]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/evp_extra_test.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Remove RSA bignum_data that is not used anywhere
[thirdparty/openssl.git] / test / evp_extra_test.c
CommitLineData
440e5d80 1/*
4333b89f 2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
71ea6b48 3 *
909f1a2e 4 * Licensed under the Apache License 2.0 (the "License"). You may not use
440e5d80
RS		 5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
71ea6b48
MC		 8 */
9
41bbba53
P		 10/* We need to use some deprecated APIs */
11#define OPENSSL_SUPPRESS_DEPRECATED
12
71ea6b48
MC		 13#include <stdio.h>
14#include <stdlib.h>
bb5f281a 15#include <string.h>
71ea6b48 16#include <openssl/bio.h>
7bb82f92 17#include <openssl/conf.h>
71ea6b48
MC		 18#include <openssl/crypto.h>
19#include <openssl/err.h>
20#include <openssl/evp.h>
71ea6b48 21#include <openssl/x509.h>
4803717f 22#include <openssl/pem.h>
10d5b415 23#include <openssl/kdf.h>
847d0f81 24#include <openssl/provider.h>
9c45222d 25#include <openssl/core_names.h>
f54a4101 26#include <openssl/params.h>
d7e498ac 27#include <openssl/param_build.h>
9c45222d 28#include <openssl/dsa.h>
e295de1d 29#include <openssl/dh.h>
e5bc0ce2 30#include <openssl/aes.h>
d7e498ac 31#include <openssl/decoder.h>
e947a064 32#include <openssl/rsa.h>
adcd8e37 33#include "testutil.h"
176db6dc 34#include "internal/nelem.h"
00bc1ad9 35#include "internal/sizes.h"
25f2138b 36#include "crypto/evp.h"
f0c62c53 37#include "../e_os.h" /* strcasecmp */
71ea6b48 38
b4250010 39static OSSL_LIB_CTX *testctx = NULL;
062490db
JS		 40static char *testpropq = NULL;
41
42static OSSL_PROVIDER *nullprov = NULL;
43static OSSL_PROVIDER *deflprov = NULL;
44static OSSL_PROVIDER *lgcyprov = NULL;
86dc26ba 45
71ea6b48
MC		 46/*
47 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
48 * should never use this key anywhere but in an example.
49 */
50static const unsigned char kExampleRSAKeyDER[] = {
51 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
52 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
53 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
54 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
55 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
56 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
57 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
58 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
59 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
60 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
61 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
62 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
63 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
64 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
65 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
66 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
67 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
68 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
69 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
70 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
71 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
72 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
73 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
74 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
75 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
76 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
77 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
78 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
79 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
80 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
81 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
82 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
83 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
84 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
85 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
86 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
87 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
88 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
89 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
90 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
91 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
92 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
93 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
94 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
95 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
96 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
97 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
98 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
99 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
100 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
101 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
102};
103
59d0e6c8
MC		 104/*
105* kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
106 * should never use this key anywhere but in an example.
107 */
f650ab47 108#ifndef OPENSSL_NO_DSA
59d0e6c8
MC		 109static const unsigned char kExampleDSAKeyDER[] = {
110 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
111 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
112 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
113 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
114 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
115 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
116 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
117 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
118 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
119 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
120 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
121 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
122 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
123 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
124 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
125 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
126 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
127 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
128 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
129 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
130 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
131 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
132 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
133 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
134 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
135 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
136 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
137 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
138 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
139 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
140 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
141 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
142 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
143 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
144 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
145 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
146 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
147 0x40, 0x48
148};
f650ab47 149#endif
59d0e6c8 150
2aee35d3
PY		 151/*
152 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
153 * components are not correct.
154 */
155static const unsigned char kExampleBadRSAKeyDER[] = {
156 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
157 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
158 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
159 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
160 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
161 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
162 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
163 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
164 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
165 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
166 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
167 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
168 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
169 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
170 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
171 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
172 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
173 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
174 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
175 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
176 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
177 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
178 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
179 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
180 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
181 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
182 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
183 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
184 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
185 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
186 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
187 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
188 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
189 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
190 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
191 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
192 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
193 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
194 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
195 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
196 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
197 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
198 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
199 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
200 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
201 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
202 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
203 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
204 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
205 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
206 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
207 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
208 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
209 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
210 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
211 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
212 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
213 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
214 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
215 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
216 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
217 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
218 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
219 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
220 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
221 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
222 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
223 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
224 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
225 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
226 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
227 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
228 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
229 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
230 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
231 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
232 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
233 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
234 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
235 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
236 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
237 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
238 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
239 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
240 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
241 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
242 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
243 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
244 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
245};
246
71ea6b48
MC		 247static const unsigned char kMsg[] = { 1, 2, 3, 4 };
248
249static const unsigned char kSignature[] = {
250 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
251 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
252 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
253 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
254 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
255 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
256 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
257 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
258 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
259 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
260 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
261};
262
263/*
264 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
265 * PrivateKeyInfo.
266 */
267static const unsigned char kExampleRSAKeyPKCS8[] = {
268 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
269 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
270 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
271 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
272 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
273 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
274 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
275 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
276 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
277 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
278 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
279 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
280 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
281 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
282 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
283 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
284 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
285 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
286 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
287 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
288 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
289 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
290 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
291 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
292 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
293 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
294 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
295 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
296 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
297 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
298 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
299 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
300 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
301 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
302 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
303 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
304 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
305 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
306 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
307 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
308 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
309 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
310 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
311 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
312 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
313 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
314 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
315 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
316 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
317 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
318 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
319 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
320 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
321};
322
a9880362 323#ifndef OPENSSL_NO_EC
71ea6b48
MC		 324/*
325 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
326 * structure.
327 */
328static const unsigned char kExampleECKeyDER[] = {
329 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
330 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
331 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
332 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
333 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
334 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
335 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
336 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
337 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
338 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
339 0xc1,
340};
341
342/*
343 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
344 * structure. The private key is equal to the order and will fail to import
345 */
346static const unsigned char kExampleBadECKeyDER[] = {
347 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
348 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
349 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
350 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
351 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
352 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
353 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
354 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
355 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
356};
b0004708
PY		 357
358/* prime256v1 */
359static const unsigned char kExampleECPubKeyDER[] = {
360 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
361 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
362 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
363 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
364 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
365 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
366 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
367 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
368};
369
5dc40a83 370/*
87762939 371 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
5dc40a83
BE		 372 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
373 */
374static const unsigned char kExampleBadECPubKeyDER[] = {
375 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
376 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
377 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
378 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
379 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
380 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
381 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
382 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
383};
384
b0004708
PY		 385static const unsigned char pExampleECParamDER[] = {
386 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
387};
2cf8bb46
MC		 388
389static const unsigned char kExampleED25519KeyDER[] = {
390 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
391 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
392 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
393 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
394};
395
396static const unsigned char kExampleED25519PubKeyDER[] = {
397 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
398 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
399 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
400 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
401};
402
a9880362 403#endif
71ea6b48 404
adcd8e37
RS		 405typedef struct APK_DATA_st {
406 const unsigned char *kder;
407 size_t size;
5b5eea4b 408 const char *keytype;
adcd8e37 409 int evptype;
2aee35d3 410 int check;
b0004708
PY		 411 int pub_check;
412 int param_check;
413 int type; /* 0 for private, 1 for public, 2 for params */
adcd8e37
RS		 414} APK_DATA;
415
416static APK_DATA keydata[] = {
5b5eea4b
SL		 417 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
418 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
aa24cd1b 419#ifndef OPENSSL_NO_EC
5b5eea4b 420 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
aa24cd1b 421#endif
adcd8e37
RS		 422};
423
2aee35d3 424static APK_DATA keycheckdata[] = {
2cf8bb46
MC		 425 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
426 0},
5b5eea4b 427 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
e6774a72 428 0, 1, 1, 0},
2aee35d3 429#ifndef OPENSSL_NO_EC
5b5eea4b 430 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
b0004708 431 /* group is also associated in our pub key */
2cf8bb46
MC		 432 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
433 1, 1},
434 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
435 2},
436 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
437 EVP_PKEY_ED25519, 1, 1, 1, 0},
438 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
439 EVP_PKEY_ED25519, 0, 1, 1, 1},
2aee35d3
PY		 440#endif
441};
442
d7e498ac
RL		 443static EVP_PKEY *load_example_key(const char *keytype,
444 const unsigned char *data, size_t data_len)
71ea6b48 445{
d7e498ac 446 const unsigned char **pdata = &data;
71ea6b48 447 EVP_PKEY *pkey = NULL;
d7e498ac 448 OSSL_DECODER_CTX *dctx =
fe75766c 449 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
062490db 450 testctx, testpropq);
71ea6b48 451
d7e498ac
RL		 452 /* |pkey| will be NULL on error */
453 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
454 OSSL_DECODER_CTX_free(dctx);
455 return pkey;
456}
71ea6b48 457
d7e498ac
RL		 458static EVP_PKEY *load_example_rsa_key(void)
459{
460 return load_example_key("RSA", kExampleRSAKeyDER,
461 sizeof(kExampleRSAKeyDER));
71ea6b48
MC		 462}
463
f650ab47 464#ifndef OPENSSL_NO_DSA
59d0e6c8
MC		 465static EVP_PKEY *load_example_dsa_key(void)
466{
6ed4022c
RL		 467 return load_example_key("DSA", kExampleDSAKeyDER,
468 sizeof(kExampleDSAKeyDER));
59d0e6c8 469}
f650ab47 470#endif
59d0e6c8 471
6d242fa5
MC		 472static EVP_PKEY *load_example_hmac_key(void)
473{
474 EVP_PKEY *pkey = NULL;
475 unsigned char key[] = {
476 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
477 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
478 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
479 };
480
481 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, key, sizeof(key));
482 if (!TEST_ptr(pkey))
483 return NULL;
484
485 return pkey;
486}
487
f9e504e8
P		 488static int test_EVP_set_default_properties(void)
489{
b4250010 490 OSSL_LIB_CTX *ctx;
f9e504e8
P		 491 EVP_MD *md = NULL;
492 int res = 0;
493
b4250010 494 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
f9e504e8
P		 495 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
496 goto err;
497 EVP_MD_free(md);
498 md = NULL;
499
500 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
501 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
502 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
503 goto err;
504 EVP_MD_free(md);
505 md = NULL;
506
507 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
508 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
509 goto err;
510 res = 1;
511err:
512 EVP_MD_free(md);
b4250010 513 OSSL_LIB_CTX_free(ctx);
f9e504e8
P		 514 return res;
515}
516
b8a1272d
MC		 517#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
518static int test_fromdata(char *keytype, OSSL_PARAM *params)
519{
520 EVP_PKEY_CTX *pctx = NULL;
521 EVP_PKEY *pkey = NULL;
522 int testresult = 0;
523
062490db 524 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
b8a1272d 525 goto err;
2db985b7
SL		 526 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
527 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
528 params), 0))
b8a1272d
MC		 529 goto err;
530
531 if (!TEST_ptr(pkey))
532 goto err;
533
534 testresult = 1;
535 err:
536 EVP_PKEY_free(pkey);
537 EVP_PKEY_CTX_free(pctx);
538
539 return testresult;
540}
541#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
542
2c04b341 543/*
8a9394c1 544 * Test combinations of private, public, missing and private + public key
2c04b341
JS		 545 * params to ensure they are all accepted
546 */
b8a1272d 547#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
2c04b341
JS		 548static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
549{
550 OSSL_PARAM_BLD *bld = NULL;
551 OSSL_PARAM *params = NULL;
552 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2c04b341
JS		 553 int ret = 0;
554
555 /*
556 * Setup the parameters for our pkey object. For our purposes they don't
557 * have to actually be *valid* parameters. We just need to set something.
