]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/evp_extra_test.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
seal: make EVP_SealInit() library context aware
[thirdparty/openssl.git] / test / evp_extra_test.c
1 /*
2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include "testutil.h"
34 #include "internal/nelem.h"
35 #include "internal/sizes.h"
36 #include "crypto/evp.h"
37 #include "../e_os.h" /* strcasecmp */
38
39 static OSSL_LIB_CTX *testctx = NULL;
40 static char *testpropq = NULL;
41
42 static OSSL_PROVIDER *nullprov = NULL;
43 static OSSL_PROVIDER *deflprov = NULL;
44 static OSSL_PROVIDER *lgcyprov = NULL;
45
46 /*
47 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
48 * should never use this key anywhere but in an example.
49 */
50 static const unsigned char kExampleRSAKeyDER[] = {
51 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
52 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
53 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
54 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
55 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
56 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
57 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
58 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
59 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
60 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
61 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
62 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
63 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
64 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
65 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
66 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
67 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
68 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
69 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
70 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
71 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
72 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
73 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
74 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
75 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
76 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
77 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
78 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
79 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
80 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
81 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
82 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
83 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
84 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
85 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
86 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
87 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
88 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
89 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
90 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
91 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
92 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
93 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
94 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
95 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
96 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
97 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
98 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
99 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
100 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
101 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
102 };
103
104 /*
105 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
106 * should never use this key anywhere but in an example.
107 */
108 #ifndef OPENSSL_NO_DSA
109 static const unsigned char kExampleDSAKeyDER[] = {
110 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
111 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
112 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
113 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
114 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
115 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
116 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
117 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
118 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
119 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
120 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
121 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
122 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
123 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
124 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
125 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
126 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
127 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
128 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
129 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
130 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
131 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
132 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
133 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
134 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
135 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
136 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
137 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
138 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
139 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
140 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
141 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
142 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
143 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
144 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
145 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
146 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
147 0x40, 0x48
148 };
149 #endif
150
151 /*
152 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
153 * components are not correct.
154 */
155 static const unsigned char kExampleBadRSAKeyDER[] = {
156 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
157 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
158 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
159 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
160 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
161 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
162 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
163 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
164 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
165 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
166 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
167 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
168 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
169 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
170 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
171 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
172 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
173 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
174 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
175 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
176 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
177 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
178 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
179 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
180 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
181 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
182 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
183 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
184 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
185 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
186 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
187 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
188 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
189 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
190 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
191 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
192 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
193 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
194 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
195 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
196 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
197 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
198 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
199 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
200 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
201 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
202 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
203 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
204 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
205 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
206 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
207 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
208 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
209 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
210 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
211 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
212 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
213 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
214 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
215 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
216 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
217 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
218 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
219 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
220 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
221 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
222 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
223 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
224 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
225 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
226 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
227 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
228 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
229 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
230 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
231 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
232 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
233 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
234 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
235 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
236 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
237 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
238 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
239 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
240 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
241 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
242 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
243 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
244 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
245 };
246
247 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
248
249 static const unsigned char kSignature[] = {
250 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
251 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
252 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
253 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
254 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
255 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
256 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
257 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
258 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
259 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
260 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
261 };
262
263 /*
264 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
265 * PrivateKeyInfo.
266 */
267 static const unsigned char kExampleRSAKeyPKCS8[] = {
268 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
269 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
270 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
271 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
272 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
273 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
274 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
275 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
276 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
277 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
278 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
279 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
280 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
281 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
282 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
283 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
284 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
285 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
286 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
287 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
288 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
289 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
290 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
291 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
292 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
293 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
294 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
295 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
296 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
297 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
298 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
299 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
300 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
301 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
302 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
303 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
304 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
305 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
306 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
307 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
308 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
309 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
310 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
311 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
312 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
313 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
314 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
315 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
316 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
317 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
318 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
319 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
320 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
321 };
322
323 #ifndef OPENSSL_NO_EC
324 /*
325 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
326 * structure.
