]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/evp_extra_test.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
test/evp_extra_test.c: Peek at the error instead of getting it.
[thirdparty/openssl.git] / test / evp_extra_test.c
1 /*
2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include "testutil.h"
34 #include "internal/nelem.h"
35 #include "internal/sizes.h"
36 #include "crypto/evp.h"
37 #include "../e_os.h" /* strcasecmp */
38
39 static OSSL_LIB_CTX *testctx = NULL;
40 static char *testpropq = NULL;
41
42 static OSSL_PROVIDER *nullprov = NULL;
43 static OSSL_PROVIDER *deflprov = NULL;
44 static OSSL_PROVIDER *lgcyprov = NULL;
45
46 /*
47 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
48 * should never use this key anywhere but in an example.
49 */
50 static const unsigned char kExampleRSAKeyDER[] = {
51 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
52 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
53 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
54 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
55 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
56 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
57 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
58 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
59 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
60 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
61 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
62 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
63 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
64 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
65 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
66 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
67 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
68 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
69 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
70 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
71 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
72 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
73 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
74 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
75 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
76 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
77 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
78 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
79 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
80 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
81 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
82 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
83 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
84 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
85 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
86 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
87 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
88 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
89 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
90 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
91 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
92 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
93 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
94 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
95 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
96 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
97 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
98 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
99 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
100 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
101 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
102 };
103
104 /*
105 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
106 * should never use this key anywhere but in an example.
107 */
108 #ifndef OPENSSL_NO_DSA
109 static const unsigned char kExampleDSAKeyDER[] = {
110 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
111 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
112 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
113 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
114 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
115 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
116 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
117 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
118 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
119 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
120 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
121 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
122 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
123 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
124 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
125 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
126 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
127 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
128 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
129 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
130 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
131 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
132 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
133 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
134 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
135 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
136 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
137 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
138 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
139 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
140 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
141 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
142 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
143 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
144 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
145 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
146 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
147 0x40, 0x48
148 };
149 #endif
150
151 /*
152 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
153 * components are not correct.
154 */
155 static const unsigned char kExampleBadRSAKeyDER[] = {
156 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
157 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
158 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
159 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
160 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
161 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
162 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
163 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
164 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
165 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
166 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
167 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
168 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
169 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
170 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
171 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
172 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
173 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
174 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
175 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
176 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
177 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
178 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
179 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
180 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
181 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
182 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
183 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
184 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
185 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
186 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
187 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
188 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
189 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
190 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
191 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
192 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
193 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
194 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
195 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
196 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
197 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
198 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
199 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
200 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
201 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
202 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
203 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
204 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
205 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
206 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
207 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
208 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
209 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
210 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
211 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
212 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
213 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
214 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
215 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
216 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
217 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
218 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
219 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
220 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
221 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
222 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
223 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
224 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
225 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
226 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
227 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
228 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
229 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
230 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
231 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
232 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
233 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
234 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
235 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
236 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
237 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
238 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
239 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
240 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
241 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
242 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
243 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
244 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
245 };
246
247 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
248
249 static const unsigned char kSignature[] = {
250 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
251 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
252 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
253 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
254 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
255 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
256 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
257 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
258 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
259 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
260 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
261 };
262
263 /*
264 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
265 * PrivateKeyInfo.
266 */
267 static const unsigned char kExampleRSAKeyPKCS8[] = {
268 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
269 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
270 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
271 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
272 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
273 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
274 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
275 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
276 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
277 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
278 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
279 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
280 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
281 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
282 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
283 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
284 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
285 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
286 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
287 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
288 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
289 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
290 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
291 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
292 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
293 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
294 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
295 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
296 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
297 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
298 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
299 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
300 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
301 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
302 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
303 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
304 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
305 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
306 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
307 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
308 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
309 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
310 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
311 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
312 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
313 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
314 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
315 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
316 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
317 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
318 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
319 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
320 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
321 };
322
323 #ifndef OPENSSL_NO_EC
324 /*
325 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
326 * structure.
327 */
328 static const unsigned char kExampleECKeyDER[] = {
329 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
330 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
331 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
332 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
333 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
334 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
335 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
336 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
337 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
338 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
339 0xc1,
340 };
341
342 /*
343 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
344 * structure. The private key is equal to the order and will fail to import
345 */
346 static const unsigned char kExampleBadECKeyDER[] = {
347 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
348 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
349 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
350 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
351 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
352 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
353 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
354 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
355 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
356 };
357
358 /* prime256v1 */
359 static const unsigned char kExampleECPubKeyDER[] = {
360 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
361 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
362 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
363 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
364 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
365 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
366 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
367 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
368 };
369
370 /*
371 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
372 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
373 */
374 static const unsigned char kExampleBadECPubKeyDER[] = {
375 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
376 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
377 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
378 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
379 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
380 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
381 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
382 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
383 };
384
385 static const unsigned char pExampleECParamDER[] = {
386 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
387 };
388
389 static const unsigned char kExampleED25519KeyDER[] = {
390 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
391 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
392 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
393 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
394 };
395
396 static const unsigned char kExampleED25519PubKeyDER[] = {
397 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
398 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
399 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
400 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
401 };
402
403 #endif
404
405 static const unsigned char kCFBDefaultKey[] = {
406 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
407 0x09, 0xCF, 0x4F, 0x3C
408 };
409
410 static const unsigned char kGCMDefaultKey[32] = { 0 };
411
412 static const unsigned char kGCMResetKey[] = {
413 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
414 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
415 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
416 };
417
418 static const unsigned char iCFBIV[] = {
419 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
420 0x0C, 0x0D, 0x0E, 0x0F
421 };
422
423 static const unsigned char iGCMDefaultIV[12] = { 0 };
424
425 static const unsigned char iGCMResetIV1[] = {
426 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
427 };
428
429 static const unsigned char iGCMResetIV2[] = {
430 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
431 };
432
433 static const unsigned char cfbPlaintext[] = {
434 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
435 0x73, 0x93, 0x17, 0x2A
436 };
437
438 static const unsigned char gcmDefaultPlaintext[16] = { 0 };
439
440 static const unsigned char gcmResetPlaintext[] = {
441 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
442 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
443 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
444 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
445 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
446 };
447
448 static const unsigned char cfbCiphertext[] = {
449 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
450 0xE8, 0x3C, 0xFB, 0x4A
451 };
452
453 static const unsigned char gcmDefaultCiphertext[] = {
454 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
455 0xba, 0xf3, 0x9d, 0x18
456 };
457
458 static const unsigned char gcmResetCiphertext1[] = {
459 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
460 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
461 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
462 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
463 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
464 };
465
466 static const unsigned char gcmResetCiphertext2[] = {
467 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
468 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
469 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
470 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
471 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
472 };
473
474 static const unsigned char gcmAAD[] = {
475 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
476 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
477 };
478
479 static const unsigned char gcmDefaultTag[] = {
480 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
481 0xd4, 0x8a, 0xb9, 0x19
482 };
483
484 static const unsigned char gcmResetTag1[] = {
485 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
486 0xfe, 0x2e, 0xa8, 0xf2
487 };
488
489 static const unsigned char gcmResetTag2[] = {
490 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
491 0xbb, 0x2d, 0x55, 0x1b
492 };
493
494 typedef struct APK_DATA_st {
495 const unsigned char *kder;
496 size_t size;
497 const char *keytype;
498 int evptype;
499 int check;
500 int pub_check;
501 int param_check;
502 int type; /* 0 for private, 1 for public, 2 for params */
503 } APK_DATA;
504
505 static APK_DATA keydata[] = {
506 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
507 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
508 #ifndef OPENSSL_NO_EC
509 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
510 #endif
511 };
512
513 static APK_DATA keycheckdata[] = {
514 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
515 0},
516 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
517 0, 1, 1, 0},
518 #ifndef OPENSSL_NO_EC
519 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
520 /* group is also associated in our pub key */
521 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
522 1, 1},
523 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
524 2},
525 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
526 EVP_PKEY_ED25519, 1, 1, 1, 0},
527 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
528 EVP_PKEY_ED25519, 0, 1, 1, 1},
529 #endif
530 };
531
532 static EVP_PKEY *load_example_key(const char *keytype,
533 const unsigned char *data, size_t data_len)
534 {
535 const unsigned char **pdata = &data;
536 EVP_PKEY *pkey = NULL;
537 OSSL_DECODER_CTX *dctx =
538 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
539 testctx, testpropq);
540
541 /* |pkey| will be NULL on error */
542 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
543 OSSL_DECODER_CTX_free(dctx);
544 return pkey;
545 }
546
547 static EVP_PKEY *load_example_rsa_key(void)
548 {
549 return load_example_key("RSA", kExampleRSAKeyDER,
550 sizeof(kExampleRSAKeyDER));
551 }
552
553 #ifndef OPENSSL_NO_DSA
554 static EVP_PKEY *load_example_dsa_key(void)
555 {
556 return load_example_key("DSA", kExampleDSAKeyDER,
557 sizeof(kExampleDSAKeyDER));
558 }
559 #endif
560
561 static EVP_PKEY *load_example_hmac_key(void)
562 {
563 EVP_PKEY *pkey = NULL;
564 unsigned char key[] = {
565 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
566 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
567 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
568 };
569
570 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
571 NULL, key, sizeof(key));
572 if (!TEST_ptr(pkey))
573 return NULL;
574
575 return pkey;
576 }
577
578 static int test_EVP_set_default_properties(void)
579 {
580 OSSL_LIB_CTX *ctx;
581 EVP_MD *md = NULL;
582 int res = 0;
583
584 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
585 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
586 goto err;
587 EVP_MD_free(md);
588 md = NULL;
589
590 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
591 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
592 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
593 goto err;
594 EVP_MD_free(md);
595 md = NULL;
596
597 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
598 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
599 goto err;
600 res = 1;
601 err:
602 EVP_MD_free(md);
603 OSSL_LIB_CTX_free(ctx);
604 return res;
605 }
606
607 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
608 static int test_fromdata(char *keytype, OSSL_PARAM *params)
609 {
610 EVP_PKEY_CTX *pctx = NULL;
611 EVP_PKEY *pkey = NULL;
612 int testresult = 0;
613
614 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
615 goto err;
616 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
617 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
618 params), 0))
619 goto err;
620
621 if (!TEST_ptr(pkey))
622 goto err;
623
624 testresult = 1;
625 err:
626 EVP_PKEY_free(pkey);
627 EVP_PKEY_CTX_free(pctx);
628
629 return testresult;
630 }
631 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
632
633 /*
634 * Test combinations of private, public, missing and private + public key
635 * params to ensure they are all accepted
636 */
637 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
638 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
639 {
640 OSSL_PARAM_BLD *bld = NULL;
641 OSSL_PARAM *params = NULL;
642 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
643 int ret = 0;
644
645 /*
646 * Setup the parameters for our pkey object. For our purposes they don't
647 * have to actually be *valid* parameters. We just need to set something.