558 */
b8a1272d 559 if (!TEST_ptr(p = BN_new())
2c04b341
JS		 560 || !TEST_ptr(q = BN_new())
561 || !TEST_ptr(g = BN_new())
562 || !TEST_ptr(pub = BN_new())
563 || !TEST_ptr(priv = BN_new()))
564 goto err;
565
566 /* Test !priv and !pub */
567 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
568 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
569 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
570 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
571 goto err;
572 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
573 goto err;
574
b8a1272d 575 if (!test_fromdata(keytype, params))
2c04b341 576 goto err;
2c04b341
JS		 577 OSSL_PARAM_BLD_free_params(params);
578 OSSL_PARAM_BLD_free(bld);
579
580 /* Test priv and !pub */
581 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
582 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
583 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
584 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
585 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
586 priv)))
587 goto err;
588 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
589 goto err;
590
b8a1272d 591 if (!test_fromdata(keytype, params))
2c04b341 592 goto err;
2c04b341
JS		 593 OSSL_PARAM_BLD_free_params(params);
594 OSSL_PARAM_BLD_free(bld);
595
596 /* Test !priv and pub */
597 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
598 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
599 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
600 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
601 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
602 pub)))
603 goto err;
604 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
605 goto err;
606
b8a1272d 607 if (!test_fromdata(keytype, params))
2c04b341 608 goto err;
2c04b341
JS		 609 OSSL_PARAM_BLD_free_params(params);
610 OSSL_PARAM_BLD_free(bld);
611
612 /* Test priv and pub */
613 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
614 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
615 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
616 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
617 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
618 pub))
619 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
620 priv)))
621 goto err;
622 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
623 goto err;
624
b8a1272d 625 if (!test_fromdata(keytype, params))
2c04b341
JS		 626 goto err;
627
628 ret = 1;
629 err:
2c04b341
JS		 630 OSSL_PARAM_BLD_free_params(params);
631 OSSL_PARAM_BLD_free(bld);
632 BN_free(p);
633 BN_free(q);
634 BN_free(g);
635 BN_free(pub);
636 BN_free(priv);
637
638 return ret;
639}
8a9394c1 640#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
2c04b341 641
b8a1272d
MC		 642/*
643 * Test combinations of private, public, missing and private + public key
644 * params to ensure they are all accepted for EC keys
645 */
646#ifndef OPENSSL_NO_EC
647static unsigned char ec_priv[] = {
648 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
649 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
650 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
651};
652static unsigned char ec_pub[] = {
653 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
654 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
655 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
656 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
657 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
658 0x08, 0x09, 0xb8, 0xdb, 0x03
659};
660
661static int test_EC_priv_pub(void)
662{
663 OSSL_PARAM_BLD *bld = NULL;
664 OSSL_PARAM *params = NULL;
665 BIGNUM *priv = NULL;
666 int ret = 0;
667
668 /*
669 * Setup the parameters for our pkey object. For our purposes they don't
670 * have to actually be *valid* parameters. We just need to set something.
671 */
672 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
673 goto err;
674
675 /* Test !priv and !pub */
676 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
677 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
678 OSSL_PKEY_PARAM_GROUP_NAME,
679 "P-256", 0)))
680 goto err;
681 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
682 goto err;
683
684 if (!test_fromdata("EC", params))
685 goto err;
686 OSSL_PARAM_BLD_free_params(params);
687 OSSL_PARAM_BLD_free(bld);
688
689 /* Test priv and !pub */
690 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
691 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
692 OSSL_PKEY_PARAM_GROUP_NAME,
693 "P-256", 0))
694 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
695 priv)))
696 goto err;
697 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
698 goto err;
699
700 if (!test_fromdata("EC", params))
701 goto err;
702 OSSL_PARAM_BLD_free_params(params);
703 OSSL_PARAM_BLD_free(bld);
704
705 /* Test !priv and pub */
706 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
707 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
708 OSSL_PKEY_PARAM_GROUP_NAME,
709 "P-256", 0))
710 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
711 OSSL_PKEY_PARAM_PUB_KEY,
712 ec_pub, sizeof(ec_pub))))
713 goto err;
714 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
715 goto err;
716
717 if (!test_fromdata("EC", params))
718 goto err;
719 OSSL_PARAM_BLD_free_params(params);
720 OSSL_PARAM_BLD_free(bld);
721
722 /* Test priv and pub */
723 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
724 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
725 OSSL_PKEY_PARAM_GROUP_NAME,
726 "P-256", 0))
727 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
728 OSSL_PKEY_PARAM_PUB_KEY,
729 ec_pub, sizeof(ec_pub)))
d36a5dd0
MC		 730 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
731 priv)))
b8a1272d
MC		 732 goto err;
733 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
734 goto err;
735
736 if (!test_fromdata("EC", params))
737 goto err;
738
739 ret = 1;
740 err:
741 OSSL_PARAM_BLD_free_params(params);
742 OSSL_PARAM_BLD_free(bld);
743 BN_free(priv);
744
745 return ret;
746}
747
748/* Test that using a legacy EC key with only a private key in it works */
749# ifndef OPENSSL_NO_DEPRECATED_3_0
750static int test_EC_priv_only_legacy(void)
751{
752 BIGNUM *priv = NULL;
753 int ret = 0;
754 EC_KEY *eckey = NULL;
755 EVP_PKEY *pkey = NULL;
756 EVP_MD_CTX *ctx = NULL;
757
758 /* Create the low level EC_KEY */
759 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
760 goto err;
761
762 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
763 if (!TEST_ptr(eckey))
764 goto err;
765
766 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
767 goto err;
768
769 pkey = EVP_PKEY_new();
770 if (!TEST_ptr(pkey))
771 goto err;
772
773 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
774 goto err;
775 eckey = NULL;
776
777 ctx = EVP_MD_CTX_new();
778 if (!TEST_ptr(ctx))
779 goto err;
780
781 /*
782 * The EVP_DigestSignInit function should create the key on the provider
783 * side which is sufficient for this test.