327 */
328 static const unsigned char kExampleECKeyDER[] = {
329 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
330 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
331 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
332 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
333 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
334 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
335 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
336 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
337 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
338 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
339 0xc1,
340 };
341
342 /*
343 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
344 * structure. The private key is equal to the order and will fail to import
345 */
346 static const unsigned char kExampleBadECKeyDER[] = {
347 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
348 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
349 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
350 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
351 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
352 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
353 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
354 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
355 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
356 };
357
358 /* prime256v1 */
359 static const unsigned char kExampleECPubKeyDER[] = {
360 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
361 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
362 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
363 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
364 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
365 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
366 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
367 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
368 };
369
370 /*
371 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
372 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
373 */
374 static const unsigned char kExampleBadECPubKeyDER[] = {
375 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
376 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
377 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
378 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
379 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
380 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
381 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
382 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
383 };
384
385 static const unsigned char pExampleECParamDER[] = {
386 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
387 };
388
389 static const unsigned char kExampleED25519KeyDER[] = {
390 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
391 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
392 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
393 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
394 };
395
396 static const unsigned char kExampleED25519PubKeyDER[] = {
397 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
398 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
399 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
400 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
401 };
402
403 #endif
404
405 typedef struct APK_DATA_st {
406 const unsigned char *kder;
407 size_t size;
408 const char *keytype;
409 int evptype;
410 int check;
411 int pub_check;
412 int param_check;
413 int type; /* 0 for private, 1 for public, 2 for params */
414 } APK_DATA;
415
416 static APK_DATA keydata[] = {
417 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
418 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
419 #ifndef OPENSSL_NO_EC
420 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
421 #endif
422 };
423
424 static APK_DATA keycheckdata[] = {
425 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
426 0},
427 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
428 0, 1, 1, 0},
429 #ifndef OPENSSL_NO_EC
430 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
431 /* group is also associated in our pub key */
432 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
433 1, 1},
434 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
435 2},
436 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
437 EVP_PKEY_ED25519, 1, 1, 1, 0},
438 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
439 EVP_PKEY_ED25519, 0, 1, 1, 1},
440 #endif
441 };
442
443 static EVP_PKEY *load_example_key(const char *keytype,
444 const unsigned char *data, size_t data_len)
445 {
446 const unsigned char **pdata = &data;
447 EVP_PKEY *pkey = NULL;
448 OSSL_DECODER_CTX *dctx =
449 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
450 testctx, testpropq);
451
452 /* |pkey| will be NULL on error */
453 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
454 OSSL_DECODER_CTX_free(dctx);
455 return pkey;
456 }
457
458 static EVP_PKEY *load_example_rsa_key(void)
459 {
460 return load_example_key("RSA", kExampleRSAKeyDER,
461 sizeof(kExampleRSAKeyDER));
462 }
463
464 #ifndef OPENSSL_NO_DSA
465 static EVP_PKEY *load_example_dsa_key(void)
466 {
467 return load_example_key("DSA", kExampleDSAKeyDER,
468 sizeof(kExampleDSAKeyDER));
469 }
470 #endif
471
472 static EVP_PKEY *load_example_hmac_key(void)
473 {
474 EVP_PKEY *pkey = NULL;
475 unsigned char key[] = {
476 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
477 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
478 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
479 };
480
481 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
482 NULL, key, sizeof(key));
483 if (!TEST_ptr(pkey))
484 return NULL;
485
486 return pkey;
487 }
488
489 static int test_EVP_set_default_properties(void)
490 {
491 OSSL_LIB_CTX *ctx;
492 EVP_MD *md = NULL;
493 int res = 0;
494
495 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
496 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
497 goto err;
498 EVP_MD_free(md);
499 md = NULL;
500
501 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
502 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
503 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
504 goto err;
505 EVP_MD_free(md);
506 md = NULL;
507
508 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
509 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
510 goto err;
511 res = 1;
512 err:
513 EVP_MD_free(md);
514 OSSL_LIB_CTX_free(ctx);
515 return res;
516 }
517
518 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
519 static int test_fromdata(char *keytype, OSSL_PARAM *params)
520 {
521 EVP_PKEY_CTX *pctx = NULL;
522 EVP_PKEY *pkey = NULL;
523 int testresult = 0;
524
525 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
526 goto err;
527 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
528 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
529 params), 0))
530 goto err;
531
532 if (!TEST_ptr(pkey))
533 goto err;
534
535 testresult = 1;
536 err:
537 EVP_PKEY_free(pkey);
538 EVP_PKEY_CTX_free(pctx);
539
540 return testresult;
541 }
542 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
543
544 /*
545 * Test combinations of private, public, missing and private + public key
546 * params to ensure they are all accepted
547 */
548 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
549 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
550 {
551 OSSL_PARAM_BLD *bld = NULL;
552 OSSL_PARAM *params = NULL;
553 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
554 int ret = 0;
555
556 /*
557 * Setup the parameters for our pkey object. For our purposes they don't
558 * have to actually be *valid* parameters. We just need to set something.
