]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/evp_extra_test.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Update provider_util.c to correctly handle ENGINE references
[thirdparty/openssl.git] / test / evp_extra_test.c
CommitLineData
440e5d80 1/*
4333b89f 2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
71ea6b48 3 *
909f1a2e 4 * Licensed under the Apache License 2.0 (the "License"). You may not use
440e5d80
RS		 5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
71ea6b48
MC		 8 */
9
41bbba53
P		 10/* We need to use some deprecated APIs */
11#define OPENSSL_SUPPRESS_DEPRECATED
12
71ea6b48
MC		 13#include <stdio.h>
14#include <stdlib.h>
bb5f281a 15#include <string.h>
71ea6b48 16#include <openssl/bio.h>
7bb82f92 17#include <openssl/conf.h>
71ea6b48
MC		 18#include <openssl/crypto.h>
19#include <openssl/err.h>
20#include <openssl/evp.h>
71ea6b48 21#include <openssl/x509.h>
4803717f 22#include <openssl/pem.h>
10d5b415 23#include <openssl/kdf.h>
847d0f81 24#include <openssl/provider.h>
9c45222d 25#include <openssl/core_names.h>
f54a4101 26#include <openssl/params.h>
d7e498ac 27#include <openssl/param_build.h>
9c45222d 28#include <openssl/dsa.h>
e295de1d 29#include <openssl/dh.h>
e5bc0ce2 30#include <openssl/aes.h>
d7e498ac 31#include <openssl/decoder.h>
e947a064 32#include <openssl/rsa.h>
adcd8e37 33#include "testutil.h"
176db6dc 34#include "internal/nelem.h"
00bc1ad9 35#include "internal/sizes.h"
25f2138b 36#include "crypto/evp.h"
f0c62c53 37#include "../e_os.h" /* strcasecmp */
71ea6b48 38
b4250010 39static OSSL_LIB_CTX *testctx = NULL;
062490db
JS		 40static char *testpropq = NULL;
41
42static OSSL_PROVIDER *nullprov = NULL;
43static OSSL_PROVIDER *deflprov = NULL;
44static OSSL_PROVIDER *lgcyprov = NULL;
86dc26ba 45
71ea6b48
MC		 46/*
47 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
48 * should never use this key anywhere but in an example.
49 */
50static const unsigned char kExampleRSAKeyDER[] = {
51 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
52 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
53 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
54 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
55 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
56 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
57 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
58 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
59 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
60 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
61 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
62 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
63 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
64 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
65 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
66 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
67 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
68 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
69 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
70 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
71 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
72 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
73 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
74 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
75 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
76 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
77 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
78 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
79 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
80 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
81 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
82 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
83 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
84 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
85 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
86 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
87 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
88 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
89 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
90 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
91 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
92 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
93 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
94 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
95 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
96 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
97 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
98 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
99 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
100 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
101 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
102};
103
59d0e6c8
MC		 104/*
105* kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
106 * should never use this key anywhere but in an example.
107 */
f650ab47 108#ifndef OPENSSL_NO_DSA
59d0e6c8
MC		 109static const unsigned char kExampleDSAKeyDER[] = {
110 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
111 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
112 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
113 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
114 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
115 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
116 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
117 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
118 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
119 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
120 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
121 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
122 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
123 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
124 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
125 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
126 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
127 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
128 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
129 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
130 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
131 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
132 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
133 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
134 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
135 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
136 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
137 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
138 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
139 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
140 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
141 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
142 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
143 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
144 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
145 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
146 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
147 0x40, 0x48
148};
f650ab47 149#endif
59d0e6c8 150
2aee35d3
PY		 151/*
152 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
153 * components are not correct.
154 */
155static const unsigned char kExampleBadRSAKeyDER[] = {
156 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
157 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
158 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
159 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
160 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
161 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
162 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
163 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
164 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
165 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
166 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
167 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
168 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
169 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
170 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
171 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
172 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
173 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
174 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
175 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
176 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
177 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
178 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
179 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
180 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
181 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
182 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
183 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
184 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
185 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
186 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
187 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
188 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
189 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
190 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
191 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
192 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
193 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
194 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
195 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
196 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
197 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
198 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
199 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
200 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
201 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
202 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
203 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
204 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
205 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
206 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
207 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
208 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
209 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
210 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
211 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
212 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
213 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
214 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
215 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
216 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
217 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
218 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
219 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
220 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
221 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
222 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
223 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
224 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
225 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
226 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
227 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
228 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
229 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
230 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
231 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
232 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
233 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
234 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
235 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
236 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
237 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
238 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
239 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
240 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
241 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
242 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
243 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
244 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
245};
246
71ea6b48
MC		 247static const unsigned char kMsg[] = { 1, 2, 3, 4 };
248
249static const unsigned char kSignature[] = {
250 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
251 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
252 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
253 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
254 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
255 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
256 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
257 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
258 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
259 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
260 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
261};
262
263/*
264 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
265 * PrivateKeyInfo.
266 */
267static const unsigned char kExampleRSAKeyPKCS8[] = {
268 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
269 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
270 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
271 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
272 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
273 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
274 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
275 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
276 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
277 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
278 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
279 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
280 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
281 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
282 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
283 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
284 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
285 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
286 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
287 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
288 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
289 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
290 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
291 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
292 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
293 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
294 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
295 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
296 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
297 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
298 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
299 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
300 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
301 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
302 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
303 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
304 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
305 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
306 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
307 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
308 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
309 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
310 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
311 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
312 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
313 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
314 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
315 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
316 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
317 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
318 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
319 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
320 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
321};
322
a9880362 323#ifndef OPENSSL_NO_EC
71ea6b48
MC		 324/*
325 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
326 * structure.
327 */
328static const unsigned char kExampleECKeyDER[] = {
329 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
330 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
331 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
332 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
333 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
334 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
335 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
336 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
337 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
338 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
339 0xc1,
340};
341
342/*
343 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
344 * structure. The private key is equal to the order and will fail to import
345 */
346static const unsigned char kExampleBadECKeyDER[] = {
347 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
348 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
349 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
350 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
351 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
352 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
353 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
354 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
355 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
356};
b0004708
PY		 357
358/* prime256v1 */
359static const unsigned char kExampleECPubKeyDER[] = {
360 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
361 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
362 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
363 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
364 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
365 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
366 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
367 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
368};
369
5dc40a83 370/*
87762939 371 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
5dc40a83
BE		 372 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
373 */
374static const unsigned char kExampleBadECPubKeyDER[] = {
375 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
376 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
377 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
378 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
379 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
380 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
381 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
382 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
383};
384
b0004708
PY		 385static const unsigned char pExampleECParamDER[] = {
386 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
387};
2cf8bb46
MC		 388
389static const unsigned char kExampleED25519KeyDER[] = {
390 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
391 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
392 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
393 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
394};
395
396static const unsigned char kExampleED25519PubKeyDER[] = {
397 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
398 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
399 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
400 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
401};
402
a983764e
MC		 403# ifndef OPENSSL_NO_DEPRECATED_3_0
404static const unsigned char kExampleX25519KeyDER[] = {
405 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
406 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
407 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
408 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
409};
410# endif
411#endif
412
413/* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
414#ifndef OPENSSL_NO_DEPRECATED_3_0
415# ifndef OPENSSL_NO_DH
416static const unsigned char kExampleDHKeyDER[] = {
417 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
418 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
419 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
420 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
421 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
422 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
423 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
424 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
425 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
426 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
427 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
428 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
429 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
430 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
431 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
432 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
433 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
434 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
435 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
436 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
437 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
438 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
439 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
440 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
441 0x2e, 0x87, 0x2a, 0x0b, 0x7a
442};
443# endif
a9880362 444#endif
71ea6b48 445
063e0197
JC		 446static const unsigned char kCFBDefaultKey[] = {
447 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
448 0x09, 0xCF, 0x4F, 0x3C
449};
450
451static const unsigned char kGCMDefaultKey[32] = { 0 };
452
453static const unsigned char kGCMResetKey[] = {
454 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
455 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
456 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
457};
458
459static const unsigned char iCFBIV[] = {
460 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
461 0x0C, 0x0D, 0x0E, 0x0F
462};
463
464static const unsigned char iGCMDefaultIV[12] = { 0 };
465
466static const unsigned char iGCMResetIV1[] = {
467 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
468};
469
470static const unsigned char iGCMResetIV2[] = {
471 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
472};
473
474static const unsigned char cfbPlaintext[] = {
475 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
476 0x73, 0x93, 0x17, 0x2A
477};
478
479static const unsigned char gcmDefaultPlaintext[16] = { 0 };
480
481static const unsigned char gcmResetPlaintext[] = {
482 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
483 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
484 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
485 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
486 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
487};
488
489static const unsigned char cfbCiphertext[] = {
490 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
491 0xE8, 0x3C, 0xFB, 0x4A
492};
493
494static const unsigned char gcmDefaultCiphertext[] = {
495 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
496 0xba, 0xf3, 0x9d, 0x18
497};
498
499static const unsigned char gcmResetCiphertext1[] = {
500 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
501 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
502 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
503 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
504 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
505};
506
507static const unsigned char gcmResetCiphertext2[] = {
508 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
509 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
510 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
511 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
512 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
513};
514
515static const unsigned char gcmAAD[] = {
516 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
517 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
518};
519
520static const unsigned char gcmDefaultTag[] = {
521 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
522 0xd4, 0x8a, 0xb9, 0x19
523};
524
525static const unsigned char gcmResetTag1[] = {
526 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
527 0xfe, 0x2e, 0xa8, 0xf2
528};
529
530static const unsigned char gcmResetTag2[] = {
531 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
532 0xbb, 0x2d, 0x55, 0x1b
533};
534
adcd8e37
RS		 535typedef struct APK_DATA_st {
536 const unsigned char *kder;
537 size_t size;
5b5eea4b 538 const char *keytype;
adcd8e37 539 int evptype;
2aee35d3 540 int check;
b0004708
PY		 541 int pub_check;
542 int param_check;
543 int type; /* 0 for private, 1 for public, 2 for params */
adcd8e37
RS		 544} APK_DATA;
545
546static APK_DATA keydata[] = {
5b5eea4b
SL		 547 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
548 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
aa24cd1b 549#ifndef OPENSSL_NO_EC
5b5eea4b 550 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
aa24cd1b 551#endif
adcd8e37
RS		 552};
553
2aee35d3 554static APK_DATA keycheckdata[] = {
2cf8bb46
MC		 555 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
556 0},
5b5eea4b 557 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
e6774a72 558 0, 1, 1, 0},
2aee35d3 559#ifndef OPENSSL_NO_EC
5b5eea4b 560 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
b0004708 561 /* group is also associated in our pub key */
2cf8bb46
MC		 562 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
563 1, 1},
564 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
565 2},
566 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
567 EVP_PKEY_ED25519, 1, 1, 1, 0},
568 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
569 EVP_PKEY_ED25519, 0, 1, 1, 1},
2aee35d3
PY		 570#endif
571};
572
d7e498ac
RL		 573static EVP_PKEY *load_example_key(const char *keytype,
574 const unsigned char *data, size_t data_len)
71ea6b48 575{
d7e498ac 576 const unsigned char **pdata = &data;
71ea6b48 577 EVP_PKEY *pkey = NULL;
d7e498ac 578 OSSL_DECODER_CTX *dctx =
fe75766c 579 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
062490db 580 testctx, testpropq);
71ea6b48 581
d7e498ac
RL		 582 /* |pkey| will be NULL on error */
583 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
584 OSSL_DECODER_CTX_free(dctx);
585 return pkey;
586}
71ea6b48 587
d7e498ac
RL		 588static EVP_PKEY *load_example_rsa_key(void)
589{
590 return load_example_key("RSA", kExampleRSAKeyDER,
591 sizeof(kExampleRSAKeyDER));
71ea6b48
MC		 592}
593
f650ab47 594#ifndef OPENSSL_NO_DSA
59d0e6c8
MC		 595static EVP_PKEY *load_example_dsa_key(void)
596{
6ed4022c
RL		 597 return load_example_key("DSA", kExampleDSAKeyDER,
598 sizeof(kExampleDSAKeyDER));
59d0e6c8 599}
f650ab47 600#endif
59d0e6c8 601
a983764e
MC		 602#ifndef OPENSSL_NO_DEPRECATED_3_0
603# ifndef OPENSSL_NO_DH
604static EVP_PKEY *load_example_dh_key(void)
605{
606 return load_example_key("DH", kExampleDHKeyDER,
607 sizeof(kExampleDHKeyDER));
608}
609# endif
610
611# ifndef OPENSSL_NO_EC
612static EVP_PKEY *load_example_ec_key(void)
613{
614 return load_example_key("EC", kExampleECKeyDER,
615 sizeof(kExampleECKeyDER));
616}
617
618static EVP_PKEY *load_example_ed25519_key(void)
619{
620 return load_example_key("ED25519", kExampleED25519KeyDER,
621 sizeof(kExampleED25519KeyDER));
622}
623
624static EVP_PKEY *load_example_x25519_key(void)
625{
626 return load_example_key("X25519", kExampleX25519KeyDER,
627 sizeof(kExampleX25519KeyDER));
628}
629# endif
630#endif /* OPENSSL_NO_DEPRECATED_3_0 */
631
6d242fa5
MC		 632static EVP_PKEY *load_example_hmac_key(void)
633{
634 EVP_PKEY *pkey = NULL;
635 unsigned char key[] = {
636 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
637 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
638 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
639 };
640
5af6e154
TM		 641 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
642 NULL, key, sizeof(key));
6d242fa5
MC		 643 if (!TEST_ptr(pkey))
644 return NULL;
645
646 return pkey;
647}
648
f9e504e8
P		 649static int test_EVP_set_default_properties(void)
650{
b4250010 651 OSSL_LIB_CTX *ctx;
f9e504e8
P		 652 EVP_MD *md = NULL;
653 int res = 0;
654
b4250010 655 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
f9e504e8
P		 656 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
657 goto err;
658 EVP_MD_free(md);
659 md = NULL;
660
661 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
662 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
663 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
664 goto err;
665 EVP_MD_free(md);
666 md = NULL;
667
668 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
669 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
670 goto err;
671 res = 1;
672err:
673 EVP_MD_free(md);
b4250010 674 OSSL_LIB_CTX_free(ctx);
f9e504e8
P		 675 return res;
676}
677
b8a1272d
MC		 678#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
679static int test_fromdata(char *keytype, OSSL_PARAM *params)
680{
681 EVP_PKEY_CTX *pctx = NULL;
682 EVP_PKEY *pkey = NULL;
683 int testresult = 0;
684
062490db 685 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
b8a1272d 686 goto err;
2db985b7
SL		 687 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
688 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
689 params), 0))
b8a1272d
MC		 690 goto err;
691
692 if (!TEST_ptr(pkey))
693 goto err;
694
695 testresult = 1;
696 err:
697 EVP_PKEY_free(pkey);
698 EVP_PKEY_CTX_free(pctx);
699
700 return testresult;
701}
702#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
703
2c04b341 704/*
8a9394c1 705 * Test combinations of private, public, missing and private + public key
2c04b341
JS		 706 * params to ensure they are all accepted
707 */
b8a1272d 708#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
2c04b341
JS		 709static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
710{
711 OSSL_PARAM_BLD *bld = NULL;
712 OSSL_PARAM *params = NULL;
713 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2c04b341
JS		 714 int ret = 0;
715
716 /*
717 * Setup the parameters for our pkey object. For our purposes they don't
718 * have to actually be *valid* parameters. We just need to set something.