784 */
062490db
JS		 785 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx, testpropq,
786 pkey, NULL)))
b8a1272d
MC		 787 goto err;
788
789 ret = 1;
790
791 err:
792 EVP_MD_CTX_free(ctx);
793 EVP_PKEY_free(pkey);
794 EC_KEY_free(eckey);
795 BN_free(priv);
796
797 return ret;
798}
799# endif /* OPENSSL_NO_DEPRECATED_3_0 */
800#endif /* OPENSSL_NO_EC */
801
2eb2b4f3
SL		 802static int test_EVP_Enveloped(void)
803{
804 int ret = 0;
805 EVP_CIPHER_CTX *ctx = NULL;
806 EVP_PKEY *keypair = NULL;
807 unsigned char *kek = NULL;
808 unsigned char iv[EVP_MAX_IV_LENGTH];
809 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
810 int len, kek_len, ciphertext_len, plaintext_len;
811 unsigned char ciphertext[32], plaintext[16];
062490db
JS		 812 const EVP_CIPHER *type = NULL;
813
814 if (nullprov != NULL)
815 return TEST_skip("Test does not support a non-default library context");
816
817 type = EVP_aes_256_cbc();
2eb2b4f3
SL		 818
819 if (!TEST_ptr(keypair = load_example_rsa_key())
820 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
821 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
822 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
823 &keypair, 1))
824 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
825 msg, sizeof(msg)))
826 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
827 &len)))
828 goto err;
829
830 ciphertext_len += len;
831
832 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
833 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
834 ciphertext, ciphertext_len))
835 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
836 goto err;
837
838 plaintext_len += len;
839 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
840 goto err;
841
842 ret = 1;
843err:
844 OPENSSL_free(kek);
845 EVP_PKEY_free(keypair);
846 EVP_CIPHER_CTX_free(ctx);
847 return ret;
848}
849
59d0e6c8 850/*
6d242fa5
MC		 851 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
852 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
853 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
854 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
855 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
856 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
857 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
858 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
859 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
59d0e6c8
MC		 860 */
861static int test_EVP_DigestSignInit(int tst)
71ea6b48
MC		 862{
863 int ret = 0;
864 EVP_PKEY *pkey = NULL;
865 unsigned char *sig = NULL;
866 size_t sig_len = 0;
59d0e6c8
MC		 867 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
868 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
869 BIO *mdbio = NULL, *membio = NULL;
870 size_t written;
6d242fa5
MC		 871 const EVP_MD *md;
872 EVP_MD *mdexp = NULL;
59d0e6c8 873
062490db
JS		 874 if (nullprov != NULL)
875 return TEST_skip("Test does not support a non-default library context");
876
6d242fa5 877 if (tst >= 6) {
59d0e6c8
MC		 878 membio = BIO_new(BIO_s_mem());
879 mdbio = BIO_new(BIO_f_md());
880 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
881 goto out;
882 BIO_push(mdbio, membio);
883 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
884 goto out;
885 } else {
886 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
887 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
888 goto out;
889 }
71ea6b48 890
6d242fa5 891 if (tst == 0 || tst == 3 || tst == 6) {
59d0e6c8
MC		 892 if (!TEST_ptr(pkey = load_example_rsa_key()))
893 goto out;
6d242fa5 894 } else if (tst == 1 || tst == 4 || tst == 7) {
f650ab47 895#ifndef OPENSSL_NO_DSA
59d0e6c8
MC		 896 if (!TEST_ptr(pkey = load_example_dsa_key()))
897 goto out;
f650ab47
MC		 898#else
899 ret = 1;
900 goto out;
901#endif
6d242fa5
MC		 902 } else {
903 if (!TEST_ptr(pkey = load_example_hmac_key()))
904 goto out;
59d0e6c8 905 }
71ea6b48 906
6d242fa5
MC		 907 if (tst >= 3 && tst <= 5)
908 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
909 else
910 md = EVP_sha256();
911
912 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
71ea6b48 913 goto out;
adcd8e37 914
6d242fa5 915 if (tst >= 6) {
59d0e6c8
MC		 916 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
917 goto out;
918 } else {
919 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
920 goto out;
921 }
922
71ea6b48 923 /* Determine the size of the signature. */
adcd8e37 924 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
0a054d2a 925 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
adcd8e37 926 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
71ea6b48 927 goto out;
71ea6b48 928
6d242fa5 929 if (tst >= 6) {
59d0e6c8
MC		 930 if (!TEST_int_gt(BIO_reset(mdbio), 0)
931 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
932 goto out;
933 }
934
6d242fa5
MC		 935 /*
936 * Ensure that the signature round-trips (Verification isn't supported for
937 * HMAC via EVP_DigestVerify*)
938 */
939 if (tst != 2 && tst != 5 && tst != 8) {
940 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
941 NULL, pkey)))
59d0e6c8 942 goto out;
6d242fa5
MC		 943
944 if (tst >= 6) {
945 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
946 goto out;
947 } else {
948 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
949 sizeof(kMsg))))
950 goto out;
951 }
952 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
59d0e6c8
MC		 953 goto out;
954 }
71ea6b48
MC		 955
956 ret = 1;
957
958 out:
59d0e6c8
MC		 959 BIO_free(membio);
960 BIO_free(mdbio);
961 EVP_MD_CTX_free(a_md_ctx);
962 EVP_MD_CTX_free(a_md_ctx_verify);
c5ba2d99 963 EVP_PKEY_free(pkey);
b548a1f1 964 OPENSSL_free(sig);
6d242fa5 965 EVP_MD_free(mdexp);
71ea6b48
MC		 966
967 return ret;
968}
969
970static int test_EVP_DigestVerifyInit(void)
971{
972 int ret = 0;
973 EVP_PKEY *pkey = NULL;
adcd8e37 974 EVP_MD_CTX *md_ctx = NULL;
71ea6b48 975
062490db
JS		 976 if (nullprov != NULL)
977 return TEST_skip("Test does not support a non-default library context");
978
adcd8e37
RS		 979 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
980 || !TEST_ptr(pkey = load_example_rsa_key()))
981 goto out;
71ea6b48 982
adcd8e37
RS		 983 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
984 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
985 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
986 sizeof(kSignature))))
71ea6b48 987 goto out;
71ea6b48
MC		 988 ret = 1;
989
990 out:
bfb0641f 991 EVP_MD_CTX_free(md_ctx);
c5ba2d99 992 EVP_PKEY_free(pkey);
71ea6b48
MC		 993 return ret;
994}
995
8d8dd09b
TM		 996/*
997 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
998 */
999static int test_EVP_Digest(void)
1000{
1001 int ret = 0;
1002 EVP_MD_CTX *md_ctx = NULL;
1003 unsigned char md[EVP_MAX_MD_SIZE];
062490db
JS		 1004 EVP_MD *sha256 = NULL;
1005 EVP_MD *shake256 = NULL;
8d8dd09b
TM		 1006
1007 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1008 goto out;
1009
062490db
JS		 1010 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1011 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1012 goto out;
1013
1014 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
8d8dd09b
TM		 1015 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1016 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1017 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1018 || !TEST_ptr_eq(EVP_MD_CTX_md(md_ctx), NULL))
1019 goto out;
1020
062490db 1021 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
8d8dd09b
TM		 1022 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1023 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1024 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1025 || !TEST_ptr(EVP_MD_CTX_md(md_ctx))
1026 /*
1027 * EVP_DigestInit_ex with NULL type should work on
1028 * pre-initialized context.
1029 */
1030 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1031 goto out;
1032
062490db 1033 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
8d8dd09b
TM		 1034 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1035 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1036 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1037 || !TEST_ptr(EVP_MD_CTX_md(md_ctx))
1038 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1039 goto out;
1040 ret = 1;
1041
1042 out:
1043 EVP_MD_CTX_free(md_ctx);
062490db
JS		 1044 EVP_MD_free(sha256);
1045 EVP_MD_free(shake256);
8d8dd09b
TM		 1046 return ret;
1047}
1048
adcd8e37 1049static int test_d2i_AutoPrivateKey(int i)
71ea6b48
MC		 1050{
1051 int ret = 0;
1052 const unsigned char *p;
1053 EVP_PKEY *pkey = NULL;
adcd8e37
RS		 1054 const APK_DATA *ak = &keydata[i];
1055 const unsigned char *input = ak->kder;
1056 size_t input_len = ak->size;
1057 int expected_id = ak->evptype;
71ea6b48
MC		 1058
1059 p = input;
adcd8e37
RS		 1060 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1061 || !TEST_ptr_eq(p, input + input_len)
1062 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
71ea6b48 1063 goto done;
71ea6b48
MC		 1064
1065 ret = 1;
1066
1067 done:
c5ba2d99 1068 EVP_PKEY_free(pkey);
71ea6b48
MC		 1069 return ret;
1070}
1071
a9880362 1072#ifndef OPENSSL_NO_EC
cad8347b
SL		 1073
1074static const unsigned char ec_public_sect163k1_validxy[] = {
1075 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1076 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1077 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1078 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1079 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1080 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1081};
1082
1083static const unsigned char ec_public_sect163k1_badx[] = {
1084 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1085 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1086 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1087 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1088 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1089 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1090};
1091
1092static const unsigned char ec_public_sect163k1_bady[] = {
1093 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1094 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1095 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1096 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1097 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1098 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1099};
1100
1101static struct ec_der_pub_keys_st {
1102 const unsigned char *der;
1103 size_t len;
1104 int valid;
1105} ec_der_pub_keys[] = {
1106 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1107 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1108 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1109};
1110
1111/*
1112 * Tests the range of the decoded EC char2 public point.
1113 * See ec_GF2m_simple_oct2point().
1114 */
1115static int test_invalide_ec_char2_pub_range_decode(int id)
1116{
1117 int ret = 0;
5b5eea4b 1118 EVP_PKEY *pkey;
cad8347b 1119
5b5eea4b
SL		 1120 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1121 ec_der_pub_keys[id].len);
1122
1123 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1124 || TEST_ptr_null(pkey);
1125 EVP_PKEY_free(pkey);
cad8347b
SL		 1126 return ret;
1127}
1128
71ea6b48
MC		 1129/* Tests loading a bad key in PKCS8 format */
1130static int test_EVP_PKCS82PKEY(void)
1131{
1132 int ret = 0;
1133 const unsigned char *derp = kExampleBadECKeyDER;
1134 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1135 EVP_PKEY *pkey = NULL;
1136
adcd8e37
RS		 1137 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1138 sizeof(kExampleBadECKeyDER))))
1139 goto done;
71ea6b48 1140
adcd8e37
RS		 1141 if (!TEST_ptr_eq(derp,
1142 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
71ea6b48 1143 goto done;
71ea6b48 1144
adcd8e37 1145 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
71ea6b48 1146 goto done;
71ea6b48
MC		 1147
1148 ret = 1;
1149
1150 done:
e0e920b1 1151 PKCS8_PRIV_KEY_INFO_free(p8inf);
c5ba2d99 1152 EVP_PKEY_free(pkey);
71ea6b48
MC		 1153
1154 return ret;
1155}
a9880362 1156#endif
71ea6b48 1157
29c49b25
RL		 1158/* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1159static int test_privatekey_to_pkcs8(void)
1160{
1161 EVP_PKEY *pkey = NULL;
1162 BIO *membio = NULL;
1163 char *membuf = NULL;
e2cc68c8 1164 long membuf_len = 0;
29c49b25
RL		 1165 int ok = 0;
1166
1167 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1168 || !TEST_ptr(pkey = load_example_rsa_key())
1169 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1170 NULL, 0, NULL, NULL),
1171 0)
e2cc68c8
SL		 1172 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1173 || !TEST_ptr(membuf)
1174 || !TEST_mem_eq(membuf, (size_t)membuf_len,
29c49b25
RL		 1175 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1176 /*
1177 * We try to write PEM as well, just to see that it doesn't err, but
1178 * assume that the result is correct.
