 err:
3562 if (errmsg != NULL)
3563 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
3564 EVP_CIPHER_CTX_free(ctx);
3565 EVP_CIPHER_free(type);
3566 return testresult;
3567}
3568
063e0197
JC		 3569typedef struct {
3570 const unsigned char *iv1;
3571 const unsigned char *iv2;
3572 const unsigned char *expected1;
3573 const unsigned char *expected2;
3574 const unsigned char *tag1;
3575 const unsigned char *tag2;
3576 size_t ivlen1;
3577 size_t ivlen2;
3578 size_t expectedlen1;
3579 size_t expectedlen2;
3580} TEST_GCM_IV_REINIT_st;
3581
3582static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
3583 {
3584 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
3585 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
3586 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
3587 },
3588 {
3589 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
3590 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
3591 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
3592 }
3593};
3594
3595static int test_gcm_reinit(int idx)
3596{
3597 int outlen1, outlen2, outlen3;
3598 int testresult = 0;
3599 unsigned char outbuf[1024];
3600 unsigned char tag[16];
3601 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
3602 EVP_CIPHER_CTX *ctx = NULL;
3603 EVP_CIPHER *type = NULL;
3604 size_t taglen = sizeof(tag);
3605 char *errmsg = NULL;
3606
3607 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3608 errmsg = "CTX_ALLOC";
3609 goto err;
3610 }
3611 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
3612 errmsg = "CIPHER_FETCH";
3613 goto err;
3614 }
3615 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
3616 errmsg = "ENC_INIT";
3617 goto err;
3618 }
3619 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL))) {
3620 errmsg = "SET_IVLEN1";
3621 goto err;
3622 }
3623 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
3624 errmsg = "SET_IV1";
3625 goto err;
3626 }
3627 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3628 errmsg = "AAD1";
3629 goto err;
3630 }
3631 EVP_CIPHER_CTX_set_padding(ctx, 0);
3632 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3633 sizeof(gcmResetPlaintext)))) {
3634 errmsg = "CIPHER_UPDATE1";
3635 goto err;
3636 }
3637 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3638 errmsg = "CIPHER_FINAL1";
3639 goto err;
3640 }
3641 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
3642 errmsg = "WRONG_RESULT1";
3643 goto err;
3644 }
3645 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3646 errmsg = "GET_TAG1";
3647 goto err;
3648 }
3649 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
3650 errmsg = "TAG_ERROR1";
3651 goto err;
3652 }
3653 /* Now reinit */
3654 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL))) {
3655 errmsg = "SET_IVLEN2";
3656 goto err;
3657 }
3658 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
3659 errmsg = "SET_IV2";
3660 goto err;
3661 }
3662 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3663 errmsg = "AAD2";
3664 goto err;
3665 }
3666 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3667 sizeof(gcmResetPlaintext)))) {
3668 errmsg = "CIPHER_UPDATE2";
3669 goto err;
3670 }
3671 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3672 errmsg = "CIPHER_FINAL2";
3673 goto err;
3674 }
3675 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
3676 errmsg = "WRONG_RESULT2";
3677 goto err;
3678 }
3679 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3680 errmsg = "GET_TAG2";
3681 goto err;
3682 }
3683 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
3684 errmsg = "TAG_ERROR2";
3685 goto err;
3686 }
3687 testresult = 1;
3688 err:
3689 if (errmsg != NULL)
3690 TEST_info("evp_init_test %d: %s", idx, errmsg);
3691 EVP_CIPHER_CTX_free(ctx);
3692 EVP_CIPHER_free(type);
3693 return testresult;
3694}
3695
a983764e
MC		 3696#ifndef OPENSSL_NO_DEPRECATED_3_0
3697static EVP_PKEY_METHOD *custom_pmeth = NULL;
3698static const EVP_PKEY_METHOD *orig_pmeth = NULL;
3699
3700# define EVP_PKEY_CTRL_MY_COMMAND 9999
3701
3702static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