719 */
b8a1272d 720 if (!TEST_ptr(p = BN_new())
2c04b341
JS		 721 || !TEST_ptr(q = BN_new())
722 || !TEST_ptr(g = BN_new())
723 || !TEST_ptr(pub = BN_new())
724 || !TEST_ptr(priv = BN_new()))
725 goto err;
726
727 /* Test !priv and !pub */
728 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
729 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
730 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
731 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
732 goto err;
733 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
734 goto err;
735
b8a1272d 736 if (!test_fromdata(keytype, params))
2c04b341 737 goto err;
3f883c7c 738 OSSL_PARAM_free(params);
6bcbc369 739 params = NULL;
2c04b341
JS		 740 OSSL_PARAM_BLD_free(bld);
741
742 /* Test priv and !pub */
743 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
744 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
745 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
746 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
747 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
748 priv)))
749 goto err;
750 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
751 goto err;
752
b8a1272d 753 if (!test_fromdata(keytype, params))
2c04b341 754 goto err;
3f883c7c 755 OSSL_PARAM_free(params);
6bcbc369 756 params = NULL;
2c04b341
JS		 757 OSSL_PARAM_BLD_free(bld);
758
759 /* Test !priv and pub */
760 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
761 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
762 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
763 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
764 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
765 pub)))
766 goto err;
767 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
768 goto err;
769
b8a1272d 770 if (!test_fromdata(keytype, params))
2c04b341 771 goto err;
3f883c7c 772 OSSL_PARAM_free(params);
6bcbc369 773 params = NULL;
2c04b341
JS		 774 OSSL_PARAM_BLD_free(bld);
775
776 /* Test priv and pub */
777 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
778 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
779 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
780 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
781 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
782 pub))
783 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
784 priv)))
785 goto err;
786 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
787 goto err;
788
b8a1272d 789 if (!test_fromdata(keytype, params))
2c04b341
JS		 790 goto err;
791
792 ret = 1;
793 err:
3f883c7c 794 OSSL_PARAM_free(params);
2c04b341
JS		 795 OSSL_PARAM_BLD_free(bld);
796 BN_free(p);
797 BN_free(q);
798 BN_free(g);
799 BN_free(pub);
800 BN_free(priv);
801
802 return ret;
803}
8a9394c1 804#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
2c04b341 805
b8a1272d
MC		 806/*
807 * Test combinations of private, public, missing and private + public key
808 * params to ensure they are all accepted for EC keys
809 */
810#ifndef OPENSSL_NO_EC
811static unsigned char ec_priv[] = {
812 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
813 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
814 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
815};
816static unsigned char ec_pub[] = {
817 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
818 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
819 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
820 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
821 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
822 0x08, 0x09, 0xb8, 0xdb, 0x03
823};
824
825static int test_EC_priv_pub(void)
826{
827 OSSL_PARAM_BLD *bld = NULL;
828 OSSL_PARAM *params = NULL;
829 BIGNUM *priv = NULL;
830 int ret = 0;
831
832 /*
833 * Setup the parameters for our pkey object. For our purposes they don't
834 * have to actually be *valid* parameters. We just need to set something.
835 */
836 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
837 goto err;
838
839 /* Test !priv and !pub */
840 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
841 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
842 OSSL_PKEY_PARAM_GROUP_NAME,
843 "P-256", 0)))
844 goto err;
845 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
846 goto err;
847
848 if (!test_fromdata("EC", params))
849 goto err;
3f883c7c 850 OSSL_PARAM_free(params);
bfe2fcc8 851 params = NULL;
b8a1272d
MC		 852 OSSL_PARAM_BLD_free(bld);
853
854 /* Test priv and !pub */
855 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
856 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
857 OSSL_PKEY_PARAM_GROUP_NAME,
858 "P-256", 0))
859 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
860 priv)))
861 goto err;
862 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
863 goto err;
864
865 if (!test_fromdata("EC", params))
866 goto err;
3f883c7c 867 OSSL_PARAM_free(params);
bfe2fcc8 868 params = NULL;
b8a1272d
MC		 869 OSSL_PARAM_BLD_free(bld);
870
871 /* Test !priv and pub */
872 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
873 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
874 OSSL_PKEY_PARAM_GROUP_NAME,
875 "P-256", 0))
876 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
877 OSSL_PKEY_PARAM_PUB_KEY,
878 ec_pub, sizeof(ec_pub))))
879 goto err;
880 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
881 goto err;
882
883 if (!test_fromdata("EC", params))
884 goto err;
3f883c7c 885 OSSL_PARAM_free(params);
bfe2fcc8 886 params = NULL;
b8a1272d
MC		 887 OSSL_PARAM_BLD_free(bld);
888
889 /* Test priv and pub */
890 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
891 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
892 OSSL_PKEY_PARAM_GROUP_NAME,
893 "P-256", 0))
894 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
895 OSSL_PKEY_PARAM_PUB_KEY,
896 ec_pub, sizeof(ec_pub)))
d36a5dd0
MC		 897 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
898 priv)))
b8a1272d
MC		 899 goto err;
900 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
901 goto err;
902
903 if (!test_fromdata("EC", params))
904 goto err;
905
906 ret = 1;
907 err:
3f883c7c 908 OSSL_PARAM_free(params);
b8a1272d
MC		 909 OSSL_PARAM_BLD_free(bld);
910 BN_free(priv);
911
912 return ret;
913}
914
915/* Test that using a legacy EC key with only a private key in it works */
916# ifndef OPENSSL_NO_DEPRECATED_3_0
917static int test_EC_priv_only_legacy(void)
918{
919 BIGNUM *priv = NULL;
920 int ret = 0;
921 EC_KEY *eckey = NULL;
2145ba5e 922 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
b8a1272d
MC		 923 EVP_MD_CTX *ctx = NULL;
924
925 /* Create the low level EC_KEY */
926 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
927 goto err;
928
929 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
930 if (!TEST_ptr(eckey))
931 goto err;
932
933 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
934 goto err;
935
936 pkey = EVP_PKEY_new();
937 if (!TEST_ptr(pkey))
938 goto err;
939
940 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
941 goto err;
942 eckey = NULL;
943
2145ba5e
TM		 944 while (dup_pk == NULL) {
945 ret = 0;
946 ctx = EVP_MD_CTX_new();
947 if (!TEST_ptr(ctx))
948 goto err;
949
950 /*
951 * The EVP_DigestSignInit function should create the key on the
952 * provider side which is sufficient for this test.
953 */
954 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
955 testpropq, pkey, NULL)))
956 goto err;
957 EVP_MD_CTX_free(ctx);
958 ctx = NULL;
959
960 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
961 goto err;
962 /* EVP_PKEY_eq() returns -2 with missing public keys */
963 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
964 EVP_PKEY_free(pkey);
965 pkey = dup_pk;
966 if (!ret)
967 goto err;
968 }
b8a1272d
MC		 969
970 err:
971 EVP_MD_CTX_free(ctx);
972 EVP_PKEY_free(pkey);
973 EC_KEY_free(eckey);
974 BN_free(priv);
975
976 return ret;
977}
978# endif /* OPENSSL_NO_DEPRECATED_3_0 */
979#endif /* OPENSSL_NO_EC */
980
4547a719
P		 981/*
982 * n = 0 => test using legacy cipher
983 * n = 1 => test using fetched cipher
984 */
985static int test_EVP_Enveloped(int n)
2eb2b4f3
SL		 986{
987 int ret = 0;
988 EVP_CIPHER_CTX *ctx = NULL;
989 EVP_PKEY *keypair = NULL;
990 unsigned char *kek = NULL;
991 unsigned char iv[EVP_MAX_IV_LENGTH];
992 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
993 int len, kek_len, ciphertext_len, plaintext_len;
994 unsigned char ciphertext[32], plaintext[16];
4547a719 995 EVP_CIPHER *type = NULL;
062490db
JS		 996
997 if (nullprov != NULL)
998 return TEST_skip("Test does not support a non-default library context");
999
4547a719
P		 1000 if (n == 0)
1001 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1002 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1003 testpropq)))
1004 goto err;
2eb2b4f3
SL		 1005
1006 if (!TEST_ptr(keypair = load_example_rsa_key())
ed576acd 1007 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
2eb2b4f3
SL		 1008 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1009 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1010 &keypair, 1))
1011 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1012 msg, sizeof(msg)))
1013 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1014 &len)))
1015 goto err;
1016
1017 ciphertext_len += len;
1018
1019 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1020 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1021 ciphertext, ciphertext_len))
1022 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1023 goto err;
1024
1025 plaintext_len += len;
1026 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1027 goto err;
1028
1029 ret = 1;
1030err:
4547a719
P		 1031 if (n != 0)
1032 EVP_CIPHER_free(type);
2eb2b4f3
SL		 1033 OPENSSL_free(kek);
1034 EVP_PKEY_free(keypair);
1035 EVP_CIPHER_CTX_free(ctx);
1036 return ret;
1037}
1038
59d0e6c8 1039/*
6d242fa5
MC		 1040 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1041 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1042 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1043 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1044 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1045 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1046 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1047 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1048 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
59d0e6c8
MC		 1049 */
1050static int test_EVP_DigestSignInit(int tst)
71ea6b48
MC		 1051{
1052 int ret = 0;
1053 EVP_PKEY *pkey = NULL;
78539b25
TM		 1054 unsigned char *sig = NULL, *sig2 = NULL;
1055 size_t sig_len = 0, sig2_len = 0;
59d0e6c8
MC		 1056 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1057 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1058 BIO *mdbio = NULL, *membio = NULL;
1059 size_t written;
6d242fa5
MC		 1060 const EVP_MD *md;
1061 EVP_MD *mdexp = NULL;
59d0e6c8 1062
062490db
JS		 1063 if (nullprov != NULL)
1064 return TEST_skip("Test does not support a non-default library context");
1065
6d242fa5 1066 if (tst >= 6) {
59d0e6c8
MC		 1067 membio = BIO_new(BIO_s_mem());
1068 mdbio = BIO_new(BIO_f_md());
1069 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1070 goto out;
1071 BIO_push(mdbio, membio);
1072 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1073 goto out;
1074 } else {
1075 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1076 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1077 goto out;
1078 }
71ea6b48 1079
6d242fa5 1080 if (tst == 0 || tst == 3 || tst == 6) {
59d0e6c8
MC		 1081 if (!TEST_ptr(pkey = load_example_rsa_key()))
1082 goto out;
6d242fa5 1083 } else if (tst == 1 || tst == 4 || tst == 7) {
f650ab47 1084#ifndef OPENSSL_NO_DSA
59d0e6c8
MC		 1085 if (!TEST_ptr(pkey = load_example_dsa_key()))
1086 goto out;
f650ab47
MC		 1087#else
1088 ret = 1;
1089 goto out;
1090#endif
6d242fa5
MC		 1091 } else {
1092 if (!TEST_ptr(pkey = load_example_hmac_key()))
1093 goto out;
59d0e6c8 1094 }
71ea6b48 1095
6d242fa5
MC		 1096 if (tst >= 3 && tst <= 5)
1097 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1098 else
1099 md = EVP_sha256();
1100
1101 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
71ea6b48 1102 goto out;
adcd8e37 1103
6d242fa5 1104 if (tst >= 6) {
59d0e6c8
MC		 1105 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1106 goto out;
1107 } else {
1108 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1109 goto out;
1110 }
1111
71ea6b48 1112 /* Determine the size of the signature. */
adcd8e37 1113 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
0a054d2a 1114 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
adcd8e37 1115 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
71ea6b48 1116 goto out;
71ea6b48 1117
6d242fa5
MC		 1118 /*
1119 * Ensure that the signature round-trips (Verification isn't supported for
1120 * HMAC via EVP_DigestVerify*)
1121 */
1122 if (tst != 2 && tst != 5 && tst != 8) {
78539b25
TM		 1123 if (tst >= 6) {
1124 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1125 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1126 goto out;
1127 }
1128
6d242fa5
MC		 1129 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1130 NULL, pkey)))
59d0e6c8 1131 goto out;
6d242fa5
MC		 1132
1133 if (tst >= 6) {
1134 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1135 goto out;
1136 } else {
1137 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1138 sizeof(kMsg))))
1139 goto out;
1140 }
1141 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
59d0e6c8 1142 goto out;
78539b25
TM		 1143
1144 /* Multiple calls to EVP_DigestVerifyFinal should work */
1145 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1146 goto out;
1147 } else {
1148 /*
1149 * For HMAC a doubled call to DigestSignFinal should produce the same
1150 * value as finalization should not happen.