1179 */
1180 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1181 NULL, 0, NULL, NULL),
1182 0))
1183 goto done;
1184
1185 ok = 1;
1186 done:
1187 EVP_PKEY_free(pkey);
1188 BIO_free_all(membio);
1189 return ok;
1190}
1191
f0c62c53
RL		 1192#ifndef OPENSSL_NO_EC
1193static const struct {
1194 int encoding;
1195 const char *encoding_name;
1196} ec_encodings[] = {
1197 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1198 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1199};
1200
1201static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1202{
1203 const OSSL_PARAM *p;
1204 const char *enc_name = NULL;
1205 int *enc = arg;
1206 size_t i;
1207
1208 *enc = -1;
1209
1210 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1211 OSSL_PKEY_PARAM_EC_ENCODING))
1212 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1213 return 0;
1214
1215 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1216 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1217 *enc = ec_encodings[i].encoding;
1218 break;
1219 }
1220 }
1221
1222 return (*enc != -1);
1223}
1224
1225static int test_EC_keygen_with_enc(int idx)
1226{
1227 EVP_PKEY *params = NULL, *key = NULL;
1228 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1229 int enc;
1230 int ret = 0;
1231
1232 enc = ec_encodings[idx].encoding;
1233
1234 /* Create key parameters */
1235 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1236 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
1237 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
1238 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1239 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
1240 || !TEST_ptr(params))
1241 goto done;
1242
1243 /* Create key */
1244 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1245 || !TEST_true(EVP_PKEY_keygen_init(kctx))
1246 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1247 || !TEST_ptr(key))
1248 goto done;
1249
1250 /* Check that the encoding got all the way into the key */
1251 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1252 ec_export_get_encoding_cb, &enc))
1253 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1254 goto done;
1255
1256 ret = 1;
1257 done:
1258 EVP_PKEY_free(key);
1259 EVP_PKEY_free(params);
1260 EVP_PKEY_CTX_free(kctx);
1261 EVP_PKEY_CTX_free(pctx);
1262 return ret;
1263}
1264#endif
1265
f844f9eb 1266#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
ddb634fe 1267
a6c4cb84
JL		 1268static int test_EVP_SM2_verify(void)
1269{
a6c4cb84 1270 const char *pubkey =
d0b79f86
PY		 1271 "-----BEGIN PUBLIC KEY-----\n"
1272 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1273 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1274 "-----END PUBLIC KEY-----\n";
a6c4cb84
JL		 1275
1276 const char *msg = "message digest";
1277 const char *id = "ALICE123@YAHOO.COM";
1278
1279 const uint8_t signature[] = {
d0b79f86
PY		 1280 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1281 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1282 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1283 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1284 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1285 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1286 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
a6c4cb84
JL		 1287 };
1288
1289 int rc = 0;
1290 BIO *bio = NULL;
1291 EVP_PKEY *pkey = NULL;
1292 EVP_MD_CTX *mctx = NULL;
1293 EVP_PKEY_CTX *pctx = NULL;
062490db 1294 EVP_MD *sm3 = NULL;
a6c4cb84
JL		 1295
1296 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1297 if (!TEST_true(bio != NULL))
1298 goto done;
1299
062490db 1300 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
a6c4cb84
JL		 1301 if (!TEST_true(pkey != NULL))
1302 goto done;
1303
8a288609 1304 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
a6c4cb84
JL		 1305 goto done;
1306
1307 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1308 goto done;
1309
062490db 1310 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
a6c4cb84
JL		 1311 goto done;
1312
a6c4cb84
JL		 1313 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1314
062490db
JS		 1315 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1316 goto done;
1317
1318 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
a6c4cb84
JL		 1319 goto done;
1320
d0b79f86
PY		 1321 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1322 goto done;
1323
a6c4cb84
JL		 1324 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1325 goto done;
1326
1327 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
1328 goto done;
1329 rc = 1;
1330
1331 done:
1332 BIO_free(bio);
1333 EVP_PKEY_free(pkey);
1334 EVP_PKEY_CTX_free(pctx);
1335 EVP_MD_CTX_free(mctx);
062490db 1336 EVP_MD_free(sm3);
a6c4cb84
JL		 1337 return rc;
1338}
1339
ddb634fe
JL		 1340static int test_EVP_SM2(void)
1341{
1342 int ret = 0;
1343 EVP_PKEY *pkey = NULL;
bfb56a97 1344 EVP_PKEY *pkeyparams = NULL;
ddb634fe
JL		 1345 EVP_PKEY_CTX *pctx = NULL;
1346 EVP_PKEY_CTX *kctx = NULL;
4803717f 1347 EVP_PKEY_CTX *sctx = NULL;
ddb634fe
JL		 1348 size_t sig_len = 0;
1349 unsigned char *sig = NULL;
1350 EVP_MD_CTX *md_ctx = NULL;
1351 EVP_MD_CTX *md_ctx_verify = NULL;
1352 EVP_PKEY_CTX *cctx = NULL;
062490db 1353 EVP_MD *sm3 = NULL;
ddb634fe
JL		 1354
1355 uint8_t ciphertext[128];
1356 size_t ctext_len = sizeof(ciphertext);
1357
1358 uint8_t plaintext[8];
1359 size_t ptext_len = sizeof(plaintext);
1360
4803717f
PY		 1361 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1362
bfb56a97
MC		 1363 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1364 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1365 int i;
1366 char mdname[20];
1367
062490db 1368 pctx = EVP_PKEY_CTX_new_from_name(testctx, "SM2", testpropq);
ddb634fe
JL		 1369 if (!TEST_ptr(pctx))
1370 goto done;
1371
1372 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1373 goto done;
1374
1375 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1376 goto done;
1377
bfb56a97 1378 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
ddb634fe
JL		 1379 goto done;
1380
062490db 1381 kctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkeyparams, testpropq);
ddb634fe
JL		 1382 if (!TEST_ptr(kctx))
1383 goto done;
1384
1385 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1386 goto done;
1387
1388 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1389 goto done;
1390
ddb634fe
JL		 1391 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1392 goto done;
1393
1394 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1395 goto done;
1396
062490db 1397 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
4803717f
PY		 1398 goto done;
1399
1400 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1401 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1402
062490db
JS		 1403 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1404 goto done;
1405
1406 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, sm3, NULL, pkey)))
4803717f
PY		 1407 goto done;
1408
d0b79f86 1409 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
ddb634fe
JL		 1410 goto done;
1411
1412 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1413 goto done;
1414
1415 /* Determine the size of the signature. */
1416 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1417 goto done;
1418
ddb634fe
JL		 1419 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1420 goto done;
1421
1422 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1423 goto done;
1424
1425 /* Ensure that the signature round-trips. */
1426
062490db 1427 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, sm3, NULL, pkey)))
ddb634fe
JL		 1428 goto done;
1429
d0b79f86
PY		 1430 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1431 goto done;
1432
ddb634fe
JL		 1433 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1434 goto done;
1435
1436 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1437 goto done;
1438
1439 /* now check encryption/decryption */
1440
bfb56a97
MC		 1441 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1442 mdname, sizeof(mdname));
1443 for (i = 0; i < 2; i++) {
1444 EVP_PKEY_CTX_free(cctx);
ddb634fe 1445
bfb56a97
MC		 1446 sparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1447 i == 0 ? "SM3" : "SHA2-256",
1448 0);
ddb634fe 1449
062490db 1450 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
bfb56a97 1451 goto done;
ddb634fe 1452
bfb56a97
MC		 1453 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1454 goto done;
ddb634fe 1455
bfb56a97
MC		 1456 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1457 goto done;
ddb634fe 1458
bfb56a97
MC		 1459 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1460 sizeof(kMsg))))
1461 goto done;
ddb634fe 1462
bfb56a97
MC		 1463 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1464 goto done;
1465
1466 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1467 goto done;
1468
1469 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1470 ctext_len)))
1471 goto done;
1472
1473 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1474 goto done;
1475
1476 /* Test we're still using the digest we think we are */
1477 if (i == 0 && !TEST_int_eq(strcmp(mdname, "SM3"), 0))
1478 goto done;
1479 if (i == 1 && !TEST_int_eq(strcmp(mdname, "SHA2-256"), 0))
1480 goto done;
1481
1482 if (!TEST_true(ptext_len == sizeof(kMsg)))
1483 goto done;
1484
1485 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1486 goto done;
1487 }
ddb634fe
JL		 1488
1489 ret = 1;
1490done:
1491 EVP_PKEY_CTX_free(pctx);
1492 EVP_PKEY_CTX_free(kctx);
4803717f 1493 EVP_PKEY_CTX_free(sctx);
ddb634fe
JL		 1494 EVP_PKEY_CTX_free(cctx);
1495 EVP_PKEY_free(pkey);
bfb56a97 1496 EVP_PKEY_free(pkeyparams);
ddb634fe
JL		 1497 EVP_MD_CTX_free(md_ctx);
1498 EVP_MD_CTX_free(md_ctx_verify);
062490db 1499 EVP_MD_free(sm3);
ddb634fe
JL		 1500 OPENSSL_free(sig);
1501 return ret;
1502}
1503
1504#endif
1505
bb5f281a
MC		 1506static struct keys_st {
1507 int type;
1508 char *priv;
1509 char *pub;
1510} keys[] = {
1511 {
1512 EVP_PKEY_HMAC, "0123456789", NULL
1513 }, {
1514 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1515 }, {
1516 EVP_PKEY_SIPHASH, "0123456789012345", NULL
896dcb80
MC		 1517 },
1518#ifndef OPENSSL_NO_EC
1519 {
bb5f281a
MC		 1520 EVP_PKEY_X25519, "01234567890123456789012345678901",
1521 "abcdefghijklmnopqrstuvwxyzabcdef"
1522 }, {
1523 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1524 "abcdefghijklmnopqrstuvwxyzabcdef"
1525 }, {
1526 EVP_PKEY_X448,
1527 "01234567890123456789012345678901234567890123456789012345",
1528 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1529 }, {
1530 EVP_PKEY_ED448,
1531 "012345678901234567890123456789012345678901234567890123456",
1532 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1533 }
896dcb80 1534#endif
bb5f281a
MC		 1535};
1536
86dc26ba 1537static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
bb5f281a
MC		 1538{
1539 int ret = 0;
1540 unsigned char buf[80];
1541 unsigned char *in;
1542 size_t inlen, len = 0;
1543 EVP_PKEY *pkey;
1544
062490db
JS		 1545 if (nullprov != NULL)
1546 return TEST_skip("Test does not support a non-default library context");
1547
bb5f281a
MC		 1548 /* Check if this algorithm supports public keys */
1549 if (keys[tst].pub == NULL)
1550 return 1;
1551
1552 memset(buf, 0, sizeof(buf));
1553
1554 if (pub) {
1555 inlen = strlen(keys[tst].pub);
1556 in = (unsigned char *)keys[tst].pub;
86dc26ba 1557 if (uselibctx) {
d8652be0 1558 pkey = EVP_PKEY_new_raw_public_key_ex(
86dc26ba
MC		 1559 testctx,
1560 OBJ_nid2sn(keys[tst].type),
1561 NULL,
1562 in,
1563 inlen);
1564 } else {
1565 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1566 NULL,
1567 in,
1568 inlen);
1569 }
bb5f281a
MC		 1570 } else {