648 */
649 if (!TEST_ptr(p = BN_new())
650 || !TEST_ptr(q = BN_new())
651 || !TEST_ptr(g = BN_new())
652 || !TEST_ptr(pub = BN_new())
653 || !TEST_ptr(priv = BN_new()))
654 goto err;
655
656 /* Test !priv and !pub */
657 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
658 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
659 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
660 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
661 goto err;
662 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
663 goto err;
664
665 if (!test_fromdata(keytype, params))
666 goto err;
667 OSSL_PARAM_free(params);
668 params = NULL;
669 OSSL_PARAM_BLD_free(bld);
670
671 /* Test priv and !pub */
672 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
673 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
674 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
675 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
676 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
677 priv)))
678 goto err;
679 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
680 goto err;
681
682 if (!test_fromdata(keytype, params))
683 goto err;
684 OSSL_PARAM_free(params);
685 params = NULL;
686 OSSL_PARAM_BLD_free(bld);
687
688 /* Test !priv and pub */
689 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
690 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
691 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
692 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
693 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
694 pub)))
695 goto err;
696 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
697 goto err;
698
699 if (!test_fromdata(keytype, params))
700 goto err;
701 OSSL_PARAM_free(params);
702 params = NULL;
703 OSSL_PARAM_BLD_free(bld);
704
705 /* Test priv and pub */
706 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
707 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
708 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
709 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
710 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
711 pub))
712 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
713 priv)))
714 goto err;
715 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
716 goto err;
717
718 if (!test_fromdata(keytype, params))
719 goto err;
720
721 ret = 1;
722 err:
723 OSSL_PARAM_free(params);
724 OSSL_PARAM_BLD_free(bld);
725 BN_free(p);
726 BN_free(q);
727 BN_free(g);
728 BN_free(pub);
729 BN_free(priv);
730
731 return ret;
732 }
733 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
734
735 /*
736 * Test combinations of private, public, missing and private + public key
737 * params to ensure they are all accepted for EC keys
738 */
739 #ifndef OPENSSL_NO_EC
740 static unsigned char ec_priv[] = {
741 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
742 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
743 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
744 };
745 static unsigned char ec_pub[] = {
746 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
747 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
748 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
749 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
750 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
751 0x08, 0x09, 0xb8, 0xdb, 0x03
752 };
753
754 static int test_EC_priv_pub(void)
755 {
756 OSSL_PARAM_BLD *bld = NULL;
757 OSSL_PARAM *params = NULL;
758 BIGNUM *priv = NULL;
759 int ret = 0;
760
761 /*
762 * Setup the parameters for our pkey object. For our purposes they don't
763 * have to actually be *valid* parameters. We just need to set something.
764 */
765 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
766 goto err;
767
768 /* Test !priv and !pub */
769 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
770 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
771 OSSL_PKEY_PARAM_GROUP_NAME,
772 "P-256", 0)))
773 goto err;
774 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
775 goto err;
776
777 if (!test_fromdata("EC", params))
778 goto err;
779 OSSL_PARAM_free(params);
780 params = NULL;
781 OSSL_PARAM_BLD_free(bld);
782
783 /* Test priv and !pub */
784 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
785 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
786 OSSL_PKEY_PARAM_GROUP_NAME,
787 "P-256", 0))
788 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
789 priv)))
790 goto err;
791 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
792 goto err;
793
794 if (!test_fromdata("EC", params))
795 goto err;
796 OSSL_PARAM_free(params);
797 params = NULL;
798 OSSL_PARAM_BLD_free(bld);
799
800 /* Test !priv and pub */
801 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
802 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
803 OSSL_PKEY_PARAM_GROUP_NAME,
804 "P-256", 0))
805 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
806 OSSL_PKEY_PARAM_PUB_KEY,
807 ec_pub, sizeof(ec_pub))))
808 goto err;
809 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
810 goto err;
811
812 if (!test_fromdata("EC", params))
813 goto err;
814 OSSL_PARAM_free(params);
815 params = NULL;
816 OSSL_PARAM_BLD_free(bld);
817
818 /* Test priv and pub */
819 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
820 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
821 OSSL_PKEY_PARAM_GROUP_NAME,
822 "P-256", 0))
823 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
824 OSSL_PKEY_PARAM_PUB_KEY,
825 ec_pub, sizeof(ec_pub)))
826 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
827 priv)))
828 goto err;
829 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
830 goto err;
831
832 if (!test_fromdata("EC", params))
833 goto err;
834
835 ret = 1;
836 err:
837 OSSL_PARAM_free(params);
838 OSSL_PARAM_BLD_free(bld);
839 BN_free(priv);
840
841 return ret;
842 }
843
844 /* Test that using a legacy EC key with only a private key in it works */
845 # ifndef OPENSSL_NO_DEPRECATED_3_0
846 static int test_EC_priv_only_legacy(void)
847 {
848 BIGNUM *priv = NULL;
849 int ret = 0;
850 EC_KEY *eckey = NULL;
851 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
852 EVP_MD_CTX *ctx = NULL;
853
854 /* Create the low level EC_KEY */
855 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
856 goto err;
857
858 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
859 if (!TEST_ptr(eckey))
860 goto err;
861
862 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
863 goto err;
864
865 pkey = EVP_PKEY_new();
866 if (!TEST_ptr(pkey))
867 goto err;
868
869 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
870 goto err;
871 eckey = NULL;
872
873 while (dup_pk == NULL) {
874 ret = 0;
875 ctx = EVP_MD_CTX_new();
876 if (!TEST_ptr(ctx))
877 goto err;
878
879 /*
880 * The EVP_DigestSignInit function should create the key on the
881 * provider side which is sufficient for this test.
882 */
883 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
884 testpropq, pkey, NULL)))
885 goto err;
886 EVP_MD_CTX_free(ctx);
887 ctx = NULL;
888
889 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
890 goto err;
891 /* EVP_PKEY_eq() returns -2 with missing public keys */
892 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
893 EVP_PKEY_free(pkey);
894 pkey = dup_pk;
895 if (!ret)
896 goto err;
897 }
898
899 err:
900 EVP_MD_CTX_free(ctx);
901 EVP_PKEY_free(pkey);
902 EC_KEY_free(eckey);
903 BN_free(priv);
904
905 return ret;
906 }
907 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
908 #endif /* OPENSSL_NO_EC */
909
910 /*
911 * n = 0 => test using legacy cipher
912 * n = 1 => test using fetched cipher
913 */
914 static int test_EVP_Enveloped(int n)
915 {
916 int ret = 0;
917 EVP_CIPHER_CTX *ctx = NULL;
918 EVP_PKEY *keypair = NULL;
919 unsigned char *kek = NULL;
920 unsigned char iv[EVP_MAX_IV_LENGTH];
921 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
922 int len, kek_len, ciphertext_len, plaintext_len;
923 unsigned char ciphertext[32], plaintext[16];
924 EVP_CIPHER *type = NULL;
925
926 if (nullprov != NULL)
927 return TEST_skip("Test does not support a non-default library context");
928
929 if (n == 0)
930 type = (EVP_CIPHER *)EVP_aes_256_cbc();
931 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
932 testpropq)))
933 goto err;
934
935 if (!TEST_ptr(keypair = load_example_rsa_key())
936 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
937 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
938 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
939 &keypair, 1))
940 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
941 msg, sizeof(msg)))
942 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
943 &len)))
944 goto err;
945
946 ciphertext_len += len;
947
948 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
949 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
950 ciphertext, ciphertext_len))
951 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
952 goto err;
953
954 plaintext_len += len;
955 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
956 goto err;
957
958 ret = 1;
959 err:
960 if (n != 0)
961 EVP_CIPHER_free(type);
962 OPENSSL_free(kek);
963 EVP_PKEY_free(keypair);
964 EVP_CIPHER_CTX_free(ctx);
965 return ret;
966 }
967
968 /*
969 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
970 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
971 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
972 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
973 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
974 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
975 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
976 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
977 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
978 */
979 static int test_EVP_DigestSignInit(int tst)
980 {
981 int ret = 0;
982 EVP_PKEY *pkey = NULL;
983 unsigned char *sig = NULL;
984 size_t sig_len = 0;
985 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
986 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
987 BIO *mdbio = NULL, *membio = NULL;
988 size_t written;
989 const EVP_MD *md;
990 EVP_MD *mdexp = NULL;
991
992 if (nullprov != NULL)
993 return TEST_skip("Test does not support a non-default library context");
994
995 if (tst >= 6) {
996 membio = BIO_new(BIO_s_mem());
997 mdbio = BIO_new(BIO_f_md());
998 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
999 goto out;
1000 BIO_push(mdbio, membio);
1001 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1002 goto out;
1003 } else {
1004 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1005 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1006 goto out;
1007 }
1008
1009 if (tst == 0 || tst == 3 || tst == 6) {
1010 if (!TEST_ptr(pkey = load_example_rsa_key()))
1011 goto out;
1012 } else if (tst == 1 || tst == 4 || tst == 7) {
1013 #ifndef OPENSSL_NO_DSA
1014 if (!TEST_ptr(pkey = load_example_dsa_key()))
1015 goto out;
1016 #else
1017 ret = 1;
1018 goto out;
1019 #endif
1020 } else {
1021 if (!TEST_ptr(pkey = load_example_hmac_key()))
1022 goto out;
1023 }
1024
1025 if (tst >= 3 && tst <= 5)
1026 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1027 else
1028 md = EVP_sha256();
1029
1030 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1031 goto out;
1032
1033 if (tst >= 6) {
1034 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1035 goto out;
1036 } else {
1037 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1038 goto out;
1039 }
1040
1041 /* Determine the size of the signature. */
1042 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1043 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1044 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1045 goto out;
1046
1047 if (tst >= 6) {
1048 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1049 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1050 goto out;
1051 }
1052
1053 /*
1054 * Ensure that the signature round-trips (Verification isn't supported for
1055 * HMAC via EVP_DigestVerify*)
1056 */
1057 if (tst != 2 && tst != 5 && tst != 8) {
1058 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1059 NULL, pkey)))
1060 goto out;
1061
1062 if (tst >= 6) {
1063 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1064 goto out;
1065 } else {
1066 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1067 sizeof(kMsg))))
1068 goto out;
1069 }
1070 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1071 goto out;
1072 }
1073
1074 ret = 1;
1075
1076 out:
1077 BIO_free(membio);
1078 BIO_free(mdbio);
1079 EVP_MD_CTX_free(a_md_ctx);
1080 EVP_MD_CTX_free(a_md_ctx_verify);
1081 EVP_PKEY_free(pkey);
1082 OPENSSL_free(sig);
1083 EVP_MD_free(mdexp);
1084
1085 return ret;
1086 }
1087
1088 static int test_EVP_DigestVerifyInit(void)
1089 {
1090 int ret = 0;
1091 EVP_PKEY *pkey = NULL;
1092 EVP_MD_CTX *md_ctx = NULL;
1093
1094 if (nullprov != NULL)
1095 return TEST_skip("Test does not support a non-default library context");
1096
1097 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1098 || !TEST_ptr(pkey = load_example_rsa_key()))
1099 goto out;
1100
1101 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1102 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1103 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
1104 sizeof(kSignature))))
1105 goto out;
1106 ret = 1;
1107
1108 out:
1109 EVP_MD_CTX_free(md_ctx);
1110 EVP_PKEY_free(pkey);
1111 return ret;
1112 }
1113
1114 /*
1115 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1116 */
1117 static int test_EVP_Digest(void)
1118 {
1119 int ret = 0;
1120 EVP_MD_CTX *md_ctx = NULL;
1121 unsigned char md[EVP_MAX_MD_SIZE];
1122 EVP_MD *sha256 = NULL;
1123 EVP_MD *shake256 = NULL;
1124
1125 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1126 goto out;
1127
1128 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1129 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1130 goto out;
1131
1132 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1133 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1134 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1135 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1136 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1137 goto out;
1138
1139 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1140 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1141 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1142 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1143 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1144 /*
1145 * EVP_DigestInit_ex with NULL type should work on
1146 * pre-initialized context.