559 */
560 if (!TEST_ptr(p = BN_new())
561 || !TEST_ptr(q = BN_new())
562 || !TEST_ptr(g = BN_new())
563 || !TEST_ptr(pub = BN_new())
564 || !TEST_ptr(priv = BN_new()))
565 goto err;
566
567 /* Test !priv and !pub */
568 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
569 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
570 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
571 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
572 goto err;
573 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
574 goto err;
575
576 if (!test_fromdata(keytype, params))
577 goto err;
578 OSSL_PARAM_free(params);
579 params = NULL;
580 OSSL_PARAM_BLD_free(bld);
581
582 /* Test priv and !pub */
583 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
584 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
585 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
586 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
587 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
588 priv)))
589 goto err;
590 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
591 goto err;
592
593 if (!test_fromdata(keytype, params))
594 goto err;
595 OSSL_PARAM_free(params);
596 params = NULL;
597 OSSL_PARAM_BLD_free(bld);
598
599 /* Test !priv and pub */
600 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
601 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
602 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
603 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
604 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
605 pub)))
606 goto err;
607 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
608 goto err;
609
610 if (!test_fromdata(keytype, params))
611 goto err;
612 OSSL_PARAM_free(params);
613 params = NULL;
614 OSSL_PARAM_BLD_free(bld);
615
616 /* Test priv and pub */
617 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
618 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
619 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
620 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
621 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
622 pub))
623 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
624 priv)))
625 goto err;
626 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
627 goto err;
628
629 if (!test_fromdata(keytype, params))
630 goto err;
631
632 ret = 1;
633 err:
634 OSSL_PARAM_free(params);
635 OSSL_PARAM_BLD_free(bld);
636 BN_free(p);
637 BN_free(q);
638 BN_free(g);
639 BN_free(pub);
640 BN_free(priv);
641
642 return ret;
643 }
644 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
645
646 /*
647 * Test combinations of private, public, missing and private + public key
648 * params to ensure they are all accepted for EC keys
649 */
650 #ifndef OPENSSL_NO_EC
651 static unsigned char ec_priv[] = {
652 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
653 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
654 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
655 };
656 static unsigned char ec_pub[] = {
657 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
658 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
659 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
660 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
661 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
662 0x08, 0x09, 0xb8, 0xdb, 0x03
663 };
664
665 static int test_EC_priv_pub(void)
666 {
667 OSSL_PARAM_BLD *bld = NULL;
668 OSSL_PARAM *params = NULL;
669 BIGNUM *priv = NULL;
670 int ret = 0;
671
672 /*
673 * Setup the parameters for our pkey object. For our purposes they don't
674 * have to actually be *valid* parameters. We just need to set something.