1571 inlen = strlen(keys[tst].priv);
1572 in = (unsigned char *)keys[tst].priv;
86dc26ba 1573 if (uselibctx) {
d8652be0 1574 pkey = EVP_PKEY_new_raw_private_key_ex(
86dc26ba
MC		 1575 testctx, OBJ_nid2sn(keys[tst].type),
1576 NULL,
1577 in,
1578 inlen);
1579 } else {
1580 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1581 NULL,
1582 in,
1583 inlen);
1584 }
bb5f281a
MC		 1585 }
1586
1587 if (!TEST_ptr(pkey)
1588 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1589 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1590 || !TEST_true(len == inlen)
1591 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1592 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1593 || !TEST_mem_eq(in, inlen, buf, len))
1594 goto done;
1595
1596 ret = 1;
1597 done:
1598 EVP_PKEY_free(pkey);
1599 return ret;
1600}
1601
1602static int test_set_get_raw_keys(int tst)
1603{
86dc26ba
MC		 1604 return test_set_get_raw_keys_int(tst, 0, 0)
1605 && test_set_get_raw_keys_int(tst, 0, 1)
1606 && test_set_get_raw_keys_int(tst, 1, 0)
1607 && test_set_get_raw_keys_int(tst, 1, 1);
bb5f281a
MC		 1608}
1609
41bbba53 1610#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3
PY		 1611static int pkey_custom_check(EVP_PKEY *pkey)
1612{
1613 return 0xbeef;
1614}
1615
b0004708
PY		 1616static int pkey_custom_pub_check(EVP_PKEY *pkey)
1617{
1618 return 0xbeef;
1619}
1620
1621static int pkey_custom_param_check(EVP_PKEY *pkey)
1622{
1623 return 0xbeef;
1624}
1625
2aee35d3 1626static EVP_PKEY_METHOD *custom_pmeth;
41bbba53 1627#endif
2aee35d3
PY		 1628
1629static int test_EVP_PKEY_check(int i)
1630{
1631 int ret = 0;
2aee35d3
PY		 1632 EVP_PKEY *pkey = NULL;
1633 EVP_PKEY_CTX *ctx = NULL;
41bbba53 1634#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3 1635 EVP_PKEY_CTX *ctx2 = NULL;
41bbba53 1636#endif
2aee35d3
PY		 1637 const APK_DATA *ak = &keycheckdata[i];
1638 const unsigned char *input = ak->kder;
1639 size_t input_len = ak->size;
1640 int expected_id = ak->evptype;
1641 int expected_check = ak->check;
b0004708
PY		 1642 int expected_pub_check = ak->pub_check;
1643 int expected_param_check = ak->param_check;
1644 int type = ak->type;
b0004708 1645
5b5eea4b
SL		 1646 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
1647 goto done;
1648 if (type == 0
1649 && !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1650 goto done;
2aee35d3 1651
062490db 1652 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2aee35d3
PY		 1653 goto done;
1654
b0004708
PY		 1655 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1656 goto done;
1657
1658 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1659 goto done;
1660
1661 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1662 goto done;
2aee35d3 1663
41bbba53 1664#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3
PY		 1665 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1666 /* assign the pkey directly, as an internal test */
1667 EVP_PKEY_up_ref(pkey);
1668 ctx2->pkey = pkey;
1669
1670 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1671 goto done;
1672
b0004708
PY		 1673 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1674 goto done;
1675
1676 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1677 goto done;
41bbba53 1678#endif
b0004708 1679
2aee35d3
PY		 1680 ret = 1;
1681
1682 done:
1683 EVP_PKEY_CTX_free(ctx);
41bbba53 1684#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3 1685 EVP_PKEY_CTX_free(ctx2);
41bbba53 1686#endif
2aee35d3
PY		 1687 EVP_PKEY_free(pkey);
1688 return ret;
1689}
1690
fab8fde3 1691#ifndef OPENSSL_NO_CMAC
e5bc0ce2
MC		 1692static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
1693{
1694 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
1695 const char msg[] = "Hello World";
1696 size_t maclen;
1697 int ret = 1;
1698
1699 if (!TEST_ptr(mdctx)
062490db
JS		 1700 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
1701 testpropq, pkey, NULL))
e5bc0ce2
MC		 1702 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
1703 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
1704 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
1705 ret = 0;
1706
1707 EVP_MD_CTX_free(mdctx);
1708
1709 return ret;
1710}
a87820e1
RL		 1711static int test_CMAC_keygen(void)
1712{
e5bc0ce2
MC		 1713 static unsigned char key[] = {
1714 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1715 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1716 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1717 };
062490db 1718 EVP_PKEY_CTX *kctx = NULL;
a87820e1 1719 int ret = 0;
e5bc0ce2 1720 EVP_PKEY *pkey = NULL;
a3d267f1
RS		 1721 unsigned char mac[AES_BLOCK_SIZE];
1722# if !defined(OPENSSL_NO_DEPRECATED_3_0)
1723 unsigned char mac2[AES_BLOCK_SIZE];
1724# endif
e5bc0ce2 1725
062490db
JS		 1726 if (nullprov != NULL)
1727 return TEST_skip("Test does not support a non-default library context");
1728
1729 /*
1730 * This is a legacy method for CMACs, but should still work.
1731 * This verifies that it works without an ENGINE.
1732 */
1733 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
1734
e5bc0ce2
MC		 1735 /* Test a CMAC key created using the "generated" method */
1736 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1737 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1738 EVP_PKEY_CTRL_CIPHER,
1739 0, (void *)EVP_aes_256_ecb()), 0)
1740 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1741 EVP_PKEY_CTRL_SET_MAC_KEY,
1742 sizeof(key), (void *)key), 0)
1743 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
1744 || !TEST_ptr(pkey)
1745 || !TEST_true(get_cmac_val(pkey, mac)))
1746 goto done;
a87820e1 1747
a3d267f1 1748# if !defined(OPENSSL_NO_DEPRECATED_3_0)
e5bc0ce2
MC		 1749 EVP_PKEY_free(pkey);
1750
1751 /*
1752 * Test a CMAC key using the direct method, and compare with the mac
1753 * created above.
1754 */
1755 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
1756 if (!TEST_ptr(pkey)
1757 || !TEST_true(get_cmac_val(pkey, mac2))
1758 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
a87820e1 1759 goto done;
a3d267f1 1760# endif
e5bc0ce2 1761
a87820e1
RL		 1762 ret = 1;
1763
1764 done:
e5bc0ce2 1765 EVP_PKEY_free(pkey);
a87820e1
RL		 1766 EVP_PKEY_CTX_free(kctx);
1767 return ret;
1768}
fab8fde3 1769#endif
a87820e1 1770
10d5b415
MC		 1771static int test_HKDF(void)
1772{
1773 EVP_PKEY_CTX *pctx;
1774 unsigned char out[20];
1775 size_t outlen;
1776 int i, ret = 0;
1777 unsigned char salt[] = "0123456789";
1778 unsigned char key[] = "012345678901234567890123456789";
1779 unsigned char info[] = "infostring";
1780 const unsigned char expected[] = {
1781 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1782 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1783 };
1784 size_t expectedlen = sizeof(expected);
1785
062490db 1786 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
10d5b415
MC		 1787 goto done;
1788
1789 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1790 for (i = 0; i < 2; i++) {
1791 outlen = sizeof(out);
1792 memset(out, 0, outlen);
1793
1794 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1795 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1796 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1797 sizeof(salt) - 1), 0)
1798 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1799 sizeof(key) - 1), 0)
1800 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1801 sizeof(info) - 1), 0)
1802 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1803 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1804 goto done;
1805 }
1806
1807 ret = 1;
1808
1809 done:
1810 EVP_PKEY_CTX_free(pctx);
1811
1812 return ret;
1813}
1814
2cd3ebc7
BK		 1815static int test_emptyikm_HKDF(void)
1816{
1817 EVP_PKEY_CTX *pctx;
1818 unsigned char out[20];
1819 size_t outlen;
1820 int ret = 0;
1821 unsigned char salt[] = "9876543210";
1822 unsigned char key[] = "";
1823 unsigned char info[] = "stringinfo";
1824 const unsigned char expected[] = {
1825 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
1826 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
1827 };
1828 size_t expectedlen = sizeof(expected);
1829
062490db 1830 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2cd3ebc7
BK		 1831 goto done;
1832
1833 outlen = sizeof(out);
1834 memset(out, 0, outlen);
1835
1836 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1837 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1838 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1839 sizeof(salt) - 1), 0)
1840 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1841 sizeof(key) - 1), 0)
1842 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1843 sizeof(info) - 1), 0)
1844 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1845 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1846 goto done;
1847
1848 ret = 1;
1849
1850 done:
1851 EVP_PKEY_CTX_free(pctx);
1852
1853 return ret;
1854}
1855
5dc40a83
BE		 1856#ifndef OPENSSL_NO_EC
1857static int test_X509_PUBKEY_inplace(void)
1858{
808c63c5
P		 1859 int ret = 0;
1860 X509_PUBKEY *xp = NULL;
1861 const unsigned char *p = kExampleECPubKeyDER;
1862 size_t input_len = sizeof(kExampleECPubKeyDER);
5dc40a83 1863
808c63c5
P		 1864 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1865 goto done;
5dc40a83 1866
808c63c5
P		 1867 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1868 goto done;
5dc40a83 1869
808c63c5
P		 1870 p = kExampleBadECPubKeyDER;
1871 input_len = sizeof(kExampleBadECPubKeyDER);
5dc40a83 1872
808c63c5
P		 1873 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1874 goto done;
5dc40a83 1875
808c63c5
P		 1876 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1877 goto done;
5dc40a83 1878
808c63c5 1879 ret = 1;
5dc40a83 1880
808c63c5
P		 1881 done:
1882 X509_PUBKEY_free(xp);
1883 return ret;
1884}
1885
1886static int test_X509_PUBKEY_dup(void)
1887{
1888 int ret = 0;
1889 X509_PUBKEY *xp = NULL, *xq = NULL;
1890 const unsigned char *p = kExampleECPubKeyDER;
1891 size_t input_len = sizeof(kExampleECPubKeyDER);
1892
1893 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len))
1894 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
1895 || !TEST_ptr_ne(xp, xq))
1896 goto done;
1897
1898 if (!TEST_ptr(X509_PUBKEY_get0(xq))
1899 || !TEST_ptr(X509_PUBKEY_get0(xp))
1900 || !TEST_ptr_eq(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
1901 goto done;
1902
1903 X509_PUBKEY_free(xq);
1904 xq = NULL;
1905 p = kExampleBadECPubKeyDER;
1906 input_len = sizeof(kExampleBadECPubKeyDER);
1907
1908 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
1909 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
1910 goto done;
1911
1912 X509_PUBKEY_free(xp);
1913 xp = NULL;
1914 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
1915 goto done;
1916
1917 ret = 1;
1918
1919 done:
1920 X509_PUBKEY_free(xp);
1921 X509_PUBKEY_free(xq);
1922 return ret;
5dc40a83 1923}
7bb82f92 1924#endif /* OPENSSL_NO_EC */
784883fc 1925
9c45222d 1926/* Test getting and setting parameters on an EVP_PKEY_CTX */
f54a4101 1927static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
9c45222d 1928{
9a071fef 1929 EVP_MD_CTX *mdctx = NULL;
9c45222d 1930 EVP_PKEY_CTX *ctx = NULL;
9c45222d 1931 const OSSL_PARAM *params;
00bc1ad9 1932 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
9c45222d
MC		 1933 int ret = 0;
1934 const EVP_MD *md;
00bc1ad9 1935 char mdname[OSSL_MAX_NAME_SIZE];
9a071fef 1936 char ssl3ms[48];
9c45222d 1937
9c45222d 1938 /* Initialise a sign operation */
062490db 1939 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
9c45222d 1940 if (!TEST_ptr(ctx)
c9c4a356 1941 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
9c45222d
MC		 1942 goto err;
1943
1944 /*
f54a4101 1945 * We should be able to query the parameters now.