3703{
3704 int (*pinit)(EVP_PKEY_CTX *ctx);
3705
3706 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
3707 return pinit(ctx);
3708}
3709
3710static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
3711{
3712 void (*pcleanup)(EVP_PKEY_CTX *ctx);
3713
3714 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
3715 pcleanup(ctx);
3716}
3717
3718static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
3719 size_t *outlen, const unsigned char *in,
3720 size_t inlen)
3721{
3722 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
3723 const unsigned char *tbs, size_t tbslen);
3724
3725 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
3726 return psign(ctx, out, outlen, in, inlen);
3727}
3728
3729static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
3730 size_t *siglen, const unsigned char *tbs,
3731 size_t tbslen)
3732{
3733 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
3734 const unsigned char *tbs, size_t tbslen);
3735
c6fcd88f 3736 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
a983764e
MC		 3737 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
3738}
3739
3740static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
3741 size_t *keylen)
3742{
3743 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
3744
3745 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
3746 return pderive(ctx, key, keylen);
3747}
3748
3749static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
3750{
3751 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
3752
3753 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
3754 return pcopy(dst, src);
3755}
3756
3757static int ctrl_called;
3758
3759static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
3760{
3761 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
3762
3763 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
3764
3765 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
3766 ctrl_called = 1;
3767 return 1;
3768 }
3769
3770 return pctrl(ctx, type, p1, p2);
3771}
3772
3773static int test_custom_pmeth(int idx)
3774{
3775 EVP_PKEY_CTX *pctx = NULL;
3776 EVP_MD_CTX *ctx = NULL;
3777 EVP_PKEY *pkey = NULL;
3778 int id, orig_id, orig_flags;
3779 int testresult = 0;
3780 size_t reslen;
3781 unsigned char *res = NULL;
3782 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
3783 const EVP_MD *md = EVP_sha256();
3784 int doderive = 0;
3785
3786 ctrl_called = 0;
3787
3788 /* We call deprecated APIs so this test doesn't support a custom libctx */
3789 if (testctx != NULL)
3790 return 1;
3791
3792 switch(idx) {
3793 case 0:
3794 case 6:
3795 id = EVP_PKEY_RSA;
3796 pkey = load_example_rsa_key();
3797 break;
3798 case 1:
3799 case 7:
3800# ifndef OPENSSL_NO_DSA
3801 id = EVP_PKEY_DSA;
3802 pkey = load_example_dsa_key();
3803 break;
3804# else
3805 return 1;
3806# endif
3807 case 2:
3808 case 8:
3809# ifndef OPENSSL_NO_EC
3810 id = EVP_PKEY_EC;
3811 pkey = load_example_ec_key();
3812 break;
3813# else
3814 return 1;
3815# endif
3816 case 3:
3817 case 9:
3818# ifndef OPENSSL_NO_EC
3819 id = EVP_PKEY_ED25519;
3820 md = NULL;
3821 pkey = load_example_ed25519_key();
3822 break;
3823# else
3824 return 1;
3825# endif
3826 case 4:
3827 case 10:
3828# ifndef OPENSSL_NO_DH
3829 id = EVP_PKEY_DH;
3830 doderive = 1;
3831 pkey = load_example_dh_key();
3832 break;
3833# else
3834 return 1;
3835# endif
3836 case 5:
3837 case 11:
3838# ifndef OPENSSL_NO_EC
3839 id = EVP_PKEY_X25519;
3840 doderive = 1;
3841 pkey = load_example_x25519_key();
3842 break;
3843# else
3844 return 1;
3845# endif
3846 default:
3847 TEST_error("Should not happen");
3848 goto err;
3849 }
3850
3851 if (!TEST_ptr(pkey))
3852 goto err;
3853
3854 if (idx < 6) {
3855 if (!TEST_true(evp_pkey_is_provided(pkey)))
3856 goto err;
3857 } else {
3858 EVP_PKEY *tmp = pkey;
3859
3860 /* Convert to a legacy key */
3861 pkey = EVP_PKEY_new();
3862 if (!TEST_ptr(pkey)) {
3863 pkey = tmp;
3864 goto err;
3865 }
3866 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
3867 EVP_PKEY_free(tmp);
3868 goto err;
3869 }