675 */
676 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
677 goto err;
678
679 /* Test !priv and !pub */
680 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
681 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
682 OSSL_PKEY_PARAM_GROUP_NAME,
683 "P-256", 0)))
684 goto err;
685 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
686 goto err;
687
688 if (!test_fromdata("EC", params))
689 goto err;
690 OSSL_PARAM_free(params);
691 params = NULL;
692 OSSL_PARAM_BLD_free(bld);
693
694 /* Test priv and !pub */
695 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
696 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
697 OSSL_PKEY_PARAM_GROUP_NAME,
698 "P-256", 0))
699 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
700 priv)))
701 goto err;
702 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
703 goto err;
704
705 if (!test_fromdata("EC", params))
706 goto err;
707 OSSL_PARAM_free(params);
708 params = NULL;
709 OSSL_PARAM_BLD_free(bld);
710
711 /* Test !priv and pub */
712 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
713 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
714 OSSL_PKEY_PARAM_GROUP_NAME,
715 "P-256", 0))
716 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
717 OSSL_PKEY_PARAM_PUB_KEY,
718 ec_pub, sizeof(ec_pub))))
719 goto err;
720 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
721 goto err;
722
723 if (!test_fromdata("EC", params))
724 goto err;
725 OSSL_PARAM_free(params);
726 params = NULL;
727 OSSL_PARAM_BLD_free(bld);
728
729 /* Test priv and pub */
730 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
731 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
732 OSSL_PKEY_PARAM_GROUP_NAME,
733 "P-256", 0))
734 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
735 OSSL_PKEY_PARAM_PUB_KEY,
736 ec_pub, sizeof(ec_pub)))
737 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
738 priv)))
739 goto err;
740 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
741 goto err;
742
743 if (!test_fromdata("EC", params))
744 goto err;
745
746 ret = 1;
747 err:
748 OSSL_PARAM_free(params);
749 OSSL_PARAM_BLD_free(bld);
750 BN_free(priv);
751
752 return ret;
753 }
754
755 /* Test that using a legacy EC key with only a private key in it works */
756 # ifndef OPENSSL_NO_DEPRECATED_3_0
757 static int test_EC_priv_only_legacy(void)
758 {
759 BIGNUM *priv = NULL;
760 int ret = 0;
761 EC_KEY *eckey = NULL;
762 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
763 EVP_MD_CTX *ctx = NULL;
764
765 /* Create the low level EC_KEY */
766 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
767 goto err;
768
769 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
770 if (!TEST_ptr(eckey))
771 goto err;
772
773 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
774 goto err;
775
776 pkey = EVP_PKEY_new();
777 if (!TEST_ptr(pkey))
778 goto err;
779
780 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
781 goto err;
782 eckey = NULL;
783
784 while (dup_pk == NULL) {
785 ret = 0;
786 ctx = EVP_MD_CTX_new();
787 if (!TEST_ptr(ctx))
788 goto err;
789
790 /*
791 * The EVP_DigestSignInit function should create the key on the
792 * provider side which is sufficient for this test.
793 */
794 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
795 testpropq, pkey, NULL)))
796 goto err;
797 EVP_MD_CTX_free(ctx);
798 ctx = NULL;
799
800 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
801 goto err;
802 /* EVP_PKEY_eq() returns -2 with missing public keys */
803 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
804 EVP_PKEY_free(pkey);
805 pkey = dup_pk;
806 if (!ret)
807 goto err;
808 }
809
810 err:
811 EVP_MD_CTX_free(ctx);
812 EVP_PKEY_free(pkey);
813 EC_KEY_free(eckey);
814 BN_free(priv);
815
816 return ret;
817 }
818 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
819 #endif /* OPENSSL_NO_EC */
820
821 /*
822 * n = 0 => test using legacy cipher
823 * n = 1 => test using fetched cipher
824 */
825 static int test_EVP_Enveloped(int n)
826 {
827 int ret = 0;
828 EVP_CIPHER_CTX *ctx = NULL;
829 EVP_PKEY *keypair = NULL;
830 unsigned char *kek = NULL;
831 unsigned char iv[EVP_MAX_IV_LENGTH];
832 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
833 int len, kek_len, ciphertext_len, plaintext_len;
834 unsigned char ciphertext[32], plaintext[16];
835 EVP_CIPHER *type = NULL;
836
837 if (nullprov != NULL)
838 return TEST_skip("Test does not support a non-default library context");
839
840 if (n == 0)
841 type = (EVP_CIPHER *)EVP_aes_256_cbc();
842 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
843 testpropq)))
844 goto err;
845
846 if (!TEST_ptr(keypair = load_example_rsa_key())
847 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
848 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
849 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
850 &keypair, 1))
851 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
852 msg, sizeof(msg)))
853 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
854 &len)))
855 goto err;
856
857 ciphertext_len += len;
858
859 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
860 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
861 ciphertext, ciphertext_len))
862 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
863 goto err;
864
865 plaintext_len += len;
866 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
867 goto err;
868
869 ret = 1;
870 err:
871 if (n != 0)