9c45222d
MC		 1946 */
1947 params = EVP_PKEY_CTX_settable_params(ctx);
1948 if (!TEST_ptr(params)
0cb3f4f9
RL		 1949 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1950 OSSL_SIGNATURE_PARAM_DIGEST)))
9c45222d
MC		 1951 goto err;
1952
9c45222d
MC		 1953 params = EVP_PKEY_CTX_gettable_params(ctx);
1954 if (!TEST_ptr(params)
0cb3f4f9
RL		 1955 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1956 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
0cb3f4f9
RL		 1957 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1958 OSSL_SIGNATURE_PARAM_DIGEST)))
9c45222d
MC		 1959 goto err;
1960
1961 /*
1962 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1963 * EVP_PKEY_CTX_get_params()
1964 */
00bc1ad9
RL		 1965 strcpy(mdname, "SHA512");
1966 param_md = param;
1967 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1968 mdname, 0);
9c45222d
MC		 1969 *param++ = OSSL_PARAM_construct_end();
1970
1971 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
1972 goto err;
1973
00bc1ad9
RL		 1974 mdname[0] = '\0';
1975 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1976 mdname, sizeof(mdname));
9c45222d 1977 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
00bc1ad9 1978 || !TEST_str_eq(mdname, "SHA512"))
9c45222d
MC		 1979 goto err;
1980
1981 /*
1982 * Test the TEST_PKEY_CTX_set_signature_md() and
1983 * TEST_PKEY_CTX_get_signature_md() functions
1984 */
1985 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
1986 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
1987 || !TEST_ptr_eq(md, EVP_sha256()))
1988 goto err;
1989
9a071fef
MC		 1990 /*
1991 * Test getting MD parameters via an associated EVP_PKEY_CTX
1992 */
1993 mdctx = EVP_MD_CTX_new();
1994 if (!TEST_ptr(mdctx)
062490db 1995 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
af6171b3 1996 pkey, NULL)))
9a071fef
MC		 1997 goto err;
1998
1999 /*
2000 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2001 * able to obtain the digest's settable parameters from the provider.
2002 */
2003 params = EVP_MD_CTX_settable_params(mdctx);
2004 if (!TEST_ptr(params)
2005 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2006 /* The final key should be NULL */
2007 || !TEST_ptr_null(params[1].key))
2008 goto err;
2009
2010 param = ourparams;
2011 memset(ssl3ms, 0, sizeof(ssl3ms));
2012 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2013 ssl3ms, sizeof(ssl3ms));
2014 *param++ = OSSL_PARAM_construct_end();
2015
2016 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2017 goto err;
2018
9c45222d
MC		 2019 ret = 1;
2020
2021 err:
9a071fef 2022 EVP_MD_CTX_free(mdctx);
9c45222d 2023 EVP_PKEY_CTX_free(ctx);
f54a4101
RL		 2024
2025 return ret;
2026}
2027
2028#ifndef OPENSSL_NO_DSA
2029static int test_DSA_get_set_params(void)
2030{
6ed4022c
RL		 2031 OSSL_PARAM_BLD *bld = NULL;
2032 OSSL_PARAM *params = NULL;
f54a4101 2033 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
6ed4022c 2034 EVP_PKEY_CTX *pctx = NULL;
f54a4101
RL		 2035 EVP_PKEY *pkey = NULL;
2036 int ret = 0;
2037
2038 /*
2039 * Setup the parameters for our DSA object. For our purposes they don't
2040 * have to actually be *valid* parameters. We just need to set something.
2041 */
6ed4022c
RL		 2042 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2043 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2044 || !TEST_ptr(p = BN_new())
2045 || !TEST_ptr(q = BN_new())
2046 || !TEST_ptr(g = BN_new())
2047 || !TEST_ptr(pub = BN_new())
2048 || !TEST_ptr(priv = BN_new()))
2049 goto err;
2050 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2051 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2052 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2053 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2054 pub))
2055 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2056 priv)))
2057 goto err;
2058 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
f54a4101 2059 goto err;
f54a4101 2060
2db985b7
SL		 2061 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2062 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2063 params), 0))
f54a4101
RL		 2064 goto err;
2065
6ed4022c
RL		 2066 if (!TEST_ptr(pkey))
2067 goto err;
f54a4101
RL		 2068
2069 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2070
2071 err:
9c45222d 2072 EVP_PKEY_free(pkey);
6ed4022c
RL		 2073 EVP_PKEY_CTX_free(pctx);
2074 OSSL_PARAM_BLD_free_params(params);
2075 OSSL_PARAM_BLD_free(bld);
9c45222d
MC		 2076 BN_free(p);
2077 BN_free(q);
2078 BN_free(g);
cd32a0f5
RL		 2079 BN_free(pub);
2080 BN_free(priv);
9c45222d
MC		 2081
2082 return ret;
2083}
2c04b341
JS		 2084
2085/*
8a9394c1 2086 * Test combinations of private, public, missing and private + public key
2c04b341
JS		 2087 * params to ensure they are all accepted
2088 */
2089static int test_DSA_priv_pub(void)
2090{
2091 return test_EVP_PKEY_ffc_priv_pub("DSA");
2092}
2093
2094#endif /* !OPENSSL_NO_DSA */
9c45222d 2095
f54a4101
RL		 2096static int test_RSA_get_set_params(void)
2097{
d7e498ac
RL		 2098 OSSL_PARAM_BLD *bld = NULL;
2099 OSSL_PARAM *params = NULL;
f54a4101 2100 BIGNUM *n = NULL, *e = NULL, *d = NULL;
d7e498ac 2101 EVP_PKEY_CTX *pctx = NULL;
f54a4101
RL		 2102 EVP_PKEY *pkey = NULL;
2103 int ret = 0;
2104
2105 /*
2106 * Setup the parameters for our RSA object. For our purposes they don't
2107 * have to actually be *valid* parameters. We just need to set something.
2108 */
d7e498ac
RL		 2109 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2110 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2111 || !TEST_ptr(n = BN_new())
2112 || !TEST_ptr(e = BN_new())
2113 || !TEST_ptr(d = BN_new()))
2114 goto err;
2115 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2116 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2117 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2118 goto err;
2119 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
f54a4101 2120 goto err;
f54a4101 2121
2db985b7
SL		 2122 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2123 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2124 params), 0))
f54a4101
RL		 2125 goto err;
2126
d7e498ac
RL		 2127 if (!TEST_ptr(pkey))
2128 goto err;
f54a4101
RL		 2129
2130 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2131
2132 err:
2133 EVP_PKEY_free(pkey);
d7e498ac
RL		 2134 EVP_PKEY_CTX_free(pctx);
2135 OSSL_PARAM_BLD_free_params(params);
2136 OSSL_PARAM_BLD_free(bld);
f54a4101
RL		 2137 BN_free(n);
2138 BN_free(e);
2139 BN_free(d);
2140
2141 return ret;
2142}
2143
b4be6937
MC		 2144#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2145static int test_decrypt_null_chunks(void)
2146{
2147 EVP_CIPHER_CTX* ctx = NULL;
062490db 2148 EVP_CIPHER *cipher = NULL;
b4be6937
MC		 2149 const unsigned char key[32] = {
2150 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2151 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2152 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2153 };
2154 unsigned char iv[12] = {
2155 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2156 };
2157 unsigned char msg[] = "It was the best of times, it was the worst of times";
2158 unsigned char ciphertext[80];
2159 unsigned char plaintext[80];
2160 /* We initialise tmp to a non zero value on purpose */
2161 int ctlen, ptlen, tmp = 99;
2162 int ret = 0;
2163 const int enc_offset = 10, dec_offset = 20;
2164
062490db
JS		 2165 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2166 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2167 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
b4be6937
MC		 2168 key, iv))
2169 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2170 enc_offset))
2171 /* Deliberate add a zero length update */
2172 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2173 0))
2174 || !TEST_int_eq(tmp, 0)
2175 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2176 msg + enc_offset,
2177 sizeof(msg) - enc_offset))
2178 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2179 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2180 || !TEST_int_eq(tmp, 0))
2181 goto err;
2182
2183 /* Deliberately initialise tmp to a non zero value */
2184 tmp = 99;
062490db 2185 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
b4be6937
MC		 2186 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2187 dec_offset))
2188 /*
2189 * Deliberately add a zero length update. We also deliberately do
2190 * this at a different offset than for encryption.