1147 */
1148 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1149 goto out;
1150
1151 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1152 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1153 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1154 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1155 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1156 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1157 goto out;
1158 ret = 1;
1159
1160 out:
1161 EVP_MD_CTX_free(md_ctx);
1162 EVP_MD_free(sha256);
1163 EVP_MD_free(shake256);
1164 return ret;
1165 }
1166
1167 static int test_d2i_AutoPrivateKey(int i)
1168 {
1169 int ret = 0;
1170 const unsigned char *p;
1171 EVP_PKEY *pkey = NULL;
1172 const APK_DATA *ak = &keydata[i];
1173 const unsigned char *input = ak->kder;
1174 size_t input_len = ak->size;
1175 int expected_id = ak->evptype;
1176
1177 p = input;
1178 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1179 || !TEST_ptr_eq(p, input + input_len)
1180 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
1181 goto done;
1182
1183 ret = 1;
1184
1185 done:
1186 EVP_PKEY_free(pkey);
1187 return ret;
1188 }
1189
1190 #ifndef OPENSSL_NO_EC
1191
1192 static const unsigned char ec_public_sect163k1_validxy[] = {
1193 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1194 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1195 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1196 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1197 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1198 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1199 };
1200
1201 static const unsigned char ec_public_sect163k1_badx[] = {
1202 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1203 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1204 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1205 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1206 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1207 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1208 };
1209
1210 static const unsigned char ec_public_sect163k1_bady[] = {
1211 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1212 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1213 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1214 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1215 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1216 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1217 };
1218
1219 static struct ec_der_pub_keys_st {
1220 const unsigned char *der;
1221 size_t len;
1222 int valid;
1223 } ec_der_pub_keys[] = {
1224 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1225 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1226 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1227 };
1228
1229 /*
1230 * Tests the range of the decoded EC char2 public point.
1231 * See ec_GF2m_simple_oct2point().
1232 */
1233 static int test_invalide_ec_char2_pub_range_decode(int id)
1234 {
1235 int ret = 0;
1236 EVP_PKEY *pkey;
1237
1238 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1239 ec_der_pub_keys[id].len);
1240
1241 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1242 || TEST_ptr_null(pkey);
1243 EVP_PKEY_free(pkey);
1244 return ret;
1245 }
1246
1247 /* Tests loading a bad key in PKCS8 format */
1248 static int test_EVP_PKCS82PKEY(void)
1249 {
1250 int ret = 0;
1251 const unsigned char *derp = kExampleBadECKeyDER;
1252 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1253 EVP_PKEY *pkey = NULL;
1254
1255 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1256 sizeof(kExampleBadECKeyDER))))
1257 goto done;
1258
1259 if (!TEST_ptr_eq(derp,
1260 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1261 goto done;
1262
1263 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1264 goto done;
1265
1266 ret = 1;
1267
1268 done:
1269 PKCS8_PRIV_KEY_INFO_free(p8inf);
1270 EVP_PKEY_free(pkey);
1271
1272 return ret;
1273 }
1274
1275 #endif
1276 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1277 {
1278 EVP_PKEY *pkey = NULL;
1279 EVP_PKEY *pkey2 = NULL;
1280 BIO *membio = NULL;
1281 char *membuf = NULL;
1282 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1283 int ok = 0;
1284
1285 if (testctx != NULL)
1286 /* test not supported with non-default context */
1287 return 1;
1288
1289 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1290 || !TEST_ptr(pkey = load_example_rsa_key())
1291 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1292 NULL, 0, NULL, NULL),
1293 0)
1294 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1295 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1296 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
1297 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1298 goto done;
1299 }
1300
1301 ok = 1;
1302 done:
1303 EVP_PKEY_free(pkey);
1304 EVP_PKEY_free(pkey2);
1305 PKCS8_PRIV_KEY_INFO_free(p8inf);
1306 BIO_free_all(membio);
1307 return ok;
1308 }
1309
1310 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1311 static int test_privatekey_to_pkcs8(void)
1312 {
1313 EVP_PKEY *pkey = NULL;
1314 BIO *membio = NULL;
1315 char *membuf = NULL;
1316 long membuf_len = 0;
1317 int ok = 0;
1318
1319 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1320 || !TEST_ptr(pkey = load_example_rsa_key())
1321 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1322 NULL, 0, NULL, NULL),
1323 0)
1324 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1325 || !TEST_ptr(membuf)
1326 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1327 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1328 /*
1329 * We try to write PEM as well, just to see that it doesn't err, but
1330 * assume that the result is correct.
1331 */
1332 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1333 NULL, 0, NULL, NULL),
1334 0))
1335 goto done;
1336
1337 ok = 1;
1338 done:
1339 EVP_PKEY_free(pkey);
1340 BIO_free_all(membio);
1341 return ok;
1342 }
1343
1344 #ifndef OPENSSL_NO_EC
1345 static const struct {
1346 int encoding;
1347 const char *encoding_name;
1348 } ec_encodings[] = {
1349 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1350 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1351 };
1352
1353 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1354 {
1355 const OSSL_PARAM *p;
1356 const char *enc_name = NULL;
1357 int *enc = arg;
1358 size_t i;
1359
1360 *enc = -1;
1361
1362 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1363 OSSL_PKEY_PARAM_EC_ENCODING))
1364 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1365 return 0;
1366
1367 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1368 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1369 *enc = ec_encodings[i].encoding;
1370 break;
1371 }
1372 }
1373
1374 return (*enc != -1);
1375 }
1376
1377 static int test_EC_keygen_with_enc(int idx)
1378 {
1379 EVP_PKEY *params = NULL, *key = NULL;
1380 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1381 int enc;
1382 int ret = 0;
1383
1384 enc = ec_encodings[idx].encoding;
1385
1386 /* Create key parameters */
1387 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1388 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
1389 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
1390 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1391 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
1392 || !TEST_ptr(params))
1393 goto done;
1394
1395 /* Create key */
1396 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1397 || !TEST_true(EVP_PKEY_keygen_init(kctx))
1398 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1399 || !TEST_ptr(key))
1400 goto done;
1401
1402 /* Check that the encoding got all the way into the key */
1403 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1404 ec_export_get_encoding_cb, &enc))
1405 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1406 goto done;
1407
1408 ret = 1;
1409 done:
1410 EVP_PKEY_free(key);
1411 EVP_PKEY_free(params);
1412 EVP_PKEY_CTX_free(kctx);
1413 EVP_PKEY_CTX_free(pctx);
1414 return ret;
1415 }
1416 #endif
1417
1418 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1419
1420 static int test_EVP_SM2_verify(void)
1421 {
1422 const char *pubkey =
1423 "-----BEGIN PUBLIC KEY-----\n"
1424 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1425 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1426 "-----END PUBLIC KEY-----\n";
1427
1428 const char *msg = "message digest";
1429 const char *id = "ALICE123@YAHOO.COM";
1430
1431 const uint8_t signature[] = {
1432 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1433 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1434 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1435 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1436 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1437 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1438 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1439 };
1440
1441 int rc = 0;
1442 BIO *bio = NULL;
1443 EVP_PKEY *pkey = NULL;
1444 EVP_MD_CTX *mctx = NULL;
1445 EVP_PKEY_CTX *pctx = NULL;
1446 EVP_MD *sm3 = NULL;
1447
1448 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1449 if (!TEST_true(bio != NULL))
1450 goto done;
1451
1452 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
1453 if (!TEST_true(pkey != NULL))
1454 goto done;
1455
1456 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1457 goto done;
1458
1459 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1460 goto done;
1461
1462 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1463 goto done;
1464
1465 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1466
1467 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1468 goto done;
1469
1470 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
1471 goto done;
1472
1473 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1474 goto done;
1475
1476 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1477 goto done;
1478
1479 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
1480 goto done;
1481 rc = 1;
1482
1483 done:
1484 BIO_free(bio);
1485 EVP_PKEY_free(pkey);
1486 EVP_PKEY_CTX_free(pctx);
1487 EVP_MD_CTX_free(mctx);
1488 EVP_MD_free(sm3);
1489 return rc;
1490 }
1491
1492 static int test_EVP_SM2(void)
1493 {
1494 int ret = 0;
1495 EVP_PKEY *pkey = NULL;
1496 EVP_PKEY *pkeyparams = NULL;
1497 EVP_PKEY_CTX *pctx = NULL;
1498 EVP_PKEY_CTX *kctx = NULL;
1499 EVP_PKEY_CTX *sctx = NULL;
1500 size_t sig_len = 0;
1501 unsigned char *sig = NULL;
1502 EVP_MD_CTX *md_ctx = NULL;
1503 EVP_MD_CTX *md_ctx_verify = NULL;
1504 EVP_PKEY_CTX *cctx = NULL;
1505 EVP_MD *check_md = NULL;
1506
1507 uint8_t ciphertext[128];
1508 size_t ctext_len = sizeof(ciphertext);
1509
1510 uint8_t plaintext[8];
1511 size_t ptext_len = sizeof(plaintext);
1512
1513 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1514
1515 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1516 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1517 int i;
1518 char mdname[OSSL_MAX_NAME_SIZE];
1519
1520 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
1521 "SM2", testpropq)))
1522 goto done;
1523
1524 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1525 goto done;
1526
1527 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1528 goto done;
1529
1530 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1531 goto done;
1532
1533 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1534 pkeyparams, testpropq)))
1535 goto done;
1536
1537 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1538 goto done;
1539
1540 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1541 goto done;
1542
1543 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1544 goto done;
1545
1546 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1547 goto done;
1548
1549 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1550 goto done;
1551
1552 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1553 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1554
1555 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
1556 goto done;
1557
1558 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
1559 goto done;
1560
1561 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1562 goto done;
1563
1564 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1565 goto done;
1566
1567 /* Determine the size of the signature. */
1568 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1569 goto done;
1570
1571 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1572 goto done;
1573
1574 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1575 goto done;
1576
1577 /* Ensure that the signature round-trips. */
1578
1579 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1580 pkey)))
1581 goto done;
1582
1583 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1584 goto done;
1585
1586 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1587 goto done;
1588
1589 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1590 goto done;
1591
1592 /* now check encryption/decryption */
1593
1594 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1595 mdname, sizeof(mdname));
1596 for (i = 0; i < 2; i++) {
1597 const char *mdnames[] = {
1598 #ifndef OPENSSL_NO_SM3
1599 "SM3",
1600 #else
1601 NULL,
1602 #endif
1603 "SHA2-256" };
1604 EVP_PKEY_CTX_free(cctx);
1605
1606 if (mdnames[i] == NULL)
1607 continue;
1608
1609 sparams[0] =
1610 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1611 (char *)mdnames[i], 0);
1612
1613 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1614 pkey, testpropq)))
1615 goto done;
1616
1617 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1618 goto done;
1619
1620 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1621 goto done;
1622
1623 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1624 sizeof(kMsg))))
1625 goto done;
1626
1627 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1628 goto done;
1629
1630 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1631 goto done;
1632
1633 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1634 ctext_len)))
1635 goto done;
1636
1637 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1638 goto done;
1639
1640 /*
1641 * Test we're still using the digest we think we are.