3870 EVP_PKEY_free(tmp);
3871 if (!TEST_true(evp_pkey_is_legacy(pkey)))
3872 goto err;
3873 }
3874
3875 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
3876 || !TEST_ptr(pkey))
3877 goto err;
3878
3879 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
3880 if (!TEST_int_eq(orig_id, id)
3881 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
3882 goto err;
3883
3884 if (id == EVP_PKEY_ED25519) {
3885 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
3886 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
3887 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
3888 } else {
3889 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
3890 }
3891 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
3892 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
3893 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
3894 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
3895 }
3896 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
3897 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
3898 goto err;
3899
3900 if (doderive) {
3901 pctx = EVP_PKEY_CTX_new(pkey, NULL);
3902 if (!TEST_ptr(pctx)
3903 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
3904 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
3905 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
3906 1)
3907 || !TEST_int_eq(ctrl_called, 1)
3908 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
3909 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
3910 || !TEST_ptr(res = OPENSSL_malloc(reslen))
3911 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
3912 goto err;
3913 } else {
3914 ctx = EVP_MD_CTX_new();
3915 reslen = EVP_PKEY_size(pkey);
3916 res = OPENSSL_malloc(reslen);
3917 if (!TEST_ptr(ctx)
3918 || !TEST_ptr(res)
3919 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
3920 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
3921 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
3922 1)
3923 || !TEST_int_eq(ctrl_called, 1))
3924 goto err;
3925
3926 if (id == EVP_PKEY_ED25519) {
3927 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
3928 goto err;
3929 } else {
3930 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
3931 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
3932 goto err;
3933 }
3934 }
3935
3936 testresult = 1;
3937 err:
3938 OPENSSL_free(res);
3939 EVP_MD_CTX_free(ctx);
3940 if (doderive)
3941 EVP_PKEY_CTX_free(pctx);
3942 EVP_PKEY_free(pkey);
3943 EVP_PKEY_meth_remove(custom_pmeth);
3944 EVP_PKEY_meth_free(custom_pmeth);
3945 custom_pmeth = NULL;
3946 return testresult;
3947}
03c2f21b
MC		 3948
3949static int test_evp_md_cipher_meth(void)
3950{
3951 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
3952 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
3953 int testresult = 0;
3954
3955 if (!TEST_ptr(md) || !TEST_ptr(ciph))
3956 goto err;
3957
3958 testresult = 1;
3959
3960 err:
3961 EVP_MD_meth_free(md);
3962 EVP_CIPHER_meth_free(ciph);
3963
3964 return testresult;
3965}
0299094c
MC		 3966
3967# ifndef OPENSSL_NO_DYNAMIC_ENGINE
3968/* Test we can create a signature keys with an associated ENGINE */
3969static int test_signatures_with_engine(int tst)
3970{
3971 ENGINE *e;
3972 const char *engine_id = "dasync";
3973 EVP_PKEY *pkey = NULL;
3974 const unsigned char badcmackey[] = { 0x00, 0x01 };
3975 const unsigned char cmackey[] = {
3976 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
3977 0x0c, 0x0d, 0x0e, 0x0f
3978 };
3979 const unsigned char ed25519key[] = {
3980 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
3981 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
3982 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
3983 };
3984 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
3985 int testresult = 0;
3986 EVP_MD_CTX *ctx = NULL;
3987 unsigned char *mac = NULL;
3988 size_t maclen = 0;
3989 int ret;
3990
3991 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
3992 return 0;
3993
3994 if (!TEST_true(ENGINE_init(e))) {
3995 ENGINE_free(e);
3996 return 0;
3997 }
3998
3999 switch (tst) {