2191 */
2192 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2193 0))
2194 || !TEST_int_eq(tmp, 0)
2195 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2196 ciphertext + dec_offset,
2197 ctlen - dec_offset))
2198 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2199 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2200 || !TEST_int_eq(tmp, 0)
2201 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2202 goto err;
2203
2204 ret = 1;
2205 err:
2206 EVP_CIPHER_CTX_free(ctx);
062490db 2207 EVP_CIPHER_free(cipher);
b4be6937
MC		 2208 return ret;
2209}
2210#endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2211
2c04b341
JS		 2212#ifndef OPENSSL_NO_DH
2213/*
8a9394c1 2214 * Test combinations of private, public, missing and private + public key
2c04b341
JS		 2215 * params to ensure they are all accepted
2216 */
2217static int test_DH_priv_pub(void)
2218{
2219 return test_EVP_PKEY_ffc_priv_pub("DH");
2220}
2221
2222# ifndef OPENSSL_NO_DEPRECATED_3_0
e295de1d
MC		 2223static int test_EVP_PKEY_set1_DH(void)
2224{
ca2bf555
SL		 2225 DH *x942dh = NULL, *noqdh = NULL;
2226 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
e295de1d 2227 int ret = 0;
ca2bf555
SL		 2228 BIGNUM *p, *g = NULL;
2229
2230 if (!TEST_ptr(p = BN_new())
2231 || !TEST_ptr(g = BN_new())
2232 || !BN_set_word(p, 9999)
2233 || !BN_set_word(g, 2)
2234 || !TEST_ptr(noqdh = DH_new())
2235 || !DH_set0_pqg(noqdh, p, NULL, g))
2236 goto err;
2237 p = g = NULL;
e295de1d
MC		 2238
2239 x942dh = DH_get_2048_256();
e295de1d
MC		 2240 pkey1 = EVP_PKEY_new();
2241 pkey2 = EVP_PKEY_new();
2242 if (!TEST_ptr(x942dh)
ca2bf555 2243 || !TEST_ptr(noqdh)
e295de1d
MC		 2244 || !TEST_ptr(pkey1)
2245 || !TEST_ptr(pkey2))
2246 goto err;
2247
2248 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2249 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
2250 goto err;
2251
ca2bf555 2252 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
e295de1d
MC		 2253 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
2254 goto err;
2255
2256 ret = 1;
2257 err:
ca2bf555
SL		 2258 BN_free(p);
2259 BN_free(g);
e295de1d
MC		 2260 EVP_PKEY_free(pkey1);
2261 EVP_PKEY_free(pkey2);
2262 DH_free(x942dh);
ca2bf555 2263 DH_free(noqdh);
e295de1d
MC		 2264
2265 return ret;
2266}
2c04b341
JS		 2267# endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2268#endif /* !OPENSSL_NO_DH */
e295de1d 2269
8a5cb596
RL		 2270/*
2271 * We test what happens with an empty template. For the sake of this test,
2272 * the template must be ignored, and we know that's the case for RSA keys
2273 * (this might arguably be a misfeature, but that's what we currently do,
2274 * even in provider code, since that's how the legacy RSA implementation
2275 * does things)
2276 */
2277static int test_keygen_with_empty_template(int n)
2278{
2279 EVP_PKEY_CTX *ctx = NULL;
2280 EVP_PKEY *pkey = NULL;
2281 EVP_PKEY *tkey = NULL;
2282 int ret = 0;
2283
062490db
JS		 2284 if (nullprov != NULL)
2285 return TEST_skip("Test does not support a non-default library context");
2286
8a5cb596
RL		 2287 switch (n) {
2288 case 0:
2289 /* We do test with no template at all as well */
2290 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2291 goto err;
2292 break;
2293 case 1:
2294 /* Here we create an empty RSA key that serves as our template */
2295 if (!TEST_ptr(tkey = EVP_PKEY_new())
2296 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2297 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2298 goto err;
2299 break;
2300 }
2301
2302 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2303 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2304 goto err;
2305
2306 ret = 1;
2307 err:
2308 EVP_PKEY_CTX_free(ctx);
2309 EVP_PKEY_free(pkey);
2310 EVP_PKEY_free(tkey);
2311 return ret;
2312}
2313
5ddec6a7
MC		 2314/*
2315 * Test that we fail if we attempt to use an algorithm that is not available
08497fc6
RL		 2316 * in the current library context (unless we are using an algorithm that
2317 * should be made available via legacy codepaths).
2318 *
2319 * 0: RSA
2320 * 1: SM2
5ddec6a7
MC		 2321 */
2322static int test_pkey_ctx_fail_without_provider(int tst)
2323{
b4250010 2324 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
062490db 2325 OSSL_PROVIDER *tmpnullprov = NULL;
5ddec6a7 2326 EVP_PKEY_CTX *pctx = NULL;
08497fc6
RL		 2327 const char *keytype = NULL;
2328 int expect_null = 0;
5ddec6a7
MC		 2329 int ret = 0;
2330
2331 if (!TEST_ptr(tmpctx))
2332 goto err;
2333
062490db
JS		 2334 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
2335 if (!TEST_ptr(tmpnullprov))
5ddec6a7
MC		 2336 goto err;
2337
5ddec6a7 2338 /*
08497fc6
RL		 2339 * We check for certain algos in the null provider.
2340 * If an algo is expected to have a provider keymgmt, contructing an
2341 * EVP_PKEY_CTX is expected to fail (return NULL).
2342 * Otherwise, if it's expected to have legacy support, contructing an
2343 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
5ddec6a7 2344 */
08497fc6
RL		 2345 switch (tst) {
2346 case 0:
2347 keytype = "RSA";
2348 expect_null = 1;
2349 break;
2350 case 1:
2351 keytype = "SM2";
d0b79f86 2352 expect_null = 1;
08497fc6
RL		 2353#ifdef OPENSSL_NO_EC
2354 TEST_info("EC disable, skipping SM2 check...");
2355 goto end;
2356#endif
2357#ifdef OPENSSL_NO_SM2
2358 TEST_info("SM2 disable, skipping SM2 check...");
2359 goto end;
2360#endif
2361 break;
2362 default:
2363 TEST_error("No test for case %d", tst);
2364 goto err;
2365 }
2366
2367 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2368 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
5ddec6a7
MC		 2369 goto err;
2370
08497fc6
RL		 2371#if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2372 end:
2373#endif
5ddec6a7
MC		 2374 ret = 1;
2375
2376 err:
2377 EVP_PKEY_CTX_free(pctx);
062490db 2378 OSSL_PROVIDER_unload(tmpnullprov);
b4250010 2379 OSSL_LIB_CTX_free(tmpctx);
5ddec6a7
MC		 2380 return ret;
2381}
2382
1c19ff3c
P		 2383static int test_rand_agglomeration(void)
2384{
2385 EVP_RAND *rand;
2386 EVP_RAND_CTX *ctx;
2387 OSSL_PARAM params[3], *p = params;
2388 int res;
2389 unsigned int step = 7;
2390 static unsigned char seed[] = "It does not matter how slowly you go "
2391 "as long as you do not stop.";
2392 unsigned char out[sizeof(seed)];
2393
2394 if (!TEST_int_ne(sizeof(seed) % step, 0)
062490db 2395 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
1c19ff3c
P		 2396 return 0;
2397 ctx = EVP_RAND_CTX_new(rand, NULL);
2398 EVP_RAND_free(rand);
2399 if (!TEST_ptr(ctx))
2400 return 0;
2401
2402 memset(out, 0, sizeof(out));
2403 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2404 seed, sizeof(seed));
0d4460d2 2405 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
1c19ff3c
P		 2406 *p = OSSL_PARAM_construct_end();
2407 res = TEST_true(EVP_RAND_set_ctx_params(ctx, params))
2408 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
2409 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
2410 EVP_RAND_CTX_free(ctx);
2411 return res;
2412}
2413
440b852a
BK		 2414/*
2415 * Test that we correctly return the original or "running" IV after
2416 * an encryption operation.
2417 * Run multiple times for some different relevant algorithms/modes.
2418 */
2419static int test_evp_iv(int idx)
2420{
2421 int ret = 0;
2422 EVP_CIPHER_CTX *ctx = NULL;
2423 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2424 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2425 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
2426 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2427 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2428 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2429 9, 10, 11, 12, 13, 14, 15, 16 };
2430 unsigned char ciphertext[32], oiv[16], iv[16];
2431 unsigned char *ref_iv;
2432 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2433 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2434
2435 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2436 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2437 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2438 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2439 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2440#ifndef OPENSSL_NO_OCB
2441 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2442 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2443#endif
2444 int len = sizeof(ciphertext);
2445 size_t ivlen, ref_len;
2446 const EVP_CIPHER *type = NULL;
2447
062490db
JS		 2448 if (nullprov != NULL && idx < 5)
2449 return TEST_skip("Test does not support a non-default library context");
2450
440b852a
BK		 2451 switch(idx) {
2452 case 0:
2453 type = EVP_aes_128_cbc();
2454 /* FALLTHROUGH */
2455 case 5:
2456 type = (type != NULL) ? type :
062490db 2457 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
440b852a
BK		 2458 ref_iv = cbc_state;
2459 ref_len = sizeof(cbc_state);
2460 break;
2461 case 1:
2462 type = EVP_aes_128_ofb();
2463 /* FALLTHROUGH */
2464 case 6:
2465 type = (type != NULL) ? type :
062490db 2466 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
440b852a
BK		 2467 ref_iv = ofb_state;
2468 ref_len = sizeof(ofb_state);
2469 break;
2470 case 2:
2471 type = EVP_aes_128_gcm();
2472 /* FALLTHROUGH */
2473 case 7:
2474 type = (type != NULL) ? type :
062490db 2475 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
440b852a
BK		 2476 ref_iv = gcm_state;
2477 ref_len = sizeof(gcm_state);
2478 break;
2479 case 3:
2480 type = EVP_aes_128_ccm();
2481 /* FALLTHROUGH */
2482 case 8:
2483 type = (type != NULL) ? type :
062490db 2484 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
440b852a
BK		 2485 ref_iv = ccm_state;
2486 ref_len = sizeof(ccm_state);
2487 break;
2488#ifdef OPENSSL_NO_OCB
2489 case 4:
2490 case 9:
2491 return 1;
2492#else