1642 * Because of aliases, the easiest is to fetch the digest and
1643 * check the name with EVP_MD_is_a().
1644 */
1645 EVP_MD_free(check_md);
1646 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
1647 goto done;
1648 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
1649 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
1650 goto done;
1651 }
1652
1653 if (!TEST_true(ptext_len == sizeof(kMsg)))
1654 goto done;
1655
1656 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1657 goto done;
1658 }
1659
1660 ret = 1;
1661 done:
1662 EVP_PKEY_CTX_free(pctx);
1663 EVP_PKEY_CTX_free(kctx);
1664 EVP_PKEY_CTX_free(sctx);
1665 EVP_PKEY_CTX_free(cctx);
1666 EVP_PKEY_free(pkey);
1667 EVP_PKEY_free(pkeyparams);
1668 EVP_MD_CTX_free(md_ctx);
1669 EVP_MD_CTX_free(md_ctx_verify);
1670 EVP_MD_free(check_md);
1671 OPENSSL_free(sig);
1672 return ret;
1673 }
1674
1675 #endif
1676
1677 static struct keys_st {
1678 int type;
1679 char *priv;
1680 char *pub;
1681 } keys[] = {
1682 {
1683 EVP_PKEY_HMAC, "0123456789", NULL
1684 },
1685 {
1686 EVP_PKEY_HMAC, "", NULL
1687 #ifndef OPENSSL_NO_POLY1305
1688 }, {
1689 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1690 #endif
1691 #ifndef OPENSSL_NO_SIPHASH
1692 }, {
1693 EVP_PKEY_SIPHASH, "0123456789012345", NULL
1694 #endif
1695 },
1696 #ifndef OPENSSL_NO_EC
1697 {
1698 EVP_PKEY_X25519, "01234567890123456789012345678901",
1699 "abcdefghijklmnopqrstuvwxyzabcdef"
1700 }, {
1701 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1702 "abcdefghijklmnopqrstuvwxyzabcdef"
1703 }, {
1704 EVP_PKEY_X448,
1705 "01234567890123456789012345678901234567890123456789012345",
1706 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1707 }, {
1708 EVP_PKEY_ED448,
1709 "012345678901234567890123456789012345678901234567890123456",
1710 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1711 }
1712 #endif
1713 };
1714
1715 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
1716 {
1717 int ret = 0;
1718 unsigned char buf[80];
1719 unsigned char *in;
1720 size_t inlen, len = 0;
1721 EVP_PKEY *pkey;
1722
1723 /* Check if this algorithm supports public keys */
1724 if (pub && keys[tst].pub == NULL)
1725 return 1;
1726
1727 memset(buf, 0, sizeof(buf));
1728
1729 if (pub) {
1730 #ifndef OPENSSL_NO_EC
1731 inlen = strlen(keys[tst].pub);
1732 in = (unsigned char *)keys[tst].pub;
1733 if (uselibctx) {
1734 pkey = EVP_PKEY_new_raw_public_key_ex(
1735 testctx,
1736 OBJ_nid2sn(keys[tst].type),
1737 NULL,
1738 in,
1739 inlen);
1740 } else {
1741 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1742 NULL,
1743 in,
1744 inlen);
1745 }
1746 #else
1747 return 1;
1748 #endif
1749 } else {
1750 inlen = strlen(keys[tst].priv);
1751 in = (unsigned char *)keys[tst].priv;
1752 if (uselibctx) {
1753 pkey = EVP_PKEY_new_raw_private_key_ex(
1754 testctx, OBJ_nid2sn(keys[tst].type),
1755 NULL,
1756 in,
1757 inlen);
1758 } else {
1759 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1760 NULL,
1761 in,
1762 inlen);
1763 }
1764 }
1765
1766 if (!TEST_ptr(pkey)
1767 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
1768 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1769 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1770 || !TEST_true(len == inlen)
1771 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1772 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1773 || !TEST_mem_eq(in, inlen, buf, len))
1774 goto done;
1775
1776 ret = 1;
1777 done:
1778 EVP_PKEY_free(pkey);
1779 return ret;
1780 }
1781
1782 static int test_set_get_raw_keys(int tst)
1783 {
1784 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
1785 && test_set_get_raw_keys_int(tst, 0, 1)
1786 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
1787 && test_set_get_raw_keys_int(tst, 1, 1);
1788 }
1789
1790 #ifndef OPENSSL_NO_DEPRECATED_3_0
1791 static int pkey_custom_check(EVP_PKEY *pkey)
1792 {
1793 return 0xbeef;
1794 }
1795
1796 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1797 {
1798 return 0xbeef;
1799 }
1800
1801 static int pkey_custom_param_check(EVP_PKEY *pkey)
1802 {
1803 return 0xbeef;
1804 }
1805
1806 static EVP_PKEY_METHOD *custom_pmeth;
1807 #endif
1808
1809 static int test_EVP_PKEY_check(int i)
1810 {
1811 int ret = 0;
1812 EVP_PKEY *pkey = NULL;
1813 EVP_PKEY_CTX *ctx = NULL;
1814 #ifndef OPENSSL_NO_DEPRECATED_3_0
1815 EVP_PKEY_CTX *ctx2 = NULL;
1816 #endif
1817 const APK_DATA *ak = &keycheckdata[i];
1818 const unsigned char *input = ak->kder;
1819 size_t input_len = ak->size;
1820 int expected_id = ak->evptype;
1821 int expected_check = ak->check;
1822 int expected_pub_check = ak->pub_check;
1823 int expected_param_check = ak->param_check;
1824 int type = ak->type;
1825
1826 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
1827 goto done;
1828 if (type == 0
1829 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
1830 goto done;
1831
1832 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1833 goto done;
1834
1835 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1836 goto done;
1837
1838 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1839 goto done;
1840
1841 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1842 goto done;
1843
1844 #ifndef OPENSSL_NO_DEPRECATED_3_0
1845 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1846 /* assign the pkey directly, as an internal test */
1847 EVP_PKEY_up_ref(pkey);
1848 ctx2->pkey = pkey;
1849
1850 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1851 goto done;
1852
1853 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1854 goto done;
1855
1856 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1857 goto done;
1858 #endif
1859
1860 ret = 1;
1861
1862 done:
1863 EVP_PKEY_CTX_free(ctx);
1864 #ifndef OPENSSL_NO_DEPRECATED_3_0
1865 EVP_PKEY_CTX_free(ctx2);
1866 #endif
1867 EVP_PKEY_free(pkey);
1868 return ret;
1869 }
1870
1871 #ifndef OPENSSL_NO_CMAC
1872 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
1873 {
1874 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
1875 const char msg[] = "Hello World";
1876 size_t maclen;
1877 int ret = 1;
1878
1879 if (!TEST_ptr(mdctx)
1880 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
1881 testpropq, pkey, NULL))
1882 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
1883 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
1884 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
1885 ret = 0;
1886
1887 EVP_MD_CTX_free(mdctx);
1888
1889 return ret;
1890 }
1891 static int test_CMAC_keygen(void)
1892 {
1893 static unsigned char key[] = {
1894 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1895 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1896 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1897 };
1898 EVP_PKEY_CTX *kctx = NULL;
1899 int ret = 0;
1900 EVP_PKEY *pkey = NULL;
1901 unsigned char mac[AES_BLOCK_SIZE];
1902 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1903 unsigned char mac2[AES_BLOCK_SIZE];
1904 # endif
1905
1906 if (nullprov != NULL)
1907 return TEST_skip("Test does not support a non-default library context");
1908
1909 /*
1910 * This is a legacy method for CMACs, but should still work.
1911 * This verifies that it works without an ENGINE.
1912 */
1913 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
1914
1915 /* Test a CMAC key created using the "generated" method */
1916 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1917 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1918 EVP_PKEY_CTRL_CIPHER,
1919 0, (void *)EVP_aes_256_ecb()), 0)
1920 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1921 EVP_PKEY_CTRL_SET_MAC_KEY,
1922 sizeof(key), (void *)key), 0)
1923 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
1924 || !TEST_ptr(pkey)
1925 || !TEST_true(get_cmac_val(pkey, mac)))
1926 goto done;
1927
1928 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1929 EVP_PKEY_free(pkey);
1930
1931 /*
1932 * Test a CMAC key using the direct method, and compare with the mac
1933 * created above.