1151 */
1152 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1153 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1154 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1155 goto out;
1156
1157 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1158 goto out;
59d0e6c8 1159 }
71ea6b48
MC		 1160
1161 ret = 1;
1162
1163 out:
59d0e6c8
MC		 1164 BIO_free(membio);
1165 BIO_free(mdbio);
1166 EVP_MD_CTX_free(a_md_ctx);
1167 EVP_MD_CTX_free(a_md_ctx_verify);
c5ba2d99 1168 EVP_PKEY_free(pkey);
b548a1f1 1169 OPENSSL_free(sig);
78539b25 1170 OPENSSL_free(sig2);
6d242fa5 1171 EVP_MD_free(mdexp);
71ea6b48
MC		 1172
1173 return ret;
1174}
1175
1176static int test_EVP_DigestVerifyInit(void)
1177{
1178 int ret = 0;
1179 EVP_PKEY *pkey = NULL;
adcd8e37 1180 EVP_MD_CTX *md_ctx = NULL;
71ea6b48 1181
062490db
JS		 1182 if (nullprov != NULL)
1183 return TEST_skip("Test does not support a non-default library context");
1184
adcd8e37
RS		 1185 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1186 || !TEST_ptr(pkey = load_example_rsa_key()))
1187 goto out;
71ea6b48 1188
adcd8e37
RS		 1189 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1190 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1191 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
1192 sizeof(kSignature))))
71ea6b48 1193 goto out;
71ea6b48
MC		 1194 ret = 1;
1195
1196 out:
bfb0641f 1197 EVP_MD_CTX_free(md_ctx);
c5ba2d99 1198 EVP_PKEY_free(pkey);
71ea6b48
MC		 1199 return ret;
1200}
1201
8d8dd09b
TM		 1202/*
1203 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1204 */
1205static int test_EVP_Digest(void)
1206{
1207 int ret = 0;
1208 EVP_MD_CTX *md_ctx = NULL;
1209 unsigned char md[EVP_MAX_MD_SIZE];
062490db
JS		 1210 EVP_MD *sha256 = NULL;
1211 EVP_MD *shake256 = NULL;
8d8dd09b
TM		 1212
1213 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1214 goto out;
1215
062490db
JS		 1216 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1217 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1218 goto out;
1219
1220 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
8d8dd09b
TM		 1221 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1222 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1223 /* EVP_DigestFinal resets the EVP_MD_CTX. */
f6c95e46 1224 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
8d8dd09b
TM		 1225 goto out;
1226
062490db 1227 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
8d8dd09b
TM		 1228 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1229 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1230 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
f6c95e46 1231 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
8d8dd09b
TM		 1232 /*
1233 * EVP_DigestInit_ex with NULL type should work on
1234 * pre-initialized context.
1235 */
1236 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1237 goto out;
1238
062490db 1239 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
8d8dd09b
TM		 1240 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1241 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1242 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
f6c95e46 1243 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
8d8dd09b
TM		 1244 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1245 goto out;
1246 ret = 1;
1247
1248 out:
1249 EVP_MD_CTX_free(md_ctx);
062490db
JS		 1250 EVP_MD_free(sha256);
1251 EVP_MD_free(shake256);
8d8dd09b
TM		 1252 return ret;
1253}
1254
adcd8e37 1255static int test_d2i_AutoPrivateKey(int i)
71ea6b48
MC		 1256{
1257 int ret = 0;
1258 const unsigned char *p;
1259 EVP_PKEY *pkey = NULL;
adcd8e37
RS		 1260 const APK_DATA *ak = &keydata[i];
1261 const unsigned char *input = ak->kder;
1262 size_t input_len = ak->size;
1263 int expected_id = ak->evptype;
71ea6b48
MC		 1264
1265 p = input;
adcd8e37
RS		 1266 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1267 || !TEST_ptr_eq(p, input + input_len)
ed576acd 1268 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
71ea6b48 1269 goto done;
71ea6b48
MC		 1270
1271 ret = 1;
1272
1273 done:
c5ba2d99 1274 EVP_PKEY_free(pkey);
71ea6b48
MC		 1275 return ret;
1276}
1277
a9880362 1278#ifndef OPENSSL_NO_EC
cad8347b
SL		 1279
1280static const unsigned char ec_public_sect163k1_validxy[] = {
1281 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1282 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1283 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1284 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1285 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1286 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1287};
1288
1289static const unsigned char ec_public_sect163k1_badx[] = {
1290 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1291 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1292 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1293 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1294 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1295 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1296};
1297
1298static const unsigned char ec_public_sect163k1_bady[] = {
1299 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1300 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1301 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1302 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1303 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1304 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1305};
1306
1307static struct ec_der_pub_keys_st {
1308 const unsigned char *der;
1309 size_t len;
1310 int valid;
1311} ec_der_pub_keys[] = {
1312 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1313 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1314 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1315};
1316
1317/*
1318 * Tests the range of the decoded EC char2 public point.
1319 * See ec_GF2m_simple_oct2point().
1320 */
1321static int test_invalide_ec_char2_pub_range_decode(int id)
1322{
1323 int ret = 0;
5b5eea4b 1324 EVP_PKEY *pkey;
cad8347b 1325
5b5eea4b
SL		 1326 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1327 ec_der_pub_keys[id].len);
1328
1329 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1330 || TEST_ptr_null(pkey);
1331 EVP_PKEY_free(pkey);
cad8347b
SL		 1332 return ret;
1333}
1334
71ea6b48
MC		 1335/* Tests loading a bad key in PKCS8 format */
1336static int test_EVP_PKCS82PKEY(void)
1337{
1338 int ret = 0;
1339 const unsigned char *derp = kExampleBadECKeyDER;
1340 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1341 EVP_PKEY *pkey = NULL;
1342
adcd8e37
RS		 1343 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1344 sizeof(kExampleBadECKeyDER))))
1345 goto done;
71ea6b48 1346
adcd8e37
RS		 1347 if (!TEST_ptr_eq(derp,
1348 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
71ea6b48 1349 goto done;
71ea6b48 1350
adcd8e37 1351 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
71ea6b48 1352 goto done;
71ea6b48
MC		 1353
1354 ret = 1;
1355
1356 done:
e0e920b1 1357 PKCS8_PRIV_KEY_INFO_free(p8inf);
c5ba2d99 1358 EVP_PKEY_free(pkey);
71ea6b48
MC		 1359
1360 return ret;
1361}
8be513ae 1362
a9880362 1363#endif
8be513ae
DB		 1364static int test_EVP_PKCS82PKEY_wrong_tag(void)
1365{
1366 EVP_PKEY *pkey = NULL;
1367 EVP_PKEY *pkey2 = NULL;
1368 BIO *membio = NULL;
1369 char *membuf = NULL;
1370 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1371 int ok = 0;
1372
1373 if (testctx != NULL)
1374 /* test not supported with non-default context */
1375 return 1;
1376
1377 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1378 || !TEST_ptr(pkey = load_example_rsa_key())
1379 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1380 NULL, 0, NULL, NULL),
1381 0)
1382 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1383 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1384 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
5d8ad7d3 1385 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
8be513ae
DB		 1386 goto done;
1387 }
1388
1389 ok = 1;
1390 done:
1391 EVP_PKEY_free(pkey);
1392 EVP_PKEY_free(pkey2);
1393 PKCS8_PRIV_KEY_INFO_free(p8inf);
1394 BIO_free_all(membio);
1395 return ok;
1396}
71ea6b48 1397
29c49b25
RL		 1398/* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1399static int test_privatekey_to_pkcs8(void)
1400{
1401 EVP_PKEY *pkey = NULL;
1402 BIO *membio = NULL;
1403 char *membuf = NULL;
e2cc68c8 1404 long membuf_len = 0;
29c49b25
RL		 1405 int ok = 0;
1406
1407 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1408 || !TEST_ptr(pkey = load_example_rsa_key())
1409 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1410 NULL, 0, NULL, NULL),
1411 0)
e2cc68c8
SL		 1412 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1413 || !TEST_ptr(membuf)
1414 || !TEST_mem_eq(membuf, (size_t)membuf_len,
29c49b25
RL		 1415 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1416 /*
1417 * We try to write PEM as well, just to see that it doesn't err, but
1418 * assume that the result is correct.
1419 */
1420 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1421 NULL, 0, NULL, NULL),
1422 0))
1423 goto done;
1424
1425 ok = 1;
1426 done:
1427 EVP_PKEY_free(pkey);
1428 BIO_free_all(membio);
1429 return ok;
1430}
1431
f0c62c53
RL		 1432#ifndef OPENSSL_NO_EC
1433static const struct {
1434 int encoding;
1435 const char *encoding_name;
1436} ec_encodings[] = {
1437 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1438 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1439};
1440
1441static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1442{
1443 const OSSL_PARAM *p;
1444 const char *enc_name = NULL;
1445 int *enc = arg;
1446 size_t i;
1447
1448 *enc = -1;
1449
1450 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1451 OSSL_PKEY_PARAM_EC_ENCODING))
1452 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1453 return 0;
1454
1455 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1456 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1457 *enc = ec_encodings[i].encoding;
1458 break;
1459 }
1460 }
1461
1462 return (*enc != -1);
1463}
1464
1465static int test_EC_keygen_with_enc(int idx)
1466{
1467 EVP_PKEY *params = NULL, *key = NULL;
1468 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1469 int enc;
1470 int ret = 0;
1471
1472 enc = ec_encodings[idx].encoding;
1473
1474 /* Create key parameters */
1475 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1476 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
1477 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
1478 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1479 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
1480 || !TEST_ptr(params))
1481 goto done;
1482
1483 /* Create key */
1484 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1485 || !TEST_true(EVP_PKEY_keygen_init(kctx))
1486 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1487 || !TEST_ptr(key))
1488 goto done;
1489
1490 /* Check that the encoding got all the way into the key */
1491 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1492 ec_export_get_encoding_cb, &enc))
1493 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1494 goto done;
1495
1496 ret = 1;
1497 done:
1498 EVP_PKEY_free(key);
1499 EVP_PKEY_free(params);
1500 EVP_PKEY_CTX_free(kctx);
1501 EVP_PKEY_CTX_free(pctx);
1502 return ret;
1503}
1504#endif
1505
f844f9eb 1506#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
ddb634fe 1507
a6c4cb84
JL		 1508static int test_EVP_SM2_verify(void)
1509{
a6c4cb84 1510 const char *pubkey =
d0b79f86
PY		 1511 "-----BEGIN PUBLIC KEY-----\n"
1512 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1513 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1514 "-----END PUBLIC KEY-----\n";
a6c4cb84
JL		 1515
1516 const char *msg = "message digest";
1517 const char *id = "ALICE123@YAHOO.COM";
1518
1519 const uint8_t signature[] = {
d0b79f86
PY		 1520 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1521 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1522 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1523 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1524 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1525 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1526 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
a6c4cb84
JL		 1527 };
1528
1529 int rc = 0;
1530 BIO *bio = NULL;
1531 EVP_PKEY *pkey = NULL;
1532 EVP_MD_CTX *mctx = NULL;
1533 EVP_PKEY_CTX *pctx = NULL;
062490db 1534 EVP_MD *sm3 = NULL;
a6c4cb84
JL		 1535
1536 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1537 if (!TEST_true(bio != NULL))
1538 goto done;
1539
062490db 1540 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
a6c4cb84
JL		 1541 if (!TEST_true(pkey != NULL))
1542 goto done;
1543
8a288609 1544 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
a6c4cb84
JL		 1545 goto done;
1546
1547 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1548 goto done;
1549
062490db 1550 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
a6c4cb84
JL		 1551 goto done;
1552
a6c4cb84
JL		 1553 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1554
062490db
JS		 1555 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1556 goto done;
1557
1558 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
a6c4cb84
JL		 1559 goto done;
1560
d0b79f86
PY		 1561 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1562 goto done;
1563
a6c4cb84
JL		 1564 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1565 goto done;
1566
1567 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
1568 goto done;
1569 rc = 1;
1570
1571 done:
1572 BIO_free(bio);
1573 EVP_PKEY_free(pkey);
1574 EVP_PKEY_CTX_free(pctx);
1575 EVP_MD_CTX_free(mctx);
062490db 1576 EVP_MD_free(sm3);
a6c4cb84
JL		 1577 return rc;
1578}
1579
ddb634fe
JL		 1580static int test_EVP_SM2(void)
1581{
1582 int ret = 0;
1583 EVP_PKEY *pkey = NULL;
bfb56a97 1584 EVP_PKEY *pkeyparams = NULL;
ddb634fe
JL		 1585 EVP_PKEY_CTX *pctx = NULL;
1586 EVP_PKEY_CTX *kctx = NULL;
4803717f 1587 EVP_PKEY_CTX *sctx = NULL;
ddb634fe
JL		 1588 size_t sig_len = 0;
1589 unsigned char *sig = NULL;
1590 EVP_MD_CTX *md_ctx = NULL;
1591 EVP_MD_CTX *md_ctx_verify = NULL;
1592 EVP_PKEY_CTX *cctx = NULL;
42423ac9 1593 EVP_MD *check_md = NULL;
ddb634fe
JL		 1594
1595 uint8_t ciphertext[128];
1596 size_t ctext_len = sizeof(ciphertext);
1597
1598 uint8_t plaintext[8];
1599 size_t ptext_len = sizeof(plaintext);
1600
4803717f
PY		 1601 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1602
bfb56a97
MC		 1603 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1604 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1605 int i;
a0fff549 1606 char mdname[OSSL_MAX_NAME_SIZE];
bfb56a97 1607
42423ac9
RL		 1608 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
1609 "SM2", testpropq)))
ddb634fe
JL		 1610 goto done;
1611
1612 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1613 goto done;
1614
1615 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1616 goto done;
1617
bfb56a97 1618 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
ddb634fe
JL		 1619 goto done;
1620
42423ac9
RL		 1621 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1622 pkeyparams, testpropq)))
ddb634fe
JL		 1623 goto done;
1624
1625 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1626 goto done;
1627
1628 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1629 goto done;
1630
ddb634fe
JL		 1631 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1632 goto done;
1633
1634 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1635 goto done;
1636
062490db 1637 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
4803717f
PY		 1638 goto done;
1639
1640 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1641 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1642
42423ac9 1643 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
062490db
JS		 1644 goto done;
1645
42423ac9 1646 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
4803717f
PY		 1647 goto done;
1648
d0b79f86 1649 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
ddb634fe
JL		 1650 goto done;
1651
42423ac9 1652 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
ddb634fe
JL		 1653 goto done;
1654
1655 /* Determine the size of the signature. */
1656 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1657 goto done;
1658
ddb634fe
JL		 1659 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1660 goto done;
1661
1662 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1663 goto done;
1664
1665 /* Ensure that the signature round-trips. */
1666
42423ac9
RL		 1667 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1668 pkey)))
ddb634fe
JL		 1669 goto done;
1670
d0b79f86
PY		 1671 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1672 goto done;
1673
ddb634fe
JL		 1674 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1675 goto done;
1676
1677 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1678 goto done;
1679
1680 /* now check encryption/decryption */
1681
bfb56a97
MC		 1682 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1683 mdname, sizeof(mdname));
1684 for (i = 0; i < 2; i++) {
42423ac9
RL		 1685 const char *mdnames[] = {
1686#ifndef OPENSSL_NO_SM3
1687 "SM3",
1688#else
1689 NULL,
1690#endif
1691 "SHA2-256" };
bfb56a97 1692 EVP_PKEY_CTX_free(cctx);
ddb634fe 1693
42423ac9
RL		 1694 if (mdnames[i] == NULL)
1695 continue;
1696
1697 sparams[0] =
1698 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1699 (char *)mdnames[i], 0);
ddb634fe 1700
42423ac9
RL		 1701 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1702 pkey, testpropq)))
bfb56a97 1703 goto done;
ddb634fe 1704
bfb56a97
MC		 1705 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1706 goto done;
ddb634fe 1707
bfb56a97
MC		 1708 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1709 goto done;
ddb634fe 1710
bfb56a97
MC		 1711 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1712 sizeof(kMsg))))
1713 goto done;
ddb634fe 1714
bfb56a97
MC		 1715 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1716 goto done;
1717
1718 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1719 goto done;
1720
1721 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1722 ctext_len)))
1723 goto done;
1724
1725 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1726 goto done;
1727
42423ac9
RL		 1728 /*
1729 * Test we're still using the digest we think we are.