4000 case 0:
4001 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
4002 EVP_aes_128_cbc());
4003 break;
4004 case 1:
4005 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
4006 EVP_aes_128_cbc());
4007 break;
4008 case 2:
4009 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
4010 sizeof(ed25519key));
4011 break;
4012 default:
4013 TEST_error("Invalid test case");
4014 goto err;
4015 }
4016 if (!TEST_ptr(pkey))
4017 goto err;
4018
4019 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
4020 goto err;
4021
4022 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
4023 pkey);
4024 if (tst == 0) {
4025 if (!TEST_true(ret))
4026 goto err;
4027
4028 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
4029 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
4030 goto err;
4031
4032 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
4033 goto err;
4034
4035 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
4036 goto err;
4037 } else {
4038 /* We used a bad key. We expect a failure here */
4039 if (!TEST_false(ret))
4040 goto err;
4041 }
4042
4043 testresult = 1;
4044 err:
4045 EVP_MD_CTX_free(ctx);
4046 OPENSSL_free(mac);
4047 EVP_PKEY_free(pkey);
4048 ENGINE_finish(e);
4049 ENGINE_free(e);
4050
4051 return testresult;
4052}
4053
4054static int test_cipher_with_engine(void)
4055{
4056 ENGINE *e;
4057 const char *engine_id = "dasync";
4058 const unsigned char keyiv[] = {
4059 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4060 0x0c, 0x0d, 0x0e, 0x0f
4061 };
4062 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4063 int testresult = 0;
4064 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
4065 unsigned char buf[AES_BLOCK_SIZE];
4066 int len = 0;
4067
4068 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4069 return 0;
4070
4071 if (!TEST_true(ENGINE_init(e))) {
4072 ENGINE_free(e);
4073 return 0;
4074 }
4075
4076 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4077 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
4078 goto err;
4079
4080 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
4081 goto err;
4082
4083 /* Copy the ctx, and complete the operation with the new ctx */
4084 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
4085 goto err;
4086
4087 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
4088 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
4089 goto err;
4090
4091 testresult = 1;
4092 err:
4093 EVP_CIPHER_CTX_free(ctx);
4094 EVP_CIPHER_CTX_free(ctx2);
4095 ENGINE_finish(e);
4096 ENGINE_free(e);
4097
4098 return testresult;
4099}
4100# endif /* OPENSSL_NO_DYNAMIC_ENGINE */
03c2f21b 4101#endif /* OPENSSL_NO_DEPRECATED_3_0 */
063e0197 4102
062490db
JS		 4103typedef enum OPTION_choice {
4104 OPT_ERR = -1,
4105 OPT_EOF = 0,
4106 OPT_CONTEXT,
4107 OPT_TEST_ENUM
4108} OPTION_CHOICE;
4109
4110const OPTIONS *test_get_options(void)
71ea6b48 4111{
062490db
JS		 4112 static const OPTIONS options[] = {
4113 OPT_TEST_OPTIONS_DEFAULT_USAGE,
4114 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
4115 { NULL }
4116 };
4117 return options;
4118}
86dc26ba 4119
062490db
JS		 4120int setup_tests(void)
4121{
4122 OPTION_CHOICE o;
4123
4124 while ((o = opt_next()) != OPT_EOF) {
4125 switch (o) {
4126 case OPT_CONTEXT:
4127 /* Set up an alternate library context */
4128 testctx = OSSL_LIB_CTX_new();
4129 if (!TEST_ptr(testctx))
4130 return 0;
4131 /* Swap the libctx to test non-default context only */
4132 nullprov = OSSL_PROVIDER_load(NULL, "null");
4133 deflprov = OSSL_PROVIDER_load(testctx, "default");
4134 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
4135 break;
4136 case OPT_TEST_CASES:
4137 break;
4138 default:
4139 return 0;
4140 }
4141 }
86dc26ba 4142
f9e504e8 4143 ADD_TEST(test_EVP_set_default_properties);
15ff7d7c 4144 ADD_ALL_TESTS(test_EVP_DigestSignInit, 15);
adcd8e37 4145 ADD_TEST(test_EVP_DigestVerifyInit);
8d8dd09b 4146 ADD_TEST(test_EVP_Digest);
15ff7d7c 4147 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
4547a719 4148 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