1934 */
1935 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
1936 if (!TEST_ptr(pkey)
1937 || !TEST_true(get_cmac_val(pkey, mac2))
1938 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
1939 goto done;
1940 # endif
1941
1942 ret = 1;
1943
1944 done:
1945 EVP_PKEY_free(pkey);
1946 EVP_PKEY_CTX_free(kctx);
1947 return ret;
1948 }
1949 #endif
1950
1951 static int test_HKDF(void)
1952 {
1953 EVP_PKEY_CTX *pctx;
1954 unsigned char out[20];
1955 size_t outlen;
1956 int i, ret = 0;
1957 unsigned char salt[] = "0123456789";
1958 unsigned char key[] = "012345678901234567890123456789";
1959 unsigned char info[] = "infostring";
1960 const unsigned char expected[] = {
1961 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1962 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1963 };
1964 size_t expectedlen = sizeof(expected);
1965
1966 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
1967 goto done;
1968
1969 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1970 for (i = 0; i < 2; i++) {
1971 outlen = sizeof(out);
1972 memset(out, 0, outlen);
1973
1974 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1975 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1976 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1977 sizeof(salt) - 1), 0)
1978 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1979 sizeof(key) - 1), 0)
1980 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1981 sizeof(info) - 1), 0)
1982 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1983 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1984 goto done;
1985 }
1986
1987 ret = 1;
1988
1989 done:
1990 EVP_PKEY_CTX_free(pctx);
1991
1992 return ret;
1993 }
1994
1995 static int test_emptyikm_HKDF(void)
1996 {
1997 EVP_PKEY_CTX *pctx;
1998 unsigned char out[20];
1999 size_t outlen;
2000 int ret = 0;
2001 unsigned char salt[] = "9876543210";
2002 unsigned char key[] = "";
2003 unsigned char info[] = "stringinfo";
2004 const unsigned char expected[] = {
2005 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2006 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2007 };
2008 size_t expectedlen = sizeof(expected);
2009
2010 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2011 goto done;
2012
2013 outlen = sizeof(out);
2014 memset(out, 0, outlen);
2015
2016 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2017 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2018 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2019 sizeof(salt) - 1), 0)
2020 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2021 sizeof(key) - 1), 0)
2022 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2023 sizeof(info) - 1), 0)
2024 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2025 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2026 goto done;
2027
2028 ret = 1;
2029
2030 done:
2031 EVP_PKEY_CTX_free(pctx);
2032
2033 return ret;
2034 }
2035
2036 #ifndef OPENSSL_NO_EC
2037 static int test_X509_PUBKEY_inplace(void)
2038 {
2039 int ret = 0;
2040 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
2041 const unsigned char *p = kExampleECPubKeyDER;
2042 size_t input_len = sizeof(kExampleECPubKeyDER);
2043
2044 if (!TEST_ptr(xp))
2045 goto done;
2046 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
2047 goto done;
2048
2049 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2050 goto done;
2051
2052 p = kExampleBadECPubKeyDER;
2053 input_len = sizeof(kExampleBadECPubKeyDER);
2054
2055 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2056 goto done;
2057
2058 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2059 goto done;
2060
2061 ret = 1;
2062
2063 done:
2064 X509_PUBKEY_free(xp);
2065 return ret;
2066 }
2067
2068 static int test_X509_PUBKEY_dup(void)
2069 {
2070 int ret = 0;
2071 X509_PUBKEY *xp = NULL, *xq = NULL;
2072 const unsigned char *p = kExampleECPubKeyDER;
2073 size_t input_len = sizeof(kExampleECPubKeyDER);
2074
2075 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2076 if (!TEST_ptr(xp)
2077 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
2078 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2079 || !TEST_ptr_ne(xp, xq))
2080 goto done;
2081
2082 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2083 || !TEST_ptr(X509_PUBKEY_get0(xp))
2084 || !TEST_ptr_eq(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
2085 goto done;
2086
2087 X509_PUBKEY_free(xq);
2088 xq = NULL;
2089 p = kExampleBadECPubKeyDER;
2090 input_len = sizeof(kExampleBadECPubKeyDER);
2091
2092 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2093 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2094 goto done;
2095
2096 X509_PUBKEY_free(xp);
2097 xp = NULL;
2098 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2099 goto done;
2100
2101 ret = 1;
2102
2103 done:
2104 X509_PUBKEY_free(xp);
2105 X509_PUBKEY_free(xq);
2106 return ret;
2107 }
2108 #endif /* OPENSSL_NO_EC */
2109
2110 /* Test getting and setting parameters on an EVP_PKEY_CTX */
2111 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
2112 {
2113 EVP_MD_CTX *mdctx = NULL;
2114 EVP_PKEY_CTX *ctx = NULL;
2115 const OSSL_PARAM *params;
2116 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
2117 int ret = 0;
2118 const EVP_MD *md;
2119 char mdname[OSSL_MAX_NAME_SIZE];
2120 char ssl3ms[48];
2121
2122 /* Initialise a sign operation */
2123 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
2124 if (!TEST_ptr(ctx)
2125 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
2126 goto err;
2127
2128 /*
2129 * We should be able to query the parameters now.
2130 */
2131 params = EVP_PKEY_CTX_settable_params(ctx);
2132 if (!TEST_ptr(params)
2133 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2134 OSSL_SIGNATURE_PARAM_DIGEST)))
2135 goto err;
2136
2137 params = EVP_PKEY_CTX_gettable_params(ctx);
2138 if (!TEST_ptr(params)
2139 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2140 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
2141 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2142 OSSL_SIGNATURE_PARAM_DIGEST)))
2143 goto err;
2144
2145 /*
2146 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2147 * EVP_PKEY_CTX_get_params()
2148 */
2149 strcpy(mdname, "SHA512");
2150 param_md = param;
2151 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2152 mdname, 0);
2153 *param++ = OSSL_PARAM_construct_end();
2154
2155 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2156 goto err;
2157
2158 mdname[0] = '\0';
2159 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2160 mdname, sizeof(mdname));
2161 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
2162 || !TEST_str_eq(mdname, "SHA512"))
2163 goto err;
2164
2165 /*
2166 * Test the TEST_PKEY_CTX_set_signature_md() and
2167 * TEST_PKEY_CTX_get_signature_md() functions
2168 */
2169 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2170 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2171 || !TEST_ptr_eq(md, EVP_sha256()))
2172 goto err;
2173
2174 /*
2175 * Test getting MD parameters via an associated EVP_PKEY_CTX
2176 */
2177 mdctx = EVP_MD_CTX_new();
2178 if (!TEST_ptr(mdctx)
2179 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2180 pkey, NULL)))
2181 goto err;
2182
2183 /*
2184 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2185 * able to obtain the digest's settable parameters from the provider.
2186 */
2187 params = EVP_MD_CTX_settable_params(mdctx);
2188 if (!TEST_ptr(params)
2189 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2190 /* The final key should be NULL */
2191 || !TEST_ptr_null(params[1].key))
2192 goto err;
2193
2194 param = ourparams;
2195 memset(ssl3ms, 0, sizeof(ssl3ms));
2196 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2197 ssl3ms, sizeof(ssl3ms));
2198 *param++ = OSSL_PARAM_construct_end();
2199
2200 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2201 goto err;
2202
2203 ret = 1;
2204
2205 err:
2206 EVP_MD_CTX_free(mdctx);
2207 EVP_PKEY_CTX_free(ctx);
2208
2209 return ret;
2210 }
2211
2212 #ifndef OPENSSL_NO_DSA
2213 static int test_DSA_get_set_params(void)
2214 {
2215 OSSL_PARAM_BLD *bld = NULL;
2216 OSSL_PARAM *params = NULL;
2217 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2218 EVP_PKEY_CTX *pctx = NULL;
2219 EVP_PKEY *pkey = NULL;
2220 int ret = 0;
2221
2222 /*
2223 * Setup the parameters for our DSA object. For our purposes they don't
2224 * have to actually be *valid* parameters. We just need to set something.
2225 */
2226 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2227 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2228 || !TEST_ptr(p = BN_new())
2229 || !TEST_ptr(q = BN_new())
2230 || !TEST_ptr(g = BN_new())
2231 || !TEST_ptr(pub = BN_new())
2232 || !TEST_ptr(priv = BN_new()))
2233 goto err;
2234 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2235 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2236 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2237 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2238 pub))
2239 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2240 priv)))
2241 goto err;
2242 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2243 goto err;
2244
2245 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2246 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2247 params), 0))
2248 goto err;
2249
2250 if (!TEST_ptr(pkey))
2251 goto err;
2252
2253 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2254
2255 err:
2256 EVP_PKEY_free(pkey);
2257 EVP_PKEY_CTX_free(pctx);
2258 OSSL_PARAM_free(params);
2259 OSSL_PARAM_BLD_free(bld);
2260 BN_free(p);
2261 BN_free(q);
2262 BN_free(g);
2263 BN_free(pub);
2264 BN_free(priv);
2265
2266 return ret;
2267 }
2268
2269 /*
2270 * Test combinations of private, public, missing and private + public key
2271 * params to ensure they are all accepted
2272 */
2273 static int test_DSA_priv_pub(void)
2274 {
2275 return test_EVP_PKEY_ffc_priv_pub("DSA");
2276 }
2277
2278 #endif /* !OPENSSL_NO_DSA */
2279
2280 static int test_RSA_get_set_params(void)
2281 {
2282 OSSL_PARAM_BLD *bld = NULL;
2283 OSSL_PARAM *params = NULL;
2284 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2285 EVP_PKEY_CTX *pctx = NULL;
2286 EVP_PKEY *pkey = NULL;
2287 int ret = 0;
2288
2289 /*
2290 * Setup the parameters for our RSA object. For our purposes they don't
2291 * have to actually be *valid* parameters. We just need to set something.
2292 */
2293 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2294 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2295 || !TEST_ptr(n = BN_new())
2296 || !TEST_ptr(e = BN_new())
2297 || !TEST_ptr(d = BN_new()))
2298 goto err;
2299 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2300 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2301 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2302 goto err;
2303 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2304 goto err;
2305
2306 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2307 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2308 params), 0))
2309 goto err;
2310
2311 if (!TEST_ptr(pkey))
2312 goto err;
2313
2314 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2315
2316 err:
2317 EVP_PKEY_free(pkey);
2318 EVP_PKEY_CTX_free(pctx);
2319 OSSL_PARAM_free(params);
2320 OSSL_PARAM_BLD_free(bld);
2321 BN_free(n);
2322 BN_free(e);
2323 BN_free(d);
2324
2325 return ret;
2326 }
2327
2328 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2329 static int test_decrypt_null_chunks(void)
2330 {
2331 EVP_CIPHER_CTX* ctx = NULL;
2332 EVP_CIPHER *cipher = NULL;
2333 const unsigned char key[32] = {
2334 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2335 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2336 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2337 };
2338 unsigned char iv[12] = {
2339 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2340 };
2341 unsigned char msg[] = "It was the best of times, it was the worst of times";
2342 unsigned char ciphertext[80];
2343 unsigned char plaintext[80];
2344 /* We initialise tmp to a non zero value on purpose */
2345 int ctlen, ptlen, tmp = 99;
2346 int ret = 0;
2347 const int enc_offset = 10, dec_offset = 20;
2348
2349 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2350 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2351 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
2352 key, iv))
2353 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2354 enc_offset))
2355 /* Deliberate add a zero length update */
2356 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2357 0))
2358 || !TEST_int_eq(tmp, 0)
2359 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2360 msg + enc_offset,
2361 sizeof(msg) - enc_offset))
2362 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2363 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2364 || !TEST_int_eq(tmp, 0))
2365 goto err;
2366
2367 /* Deliberately initialise tmp to a non zero value */
2368 tmp = 99;
2369 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
2370 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2371 dec_offset))
2372 /*
2373 * Deliberately add a zero length update. We also deliberately do
2374 * this at a different offset than for encryption.