1730 * Because of aliases, the easiest is to fetch the digest and
1731 * check the name with EVP_MD_is_a().
1732 */
1733 EVP_MD_free(check_md);
1734 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
bfb56a97 1735 goto done;
42423ac9
RL		 1736 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
1737 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
bfb56a97 1738 goto done;
42423ac9 1739 }
bfb56a97
MC		 1740
1741 if (!TEST_true(ptext_len == sizeof(kMsg)))
1742 goto done;
1743
1744 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1745 goto done;
1746 }
ddb634fe
JL		 1747
1748 ret = 1;
1749done:
1750 EVP_PKEY_CTX_free(pctx);
1751 EVP_PKEY_CTX_free(kctx);
4803717f 1752 EVP_PKEY_CTX_free(sctx);
ddb634fe
JL		 1753 EVP_PKEY_CTX_free(cctx);
1754 EVP_PKEY_free(pkey);
bfb56a97 1755 EVP_PKEY_free(pkeyparams);
ddb634fe
JL		 1756 EVP_MD_CTX_free(md_ctx);
1757 EVP_MD_CTX_free(md_ctx_verify);
42423ac9 1758 EVP_MD_free(check_md);
ddb634fe
JL		 1759 OPENSSL_free(sig);
1760 return ret;
1761}
1762
1763#endif
1764
bb5f281a
MC		 1765static struct keys_st {
1766 int type;
1767 char *priv;
1768 char *pub;
1769} keys[] = {
1770 {
1771 EVP_PKEY_HMAC, "0123456789", NULL
92b83537
TM		 1772 },
1773 {
1774 EVP_PKEY_HMAC, "", NULL
5af6e154 1775#ifndef OPENSSL_NO_POLY1305
bb5f281a
MC		 1776 }, {
1777 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
5af6e154
TM		 1778#endif
1779#ifndef OPENSSL_NO_SIPHASH
bb5f281a
MC		 1780 }, {
1781 EVP_PKEY_SIPHASH, "0123456789012345", NULL
5af6e154 1782#endif
896dcb80
MC		 1783 },
1784#ifndef OPENSSL_NO_EC
1785 {
bb5f281a
MC		 1786 EVP_PKEY_X25519, "01234567890123456789012345678901",
1787 "abcdefghijklmnopqrstuvwxyzabcdef"
1788 }, {
1789 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1790 "abcdefghijklmnopqrstuvwxyzabcdef"
1791 }, {
1792 EVP_PKEY_X448,
1793 "01234567890123456789012345678901234567890123456789012345",
1794 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1795 }, {
1796 EVP_PKEY_ED448,
1797 "012345678901234567890123456789012345678901234567890123456",
1798 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1799 }
896dcb80 1800#endif
bb5f281a
MC		 1801};
1802
86dc26ba 1803static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
bb5f281a
MC		 1804{
1805 int ret = 0;
1806 unsigned char buf[80];
1807 unsigned char *in;
1808 size_t inlen, len = 0;
1809 EVP_PKEY *pkey;
1810
1811 /* Check if this algorithm supports public keys */
5af6e154 1812 if (pub && keys[tst].pub == NULL)
bb5f281a
MC		 1813 return 1;
1814
1815 memset(buf, 0, sizeof(buf));
1816
1817 if (pub) {
5af6e154 1818#ifndef OPENSSL_NO_EC
bb5f281a
MC		 1819 inlen = strlen(keys[tst].pub);
1820 in = (unsigned char *)keys[tst].pub;
86dc26ba 1821 if (uselibctx) {
d8652be0 1822 pkey = EVP_PKEY_new_raw_public_key_ex(
86dc26ba
MC		 1823 testctx,
1824 OBJ_nid2sn(keys[tst].type),
1825 NULL,
1826 in,
1827 inlen);
1828 } else {
1829 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1830 NULL,
1831 in,
1832 inlen);
1833 }
5af6e154
TM		 1834#else
1835 return 1;
1836#endif
bb5f281a
MC		 1837 } else {
1838 inlen = strlen(keys[tst].priv);
1839 in = (unsigned char *)keys[tst].priv;
86dc26ba 1840 if (uselibctx) {
d8652be0 1841 pkey = EVP_PKEY_new_raw_private_key_ex(
86dc26ba
MC		 1842 testctx, OBJ_nid2sn(keys[tst].type),
1843 NULL,
1844 in,
1845 inlen);
1846 } else {
1847 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1848 NULL,
1849 in,
1850 inlen);
1851 }
bb5f281a
MC		 1852 }
1853
1854 if (!TEST_ptr(pkey)
5af6e154 1855 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
bb5f281a
MC		 1856 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1857 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1858 || !TEST_true(len == inlen)
1859 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1860 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1861 || !TEST_mem_eq(in, inlen, buf, len))
1862 goto done;
1863
1864 ret = 1;
1865 done:
1866 EVP_PKEY_free(pkey);
1867 return ret;
1868}
1869
1870static int test_set_get_raw_keys(int tst)
1871{
5af6e154 1872 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
86dc26ba 1873 && test_set_get_raw_keys_int(tst, 0, 1)
5af6e154 1874 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
86dc26ba 1875 && test_set_get_raw_keys_int(tst, 1, 1);
bb5f281a
MC		 1876}
1877
41bbba53 1878#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3
PY		 1879static int pkey_custom_check(EVP_PKEY *pkey)
1880{
1881 return 0xbeef;
1882}
1883
b0004708
PY		 1884static int pkey_custom_pub_check(EVP_PKEY *pkey)
1885{
1886 return 0xbeef;
1887}
1888
1889static int pkey_custom_param_check(EVP_PKEY *pkey)
1890{
1891 return 0xbeef;
1892}
1893
2aee35d3 1894static EVP_PKEY_METHOD *custom_pmeth;
41bbba53 1895#endif
2aee35d3
PY		 1896
1897static int test_EVP_PKEY_check(int i)
1898{
1899 int ret = 0;
2aee35d3
PY		 1900 EVP_PKEY *pkey = NULL;
1901 EVP_PKEY_CTX *ctx = NULL;
41bbba53 1902#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3 1903 EVP_PKEY_CTX *ctx2 = NULL;
41bbba53 1904#endif
2aee35d3
PY		 1905 const APK_DATA *ak = &keycheckdata[i];
1906 const unsigned char *input = ak->kder;
1907 size_t input_len = ak->size;
1908 int expected_id = ak->evptype;
1909 int expected_check = ak->check;
b0004708
PY		 1910 int expected_pub_check = ak->pub_check;
1911 int expected_param_check = ak->param_check;
1912 int type = ak->type;
b0004708 1913
5b5eea4b
SL		 1914 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
1915 goto done;
1916 if (type == 0
ed576acd 1917 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
5b5eea4b 1918 goto done;
2aee35d3 1919
062490db 1920 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2aee35d3
PY		 1921 goto done;
1922
b0004708
PY		 1923 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1924 goto done;
1925
1926 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1927 goto done;
1928
1929 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1930 goto done;
2aee35d3 1931
41bbba53 1932#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3
PY		 1933 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1934 /* assign the pkey directly, as an internal test */
1935 EVP_PKEY_up_ref(pkey);
1936 ctx2->pkey = pkey;
1937
1938 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1939 goto done;
1940
b0004708
PY		 1941 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1942 goto done;
1943
1944 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1945 goto done;
41bbba53 1946#endif
b0004708 1947
2aee35d3
PY		 1948 ret = 1;
1949
1950 done:
1951 EVP_PKEY_CTX_free(ctx);
41bbba53 1952#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3 1953 EVP_PKEY_CTX_free(ctx2);
41bbba53 1954#endif
2aee35d3
PY		 1955 EVP_PKEY_free(pkey);
1956 return ret;
1957}
1958
fab8fde3 1959#ifndef OPENSSL_NO_CMAC
e5bc0ce2
MC		 1960static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
1961{
1962 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
1963 const char msg[] = "Hello World";
1964 size_t maclen;
1965 int ret = 1;
1966
1967 if (!TEST_ptr(mdctx)
062490db
JS		 1968 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
1969 testpropq, pkey, NULL))
e5bc0ce2
MC		 1970 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
1971 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
1972 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
1973 ret = 0;
1974
1975 EVP_MD_CTX_free(mdctx);
1976
1977 return ret;
1978}
a87820e1
RL		 1979static int test_CMAC_keygen(void)
1980{
e5bc0ce2
MC		 1981 static unsigned char key[] = {
1982 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1983 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1984 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1985 };
062490db 1986 EVP_PKEY_CTX *kctx = NULL;
a87820e1 1987 int ret = 0;
e5bc0ce2 1988 EVP_PKEY *pkey = NULL;
a3d267f1
RS		 1989 unsigned char mac[AES_BLOCK_SIZE];
1990# if !defined(OPENSSL_NO_DEPRECATED_3_0)
1991 unsigned char mac2[AES_BLOCK_SIZE];
1992# endif
e5bc0ce2 1993
062490db
JS		 1994 if (nullprov != NULL)
1995 return TEST_skip("Test does not support a non-default library context");
1996
1997 /*
1998 * This is a legacy method for CMACs, but should still work.
1999 * This verifies that it works without an ENGINE.
2000 */
2001 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2002
e5bc0ce2
MC		 2003 /* Test a CMAC key created using the "generated" method */
2004 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2005 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2006 EVP_PKEY_CTRL_CIPHER,
2007 0, (void *)EVP_aes_256_ecb()), 0)
2008 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2009 EVP_PKEY_CTRL_SET_MAC_KEY,
2010 sizeof(key), (void *)key), 0)
2011 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2012 || !TEST_ptr(pkey)
2013 || !TEST_true(get_cmac_val(pkey, mac)))
2014 goto done;
a87820e1 2015
a3d267f1 2016# if !defined(OPENSSL_NO_DEPRECATED_3_0)
e5bc0ce2
MC		 2017 EVP_PKEY_free(pkey);
2018
2019 /*
2020 * Test a CMAC key using the direct method, and compare with the mac
2021 * created above.
2022 */
2023 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
2024 if (!TEST_ptr(pkey)
2025 || !TEST_true(get_cmac_val(pkey, mac2))
2026 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
a87820e1 2027 goto done;
a3d267f1 2028# endif
e5bc0ce2 2029
a87820e1
RL		 2030 ret = 1;
2031
2032 done:
e5bc0ce2 2033 EVP_PKEY_free(pkey);
a87820e1
RL		 2034 EVP_PKEY_CTX_free(kctx);
2035 return ret;
2036}
fab8fde3 2037#endif
a87820e1 2038
10d5b415
MC		 2039static int test_HKDF(void)
2040{
2041 EVP_PKEY_CTX *pctx;
2042 unsigned char out[20];
2043 size_t outlen;
2044 int i, ret = 0;
2045 unsigned char salt[] = "0123456789";
2046 unsigned char key[] = "012345678901234567890123456789";
2047 unsigned char info[] = "infostring";
2048 const unsigned char expected[] = {
2049 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2050 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2051 };
2052 size_t expectedlen = sizeof(expected);
2053
062490db 2054 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
10d5b415
MC		 2055 goto done;
2056
2057 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2058 for (i = 0; i < 2; i++) {
2059 outlen = sizeof(out);
2060 memset(out, 0, outlen);
2061
2062 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2063 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2064 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2065 sizeof(salt) - 1), 0)
2066 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2067 sizeof(key) - 1), 0)
2068 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2069 sizeof(info) - 1), 0)
2070 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2071 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2072 goto done;
2073 }
2074
2075 ret = 1;
2076
2077 done:
2078 EVP_PKEY_CTX_free(pctx);
2079
2080 return ret;
2081}
2082
2cd3ebc7
BK		 2083static int test_emptyikm_HKDF(void)
2084{
2085 EVP_PKEY_CTX *pctx;
2086 unsigned char out[20];
2087 size_t outlen;
2088 int ret = 0;
2089 unsigned char salt[] = "9876543210";
2090 unsigned char key[] = "";
2091 unsigned char info[] = "stringinfo";
2092 const unsigned char expected[] = {
2093 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2094 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2095 };
2096 size_t expectedlen = sizeof(expected);
2097
062490db 2098 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2cd3ebc7
BK		 2099 goto done;
2100
2101 outlen = sizeof(out);
2102 memset(out, 0, outlen);
2103
2104 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2105 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2106 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2107 sizeof(salt) - 1), 0)
2108 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2109 sizeof(key) - 1), 0)
2110 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2111 sizeof(info) - 1), 0)
2112 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2113 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2114 goto done;
2115
2116 ret = 1;
2117
2118 done:
2119 EVP_PKEY_CTX_free(pctx);
2120
2121 return ret;
2122}
2123
5dc40a83
BE		 2124#ifndef OPENSSL_NO_EC
2125static int test_X509_PUBKEY_inplace(void)
2126{
808c63c5 2127 int ret = 0;
62653483 2128 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
808c63c5
P		 2129 const unsigned char *p = kExampleECPubKeyDER;
2130 size_t input_len = sizeof(kExampleECPubKeyDER);
5dc40a83 2131
62653483
MC		 2132 if (!TEST_ptr(xp))
2133 goto done;
2134 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
808c63c5 2135 goto done;
5dc40a83 2136
808c63c5
P		 2137 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2138 goto done;
5dc40a83 2139
808c63c5
P		 2140 p = kExampleBadECPubKeyDER;
2141 input_len = sizeof(kExampleBadECPubKeyDER);
5dc40a83 2142
808c63c5
P		 2143 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2144 goto done;
5dc40a83 2145
808c63c5
P		 2146 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2147 goto done;
5dc40a83 2148
808c63c5 2149 ret = 1;
5dc40a83 2150
808c63c5
P		 2151 done:
2152 X509_PUBKEY_free(xp);
2153 return ret;
2154}
2155
2156static int test_X509_PUBKEY_dup(void)
2157{
2158 int ret = 0;
2159 X509_PUBKEY *xp = NULL, *xq = NULL;
2160 const unsigned char *p = kExampleECPubKeyDER;
2161 size_t input_len = sizeof(kExampleECPubKeyDER);
2162
62653483
MC		 2163 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2164 if (!TEST_ptr(xp)
2165 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
808c63c5
P		 2166 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2167 || !TEST_ptr_ne(xp, xq))
2168 goto done;
2169
2170 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2171 || !TEST_ptr(X509_PUBKEY_get0(xp))
2172 || !TEST_ptr_eq(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
2173 goto done;
2174
2175 X509_PUBKEY_free(xq);
2176 xq = NULL;
2177 p = kExampleBadECPubKeyDER;
2178 input_len = sizeof(kExampleBadECPubKeyDER);
2179
2180 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2181 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2182 goto done;
2183
2184 X509_PUBKEY_free(xp);
2185 xp = NULL;
2186 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2187 goto done;
2188
2189 ret = 1;
2190
2191 done:
2192 X509_PUBKEY_free(xp);
2193 X509_PUBKEY_free(xq);
2194 return ret;
5dc40a83 2195}
7bb82f92 2196#endif /* OPENSSL_NO_EC */
784883fc 2197
9c45222d 2198/* Test getting and setting parameters on an EVP_PKEY_CTX */
f54a4101 2199static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
9c45222d 2200{
9a071fef 2201 EVP_MD_CTX *mdctx = NULL;
9c45222d 2202 EVP_PKEY_CTX *ctx = NULL;
9c45222d 2203 const OSSL_PARAM *params;
00bc1ad9 2204 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
9c45222d
MC		 2205 int ret = 0;
2206 const EVP_MD *md;
00bc1ad9 2207 char mdname[OSSL_MAX_NAME_SIZE];
9a071fef 2208 char ssl3ms[48];
9c45222d 2209
9c45222d 2210 /* Initialise a sign operation */
062490db 2211 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
9c45222d 2212 if (!TEST_ptr(ctx)
c9c4a356 2213 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
9c45222d
MC		 2214 goto err;
2215
2216 /*
f54a4101 2217 * We should be able to query the parameters now.