872 EVP_CIPHER_free(type);
873 OPENSSL_free(kek);
874 EVP_PKEY_free(keypair);
875 EVP_CIPHER_CTX_free(ctx);
876 return ret;
877 }
878
879 /*
880 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
881 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
882 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
883 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
884 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
885 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
886 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
887 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
888 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
889 */
890 static int test_EVP_DigestSignInit(int tst)
891 {
892 int ret = 0;
893 EVP_PKEY *pkey = NULL;
894 unsigned char *sig = NULL;
895 size_t sig_len = 0;
896 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
897 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
898 BIO *mdbio = NULL, *membio = NULL;
899 size_t written;
900 const EVP_MD *md;
901 EVP_MD *mdexp = NULL;
902
903 if (nullprov != NULL)
904 return TEST_skip("Test does not support a non-default library context");
905
906 if (tst >= 6) {
907 membio = BIO_new(BIO_s_mem());
908 mdbio = BIO_new(BIO_f_md());
909 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
910 goto out;
911 BIO_push(mdbio, membio);
912 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
913 goto out;
914 } else {
915 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
916 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
917 goto out;
918 }
919
920 if (tst == 0 || tst == 3 || tst == 6) {
921 if (!TEST_ptr(pkey = load_example_rsa_key()))
922 goto out;
923 } else if (tst == 1 || tst == 4 || tst == 7) {
924 #ifndef OPENSSL_NO_DSA
925 if (!TEST_ptr(pkey = load_example_dsa_key()))
926 goto out;
927 #else
928 ret = 1;
929 goto out;
930 #endif
931 } else {
932 if (!TEST_ptr(pkey = load_example_hmac_key()))
933 goto out;
934 }
935
936 if (tst >= 3 && tst <= 5)
937 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
938 else
939 md = EVP_sha256();
940
941 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
942 goto out;
943
944 if (tst >= 6) {
945 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
946 goto out;
947 } else {
948 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
949 goto out;
950 }
951
952 /* Determine the size of the signature. */
953 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
954 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
955 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
956 goto out;
957
958 if (tst >= 6) {
959 if (!TEST_int_gt(BIO_reset(mdbio), 0)
960 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
961 goto out;
962 }
963
964 /*
965 * Ensure that the signature round-trips (Verification isn't supported for
966 * HMAC via EVP_DigestVerify*)
967 */
968 if (tst != 2 && tst != 5 && tst != 8) {
969 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
970 NULL, pkey)))
971 goto out;
972
973 if (tst >= 6) {
974 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
975 goto out;
976 } else {
977 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
978 sizeof(kMsg))))
979 goto out;
980 }
981 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
982 goto out;
983 }
984
985 ret = 1;
986
987 out:
988 BIO_free(membio);
989 BIO_free(mdbio);
990 EVP_MD_CTX_free(a_md_ctx);
991 EVP_MD_CTX_free(a_md_ctx_verify);
992 EVP_PKEY_free(pkey);
993 OPENSSL_free(sig);
994 EVP_MD_free(mdexp);
995
996 return ret;
997 }
998
999 static int test_EVP_DigestVerifyInit(void)
1000 {
1001 int ret = 0;
1002 EVP_PKEY *pkey = NULL;
1003 EVP_MD_CTX *md_ctx = NULL;
1004
1005 if (nullprov != NULL)
1006 return TEST_skip("Test does not support a non-default library context");
1007
1008 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1009 || !TEST_ptr(pkey = load_example_rsa_key()))
1010 goto out;
1011
1012 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1013 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1014 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
1015 sizeof(kSignature))))
1016 goto out;
1017 ret = 1;
1018
1019 out:
1020 EVP_MD_CTX_free(md_ctx);
1021 EVP_PKEY_free(pkey);
1022 return ret;
1023 }
1024
1025 /*
1026 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1027 */
1028 static int test_EVP_Digest(void)
1029 {
1030 int ret = 0;
1031 EVP_MD_CTX *md_ctx = NULL;
1032 unsigned char md[EVP_MAX_MD_SIZE];
1033 EVP_MD *sha256 = NULL;
1034 EVP_MD *shake256 = NULL;
1035
1036 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1037 goto out;
1038
1039 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1040 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1041 goto out;
1042
1043 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1044 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1045 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1046 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1047 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1048 goto out;
1049
1050 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1051 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1052 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1053 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1054 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1055 /*
1056 * EVP_DigestInit_ex with NULL type should work on
1057 * pre-initialized context.