2375 */
2376 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2377 0))
2378 || !TEST_int_eq(tmp, 0)
2379 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2380 ciphertext + dec_offset,
2381 ctlen - dec_offset))
2382 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2383 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2384 || !TEST_int_eq(tmp, 0)
2385 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2386 goto err;
2387
2388 ret = 1;
2389 err:
2390 EVP_CIPHER_CTX_free(ctx);
2391 EVP_CIPHER_free(cipher);
2392 return ret;
2393 }
2394 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2395
2396 #ifndef OPENSSL_NO_DH
2397 /*
2398 * Test combinations of private, public, missing and private + public key
2399 * params to ensure they are all accepted
2400 */
2401 static int test_DH_priv_pub(void)
2402 {
2403 return test_EVP_PKEY_ffc_priv_pub("DH");
2404 }
2405
2406 # ifndef OPENSSL_NO_DEPRECATED_3_0
2407 static int test_EVP_PKEY_set1_DH(void)
2408 {
2409 DH *x942dh = NULL, *noqdh = NULL;
2410 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
2411 int ret = 0;
2412 BIGNUM *p, *g = NULL;
2413
2414 if (!TEST_ptr(p = BN_new())
2415 || !TEST_ptr(g = BN_new())
2416 || !BN_set_word(p, 9999)
2417 || !BN_set_word(g, 2)
2418 || !TEST_ptr(noqdh = DH_new())
2419 || !DH_set0_pqg(noqdh, p, NULL, g))
2420 goto err;
2421 p = g = NULL;
2422
2423 x942dh = DH_get_2048_256();
2424 pkey1 = EVP_PKEY_new();
2425 pkey2 = EVP_PKEY_new();
2426 if (!TEST_ptr(x942dh)
2427 || !TEST_ptr(noqdh)
2428 || !TEST_ptr(pkey1)
2429 || !TEST_ptr(pkey2))
2430 goto err;
2431
2432 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2433 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
2434 goto err;
2435
2436 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
2437 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
2438 goto err;
2439
2440 ret = 1;
2441 err:
2442 BN_free(p);
2443 BN_free(g);
2444 EVP_PKEY_free(pkey1);
2445 EVP_PKEY_free(pkey2);
2446 DH_free(x942dh);
2447 DH_free(noqdh);
2448
2449 return ret;
2450 }
2451 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2452 #endif /* !OPENSSL_NO_DH */
2453
2454 /*
2455 * We test what happens with an empty template. For the sake of this test,
2456 * the template must be ignored, and we know that's the case for RSA keys
2457 * (this might arguably be a misfeature, but that's what we currently do,
2458 * even in provider code, since that's how the legacy RSA implementation
2459 * does things)
2460 */
2461 static int test_keygen_with_empty_template(int n)
2462 {
2463 EVP_PKEY_CTX *ctx = NULL;
2464 EVP_PKEY *pkey = NULL;
2465 EVP_PKEY *tkey = NULL;
2466 int ret = 0;
2467
2468 if (nullprov != NULL)
2469 return TEST_skip("Test does not support a non-default library context");
2470
2471 switch (n) {
2472 case 0:
2473 /* We do test with no template at all as well */
2474 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2475 goto err;
2476 break;
2477 case 1:
2478 /* Here we create an empty RSA key that serves as our template */
2479 if (!TEST_ptr(tkey = EVP_PKEY_new())
2480 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2481 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2482 goto err;
2483 break;
2484 }
2485
2486 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2487 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2488 goto err;
2489
2490 ret = 1;
2491 err:
2492 EVP_PKEY_CTX_free(ctx);
2493 EVP_PKEY_free(pkey);
2494 EVP_PKEY_free(tkey);
2495 return ret;
2496 }
2497
2498 /*
2499 * Test that we fail if we attempt to use an algorithm that is not available
2500 * in the current library context (unless we are using an algorithm that
2501 * should be made available via legacy codepaths).
2502 *
2503 * 0: RSA
2504 * 1: SM2
2505 */
2506 static int test_pkey_ctx_fail_without_provider(int tst)
2507 {
2508 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
2509 OSSL_PROVIDER *tmpnullprov = NULL;
2510 EVP_PKEY_CTX *pctx = NULL;
2511 const char *keytype = NULL;
2512 int expect_null = 0;
2513 int ret = 0;
2514
2515 if (!TEST_ptr(tmpctx))
2516 goto err;
2517
2518 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
2519 if (!TEST_ptr(tmpnullprov))
2520 goto err;
2521
2522 /*
2523 * We check for certain algos in the null provider.
2524 * If an algo is expected to have a provider keymgmt, contructing an
2525 * EVP_PKEY_CTX is expected to fail (return NULL).
2526 * Otherwise, if it's expected to have legacy support, contructing an
2527 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2528 */
2529 switch (tst) {
2530 case 0:
2531 keytype = "RSA";
2532 expect_null = 1;
2533 break;
2534 case 1:
2535 keytype = "SM2";
2536 expect_null = 1;
2537 #ifdef OPENSSL_NO_EC
2538 TEST_info("EC disable, skipping SM2 check...");
2539 goto end;
2540 #endif
2541 #ifdef OPENSSL_NO_SM2
2542 TEST_info("SM2 disable, skipping SM2 check...");
2543 goto end;
2544 #endif
2545 break;
2546 default:
2547 TEST_error("No test for case %d", tst);
2548 goto err;
2549 }
2550
2551 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2552 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
2553 goto err;
2554
2555 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2556 end:
2557 #endif
2558 ret = 1;
2559
2560 err:
2561 EVP_PKEY_CTX_free(pctx);
2562 OSSL_PROVIDER_unload(tmpnullprov);
2563 OSSL_LIB_CTX_free(tmpctx);
2564 return ret;
2565 }
2566
2567 static int test_rand_agglomeration(void)
2568 {
2569 EVP_RAND *rand;
2570 EVP_RAND_CTX *ctx;
2571 OSSL_PARAM params[3], *p = params;
2572 int res;
2573 unsigned int step = 7;
2574 static unsigned char seed[] = "It does not matter how slowly you go "
2575 "as long as you do not stop.";
2576 unsigned char out[sizeof(seed)];
2577
2578 if (!TEST_int_ne(sizeof(seed) % step, 0)
2579 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
2580 return 0;
2581 ctx = EVP_RAND_CTX_new(rand, NULL);
2582 EVP_RAND_free(rand);
2583 if (!TEST_ptr(ctx))
2584 return 0;
2585
2586 memset(out, 0, sizeof(out));
2587 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2588 seed, sizeof(seed));
2589 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
2590 *p = OSSL_PARAM_construct_end();
2591 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
2592 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
2593 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
2594 EVP_RAND_CTX_free(ctx);
2595 return res;
2596 }
2597
2598 /*
2599 * Test that we correctly return the original or "running" IV after
2600 * an encryption operation.
2601 * Run multiple times for some different relevant algorithms/modes.
2602 */
2603 static int test_evp_iv_aes(int idx)
2604 {
2605 int ret = 0;
2606 EVP_CIPHER_CTX *ctx = NULL;
2607 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2608 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2609 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
2610 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2611 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2612 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2613 9, 10, 11, 12, 13, 14, 15, 16 };
2614 unsigned char ciphertext[32], oiv[16], iv[16];
2615 unsigned char *ref_iv;
2616 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2617 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2618
2619 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2620 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2621 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
2622 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
2623 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2624 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2625 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2626 #ifndef OPENSSL_NO_OCB
2627 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2628 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2629 #endif
2630 int len = sizeof(ciphertext);
2631 size_t ivlen, ref_len;
2632 const EVP_CIPHER *type = NULL;
2633 int iv_reset = 0;
2634
2635 if (nullprov != NULL && idx < 6)
2636 return TEST_skip("Test does not support a non-default library context");
2637
2638 switch(idx) {
2639 case 0:
2640 type = EVP_aes_128_cbc();
2641 /* FALLTHROUGH */
2642 case 6:
2643 type = (type != NULL) ? type :
2644 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
2645 ref_iv = cbc_state;
2646 ref_len = sizeof(cbc_state);
2647 iv_reset = 1;
2648 break;
2649 case 1:
2650 type = EVP_aes_128_ofb();
2651 /* FALLTHROUGH */
2652 case 7:
2653 type = (type != NULL) ? type :
2654 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
2655 ref_iv = ofb_state;
2656 ref_len = sizeof(ofb_state);
2657 iv_reset = 1;
2658 break;
2659 case 2:
2660 type = EVP_aes_128_cfb();
2661 /* FALLTHROUGH */
2662 case 8:
2663 type = (type != NULL) ? type :
2664 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
2665 ref_iv = cfb_state;
2666 ref_len = sizeof(cfb_state);
2667 iv_reset = 1;
2668 break;
2669 case 3:
2670 type = EVP_aes_128_gcm();
2671 /* FALLTHROUGH */
2672 case 9:
2673 type = (type != NULL) ? type :
2674 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
2675 ref_iv = gcm_state;
2676 ref_len = sizeof(gcm_state);
2677 break;
2678 case 4:
2679 type = EVP_aes_128_ccm();
2680 /* FALLTHROUGH */
2681 case 10:
2682 type = (type != NULL) ? type :
2683 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
2684 ref_iv = ccm_state;
2685 ref_len = sizeof(ccm_state);
2686 break;
2687 #ifdef OPENSSL_NO_OCB
2688 case 5:
2689 case 11:
2690 return 1;
2691 #else
2692 case 5:
2693 type = EVP_aes_128_ocb();
2694 /* FALLTHROUGH */
2695 case 11:
2696 type = (type != NULL) ? type :
2697 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
2698 ref_iv = ocb_state;
2699 ref_len = sizeof(ocb_state);
2700 break;
2701 #endif
2702 default:
2703 return 0;
2704 }
2705
2706 if (!TEST_ptr(type)
2707 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2708 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2709 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2710 (int)sizeof(msg)))
2711 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2712 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
2713 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2714 goto err;
2715 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
2716 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2717 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2718 goto err;
2719
2720 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
2721 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
2722 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
2723 goto err;
2724 if (iv_reset) {
2725 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
2726 goto err;
2727 } else {
2728 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
2729 goto err;
2730 }
2731
2732 ret = 1;
2733 err:
2734 EVP_CIPHER_CTX_free(ctx);
2735 if (idx >= 6)
2736 EVP_CIPHER_free((EVP_CIPHER *)type);
2737 return ret;
2738 }
2739
2740 #ifndef OPENSSL_NO_DES
2741 static int test_evp_iv_des(int idx)
2742 {
2743 int ret = 0;
2744 EVP_CIPHER_CTX *ctx = NULL;
2745 static const unsigned char key[24] = {
2746 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
2747 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
2748 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2749 };
2750 static const unsigned char init_iv[8] = {
2751 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2752 };
2753 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2754 9, 10, 11, 12, 13, 14, 15, 16 };
2755 unsigned char ciphertext[32], oiv[8], iv[8];
2756 unsigned const char *ref_iv;
2757 static const unsigned char cbc_state_des[8] = {
2758 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
2759 };
2760 static const unsigned char cbc_state_3des[8] = {
2761 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
2762 };
2763 static const unsigned char ofb_state_des[8] = {
2764 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