9c45222d
MC		 2218 */
2219 params = EVP_PKEY_CTX_settable_params(ctx);
2220 if (!TEST_ptr(params)
0cb3f4f9
RL		 2221 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2222 OSSL_SIGNATURE_PARAM_DIGEST)))
9c45222d
MC		 2223 goto err;
2224
9c45222d
MC		 2225 params = EVP_PKEY_CTX_gettable_params(ctx);
2226 if (!TEST_ptr(params)
0cb3f4f9
RL		 2227 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2228 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
0cb3f4f9
RL		 2229 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2230 OSSL_SIGNATURE_PARAM_DIGEST)))
9c45222d
MC		 2231 goto err;
2232
2233 /*
2234 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2235 * EVP_PKEY_CTX_get_params()
2236 */
00bc1ad9
RL		 2237 strcpy(mdname, "SHA512");
2238 param_md = param;
2239 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2240 mdname, 0);
9c45222d
MC		 2241 *param++ = OSSL_PARAM_construct_end();
2242
2243 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2244 goto err;
2245
00bc1ad9
RL		 2246 mdname[0] = '\0';
2247 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2248 mdname, sizeof(mdname));
9c45222d 2249 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
00bc1ad9 2250 || !TEST_str_eq(mdname, "SHA512"))
9c45222d
MC		 2251 goto err;
2252
2253 /*
2254 * Test the TEST_PKEY_CTX_set_signature_md() and
2255 * TEST_PKEY_CTX_get_signature_md() functions
2256 */
2257 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2258 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2259 || !TEST_ptr_eq(md, EVP_sha256()))
2260 goto err;
2261
9a071fef
MC		 2262 /*
2263 * Test getting MD parameters via an associated EVP_PKEY_CTX
2264 */
2265 mdctx = EVP_MD_CTX_new();
2266 if (!TEST_ptr(mdctx)
062490db 2267 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
af6171b3 2268 pkey, NULL)))
9a071fef
MC		 2269 goto err;
2270
2271 /*
2272 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2273 * able to obtain the digest's settable parameters from the provider.
2274 */
2275 params = EVP_MD_CTX_settable_params(mdctx);
2276 if (!TEST_ptr(params)
2277 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2278 /* The final key should be NULL */
2279 || !TEST_ptr_null(params[1].key))
2280 goto err;
2281
2282 param = ourparams;
2283 memset(ssl3ms, 0, sizeof(ssl3ms));
2284 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2285 ssl3ms, sizeof(ssl3ms));
2286 *param++ = OSSL_PARAM_construct_end();
2287
2288 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2289 goto err;
2290
9c45222d
MC		 2291 ret = 1;
2292
2293 err:
9a071fef 2294 EVP_MD_CTX_free(mdctx);
9c45222d 2295 EVP_PKEY_CTX_free(ctx);
f54a4101
RL		 2296
2297 return ret;
2298}
2299
2300#ifndef OPENSSL_NO_DSA
2301static int test_DSA_get_set_params(void)
2302{
6ed4022c
RL		 2303 OSSL_PARAM_BLD *bld = NULL;
2304 OSSL_PARAM *params = NULL;
f54a4101 2305 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
6ed4022c 2306 EVP_PKEY_CTX *pctx = NULL;
f54a4101
RL		 2307 EVP_PKEY *pkey = NULL;
2308 int ret = 0;
2309
2310 /*
2311 * Setup the parameters for our DSA object. For our purposes they don't
2312 * have to actually be *valid* parameters. We just need to set something.
2313 */
6ed4022c
RL		 2314 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2315 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2316 || !TEST_ptr(p = BN_new())
2317 || !TEST_ptr(q = BN_new())
2318 || !TEST_ptr(g = BN_new())
2319 || !TEST_ptr(pub = BN_new())
2320 || !TEST_ptr(priv = BN_new()))
2321 goto err;
2322 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2323 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2324 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2325 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2326 pub))
2327 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2328 priv)))
2329 goto err;
2330 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
f54a4101 2331 goto err;
f54a4101 2332
2db985b7
SL		 2333 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2334 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2335 params), 0))
f54a4101
RL		 2336 goto err;
2337
6ed4022c
RL		 2338 if (!TEST_ptr(pkey))
2339 goto err;
f54a4101
RL		 2340
2341 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2342
2343 err:
9c45222d 2344 EVP_PKEY_free(pkey);
6ed4022c 2345 EVP_PKEY_CTX_free(pctx);
3f883c7c 2346 OSSL_PARAM_free(params);
6ed4022c 2347 OSSL_PARAM_BLD_free(bld);
9c45222d
MC		 2348 BN_free(p);
2349 BN_free(q);
2350 BN_free(g);
cd32a0f5
RL		 2351 BN_free(pub);
2352 BN_free(priv);
9c45222d
MC		 2353
2354 return ret;
2355}
2c04b341
JS		 2356
2357/*
8a9394c1 2358 * Test combinations of private, public, missing and private + public key
2c04b341
JS		 2359 * params to ensure they are all accepted
2360 */
2361static int test_DSA_priv_pub(void)
2362{
2363 return test_EVP_PKEY_ffc_priv_pub("DSA");
2364}
2365
2366#endif /* !OPENSSL_NO_DSA */
9c45222d 2367
f54a4101
RL		 2368static int test_RSA_get_set_params(void)
2369{
d7e498ac
RL		 2370 OSSL_PARAM_BLD *bld = NULL;
2371 OSSL_PARAM *params = NULL;
f54a4101 2372 BIGNUM *n = NULL, *e = NULL, *d = NULL;
d7e498ac 2373 EVP_PKEY_CTX *pctx = NULL;
f54a4101
RL		 2374 EVP_PKEY *pkey = NULL;
2375 int ret = 0;
2376
2377 /*
2378 * Setup the parameters for our RSA object. For our purposes they don't
2379 * have to actually be *valid* parameters. We just need to set something.
2380 */
d7e498ac
RL		 2381 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2382 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2383 || !TEST_ptr(n = BN_new())
2384 || !TEST_ptr(e = BN_new())
2385 || !TEST_ptr(d = BN_new()))
2386 goto err;
2387 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2388 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2389 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2390 goto err;
2391 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
f54a4101 2392 goto err;
f54a4101 2393
2db985b7
SL		 2394 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2395 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2396 params), 0))
f54a4101
RL		 2397 goto err;
2398
d7e498ac
RL		 2399 if (!TEST_ptr(pkey))
2400 goto err;
f54a4101
RL		 2401
2402 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2403
2404 err:
2405 EVP_PKEY_free(pkey);
d7e498ac 2406 EVP_PKEY_CTX_free(pctx);
3f883c7c 2407 OSSL_PARAM_free(params);
d7e498ac 2408 OSSL_PARAM_BLD_free(bld);
f54a4101
RL		 2409 BN_free(n);
2410 BN_free(e);
2411 BN_free(d);
2412
2413 return ret;
2414}
2415
b4be6937
MC		 2416#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2417static int test_decrypt_null_chunks(void)
2418{
2419 EVP_CIPHER_CTX* ctx = NULL;
062490db 2420 EVP_CIPHER *cipher = NULL;
b4be6937
MC		 2421 const unsigned char key[32] = {
2422 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2423 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2424 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2425 };
2426 unsigned char iv[12] = {
2427 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2428 };
2429 unsigned char msg[] = "It was the best of times, it was the worst of times";
2430 unsigned char ciphertext[80];
2431 unsigned char plaintext[80];
2432 /* We initialise tmp to a non zero value on purpose */
2433 int ctlen, ptlen, tmp = 99;
2434 int ret = 0;
2435 const int enc_offset = 10, dec_offset = 20;
2436
062490db
JS		 2437 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2438 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2439 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
b4be6937
MC		 2440 key, iv))
2441 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2442 enc_offset))
2443 /* Deliberate add a zero length update */
2444 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2445 0))
2446 || !TEST_int_eq(tmp, 0)
2447 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2448 msg + enc_offset,
2449 sizeof(msg) - enc_offset))
2450 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2451 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2452 || !TEST_int_eq(tmp, 0))
2453 goto err;
2454
2455 /* Deliberately initialise tmp to a non zero value */
2456 tmp = 99;
062490db 2457 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
b4be6937
MC		 2458 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2459 dec_offset))
2460 /*
2461 * Deliberately add a zero length update. We also deliberately do
2462 * this at a different offset than for encryption.
2463 */
2464 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2465 0))
2466 || !TEST_int_eq(tmp, 0)
2467 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2468 ciphertext + dec_offset,
2469 ctlen - dec_offset))
2470 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2471 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2472 || !TEST_int_eq(tmp, 0)
2473 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2474 goto err;
2475
2476 ret = 1;
2477 err:
2478 EVP_CIPHER_CTX_free(ctx);
062490db 2479 EVP_CIPHER_free(cipher);
b4be6937
MC		 2480 return ret;
2481}
2482#endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2483
2c04b341
JS		 2484#ifndef OPENSSL_NO_DH
2485/*
8a9394c1 2486 * Test combinations of private, public, missing and private + public key
2c04b341
JS		 2487 * params to ensure they are all accepted
2488 */
2489static int test_DH_priv_pub(void)
2490{
2491 return test_EVP_PKEY_ffc_priv_pub("DH");
2492}
2493
2494# ifndef OPENSSL_NO_DEPRECATED_3_0
e295de1d
MC		 2495static int test_EVP_PKEY_set1_DH(void)
2496{
ca2bf555
SL		 2497 DH *x942dh = NULL, *noqdh = NULL;
2498 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
e295de1d 2499 int ret = 0;
ca2bf555 2500 BIGNUM *p, *g = NULL;
0ec73843
TM		 2501 BIGNUM *pubkey = NULL;
2502 unsigned char pub[2048 / 8];
2503 size_t len = 0;
ca2bf555
SL		 2504
2505 if (!TEST_ptr(p = BN_new())
2506 || !TEST_ptr(g = BN_new())
0ec73843
TM		 2507 || !TEST_ptr(pubkey = BN_new())
2508 || !TEST_true(BN_set_word(p, 9999))
2509 || !TEST_true(BN_set_word(g, 2))
2510 || !TEST_true(BN_set_word(pubkey, 4321))
ca2bf555 2511 || !TEST_ptr(noqdh = DH_new())
0ec73843
TM		 2512 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
2513 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
2514 || !TEST_ptr(pubkey = BN_new())
2515 || !TEST_true(BN_set_word(pubkey, 4321)))
ca2bf555
SL		 2516 goto err;
2517 p = g = NULL;
e295de1d
MC		 2518
2519 x942dh = DH_get_2048_256();
e295de1d
MC		 2520 pkey1 = EVP_PKEY_new();
2521 pkey2 = EVP_PKEY_new();
2522 if (!TEST_ptr(x942dh)
ca2bf555 2523 || !TEST_ptr(noqdh)
e295de1d 2524 || !TEST_ptr(pkey1)
0ec73843
TM		 2525 || !TEST_ptr(pkey2)
2526 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
e295de1d 2527 goto err;
0ec73843 2528 pubkey = NULL;
e295de1d 2529
0ec73843 2530 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
ed576acd 2531 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
e295de1d
MC		 2532 goto err;
2533
0ec73843
TM		 2534 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
2535 &pubkey))
2536 || !TEST_ptr(pubkey))
2537 goto err;
2538
2539 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
ed576acd 2540 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
e295de1d
MC		 2541 goto err;
2542
0ec73843
TM		 2543 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
2544 OSSL_PKEY_PARAM_PUB_KEY,
2545 pub, sizeof(pub), &len))
2546 || !TEST_size_t_ne(len, 0))
2547 goto err;
2548
e295de1d
MC		 2549 ret = 1;
2550 err:
ca2bf555
SL		 2551 BN_free(p);
2552 BN_free(g);
0ec73843 2553 BN_free(pubkey);
e295de1d
MC		 2554 EVP_PKEY_free(pkey1);
2555 EVP_PKEY_free(pkey2);
2556 DH_free(x942dh);
ca2bf555 2557 DH_free(noqdh);
e295de1d
MC		 2558
2559 return ret;
2560}
2c04b341
JS		 2561# endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2562#endif /* !OPENSSL_NO_DH */
e295de1d 2563
8a5cb596
RL		 2564/*
2565 * We test what happens with an empty template. For the sake of this test,
2566 * the template must be ignored, and we know that's the case for RSA keys
2567 * (this might arguably be a misfeature, but that's what we currently do,
2568 * even in provider code, since that's how the legacy RSA implementation
2569 * does things)
2570 */
2571static int test_keygen_with_empty_template(int n)
2572{
2573 EVP_PKEY_CTX *ctx = NULL;
2574 EVP_PKEY *pkey = NULL;
2575 EVP_PKEY *tkey = NULL;
2576 int ret = 0;
2577
062490db
JS		 2578 if (nullprov != NULL)
2579 return TEST_skip("Test does not support a non-default library context");
2580
8a5cb596
RL		 2581 switch (n) {
2582 case 0:
2583 /* We do test with no template at all as well */
2584 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2585 goto err;
2586 break;
2587 case 1:
2588 /* Here we create an empty RSA key that serves as our template */
2589 if (!TEST_ptr(tkey = EVP_PKEY_new())
2590 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2591 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2592 goto err;
2593 break;
2594 }
2595
2596 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2597 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2598 goto err;
2599
2600 ret = 1;
2601 err:
2602 EVP_PKEY_CTX_free(ctx);
2603 EVP_PKEY_free(pkey);
2604 EVP_PKEY_free(tkey);
2605 return ret;
2606}
2607
5ddec6a7
MC		 2608/*
2609 * Test that we fail if we attempt to use an algorithm that is not available
08497fc6
RL		 2610 * in the current library context (unless we are using an algorithm that
2611 * should be made available via legacy codepaths).