ad887416 4149 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
29c49b25 4150 ADD_TEST(test_privatekey_to_pkcs8);
8be513ae 4151 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
a9880362 4152#ifndef OPENSSL_NO_EC
adcd8e37 4153 ADD_TEST(test_EVP_PKCS82PKEY);
ddb634fe 4154#endif
f0c62c53
RL		 4155#ifndef OPENSSL_NO_EC
4156 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
4157#endif
f844f9eb 4158#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
ddb634fe 4159 ADD_TEST(test_EVP_SM2);
a6c4cb84 4160 ADD_TEST(test_EVP_SM2_verify);
a9880362 4161#endif
bb5f281a 4162 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
41bbba53 4163#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3
PY		 4164 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
4165 if (!TEST_ptr(custom_pmeth))
4166 return 0;
4167 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
b0004708
PY		 4168 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
4169 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
2aee35d3
PY		 4170 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
4171 return 0;
41bbba53 4172#endif
2aee35d3 4173 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
fab8fde3 4174#ifndef OPENSSL_NO_CMAC
a87820e1 4175 ADD_TEST(test_CMAC_keygen);
fab8fde3 4176#endif
10d5b415 4177 ADD_TEST(test_HKDF);
2cd3ebc7 4178 ADD_TEST(test_emptyikm_HKDF);
5dc40a83
BE		 4179#ifndef OPENSSL_NO_EC
4180 ADD_TEST(test_X509_PUBKEY_inplace);
808c63c5 4181 ADD_TEST(test_X509_PUBKEY_dup);
cad8347b
SL		 4182 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
4183 OSSL_NELEM(ec_der_pub_keys));
5dc40a83 4184#endif
8d0f8c81 4185#ifndef OPENSSL_NO_DSA
f54a4101 4186 ADD_TEST(test_DSA_get_set_params);
2c04b341 4187 ADD_TEST(test_DSA_priv_pub);
b4be6937 4188#endif
f54a4101 4189 ADD_TEST(test_RSA_get_set_params);
b4be6937
MC		 4190#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
4191 ADD_TEST(test_decrypt_null_chunks);
8d0f8c81 4192#endif
2c04b341
JS		 4193#ifndef OPENSSL_NO_DH
4194 ADD_TEST(test_DH_priv_pub);
4195# ifndef OPENSSL_NO_DEPRECATED_3_0
e295de1d 4196 ADD_TEST(test_EVP_PKEY_set1_DH);
2c04b341 4197# endif
b8a1272d
MC		 4198#endif
4199#ifndef OPENSSL_NO_EC
4200 ADD_TEST(test_EC_priv_pub);
4201# ifndef OPENSSL_NO_DEPRECATED_3_0
4202 ADD_TEST(test_EC_priv_only_legacy);
4203# endif
501fcfb8 4204#endif
8a5cb596 4205 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
5ddec6a7 4206 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
e295de1d 4207
1c19ff3c 4208 ADD_TEST(test_rand_agglomeration);
a4afa6c1
TM		 4209 ADD_ALL_TESTS(test_evp_iv_aes, 12);
4210#ifndef OPENSSL_NO_DES
4211 ADD_ALL_TESTS(test_evp_iv_des, 6);
4212#endif
e947a064 4213 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
c0ff1932
BK		 4214#ifndef OPENSSL_NO_EC
4215 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
4216#endif
1c19ff3c 4217
5eb73cfb
MC		 4218 ADD_TEST(test_names_do_all);
4219
063e0197
JC		 4220 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
4221 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
4222 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
f17e5277 4223 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
063e0197 4224
a983764e
MC		 4225#ifndef OPENSSL_NO_DEPRECATED_3_0
4226 ADD_ALL_TESTS(test_custom_pmeth, 12);
03c2f21b 4227 ADD_TEST(test_evp_md_cipher_meth);
0299094c
MC		 4228
4229# ifndef OPENSSL_NO_DYNAMIC_ENGINE
4230 /* Tests only support the default libctx */
4231 if (testctx == NULL) {
4232# ifndef OPENSSL_NO_EC
4233 ADD_ALL_TESTS(test_signatures_with_engine, 3);
4234# else
4235 ADD_ALL_TESTS(test_signatures_with_engine, 2);
4236# endif
4237 ADD_TEST(test_cipher_with_engine);
4238 }
4239# endif
a983764e
MC		 4240#endif
4241
ad887416 4242 return 1;
71ea6b48 4243}
86dc26ba
MC		 4244
4245void cleanup_tests(void)
4246{
062490db
JS		 4247 OSSL_PROVIDER_unload(nullprov);
4248 OSSL_PROVIDER_unload(deflprov);
4249 OSSL_PROVIDER_unload(lgcyprov);
b4250010 4250 OSSL_LIB_CTX_free(testctx);
86dc26ba 4251}
A mirror of the official openssl repository