2765 };
2766 static const unsigned char ofb_state_3des[8] = {
2767 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
2768 };
2769 static const unsigned char cfb_state_des[8] = {
2770 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
2771 };
2772 static const unsigned char cfb_state_3des[8] = {
2773 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
2774 };
2775 int len = sizeof(ciphertext);
2776 size_t ivlen, ref_len;
2777 EVP_CIPHER *type = NULL;
2778
2779 if (lgcyprov == NULL && idx < 3)
2780 return TEST_skip("Test requires legacy provider to be loaded");
2781
2782 switch(idx) {
2783 case 0:
2784 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
2785 ref_iv = cbc_state_des;
2786 ref_len = sizeof(cbc_state_des);
2787 break;
2788 case 1:
2789 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
2790 ref_iv = ofb_state_des;
2791 ref_len = sizeof(ofb_state_des);
2792 break;
2793 case 2:
2794 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
2795 ref_iv = cfb_state_des;
2796 ref_len = sizeof(cfb_state_des);
2797 break;
2798 case 3:
2799 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
2800 ref_iv = cbc_state_3des;
2801 ref_len = sizeof(cbc_state_3des);
2802 break;
2803 case 4:
2804 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
2805 ref_iv = ofb_state_3des;
2806 ref_len = sizeof(ofb_state_3des);
2807 break;
2808 case 5:
2809 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
2810 ref_iv = cfb_state_3des;
2811 ref_len = sizeof(cfb_state_3des);
2812 break;
2813 default:
2814 return 0;
2815 }
2816
2817 if (!TEST_ptr(type)
2818 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2819 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2820 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2821 (int)sizeof(msg)))
2822 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2823 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
2824 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2825 goto err;
2826 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
2827 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2828 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2829 goto err;
2830
2831 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
2832 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
2833 goto err;
2834 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
2835 goto err;
2836
2837 ret = 1;
2838 err:
2839 EVP_CIPHER_CTX_free(ctx);
2840 EVP_CIPHER_free(type);
2841 return ret;
2842 }
2843 #endif
2844
2845 #ifndef OPENSSL_NO_EC
2846 static int ecpub_nids[] = {
2847 NID_brainpoolP256r1, NID_X9_62_prime256v1,
2848 NID_secp384r1, NID_secp521r1,
2849 # ifndef OPENSSL_NO_EC2M
2850 NID_sect233k1, NID_sect233r1, NID_sect283r1,
2851 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
2852 # endif
2853 NID_brainpoolP384r1, NID_brainpoolP512r1
2854 };
2855
2856 static int test_ecpub(int idx)
2857 {
2858 int ret = 0, len, savelen;
2859 int nid;
2860 unsigned char buf[1024];
2861 unsigned char *p;
2862 EVP_PKEY *pkey = NULL;
2863 EVP_PKEY_CTX *ctx = NULL;
2864 # ifndef OPENSSL_NO_DEPRECATED_3_0
2865 const unsigned char *q;
2866 EVP_PKEY *pkey2 = NULL;
2867 EC_KEY *ec = NULL;
2868 # endif
2869
2870 if (nullprov != NULL)
2871 return TEST_skip("Test does not support a non-default library context");
2872
2873 nid = ecpub_nids[idx];
2874
2875 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
2876 if (!TEST_ptr(ctx)
2877 || !TEST_true(EVP_PKEY_keygen_init(ctx))
2878 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid))
2879 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
2880 goto done;
2881 len = i2d_PublicKey(pkey, NULL);
2882 savelen = len;
2883 if (!TEST_int_ge(len, 1)
2884 || !TEST_int_lt(len, 1024))
2885 goto done;
2886 p = buf;
2887 len = i2d_PublicKey(pkey, &p);
2888 if (!TEST_int_ge(len, 1)
2889 || !TEST_int_eq(len, savelen))
2890 goto done;
2891
2892 # ifndef OPENSSL_NO_DEPRECATED_3_0
2893 /* Now try to decode the just-created DER. */
2894 q = buf;
2895 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
2896 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
2897 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
2898 goto done;
2899 /* EC_KEY ownership transferred */
2900 ec = NULL;
2901 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
2902 goto done;
2903 /* The keys should match. */
2904 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
2905 goto done;
2906 # endif
2907
2908 ret = 1;
2909
2910 done:
2911 EVP_PKEY_CTX_free(ctx);
2912 EVP_PKEY_free(pkey);
2913 # ifndef OPENSSL_NO_DEPRECATED_3_0
2914 EVP_PKEY_free(pkey2);
2915 EC_KEY_free(ec);
2916 # endif
2917 return ret;
2918 }
2919 #endif
2920
2921 static int test_EVP_rsa_pss_with_keygen_bits(void)
2922 {
2923 int ret = 0;
2924 EVP_PKEY_CTX *ctx = NULL;
2925 EVP_PKEY *pkey = NULL;
2926 EVP_MD *md;
2927
2928 md = EVP_MD_fetch(testctx, "sha256", testpropq);
2929 ret = TEST_ptr(md)
2930 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", testpropq)))
2931 && TEST_true(EVP_PKEY_keygen_init(ctx))
2932 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
2933 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
2934 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
2935
2936 EVP_MD_free(md);
2937 EVP_PKEY_free(pkey);
2938 EVP_PKEY_CTX_free(ctx);
2939 return ret;
2940 }
2941
2942 static int success = 1;
2943 static void md_names(const char *name, void *vctx)
2944 {
2945 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
2946 /* Force a namemap update */
2947 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
2948
2949 if (!TEST_ptr(aes128))
2950 success = 0;
2951
2952 EVP_CIPHER_free(aes128);
2953 }
2954
2955 /*
2956 * Test that changing the namemap in a user callback works in a names_do_all
2957 * function.
2958 */
2959 static int test_names_do_all(void)
2960 {
2961 /* We use a custom libctx so that we know the state of the namemap */
2962 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
2963 EVP_MD *sha256 = NULL;
2964 int testresult = 0;
2965
2966 if (!TEST_ptr(ctx))
2967 goto err;
2968
2969 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
2970 if (!TEST_ptr(sha256))
2971 goto err;
2972
2973 /*
2974 * We loop through all the names for a given digest. This should still work
2975 * even if the namemap changes part way through.
2976 */
2977 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
2978 goto err;
2979
2980 if (!TEST_true(success))
2981 goto err;
2982
2983 testresult = 1;
2984 err:
2985 EVP_MD_free(sha256);
2986 OSSL_LIB_CTX_free(ctx);
2987 return testresult;
2988 }
2989
2990 typedef struct {
2991 const char *cipher;
2992 const unsigned char *key;
2993 const unsigned char *iv;
2994 const unsigned char *input;
2995 const unsigned char *expected;
2996 const unsigned char *tag;
2997 size_t ivlen; /* 0 if we do not need to set a specific IV len */
2998 size_t inlen;
2999 size_t expectedlen;
3000 size_t taglen;
3001 int keyfirst;
3002 int initenc;
3003 int finalenc;
3004 } EVP_INIT_TEST_st;
3005
3006 static const EVP_INIT_TEST_st evp_init_tests[] = {
3007 {
3008 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3009 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3010 0, 1, 0, 1
3011 },
3012 {
3013 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3014 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3015 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3016 sizeof(gcmDefaultTag), 1, 0, 1
3017 },
3018 {
3019 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3020 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3021 0, 0, 0, 1
3022 },
3023 {
3024 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3025 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3026 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3027 sizeof(gcmDefaultTag), 0, 0, 1
3028 },
3029 {
3030 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3031 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3032 0, 1, 1, 0
3033 },
3034 {
3035 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3036 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3037 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3038 sizeof(gcmDefaultTag), 1, 1, 0
3039 },
3040 {
3041 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3042 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3043 0, 0, 1, 0
3044 },
3045 {
3046 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3047 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3048 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3049 sizeof(gcmDefaultTag), 0, 1, 0
3050 }
3051 };
3052
3053 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
3054 {
3055 int res = 0;
3056
3057 if (t->ivlen != 0) {
3058 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL)))
3059 goto err;
3060 }
3061 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
3062 goto err;
3063 res = 1;
3064 err:
3065 return res;
3066 }
3067
3068 /*
3069 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3070 * arguments are given one at a time and a final adjustment to the enc
3071 * parameter sets the correct operation.
3072 */
3073 static int test_evp_init_seq(int idx)
3074 {
3075 int outlen1, outlen2;
3076 int testresult = 0;
3077 unsigned char outbuf[1024];
3078 unsigned char tag[16];
3079 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
3080 EVP_CIPHER_CTX *ctx = NULL;
3081 EVP_CIPHER *type = NULL;
3082 size_t taglen = sizeof(tag);
3083 char *errmsg = NULL;
3084
3085 ctx = EVP_CIPHER_CTX_new();
3086 if (ctx == NULL) {
3087 errmsg = "CTX_ALLOC";
3088 goto err;
3089 }
3090 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
3091 errmsg = "CIPHER_FETCH";
3092 goto err;
3093 }
3094 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
3095 errmsg = "EMPTY_ENC_INIT";
3096 goto err;
3097 }
3098 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3099 errmsg = "PADDING";
3100 goto err;
3101 }
3102 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3103 errmsg = "KEY_INIT (before iv)";
3104 goto err;
3105 }
3106 if (!evp_init_seq_set_iv(ctx, t)) {
3107 errmsg = "IV_INIT";
3108 goto err;
3109 }
3110 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3111 errmsg = "KEY_INIT (after iv)";
3112 goto err;
3113 }
3114 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
3115 errmsg = "FINAL_ENC_INIT";
3116 goto err;
3117 }
3118 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3119 errmsg = "CIPHER_UPDATE";
3120 goto err;
3121 }
3122 if (t->finalenc == 0 && t->tag != NULL) {
3123 /* Set expected tag */
3124 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
3125 t->taglen, (void *)t->tag))) {
3126 errmsg = "SET_TAG";
3127 goto err;
3128 }
3129 }
3130 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3131 errmsg = "CIPHER_FINAL";
3132 goto err;
3133 }
3134 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3135 errmsg = "WRONG_RESULT";
3136 goto err;
3137 }
3138 if (t->finalenc != 0 && t->tag != NULL) {
3139 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3140 errmsg = "GET_TAG";
3141 goto err;
3142 }
3143 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
3144 errmsg = "TAG_ERROR";
3145 goto err;
3146 }
3147 }
3148 testresult = 1;
3149 err:
3150 if (errmsg != NULL)
3151 TEST_info("evp_init_test %d: %s", idx, errmsg);
3152 EVP_CIPHER_CTX_free(ctx);
3153 EVP_CIPHER_free(type);
3154 return testresult;
3155 }
3156
3157 typedef struct {
3158 const unsigned char *input;
3159 const unsigned char *expected;
3160 size_t inlen;
3161 size_t expectedlen;
3162 int enc;
3163 } EVP_RESET_TEST_st;
3164
3165 static const EVP_RESET_TEST_st evp_reset_tests[] = {
3166 {
3167 cfbPlaintext, cfbCiphertext,
3168 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
3169 },
3170 {
3171 cfbCiphertext, cfbPlaintext,
3172 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
3173 }
3174 };
3175
3176 /*
3177 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3178 * been used.