2612 *
2613 * 0: RSA
2614 * 1: SM2
5ddec6a7
MC		 2615 */
2616static int test_pkey_ctx_fail_without_provider(int tst)
2617{
b4250010 2618 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
062490db 2619 OSSL_PROVIDER *tmpnullprov = NULL;
5ddec6a7 2620 EVP_PKEY_CTX *pctx = NULL;
08497fc6
RL		 2621 const char *keytype = NULL;
2622 int expect_null = 0;
5ddec6a7
MC		 2623 int ret = 0;
2624
2625 if (!TEST_ptr(tmpctx))
2626 goto err;
2627
062490db
JS		 2628 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
2629 if (!TEST_ptr(tmpnullprov))
5ddec6a7
MC		 2630 goto err;
2631
5ddec6a7 2632 /*
08497fc6
RL		 2633 * We check for certain algos in the null provider.
2634 * If an algo is expected to have a provider keymgmt, contructing an
2635 * EVP_PKEY_CTX is expected to fail (return NULL).
2636 * Otherwise, if it's expected to have legacy support, contructing an
2637 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
5ddec6a7 2638 */
08497fc6
RL		 2639 switch (tst) {
2640 case 0:
2641 keytype = "RSA";
2642 expect_null = 1;
2643 break;
2644 case 1:
2645 keytype = "SM2";
d0b79f86 2646 expect_null = 1;
08497fc6
RL		 2647#ifdef OPENSSL_NO_EC
2648 TEST_info("EC disable, skipping SM2 check...");
2649 goto end;
2650#endif
2651#ifdef OPENSSL_NO_SM2
2652 TEST_info("SM2 disable, skipping SM2 check...");
2653 goto end;
2654#endif
2655 break;
2656 default:
2657 TEST_error("No test for case %d", tst);
2658 goto err;
2659 }
2660
2661 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2662 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
5ddec6a7
MC		 2663 goto err;
2664
08497fc6
RL		 2665#if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2666 end:
2667#endif
5ddec6a7
MC		 2668 ret = 1;
2669
2670 err:
2671 EVP_PKEY_CTX_free(pctx);
062490db 2672 OSSL_PROVIDER_unload(tmpnullprov);
b4250010 2673 OSSL_LIB_CTX_free(tmpctx);
5ddec6a7
MC		 2674 return ret;
2675}
2676
1c19ff3c
P		 2677static int test_rand_agglomeration(void)
2678{
2679 EVP_RAND *rand;
2680 EVP_RAND_CTX *ctx;
2681 OSSL_PARAM params[3], *p = params;
2682 int res;
2683 unsigned int step = 7;
2684 static unsigned char seed[] = "It does not matter how slowly you go "
2685 "as long as you do not stop.";
2686 unsigned char out[sizeof(seed)];
2687
2688 if (!TEST_int_ne(sizeof(seed) % step, 0)
062490db 2689 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
1c19ff3c
P		 2690 return 0;
2691 ctx = EVP_RAND_CTX_new(rand, NULL);
2692 EVP_RAND_free(rand);
2693 if (!TEST_ptr(ctx))
2694 return 0;
2695
2696 memset(out, 0, sizeof(out));
2697 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2698 seed, sizeof(seed));
0d4460d2 2699 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
1c19ff3c 2700 *p = OSSL_PARAM_construct_end();
e494fac7 2701 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
1c19ff3c
P		 2702 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
2703 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
2704 EVP_RAND_CTX_free(ctx);
2705 return res;
2706}
2707
440b852a
BK		 2708/*
2709 * Test that we correctly return the original or "running" IV after
2710 * an encryption operation.
2711 * Run multiple times for some different relevant algorithms/modes.
2712 */
a4afa6c1 2713static int test_evp_iv_aes(int idx)
440b852a
BK		 2714{
2715 int ret = 0;
2716 EVP_CIPHER_CTX *ctx = NULL;
2717 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2718 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2719 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
2720 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2721 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2722 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2723 9, 10, 11, 12, 13, 14, 15, 16 };
2724 unsigned char ciphertext[32], oiv[16], iv[16];
2725 unsigned char *ref_iv;
2726 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2727 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2728
2729 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2730 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
4ec4b063
TM		 2731 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
2732 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
440b852a
BK		 2733 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2734 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2735 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2736#ifndef OPENSSL_NO_OCB
2737 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2738 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2739#endif
2740 int len = sizeof(ciphertext);
2741 size_t ivlen, ref_len;
2742 const EVP_CIPHER *type = NULL;
4ec4b063 2743 int iv_reset = 0;
440b852a 2744
4ec4b063 2745 if (nullprov != NULL && idx < 6)
062490db
JS		 2746 return TEST_skip("Test does not support a non-default library context");
2747
440b852a
BK		 2748 switch(idx) {
2749 case 0:
2750 type = EVP_aes_128_cbc();
2751 /* FALLTHROUGH */
4ec4b063 2752 case 6:
440b852a 2753 type = (type != NULL) ? type :
062490db 2754 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
440b852a
BK		 2755 ref_iv = cbc_state;
2756 ref_len = sizeof(cbc_state);
4ec4b063 2757 iv_reset = 1;
440b852a
BK		 2758 break;
2759 case 1:
2760 type = EVP_aes_128_ofb();
2761 /* FALLTHROUGH */
4ec4b063 2762 case 7:
440b852a 2763 type = (type != NULL) ? type :
062490db 2764 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
440b852a
BK		 2765 ref_iv = ofb_state;
2766 ref_len = sizeof(ofb_state);
4ec4b063 2767 iv_reset = 1;
440b852a
BK		 2768 break;
2769 case 2:
4ec4b063
TM		 2770 type = EVP_aes_128_cfb();
2771 /* FALLTHROUGH */
2772 case 8:
2773 type = (type != NULL) ? type :
2774 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
2775 ref_iv = cfb_state;
2776 ref_len = sizeof(cfb_state);
2777 iv_reset = 1;
2778 break;
2779 case 3:
440b852a
BK		 2780 type = EVP_aes_128_gcm();
2781 /* FALLTHROUGH */
4ec4b063 2782 case 9:
440b852a 2783 type = (type != NULL) ? type :
062490db 2784 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
440b852a
BK		 2785 ref_iv = gcm_state;
2786 ref_len = sizeof(gcm_state);
2787 break;
4ec4b063 2788 case 4:
440b852a
BK		 2789 type = EVP_aes_128_ccm();
2790 /* FALLTHROUGH */
4ec4b063 2791 case 10:
440b852a 2792 type = (type != NULL) ? type :
062490db 2793 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
440b852a
BK		 2794 ref_iv = ccm_state;
2795 ref_len = sizeof(ccm_state);
2796 break;
2797#ifdef OPENSSL_NO_OCB
4ec4b063
TM		 2798 case 5:
2799 case 11:
440b852a
BK		 2800 return 1;
2801#else
4ec4b063 2802 case 5:
440b852a
BK		 2803 type = EVP_aes_128_ocb();
2804 /* FALLTHROUGH */
4ec4b063 2805 case 11:
440b852a 2806 type = (type != NULL) ? type :
062490db 2807 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
440b852a
BK		 2808 ref_iv = ocb_state;
2809 ref_len = sizeof(ocb_state);
2810 break;
2811#endif
2812 default:
2813 return 0;
2814 }
2815
2816 if (!TEST_ptr(type)
2817 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2818 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2819 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2820 (int)sizeof(msg)))
0d83b7b9
TM		 2821 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2822 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
440b852a
BK		 2823 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2824 goto err;
ed576acd 2825 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
440b852a
BK		 2826 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2827 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2828 goto err;
2829
4ec4b063
TM		 2830 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
2831 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
2832 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
2833 goto err;
2834 if (iv_reset) {
2835 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
2836 goto err;
2837 } else {
2838 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
2839 goto err;
2840 }
2841
440b852a
BK		 2842 ret = 1;
2843err:
2844 EVP_CIPHER_CTX_free(ctx);
4ec4b063 2845 if (idx >= 6)
440b852a
BK		 2846 EVP_CIPHER_free((EVP_CIPHER *)type);
2847 return ret;
2848}
2849
a4afa6c1
TM		 2850#ifndef OPENSSL_NO_DES
2851static int test_evp_iv_des(int idx)
2852{
2853 int ret = 0;
2854 EVP_CIPHER_CTX *ctx = NULL;
2855 static const unsigned char key[24] = {
2856 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
2857 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
2858 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2859 };
2860 static const unsigned char init_iv[8] = {
2861 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2862 };
2863 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2864 9, 10, 11, 12, 13, 14, 15, 16 };
2865 unsigned char ciphertext[32], oiv[8], iv[8];
2866 unsigned const char *ref_iv;
2867 static const unsigned char cbc_state_des[8] = {
2868 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
2869 };
2870 static const unsigned char cbc_state_3des[8] = {
2871 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
2872 };
2873 static const unsigned char ofb_state_des[8] = {
2874 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
2875 };
2876 static const unsigned char ofb_state_3des[8] = {
2877 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
2878 };
2879 static const unsigned char cfb_state_des[8] = {
2880 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
2881 };
2882 static const unsigned char cfb_state_3des[8] = {
2883 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
2884 };
2885 int len = sizeof(ciphertext);
2886 size_t ivlen, ref_len;
2887 EVP_CIPHER *type = NULL;
2888
2889 if (lgcyprov == NULL && idx < 3)
2890 return TEST_skip("Test requires legacy provider to be loaded");
2891
2892 switch(idx) {
2893 case 0:
2894 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
2895 ref_iv = cbc_state_des;
2896 ref_len = sizeof(cbc_state_des);
2897 break;
2898 case 1:
2899 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
2900 ref_iv = ofb_state_des;
2901 ref_len = sizeof(ofb_state_des);
2902 break;
2903 case 2:
2904 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
2905 ref_iv = cfb_state_des;
2906 ref_len = sizeof(cfb_state_des);
2907 break;
2908 case 3:
2909 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
2910 ref_iv = cbc_state_3des;
2911 ref_len = sizeof(cbc_state_3des);
2912 break;
2913 case 4:
2914 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
2915 ref_iv = ofb_state_3des;
2916 ref_len = sizeof(ofb_state_3des);
2917 break;
2918 case 5:
2919 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
2920 ref_iv = cfb_state_3des;
2921 ref_len = sizeof(cfb_state_3des);
2922 break;
2923 default:
2924 return 0;
2925 }
2926
2927 if (!TEST_ptr(type)
2928 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2929 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2930 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2931 (int)sizeof(msg)))
2932 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2933 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
2934 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2935 goto err;
ed576acd 2936 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
a4afa6c1
TM		 2937 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2938 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2939 goto err;
2940
2941 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
2942 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
2943 goto err;
2944 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
2945 goto err;
2946
2947 ret = 1;
2948err:
2949 EVP_CIPHER_CTX_free(ctx);
2950 EVP_CIPHER_free(type);
2951 return ret;
2952}
2953#endif
2954
c0ff1932 2955#ifndef OPENSSL_NO_EC
da671c41
P		 2956static int ecpub_nids[] = {
2957 NID_brainpoolP256r1, NID_X9_62_prime256v1,
2958 NID_secp384r1, NID_secp521r1,
2959# ifndef OPENSSL_NO_EC2M
2960 NID_sect233k1, NID_sect233r1, NID_sect283r1,
c0ff1932 2961 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
da671c41
P		 2962# endif
2963 NID_brainpoolP384r1, NID_brainpoolP512r1
2964};
c0ff1932
BK		 2965
2966static int test_ecpub(int idx)
2967{
ad7cb0bf 2968 int ret = 0, len, savelen;
c0ff1932
BK		 2969 int nid;
2970 unsigned char buf[1024];
2971 unsigned char *p;
2972 EVP_PKEY *pkey = NULL;
2973 EVP_PKEY_CTX *ctx = NULL;
3d364726
BK		 2974# ifndef OPENSSL_NO_DEPRECATED_3_0
2975 const unsigned char *q;
2976 EVP_PKEY *pkey2 = NULL;
2977 EC_KEY *ec = NULL;
2978# endif
c0ff1932 2979
062490db
JS		 2980 if (nullprov != NULL)
2981 return TEST_skip("Test does not support a non-default library context");
2982
c0ff1932
BK		 2983 nid = ecpub_nids[idx];
2984
2985 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
2986 if (!TEST_ptr(ctx)
2987 || !TEST_true(EVP_PKEY_keygen_init(ctx))
2988 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid))
2989 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
2990 goto done;
2991 len = i2d_PublicKey(pkey, NULL);
ad7cb0bf 2992 savelen = len;
c0ff1932
BK		 2993 if (!TEST_int_ge(len, 1)
2994 || !TEST_int_lt(len, 1024))
2995 goto done;
2996 p = buf;
2997 len = i2d_PublicKey(pkey, &p);
ad7cb0bf
BK		 2998 if (!TEST_int_ge(len, 1)
2999 || !TEST_int_eq(len, savelen))
c0ff1932
BK		 3000 goto done;
3001
3d364726
BK		 3002# ifndef OPENSSL_NO_DEPRECATED_3_0
3003 /* Now try to decode the just-created DER. */
3004 q = buf;
3005 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
3006 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
3007 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
3008 goto done;
3009 /* EC_KEY ownership transferred */
3010 ec = NULL;
3011 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
3012 goto done;
3013 /* The keys should match. */
c85c5e1a 3014 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
3d364726
BK		 3015 goto done;
3016# endif
3017
c0ff1932
BK		 3018 ret = 1;
3019
3020 done:
3021 EVP_PKEY_CTX_free(ctx);
3022 EVP_PKEY_free(pkey);
3d364726
BK		 3023# ifndef OPENSSL_NO_DEPRECATED_3_0
3024 EVP_PKEY_free(pkey2);
3025 EC_KEY_free(ec);
3026# endif
c0ff1932
BK		 3027 return ret;
3028}
3029#endif
3030
e947a064
DB		 3031static int test_EVP_rsa_pss_with_keygen_bits(void)
3032{
062490db
JS		 3033 int ret = 0;
3034 EVP_PKEY_CTX *ctx = NULL;
3035 EVP_PKEY *pkey = NULL;
3036 EVP_MD *md;
e947a064 3037
062490db
JS		 3038 md = EVP_MD_fetch(testctx, "sha256", testpropq);
3039 ret = TEST_ptr(md)
3040 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", testpropq)))
e947a064
DB		 3041 && TEST_true(EVP_PKEY_keygen_init(ctx))
3042 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
3043 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
3044 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
3045
062490db 3046 EVP_MD_free(md);
e947a064
DB		 3047 EVP_PKEY_free(pkey);
3048 EVP_PKEY_CTX_free(ctx);
e947a064
DB		 3049 return ret;
3050}
3051
5eb73cfb
MC		 3052static int success = 1;
3053static void md_names(const char *name, void *vctx)
3054{
3055 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
3056 /* Force a namemap update */
3057 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
3058
3059 if (!TEST_ptr(aes128))
3060 success = 0;
3061
3062 EVP_CIPHER_free(aes128);
3063}
3064
3065/*
3066 * Test that changing the namemap in a user callback works in a names_do_all
3067 * function.