2493 case 4:
2494 type = EVP_aes_128_ocb();
2495 /* FALLTHROUGH */
2496 case 9:
2497 type = (type != NULL) ? type :
062490db 2498 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
440b852a
BK		 2499 ref_iv = ocb_state;
2500 ref_len = sizeof(ocb_state);
2501 break;
2502#endif
2503 default:
2504 return 0;
2505 }
2506
2507 if (!TEST_ptr(type)
2508 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2509 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2510 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2511 (int)sizeof(msg)))
0d83b7b9
TM		 2512 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2513 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
440b852a
BK		 2514 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2515 goto err;
2516 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
2517 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2518 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2519 goto err;
2520
2521 ret = 1;
2522err:
2523 EVP_CIPHER_CTX_free(ctx);
2524 if (idx >= 5)
2525 EVP_CIPHER_free((EVP_CIPHER *)type);
2526 return ret;
2527}
2528
c0ff1932
BK		 2529#ifndef OPENSSL_NO_EC
2530static int ecpub_nids[] = { NID_brainpoolP256r1, NID_X9_62_prime256v1,
2531 NID_secp384r1, NID_secp521r1, NID_sect233k1, NID_sect233r1, NID_sect283r1,
2532 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
2533 NID_brainpoolP384r1, NID_brainpoolP512r1};
2534
2535static int test_ecpub(int idx)
2536{
ad7cb0bf 2537 int ret = 0, len, savelen;
c0ff1932
BK		 2538 int nid;
2539 unsigned char buf[1024];
2540 unsigned char *p;
2541 EVP_PKEY *pkey = NULL;
2542 EVP_PKEY_CTX *ctx = NULL;
3d364726
BK		 2543# ifndef OPENSSL_NO_DEPRECATED_3_0
2544 const unsigned char *q;
2545 EVP_PKEY *pkey2 = NULL;
2546 EC_KEY *ec = NULL;
2547# endif
c0ff1932 2548
062490db
JS		 2549 if (nullprov != NULL)
2550 return TEST_skip("Test does not support a non-default library context");
2551
c0ff1932
BK		 2552 nid = ecpub_nids[idx];
2553
2554 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
2555 if (!TEST_ptr(ctx)
2556 || !TEST_true(EVP_PKEY_keygen_init(ctx))
2557 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid))
2558 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
2559 goto done;
2560 len = i2d_PublicKey(pkey, NULL);
ad7cb0bf 2561 savelen = len;
c0ff1932
BK		 2562 if (!TEST_int_ge(len, 1)
2563 || !TEST_int_lt(len, 1024))
2564 goto done;
2565 p = buf;
2566 len = i2d_PublicKey(pkey, &p);
ad7cb0bf
BK		 2567 if (!TEST_int_ge(len, 1)
2568 || !TEST_int_eq(len, savelen))
c0ff1932
BK		 2569 goto done;
2570
3d364726
BK		 2571# ifndef OPENSSL_NO_DEPRECATED_3_0
2572 /* Now try to decode the just-created DER. */
2573 q = buf;
2574 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
2575 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
2576 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
2577 goto done;
2578 /* EC_KEY ownership transferred */
2579 ec = NULL;
2580 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
2581 goto done;
2582 /* The keys should match. */
2583 if (!TEST_int_eq(EVP_PKEY_cmp(pkey, pkey2), 1))
2584 goto done;
2585# endif
2586
c0ff1932
BK		 2587 ret = 1;
2588
2589 done:
2590 EVP_PKEY_CTX_free(ctx);
2591 EVP_PKEY_free(pkey);
3d364726
BK		 2592# ifndef OPENSSL_NO_DEPRECATED_3_0
2593 EVP_PKEY_free(pkey2);
2594 EC_KEY_free(ec);
2595# endif
c0ff1932
BK		 2596 return ret;
2597}
2598#endif
2599
e947a064
DB		 2600static int test_EVP_rsa_pss_with_keygen_bits(void)
2601{
062490db
JS		 2602 int ret = 0;
2603 EVP_PKEY_CTX *ctx = NULL;
2604 EVP_PKEY *pkey = NULL;
2605 EVP_MD *md;
e947a064 2606
062490db
JS		 2607 md = EVP_MD_fetch(testctx, "sha256", testpropq);
2608 ret = TEST_ptr(md)
2609 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", testpropq)))
e947a064
DB		 2610 && TEST_true(EVP_PKEY_keygen_init(ctx))
2611 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
2612 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
2613 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
2614
062490db 2615 EVP_MD_free(md);
e947a064
DB		 2616 EVP_PKEY_free(pkey);
2617 EVP_PKEY_CTX_free(ctx);
e947a064
DB		 2618 return ret;
2619}
2620
5eb73cfb
MC		 2621static int success = 1;
2622static void md_names(const char *name, void *vctx)
2623{
2624 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
2625 /* Force a namemap update */
2626 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
2627
2628 if (!TEST_ptr(aes128))
2629 success = 0;
2630
2631 EVP_CIPHER_free(aes128);
2632}
2633
2634/*
2635 * Test that changing the namemap in a user callback works in a names_do_all
2636 * function.
2637 */
2638static int test_names_do_all(void)
2639{
2640 /* We use a custom libctx so that we know the state of the namemap */
2641 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
2642 EVP_MD *sha256 = NULL;
2643 int testresult = 0;
2644
2645 if (!TEST_ptr(ctx))
2646 goto err;
2647
2648 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
2649 if (!TEST_ptr(sha256))
2650 goto err;
2651
2652 /*
2653 * We loop through all the names for a given digest. This should still work
2654 * even if the namemap changes part way through.
2655 */
2656 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
2657 goto err;
2658
2659 if (!TEST_true(success))
2660 goto err;
2661
2662 testresult = 1;
2663 err:
2664 EVP_MD_free(sha256);
2665 OSSL_LIB_CTX_free(ctx);
2666 return testresult;
2667}
e947a064 2668
062490db
JS		 2669typedef enum OPTION_choice {
2670 OPT_ERR = -1,
2671 OPT_EOF = 0,
2672 OPT_CONTEXT,
2673 OPT_TEST_ENUM
2674} OPTION_CHOICE;
2675
2676const OPTIONS *test_get_options(void)
71ea6b48 2677{
062490db
JS		 2678 static const OPTIONS options[] = {
2679 OPT_TEST_OPTIONS_DEFAULT_USAGE,
2680 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
2681 { NULL }
2682 };
2683 return options;
2684}
86dc26ba 2685
062490db
JS		 2686int setup_tests(void)
2687{
2688 OPTION_CHOICE o;
2689
2690 while ((o = opt_next()) != OPT_EOF) {
2691 switch (o) {
2692 case OPT_CONTEXT:
2693 /* Set up an alternate library context */
2694 testctx = OSSL_LIB_CTX_new();
2695 if (!TEST_ptr(testctx))
2696 return 0;
2697 /* Swap the libctx to test non-default context only */
2698 nullprov = OSSL_PROVIDER_load(NULL, "null");
2699 deflprov = OSSL_PROVIDER_load(testctx, "default");
2700 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
2701 break;
2702 case OPT_TEST_CASES:
2703 break;
2704 default:
2705 return 0;
2706 }
2707 }
86dc26ba 2708
f9e504e8 2709 ADD_TEST(test_EVP_set_default_properties);
6d242fa5 2710 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
adcd8e37 2711 ADD_TEST(test_EVP_DigestVerifyInit);
8d8dd09b 2712 ADD_TEST(test_EVP_Digest);
2eb2b4f3 2713 ADD_TEST(test_EVP_Enveloped);
ad887416 2714 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
29c49b25 2715 ADD_TEST(test_privatekey_to_pkcs8);
a9880362 2716#ifndef OPENSSL_NO_EC
adcd8e37 2717 ADD_TEST(test_EVP_PKCS82PKEY);
ddb634fe 2718#endif
f0c62c53
RL		 2719#ifndef OPENSSL_NO_EC
2720 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
2721#endif
f844f9eb 2722#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
ddb634fe 2723 ADD_TEST(test_EVP_SM2);
a6c4cb84 2724 ADD_TEST(test_EVP_SM2_verify);
a9880362 2725#endif
bb5f281a 2726 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
41bbba53 2727#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3
PY		 2728 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
2729 if (!TEST_ptr(custom_pmeth))
2730 return 0;
2731 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
b0004708
PY		 2732 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
2733 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
2aee35d3
PY		 2734 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
2735 return 0;
41bbba53 2736#endif
2aee35d3 2737 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
fab8fde3 2738#ifndef OPENSSL_NO_CMAC
a87820e1 2739 ADD_TEST(test_CMAC_keygen);
fab8fde3 2740#endif
10d5b415 2741 ADD_TEST(test_HKDF);
2cd3ebc7 2742 ADD_TEST(test_emptyikm_HKDF);
5dc40a83
BE		 2743#ifndef OPENSSL_NO_EC
2744 ADD_TEST(test_X509_PUBKEY_inplace);
808c63c5 2745 ADD_TEST(test_X509_PUBKEY_dup);
cad8347b
SL		 2746 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
2747 OSSL_NELEM(ec_der_pub_keys));
5dc40a83 2748#endif
8d0f8c81 2749#ifndef OPENSSL_NO_DSA
f54a4101 2750 ADD_TEST(test_DSA_get_set_params);
2c04b341 2751 ADD_TEST(test_DSA_priv_pub);
b4be6937 2752#endif
f54a4101 2753 ADD_TEST(test_RSA_get_set_params);
b4be6937
MC		 2754#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2755 ADD_TEST(test_decrypt_null_chunks);
8d0f8c81 2756#endif
2c04b341
JS		 2757#ifndef OPENSSL_NO_DH
2758 ADD_TEST(test_DH_priv_pub);
2759# ifndef OPENSSL_NO_DEPRECATED_3_0
e295de1d 2760 ADD_TEST(test_EVP_PKEY_set1_DH);
2c04b341 2761# endif
b8a1272d
MC		 2762#endif
2763#ifndef OPENSSL_NO_EC
2764 ADD_TEST(test_EC_priv_pub);
2765# ifndef OPENSSL_NO_DEPRECATED_3_0
2766 ADD_TEST(test_EC_priv_only_legacy);
2767# endif
501fcfb8 2768#endif
8a5cb596 2769 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
5ddec6a7 2770 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
e295de1d 2771
1c19ff3c 2772 ADD_TEST(test_rand_agglomeration);
440b852a 2773 ADD_ALL_TESTS(test_evp_iv, 10);
e947a064 2774 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
c0ff1932
BK		 2775#ifndef OPENSSL_NO_EC
2776 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
2777#endif
1c19ff3c 2778
5eb73cfb
MC		 2779 ADD_TEST(test_names_do_all);
2780
ad887416 2781 return 1;
71ea6b48 2782}
86dc26ba
MC		 2783
2784void cleanup_tests(void)
2785{
062490db
JS		 2786 OSSL_PROVIDER_unload(nullprov);
2787 OSSL_PROVIDER_unload(deflprov);
2788 OSSL_PROVIDER_unload(lgcyprov);
b4250010 2789 OSSL_LIB_CTX_free(testctx);
86dc26ba 2790}
A mirror of the official openssl repository