3179 */
3180 static int test_evp_reset(int idx)
3181 {
3182 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
3183 int outlen1, outlen2;
3184 int testresult = 0;
3185 unsigned char outbuf[1024];
3186 EVP_CIPHER_CTX *ctx = NULL;
3187 EVP_CIPHER *type = NULL;
3188 char *errmsg = NULL;
3189
3190 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3191 errmsg = "CTX_ALLOC";
3192 goto err;
3193 }
3194 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
3195 errmsg = "CIPHER_FETCH";
3196 goto err;
3197 }
3198 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3199 errmsg = "CIPHER_INIT";
3200 goto err;
3201 }
3202 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3203 errmsg = "PADDING";
3204 goto err;
3205 }
3206 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3207 errmsg = "CIPHER_UPDATE";
3208 goto err;
3209 }
3210 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3211 errmsg = "CIPHER_FINAL";
3212 goto err;
3213 }
3214 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3215 errmsg = "WRONG_RESULT";
3216 goto err;
3217 }
3218 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
3219 errmsg = "CIPHER_REINIT";
3220 goto err;
3221 }
3222 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3223 errmsg = "CIPHER_UPDATE (reinit)";
3224 goto err;
3225 }
3226 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3227 errmsg = "CIPHER_FINAL (reinit)";
3228 goto err;
3229 }
3230 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3231 errmsg = "WRONG_RESULT (reinit)";
3232 goto err;
3233 }
3234 testresult = 1;
3235 err:
3236 if (errmsg != NULL)
3237 TEST_info("test_evp_reset %d: %s", idx, errmsg);
3238 EVP_CIPHER_CTX_free(ctx);
3239 EVP_CIPHER_free(type);
3240 return testresult;
3241 }
3242
3243 typedef struct {
3244 const unsigned char *iv1;
3245 const unsigned char *iv2;
3246 const unsigned char *expected1;
3247 const unsigned char *expected2;
3248 const unsigned char *tag1;
3249 const unsigned char *tag2;
3250 size_t ivlen1;
3251 size_t ivlen2;
3252 size_t expectedlen1;
3253 size_t expectedlen2;
3254 } TEST_GCM_IV_REINIT_st;
3255
3256 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
3257 {
3258 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
3259 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
3260 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
3261 },
3262 {
3263 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
3264 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
3265 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
3266 }
3267 };
3268
3269 static int test_gcm_reinit(int idx)
3270 {
3271 int outlen1, outlen2, outlen3;
3272 int testresult = 0;
3273 unsigned char outbuf[1024];
3274 unsigned char tag[16];
3275 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
3276 EVP_CIPHER_CTX *ctx = NULL;
3277 EVP_CIPHER *type = NULL;
3278 size_t taglen = sizeof(tag);
3279 char *errmsg = NULL;
3280
3281 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3282 errmsg = "CTX_ALLOC";
3283 goto err;
3284 }
3285 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
3286 errmsg = "CIPHER_FETCH";
3287 goto err;
3288 }
3289 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
3290 errmsg = "ENC_INIT";
3291 goto err;
3292 }
3293 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL))) {
3294 errmsg = "SET_IVLEN1";
3295 goto err;
3296 }
3297 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
3298 errmsg = "SET_IV1";
3299 goto err;
3300 }
3301 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3302 errmsg = "AAD1";
3303 goto err;
3304 }
3305 EVP_CIPHER_CTX_set_padding(ctx, 0);
3306 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3307 sizeof(gcmResetPlaintext)))) {
3308 errmsg = "CIPHER_UPDATE1";
3309 goto err;
3310 }
3311 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3312 errmsg = "CIPHER_FINAL1";
3313 goto err;
3314 }
3315 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
3316 errmsg = "WRONG_RESULT1";
3317 goto err;
3318 }
3319 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3320 errmsg = "GET_TAG1";
3321 goto err;
3322 }
3323 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
3324 errmsg = "TAG_ERROR1";
3325 goto err;
3326 }
3327 /* Now reinit */
3328 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL))) {
3329 errmsg = "SET_IVLEN2";
3330 goto err;
3331 }
3332 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
3333 errmsg = "SET_IV2";
3334 goto err;
3335 }
3336 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3337 errmsg = "AAD2";
3338 goto err;
3339 }
3340 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3341 sizeof(gcmResetPlaintext)))) {
3342 errmsg = "CIPHER_UPDATE2";
3343 goto err;
3344 }
3345 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3346 errmsg = "CIPHER_FINAL2";
3347 goto err;
3348 }
3349 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
3350 errmsg = "WRONG_RESULT2";
3351 goto err;
3352 }
3353 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3354 errmsg = "GET_TAG2";
3355 goto err;
3356 }
3357 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
3358 errmsg = "TAG_ERROR2";
3359 goto err;
3360 }
3361 testresult = 1;
3362 err:
3363 if (errmsg != NULL)
3364 TEST_info("evp_init_test %d: %s", idx, errmsg);
3365 EVP_CIPHER_CTX_free(ctx);
3366 EVP_CIPHER_free(type);
3367 return testresult;
3368 }
3369
3370
3371 typedef enum OPTION_choice {
3372 OPT_ERR = -1,
3373 OPT_EOF = 0,
3374 OPT_CONTEXT,
3375 OPT_TEST_ENUM
3376 } OPTION_CHOICE;
3377
3378 const OPTIONS *test_get_options(void)
3379 {
3380 static const OPTIONS options[] = {
3381 OPT_TEST_OPTIONS_DEFAULT_USAGE,
3382 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
3383 { NULL }
3384 };
3385 return options;
3386 }
3387
3388 int setup_tests(void)
3389 {
3390 OPTION_CHOICE o;
3391
3392 while ((o = opt_next()) != OPT_EOF) {
3393 switch (o) {
3394 case OPT_CONTEXT:
3395 /* Set up an alternate library context */
3396 testctx = OSSL_LIB_CTX_new();
3397 if (!TEST_ptr(testctx))
3398 return 0;
3399 /* Swap the libctx to test non-default context only */
3400 nullprov = OSSL_PROVIDER_load(NULL, "null");
3401 deflprov = OSSL_PROVIDER_load(testctx, "default");
3402 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
3403 break;
3404 case OPT_TEST_CASES:
3405 break;
3406 default:
3407 return 0;
3408 }
3409 }
3410
3411 ADD_TEST(test_EVP_set_default_properties);
3412 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
3413 ADD_TEST(test_EVP_DigestVerifyInit);
3414 ADD_TEST(test_EVP_Digest);
3415 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
3416 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
3417 ADD_TEST(test_privatekey_to_pkcs8);
3418 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
3419 #ifndef OPENSSL_NO_EC
3420 ADD_TEST(test_EVP_PKCS82PKEY);
3421 #endif
3422 #ifndef OPENSSL_NO_EC
3423 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
3424 #endif
3425 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
3426 ADD_TEST(test_EVP_SM2);
3427 ADD_TEST(test_EVP_SM2_verify);
3428 #endif
3429 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
3430 #ifndef OPENSSL_NO_DEPRECATED_3_0
3431 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
3432 if (!TEST_ptr(custom_pmeth))
3433 return 0;
3434 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
3435 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
3436 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
3437 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
3438 return 0;
3439 #endif
3440 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
3441 #ifndef OPENSSL_NO_CMAC
3442 ADD_TEST(test_CMAC_keygen);
3443 #endif
3444 ADD_TEST(test_HKDF);
3445 ADD_TEST(test_emptyikm_HKDF);
3446 #ifndef OPENSSL_NO_EC
3447 ADD_TEST(test_X509_PUBKEY_inplace);
3448 ADD_TEST(test_X509_PUBKEY_dup);
3449 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
3450 OSSL_NELEM(ec_der_pub_keys));
3451 #endif
3452 #ifndef OPENSSL_NO_DSA
3453 ADD_TEST(test_DSA_get_set_params);
3454 ADD_TEST(test_DSA_priv_pub);
3455 #endif
3456 ADD_TEST(test_RSA_get_set_params);
3457 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
3458 ADD_TEST(test_decrypt_null_chunks);
3459 #endif
3460 #ifndef OPENSSL_NO_DH
3461 ADD_TEST(test_DH_priv_pub);
3462 # ifndef OPENSSL_NO_DEPRECATED_3_0
3463 ADD_TEST(test_EVP_PKEY_set1_DH);
3464 # endif
3465 #endif
3466 #ifndef OPENSSL_NO_EC
3467 ADD_TEST(test_EC_priv_pub);
3468 # ifndef OPENSSL_NO_DEPRECATED_3_0
3469 ADD_TEST(test_EC_priv_only_legacy);
3470 # endif
3471 #endif
3472 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
3473 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
3474
3475 ADD_TEST(test_rand_agglomeration);
3476 ADD_ALL_TESTS(test_evp_iv_aes, 12);
3477 #ifndef OPENSSL_NO_DES
3478 ADD_ALL_TESTS(test_evp_iv_des, 6);
3479 #endif
3480 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
3481 #ifndef OPENSSL_NO_EC
3482 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
3483 #endif
3484
3485 ADD_TEST(test_names_do_all);
3486
3487 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
3488 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
3489 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
3490
3491 return 1;
3492 }
3493
3494 void cleanup_tests(void)
3495 {
3496 OSSL_PROVIDER_unload(nullprov);
3497 OSSL_PROVIDER_unload(deflprov);
3498 OSSL_PROVIDER_unload(lgcyprov);
3499 OSSL_LIB_CTX_free(testctx);
3500 }
A mirror of the official openssl repository