3068 */
3069static int test_names_do_all(void)
3070{
3071 /* We use a custom libctx so that we know the state of the namemap */
3072 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
3073 EVP_MD *sha256 = NULL;
3074 int testresult = 0;
3075
3076 if (!TEST_ptr(ctx))
3077 goto err;
3078
3079 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
3080 if (!TEST_ptr(sha256))
3081 goto err;
3082
3083 /*
3084 * We loop through all the names for a given digest. This should still work
3085 * even if the namemap changes part way through.
3086 */
3087 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
3088 goto err;
3089
3090 if (!TEST_true(success))
3091 goto err;
3092
3093 testresult = 1;
3094 err:
3095 EVP_MD_free(sha256);
3096 OSSL_LIB_CTX_free(ctx);
3097 return testresult;
3098}
e947a064 3099
063e0197
JC		 3100typedef struct {
3101 const char *cipher;
3102 const unsigned char *key;
3103 const unsigned char *iv;
3104 const unsigned char *input;
3105 const unsigned char *expected;
3106 const unsigned char *tag;
3107 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3108 size_t inlen;
3109 size_t expectedlen;
3110 size_t taglen;
3111 int keyfirst;
3112 int initenc;
3113 int finalenc;
3114} EVP_INIT_TEST_st;
3115
3116static const EVP_INIT_TEST_st evp_init_tests[] = {
3117 {
3118 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3119 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3120 0, 1, 0, 1
3121 },
3122 {
3123 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3124 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3125 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3126 sizeof(gcmDefaultTag), 1, 0, 1
3127 },
3128 {
3129 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3130 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3131 0, 0, 0, 1
3132 },
3133 {
3134 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3135 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3136 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3137 sizeof(gcmDefaultTag), 0, 0, 1
3138 },
3139 {
3140 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3141 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3142 0, 1, 1, 0
3143 },
3144 {
3145 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3146 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3147 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3148 sizeof(gcmDefaultTag), 1, 1, 0
3149 },
3150 {
3151 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3152 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3153 0, 0, 1, 0
3154 },
3155 {
3156 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3157 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3158 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3159 sizeof(gcmDefaultTag), 0, 1, 0
3160 }
3161};
3162
3163static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
3164{
3165 int res = 0;
3166
3167 if (t->ivlen != 0) {
3168 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL)))
3169 goto err;
3170 }
3171 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
3172 goto err;
3173 res = 1;
3174 err:
3175 return res;
3176}
3177
3178/*
3179 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3180 * arguments are given one at a time and a final adjustment to the enc
3181 * parameter sets the correct operation.
3182 */
3183static int test_evp_init_seq(int idx)
3184{
3185 int outlen1, outlen2;
3186 int testresult = 0;
3187 unsigned char outbuf[1024];
3188 unsigned char tag[16];
3189 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
3190 EVP_CIPHER_CTX *ctx = NULL;
3191 EVP_CIPHER *type = NULL;
3192 size_t taglen = sizeof(tag);
3193 char *errmsg = NULL;
3194
3195 ctx = EVP_CIPHER_CTX_new();
3196 if (ctx == NULL) {
3197 errmsg = "CTX_ALLOC";
3198 goto err;
3199 }
3200 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
3201 errmsg = "CIPHER_FETCH";
3202 goto err;
3203 }
3204 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
3205 errmsg = "EMPTY_ENC_INIT";
3206 goto err;
3207 }
3208 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3209 errmsg = "PADDING";
3210 goto err;
3211 }
3212 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3213 errmsg = "KEY_INIT (before iv)";
3214 goto err;
3215 }
3216 if (!evp_init_seq_set_iv(ctx, t)) {
3217 errmsg = "IV_INIT";
3218 goto err;
3219 }
3220 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3221 errmsg = "KEY_INIT (after iv)";
3222 goto err;
3223 }
3224 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
3225 errmsg = "FINAL_ENC_INIT";
3226 goto err;
3227 }
3228 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3229 errmsg = "CIPHER_UPDATE";
3230 goto err;
3231 }
3232 if (t->finalenc == 0 && t->tag != NULL) {
3233 /* Set expected tag */
3234 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
3235 t->taglen, (void *)t->tag))) {
3236 errmsg = "SET_TAG";
3237 goto err;
3238 }
3239 }
3240 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3241 errmsg = "CIPHER_FINAL";
3242 goto err;
3243 }
3244 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3245 errmsg = "WRONG_RESULT";
3246 goto err;
3247 }
3248 if (t->finalenc != 0 && t->tag != NULL) {
3249 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3250 errmsg = "GET_TAG";
3251 goto err;
3252 }
3253 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
3254 errmsg = "TAG_ERROR";
3255 goto err;
3256 }
3257 }
3258 testresult = 1;
3259 err:
3260 if (errmsg != NULL)
3261 TEST_info("evp_init_test %d: %s", idx, errmsg);
3262 EVP_CIPHER_CTX_free(ctx);
3263 EVP_CIPHER_free(type);
3264 return testresult;
3265}
3266
3267typedef struct {
3268 const unsigned char *input;
3269 const unsigned char *expected;
3270 size_t inlen;
3271 size_t expectedlen;
3272 int enc;
3273} EVP_RESET_TEST_st;
3274
3275static const EVP_RESET_TEST_st evp_reset_tests[] = {
3276 {
3277 cfbPlaintext, cfbCiphertext,
3278 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
3279 },
3280 {
3281 cfbCiphertext, cfbPlaintext,
3282 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
3283 }
3284};
3285
3286/*
3287 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3288 * been used.
3289 */
3290static int test_evp_reset(int idx)
3291{
3292 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
3293 int outlen1, outlen2;
3294 int testresult = 0;
3295 unsigned char outbuf[1024];
3296 EVP_CIPHER_CTX *ctx = NULL;
3297 EVP_CIPHER *type = NULL;
3298 char *errmsg = NULL;
3299
3300 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3301 errmsg = "CTX_ALLOC";
3302 goto err;
3303 }
3304 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
3305 errmsg = "CIPHER_FETCH";
3306 goto err;
3307 }
3308 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3309 errmsg = "CIPHER_INIT";
3310 goto err;
3311 }
3312 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3313 errmsg = "PADDING";
3314 goto err;
3315 }
3316 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3317 errmsg = "CIPHER_UPDATE";
3318 goto err;
3319 }
3320 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3321 errmsg = "CIPHER_FINAL";
3322 goto err;
3323 }
3324 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3325 errmsg = "WRONG_RESULT";
3326 goto err;
3327 }
3328 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
3329 errmsg = "CIPHER_REINIT";
3330 goto err;
3331 }
3332 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3333 errmsg = "CIPHER_UPDATE (reinit)";
3334 goto err;
3335 }
3336 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3337 errmsg = "CIPHER_FINAL (reinit)";
3338 goto err;
3339 }
3340 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3341 errmsg = "WRONG_RESULT (reinit)";
3342 goto err;
3343 }
3344 testresult = 1;
3345 err:
3346 if (errmsg != NULL)
3347 TEST_info("test_evp_reset %d: %s", idx, errmsg);
3348 EVP_CIPHER_CTX_free(ctx);
3349 EVP_CIPHER_free(type);
3350 return testresult;
3351}
3352
f17e5277
IF		 3353typedef struct {
3354 const char *cipher;
3355 int enc;
3356} EVP_UPDATED_IV_TEST_st;
3357
3358static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
3359 {
3360 "aes-128-cfb", 1
3361 },
3362 {
3363 "aes-128-cfb", 0
3364 },
3365 {
3366 "aes-128-cfb1", 1
3367 },
3368 {
3369 "aes-128-cfb1", 0
3370 },
3371 {
3372 "aes-128-cfb8", 1
3373 },
3374 {
3375 "aes-128-cfb8", 0
3376 },
3377 {
3378 "aes-128-ofb", 1
3379 },
3380 {
3381 "aes-128-ofb", 0
3382 },
3383 {
3384 "aes-128-ctr", 1
3385 },
3386 {
3387 "aes-128-ctr", 0
3388 },
3389 {
3390 "aes-128-cbc", 1
3391 },
3392 {
3393 "aes-128-cbc", 0
3394 }
3395};
3396
3397/*
3398 * Test that the IV in the context is updated during a crypto operation for CFB
3399 * and OFB.