1058 */
1059 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1060 goto out;
1061
1062 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1063 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1064 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1065 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1066 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1067 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1068 goto out;
1069 ret = 1;
1070
1071 out:
1072 EVP_MD_CTX_free(md_ctx);
1073 EVP_MD_free(sha256);
1074 EVP_MD_free(shake256);
1075 return ret;
1076 }
1077
1078 static int test_d2i_AutoPrivateKey(int i)
1079 {
1080 int ret = 0;
1081 const unsigned char *p;
1082 EVP_PKEY *pkey = NULL;
1083 const APK_DATA *ak = &keydata[i];
1084 const unsigned char *input = ak->kder;
1085 size_t input_len = ak->size;
1086 int expected_id = ak->evptype;
1087
1088 p = input;
1089 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1090 || !TEST_ptr_eq(p, input + input_len)
1091 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1092 goto done;
1093
1094 ret = 1;
1095
1096 done:
1097 EVP_PKEY_free(pkey);
1098 return ret;
1099 }
1100
1101 #ifndef OPENSSL_NO_EC
1102
1103 static const unsigned char ec_public_sect163k1_validxy[] = {
1104 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1105 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1106 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1107 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1108 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1109 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1110 };
1111
1112 static const unsigned char ec_public_sect163k1_badx[] = {
1113 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1114 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1115 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1116 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1117 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1118 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1119 };
1120
1121 static const unsigned char ec_public_sect163k1_bady[] = {
1122 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1123 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1124 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1125 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1126 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1127 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1128 };
1129
1130 static struct ec_der_pub_keys_st {
1131 const unsigned char *der;
1132 size_t len;
1133 int valid;
1134 } ec_der_pub_keys[] = {
1135 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1136 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1137 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1138 };
1139
1140 /*
1141 * Tests the range of the decoded EC char2 public point.
1142 * See ec_GF2m_simple_oct2point().
1143 */
1144 static int test_invalide_ec_char2_pub_range_decode(int id)
1145 {
1146 int ret = 0;
1147 EVP_PKEY *pkey;
1148
1149 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1150 ec_der_pub_keys[id].len);
1151
1152 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1153 || TEST_ptr_null(pkey);
1154 EVP_PKEY_free(pkey);
1155 return ret;
1156 }
1157
1158 /* Tests loading a bad key in PKCS8 format */
1159 static int test_EVP_PKCS82PKEY(void)
1160 {
1161 int ret = 0;
1162 const unsigned char *derp = kExampleBadECKeyDER;
1163 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1164 EVP_PKEY *pkey = NULL;
1165
1166 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1167 sizeof(kExampleBadECKeyDER))))
1168 goto done;
1169
1170 if (!TEST_ptr_eq(derp,
1171 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1172 goto done;
1173
1174 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1175 goto done;
1176
1177 ret = 1;
1178
1179 done:
1180 PKCS8_PRIV_KEY_INFO_free(p8inf);
1181 EVP_PKEY_free(pkey);
1182
1183 return ret;
1184 }
1185
1186 #endif
1187 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1188 {
1189 EVP_PKEY *pkey = NULL;
1190 EVP_PKEY *pkey2 = NULL;
1191 BIO *membio = NULL;
1192 char *membuf = NULL;
1193 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1194 int ok = 0;
1195
1196 if (testctx != NULL)
1197 /* test not supported with non-default context */
1198 return 1;
1199
1200 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1201 || !TEST_ptr(pkey = load_example_rsa_key())
1202 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1203 NULL, 0, NULL, NULL),
1204 0)
1205 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1206 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1207 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
1208 || !TEST_int_eq(ERR_get_error(), 0)) {
1209 goto done;
1210 }
1211
1212 ok = 1;
1213 done:
1214 EVP_PKEY_free(pkey);
1215 EVP_PKEY_free(pkey2);
1216 PKCS8_PRIV_KEY_INFO_free(p8inf);
1217 BIO_free_all(membio);
1218 return ok;
1219 }
1220
1221 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1222 static int test_privatekey_to_pkcs8(void)
1223 {
1224 EVP_PKEY *pkey = NULL;
1225 BIO *membio = NULL;
1226 char *membuf = NULL;
1227 long membuf_len = 0;
1228 int ok = 0;
1229
1230 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1231 || !TEST_ptr(pkey = load_example_rsa_key())
1232 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1233 NULL, 0, NULL, NULL),
1234 0)
1235 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1236 || !TEST_ptr(membuf)
1237 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1238 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1239 /*
1240 * We try to write PEM as well, just to see that it doesn't err, but
1241 * assume that the result is correct.