3400 */
3401static int test_evp_updated_iv(int idx)
3402{
3403 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
3404 int outlen1, outlen2;
3405 int testresult = 0;
3406 unsigned char outbuf[1024];
3407 EVP_CIPHER_CTX *ctx = NULL;
3408 EVP_CIPHER *type = NULL;
3409 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
3410 int iv_len;
3411 char *errmsg = NULL;
3412
3413 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3414 errmsg = "CTX_ALLOC";
3415 goto err;
3416 }
3417 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
3418 TEST_info("cipher %s not supported, skipping", t->cipher);
3419 goto ok;
3420 }
3421
3422 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3423 errmsg = "CIPHER_INIT";
3424 goto err;
3425 }
3426 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3427 errmsg = "PADDING";
3428 goto err;
3429 }
3430 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
3431 errmsg = "CIPHER_UPDATE";
3432 goto err;
3433 }
3434 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
3435 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
3436 goto err;
3437 }
3438 if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) {
3439 errmsg = "CIPHER_CTX_GET_IV_LEN";
3440 goto err;
3441 }
3442 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
3443 errmsg = "IV_NOT_UPDATED";
3444 goto err;
3445 }
3446 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3447 errmsg = "CIPHER_FINAL";
3448 goto err;
3449 }
3450 ok:
3451 testresult = 1;
3452 err:
3453 if (errmsg != NULL)
3454 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
3455 EVP_CIPHER_CTX_free(ctx);
3456 EVP_CIPHER_free(type);
3457 return testresult;
3458}
3459
063e0197
JC		 3460typedef struct {
3461 const unsigned char *iv1;
3462 const unsigned char *iv2;
3463 const unsigned char *expected1;
3464 const unsigned char *expected2;
3465 const unsigned char *tag1;
3466 const unsigned char *tag2;
3467 size_t ivlen1;
3468 size_t ivlen2;
3469 size_t expectedlen1;
3470 size_t expectedlen2;
3471} TEST_GCM_IV_REINIT_st;
3472
3473static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
3474 {
3475 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
3476 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
3477 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
3478 },
3479 {
3480 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
3481 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
3482 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
3483 }
3484};
3485
3486static int test_gcm_reinit(int idx)
3487{
3488 int outlen1, outlen2, outlen3;
3489 int testresult = 0;
3490 unsigned char outbuf[1024];
3491 unsigned char tag[16];
3492 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
3493 EVP_CIPHER_CTX *ctx = NULL;
3494 EVP_CIPHER *type = NULL;
3495 size_t taglen = sizeof(tag);
3496 char *errmsg = NULL;
3497
3498 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3499 errmsg = "CTX_ALLOC";
3500 goto err;
3501 }
3502 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
3503 errmsg = "CIPHER_FETCH";
3504 goto err;
3505 }
3506 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
3507 errmsg = "ENC_INIT";
3508 goto err;
3509 }
3510 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL))) {
3511 errmsg = "SET_IVLEN1";
3512 goto err;
3513 }
3514 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
3515 errmsg = "SET_IV1";
3516 goto err;
3517 }
3518 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3519 errmsg = "AAD1";
3520 goto err;
3521 }
3522 EVP_CIPHER_CTX_set_padding(ctx, 0);
3523 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3524 sizeof(gcmResetPlaintext)))) {
3525 errmsg = "CIPHER_UPDATE1";
3526 goto err;
3527 }
3528 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3529 errmsg = "CIPHER_FINAL1";
3530 goto err;
3531 }
3532 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
3533 errmsg = "WRONG_RESULT1";
3534 goto err;
3535 }
3536 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3537 errmsg = "GET_TAG1";
3538 goto err;
3539 }
3540 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
3541 errmsg = "TAG_ERROR1";
3542 goto err;
3543 }
3544 /* Now reinit */
3545 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL))) {
3546 errmsg = "SET_IVLEN2";
3547 goto err;
3548 }
3549 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
3550 errmsg = "SET_IV2";
3551 goto err;
3552 }
3553 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3554 errmsg = "AAD2";
3555 goto err;
3556 }
3557 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3558 sizeof(gcmResetPlaintext)))) {
3559 errmsg = "CIPHER_UPDATE2";
3560 goto err;
3561 }
3562 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3563 errmsg = "CIPHER_FINAL2";
3564 goto err;
3565 }
3566 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
3567 errmsg = "WRONG_RESULT2";
3568 goto err;
3569 }
3570 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3571 errmsg = "GET_TAG2";
3572 goto err;
3573 }
3574 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
3575 errmsg = "TAG_ERROR2";
3576 goto err;
3577 }
3578 testresult = 1;
3579 err:
3580 if (errmsg != NULL)
3581 TEST_info("evp_init_test %d: %s", idx, errmsg);
3582 EVP_CIPHER_CTX_free(ctx);
3583 EVP_CIPHER_free(type);
3584 return testresult;
3585}
3586
a983764e
MC		 3587#ifndef OPENSSL_NO_DEPRECATED_3_0
3588static EVP_PKEY_METHOD *custom_pmeth = NULL;
3589static const EVP_PKEY_METHOD *orig_pmeth = NULL;
3590
3591# define EVP_PKEY_CTRL_MY_COMMAND 9999
3592
3593static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
3594{
3595 int (*pinit)(EVP_PKEY_CTX *ctx);
3596
3597 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
3598 return pinit(ctx);
3599}
3600
3601static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
3602{
3603 void (*pcleanup)(EVP_PKEY_CTX *ctx);
3604
3605 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
3606 pcleanup(ctx);
3607}
3608
3609static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
3610 size_t *outlen, const unsigned char *in,
3611 size_t inlen)
3612{
3613 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
3614 const unsigned char *tbs, size_t tbslen);
3615
3616 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
3617 return psign(ctx, out, outlen, in, inlen);
3618}
3619
3620static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
3621 size_t *siglen, const unsigned char *tbs,
3622 size_t tbslen)
3623{
3624 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
3625 const unsigned char *tbs, size_t tbslen);
3626
c6fcd88f 3627 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
a983764e
MC		 3628 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
3629}
3630
3631static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
3632 size_t *keylen)
3633{
3634 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
3635
3636 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
3637 return pderive(ctx, key, keylen);
3638}
3639
3640static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
3641{
3642 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
3643
3644 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
3645 return pcopy(dst, src);
3646}
3647
3648static int ctrl_called;
3649
3650static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
3651{
3652 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
3653
3654 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
3655
3656 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
3657 ctrl_called = 1;
3658 return 1;
3659 }
3660
3661 return pctrl(ctx, type, p1, p2);
3662}
3663
3664static int test_custom_pmeth(int idx)
3665{
3666 EVP_PKEY_CTX *pctx = NULL;
3667 EVP_MD_CTX *ctx = NULL;
3668 EVP_PKEY *pkey = NULL;
3669 int id, orig_id, orig_flags;
3670 int testresult = 0;
3671 size_t reslen;
3672 unsigned char *res = NULL;
3673 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
3674 const EVP_MD *md = EVP_sha256();
3675 int doderive = 0;
3676
3677 ctrl_called = 0;
3678
3679 /* We call deprecated APIs so this test doesn't support a custom libctx */
3680 if (testctx != NULL)
3681 return 1;
3682
3683 switch(idx) {
3684 case 0:
3685 case 6:
3686 id = EVP_PKEY_RSA;
3687 pkey = load_example_rsa_key();
3688 break;
3689 case 1:
3690 case 7:
3691# ifndef OPENSSL_NO_DSA
3692 id = EVP_PKEY_DSA;
3693 pkey = load_example_dsa_key();
3694 break;
3695# else
3696 return 1;
3697# endif
3698 case 2:
3699 case 8:
3700# ifndef OPENSSL_NO_EC
3701 id = EVP_PKEY_EC;
3702 pkey = load_example_ec_key();
3703 break;
3704# else
3705 return 1;
3706# endif
3707 case 3:
3708 case 9:
3709# ifndef OPENSSL_NO_EC
3710 id = EVP_PKEY_ED25519;
3711 md = NULL;
3712 pkey = load_example_ed25519_key();
3713 break;
3714# else
3715 return 1;
3716# endif
3717 case 4:
3718 case 10:
3719# ifndef OPENSSL_NO_DH
3720 id = EVP_PKEY_DH;
3721 doderive = 1;
3722 pkey = load_example_dh_key();
3723 break;
3724# else
3725 return 1;
3726# endif
3727 case 5:
3728 case 11:
3729# ifndef OPENSSL_NO_EC
3730 id = EVP_PKEY_X25519;
3731 doderive = 1;
3732 pkey = load_example_x25519_key();
3733 break;
3734# else
3735 return 1;
3736# endif
3737 default:
3738 TEST_error("Should not happen");
3739 goto err;
3740 }
3741
3742 if (!TEST_ptr(pkey))
3743 goto err;
3744
3745 if (idx < 6) {
3746 if (!TEST_true(evp_pkey_is_provided(pkey)))
3747 goto err;
3748 } else {
3749 EVP_PKEY *tmp = pkey;
3750
3751 /* Convert to a legacy key */
3752 pkey = EVP_PKEY_new();
3753 if (!TEST_ptr(pkey)) {
3754 pkey = tmp;
3755 goto err;
3756 }
3757 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
3758 EVP_PKEY_free(tmp);
3759 goto err;
3760 }
3761 EVP_PKEY_free(tmp);
3762 if (!TEST_true(evp_pkey_is_legacy(pkey)))
3763 goto err;
3764 }
3765
3766 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
3767 || !TEST_ptr(pkey))
3768 goto err;
3769
3770 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
3771 if (!TEST_int_eq(orig_id, id)
3772 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
3773 goto err;
3774
3775 if (id == EVP_PKEY_ED25519) {
3776 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
3777 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
3778 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
3779 } else {
3780 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
3781 }
3782 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
3783 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
3784 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
3785 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
3786 }
3787 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
3788 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
3789 goto err;
3790
3791 if (doderive) {
3792 pctx = EVP_PKEY_CTX_new(pkey, NULL);
3793 if (!TEST_ptr(pctx)
3794 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
3795 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
3796 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
3797 1)
3798 || !TEST_int_eq(ctrl_called, 1)
3799 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
3800 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
3801 || !TEST_ptr(res = OPENSSL_malloc(reslen))
3802 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
3803 goto err;
3804 } else {
3805 ctx = EVP_MD_CTX_new();
3806 reslen = EVP_PKEY_size(pkey);
3807 res = OPENSSL_malloc(reslen);
3808 if (!TEST_ptr(ctx)
3809 || !TEST_ptr(res)
3810 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
3811 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
3812 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
3813 1)
3814 || !TEST_int_eq(ctrl_called, 1))
3815 goto err;
3816
3817 if (id == EVP_PKEY_ED25519) {
3818 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
3819 goto err;
3820 } else {
3821 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
3822 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
3823 goto err;
3824 }
3825 }
3826
3827 testresult = 1;
3828 err:
3829 OPENSSL_free(res);
3830 EVP_MD_CTX_free(ctx);
3831 if (doderive)
3832 EVP_PKEY_CTX_free(pctx);
3833 EVP_PKEY_free(pkey);
3834 EVP_PKEY_meth_remove(custom_pmeth);
3835 EVP_PKEY_meth_free(custom_pmeth);
3836 custom_pmeth = NULL;
3837 return testresult;
3838}
03c2f21b
MC		 3839
3840static int test_evp_md_cipher_meth(void)
3841{
3842 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
3843 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
3844 int testresult = 0;
3845
3846 if (!TEST_ptr(md) || !TEST_ptr(ciph))
3847 goto err;
3848
3849 testresult = 1;
3850
3851 err:
3852 EVP_MD_meth_free(md);
3853 EVP_CIPHER_meth_free(ciph);
3854
3855 return testresult;
3856}
3857#endif /* OPENSSL_NO_DEPRECATED_3_0 */
063e0197 3858
062490db
JS		 3859typedef enum OPTION_choice {
3860 OPT_ERR = -1,
3861 OPT_EOF = 0,
3862 OPT_CONTEXT,
3863 OPT_TEST_ENUM
3864} OPTION_CHOICE;
3865
3866const OPTIONS *test_get_options(void)
71ea6b48 3867{
062490db
JS		 3868 static const OPTIONS options[] = {
3869 OPT_TEST_OPTIONS_DEFAULT_USAGE,
3870 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
3871 { NULL }
3872 };
3873 return options;
3874}
86dc26ba 3875
062490db
JS		 3876int setup_tests(void)
3877{
3878 OPTION_CHOICE o;
3879
3880 while ((o = opt_next()) != OPT_EOF) {
3881 switch (o) {
3882 case OPT_CONTEXT:
3883 /* Set up an alternate library context */
3884 testctx = OSSL_LIB_CTX_new();
3885 if (!TEST_ptr(testctx))
3886 return 0;
3887 /* Swap the libctx to test non-default context only */
3888 nullprov = OSSL_PROVIDER_load(NULL, "null");
3889 deflprov = OSSL_PROVIDER_load(testctx, "default");
3890 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
3891 break;
3892 case OPT_TEST_CASES:
3893 break;
3894 default:
3895 return 0;
3896 }
3897 }
86dc26ba 3898
f9e504e8 3899 ADD_TEST(test_EVP_set_default_properties);
6d242fa5 3900 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
adcd8e37 3901 ADD_TEST(test_EVP_DigestVerifyInit);
8d8dd09b 3902 ADD_TEST(test_EVP_Digest);
4547a719 3903 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
ad887416 3904 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
29c49b25 3905 ADD_TEST(test_privatekey_to_pkcs8);
8be513ae 3906 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
a9880362 3907#ifndef OPENSSL_NO_EC
adcd8e37 3908 ADD_TEST(test_EVP_PKCS82PKEY);
ddb634fe 3909#endif
f0c62c53
RL		 3910#ifndef OPENSSL_NO_EC
3911 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
3912#endif
f844f9eb 3913#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
ddb634fe 3914 ADD_TEST(test_EVP_SM2);
a6c4cb84 3915 ADD_TEST(test_EVP_SM2_verify);
a9880362 3916#endif
bb5f281a 3917 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
41bbba53 3918#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3
PY		 3919 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
3920 if (!TEST_ptr(custom_pmeth))
3921 return 0;
3922 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
b0004708
PY		 3923 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
3924 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
2aee35d3
PY		 3925 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
3926 return 0;
41bbba53 3927#endif
2aee35d3 3928 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
fab8fde3 3929#ifndef OPENSSL_NO_CMAC
a87820e1 3930 ADD_TEST(test_CMAC_keygen);
fab8fde3 3931#endif
10d5b415 3932 ADD_TEST(test_HKDF);
2cd3ebc7 3933 ADD_TEST(test_emptyikm_HKDF);
5dc40a83
BE		 3934#ifndef OPENSSL_NO_EC
3935 ADD_TEST(test_X509_PUBKEY_inplace);
808c63c5 3936 ADD_TEST(test_X509_PUBKEY_dup);
cad8347b
SL		 3937 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
3938 OSSL_NELEM(ec_der_pub_keys));
5dc40a83 3939#endif
8d0f8c81 3940#ifndef OPENSSL_NO_DSA
f54a4101 3941 ADD_TEST(test_DSA_get_set_params);
2c04b341 3942 ADD_TEST(test_DSA_priv_pub);
b4be6937 3943#endif
f54a4101 3944 ADD_TEST(test_RSA_get_set_params);
b4be6937
MC		 3945#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
3946 ADD_TEST(test_decrypt_null_chunks);
8d0f8c81 3947#endif
2c04b341
JS		 3948#ifndef OPENSSL_NO_DH
3949 ADD_TEST(test_DH_priv_pub);
3950# ifndef OPENSSL_NO_DEPRECATED_3_0
e295de1d 3951 ADD_TEST(test_EVP_PKEY_set1_DH);
2c04b341 3952# endif
b8a1272d
MC		 3953#endif
3954#ifndef OPENSSL_NO_EC
3955 ADD_TEST(test_EC_priv_pub);
3956# ifndef OPENSSL_NO_DEPRECATED_3_0
3957 ADD_TEST(test_EC_priv_only_legacy);
3958# endif
501fcfb8 3959#endif
8a5cb596 3960 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
5ddec6a7 3961 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
e295de1d 3962
1c19ff3c 3963 ADD_TEST(test_rand_agglomeration);
a4afa6c1
TM		 3964 ADD_ALL_TESTS(test_evp_iv_aes, 12);
3965#ifndef OPENSSL_NO_DES
3966 ADD_ALL_TESTS(test_evp_iv_des, 6);
3967#endif
e947a064 3968 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
c0ff1932
BK		 3969#ifndef OPENSSL_NO_EC
3970 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
3971#endif
1c19ff3c 3972
5eb73cfb
MC		 3973 ADD_TEST(test_names_do_all);
3974
063e0197
JC		 3975 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
3976 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
3977 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
f17e5277 3978 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
063e0197 3979
a983764e
MC		 3980#ifndef OPENSSL_NO_DEPRECATED_3_0
3981 ADD_ALL_TESTS(test_custom_pmeth, 12);
03c2f21b 3982 ADD_TEST(test_evp_md_cipher_meth);
a983764e
MC		 3983#endif
3984
ad887416 3985 return 1;
71ea6b48 3986}
86dc26ba
MC		 3987
3988void cleanup_tests(void)
3989{
062490db
JS		 3990 OSSL_PROVIDER_unload(nullprov);
3991 OSSL_PROVIDER_unload(deflprov);
3992 OSSL_PROVIDER_unload(lgcyprov);
b4250010 3993 OSSL_LIB_CTX_free(testctx);
86dc26ba 3994}
A mirror of the official openssl repository