1242 */
1243 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1244 NULL, 0, NULL, NULL),
1245 0))
1246 goto done;
1247
1248 ok = 1;
1249 done:
1250 EVP_PKEY_free(pkey);
1251 BIO_free_all(membio);
1252 return ok;
1253 }
1254
1255 #ifndef OPENSSL_NO_EC
1256 static const struct {
1257 int encoding;
1258 const char *encoding_name;
1259 } ec_encodings[] = {
1260 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1261 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1262 };
1263
1264 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1265 {
1266 const OSSL_PARAM *p;
1267 const char *enc_name = NULL;
1268 int *enc = arg;
1269 size_t i;
1270
1271 *enc = -1;
1272
1273 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1274 OSSL_PKEY_PARAM_EC_ENCODING))
1275 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1276 return 0;
1277
1278 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1279 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1280 *enc = ec_encodings[i].encoding;
1281 break;
1282 }
1283 }
1284
1285 return (*enc != -1);
1286 }
1287
1288 static int test_EC_keygen_with_enc(int idx)
1289 {
1290 EVP_PKEY *params = NULL, *key = NULL;
1291 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1292 int enc;
1293 int ret = 0;
1294
1295 enc = ec_encodings[idx].encoding;
1296
1297 /* Create key parameters */
1298 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1299 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
1300 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
1301 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1302 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
1303 || !TEST_ptr(params))
1304 goto done;
1305
1306 /* Create key */
1307 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1308 || !TEST_true(EVP_PKEY_keygen_init(kctx))
1309 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1310 || !TEST_ptr(key))
1311 goto done;
1312
1313 /* Check that the encoding got all the way into the key */
1314 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1315 ec_export_get_encoding_cb, &enc))
1316 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1317 goto done;
1318
1319 ret = 1;
1320 done:
1321 EVP_PKEY_free(key);
1322 EVP_PKEY_free(params);
1323 EVP_PKEY_CTX_free(kctx);
1324 EVP_PKEY_CTX_free(pctx);
1325 return ret;
1326 }
1327 #endif
1328
1329 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1330
1331 static int test_EVP_SM2_verify(void)
1332 {
1333 const char *pubkey =
1334 "-----BEGIN PUBLIC KEY-----\n"
1335 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1336 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1337 "-----END PUBLIC KEY-----\n";
1338
1339 const char *msg = "message digest";
1340 const char *id = "ALICE123@YAHOO.COM";
1341
1342 const uint8_t signature[] = {
1343 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1344 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1345 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1346 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1347 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1348 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1349 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1350 };
1351
1352 int rc = 0;
1353 BIO *bio = NULL;
1354 EVP_PKEY *pkey = NULL;
1355 EVP_MD_CTX *mctx = NULL;
1356 EVP_PKEY_CTX *pctx = NULL;
1357 EVP_MD *sm3 = NULL;
1358
1359 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1360 if (!TEST_true(bio != NULL))
1361 goto done;
1362
1363 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
1364 if (!TEST_true(pkey != NULL))
1365 goto done;
1366
1367 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1368 goto done;
1369
1370 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1371 goto done;
1372
1373 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1374 goto done;
1375
1376 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1377
1378 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1379 goto done;
1380
1381 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
1382 goto done;
1383
1384 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1385 goto done;
1386
1387 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1388 goto done;
1389
1390 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
1391 goto done;
1392 rc = 1;
1393
1394 done:
1395 BIO_free(bio);
1396 EVP_PKEY_free(pkey);
1397 EVP_PKEY_CTX_free(pctx);
1398 EVP_MD_CTX_free(mctx);
1399 EVP_MD_free(sm3);
1400 return rc;
1401 }
1402
1403 static int test_EVP_SM2(void)
1404 {
1405 int ret = 0;
1406 EVP_PKEY *pkey = NULL;
1407 EVP_PKEY *pkeyparams = NULL;
1408 EVP_PKEY_CTX *pctx = NULL;
1409 EVP_PKEY_CTX *kctx = NULL;
1410 EVP_PKEY_CTX *sctx = NULL;
1411 size_t sig_len = 0;
1412 unsigned char *sig = NULL;
1413 EVP_MD_CTX *md_ctx = NULL;
1414 EVP_MD_CTX *md_ctx_verify = NULL;
1415 EVP_PKEY_CTX *cctx = NULL;
1416 EVP_MD *check_md = NULL;
1417
1418 uint8_t ciphertext[128];
1419 size_t ctext_len = sizeof(ciphertext);
1420
1421 uint8_t plaintext[8];
1422 size_t ptext_len = sizeof(plaintext);
1423
1424 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1425
1426 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1427 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1428 int i;
1429 char mdname[OSSL_MAX_NAME_SIZE];
1430
1431 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
1432 "SM2", testpropq)))
1433 goto done;
1434
1435 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1436 goto done;
1437
1438 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1439 goto done;
1440
1441 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1442 goto done;
1443
1444 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1445 pkeyparams, testpropq)))
1446 goto done;
1447
1448 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1449 goto done;
1450
1451 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1452 goto done;
1453
1454 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1455 goto done;
1456
1457 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1458 goto done;
1459
1460 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1461 goto done;
1462
1463 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1464 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1465
1466 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
1467 goto done;
1468
1469 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
1470 goto done;
1471
1472 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1473 goto done;
1474
1475 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1476 goto done;
1477
1478 /* Determine the size of the signature. */
1479 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1480 goto done;
1481
1482 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1483 goto done;
1484
1485 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1486 goto done;
1487
1488 /* Ensure that the signature round-trips. */
1489
1490 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1491 pkey)))
1492 goto done;
1493
1494 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1495 goto done;
1496
1497 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1498 goto done;
1499
1500 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1501 goto done;
1502
1503 /* now check encryption/decryption */
1504
1505 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1506 mdname, sizeof(mdname));
1507 for (i = 0; i < 2; i++) {
1508 const char *mdnames[] = {
1509 #ifndef OPENSSL_NO_SM3
1510 "SM3",
1511 #else
1512 NULL,
1513 #endif
1514 "SHA2-256" };
1515 EVP_PKEY_CTX_free(cctx);
1516
1517 if (mdnames[i] == NULL)
1518 continue;
1519
1520 sparams[0] =
1521 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1522 (char *)mdnames[i], 0);
1523
1524 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1525 pkey, testpropq)))
1526 goto done;
1527
1528 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1529 goto done;
1530
1531 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1532 goto done;
1533
1534 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1535 sizeof(kMsg))))
1536 goto done;
1537
1538 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1539 goto done;
1540
1541 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1542 goto done;
1543
1544 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1545 ctext_len)))
1546 goto done;
1547
1548 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1549 goto done;
1550
1551 /*
1552 * Test we're still using the digest we think we are.
1553 * Because of aliases, the easiest is to fetch the digest and
1554 * check the name with EVP_MD_is_a().
1555 */
1556 EVP_MD_free(check_md);
1557 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
1558 goto done;
1559 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
1560 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
1561 goto done;
1562 }
1563
1564 if (!TEST_true(ptext_len == sizeof(kMsg)))
1565 goto done;
1566
1567 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1568 goto done;
1569 }
1570
1571 ret = 1;
1572 done:
1573 EVP_PKEY_CTX_free(pctx);
1574 EVP_PKEY_CTX_free(kctx);
1575 EVP_PKEY_CTX_free(sctx);
1576 EVP_PKEY_CTX_free(cctx);
1577 EVP_PKEY_free(pkey);
1578 EVP_PKEY_free(pkeyparams);
1579 EVP_MD_CTX_free(md_ctx);
1580 EVP_MD_CTX_free(md_ctx_verify);
1581 EVP_MD_free(check_md);
1582 OPENSSL_free(sig);
1583 return ret;
1584 }
1585
1586 #endif
1587
1588 static struct keys_st {
1589 int type;
1590 char *priv;
1591 char *pub;
1592 } keys[] = {
1593 {
1594 EVP_PKEY_HMAC, "0123456789", NULL
1595 #ifndef OPENSSL_NO_POLY1305
1596 }, {
1597 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1598 #endif
1599 #ifndef OPENSSL_NO_SIPHASH
1600 }, {
1601 EVP_PKEY_SIPHASH, "0123456789012345", NULL
1602 #endif
1603 },
1604 #ifndef OPENSSL_NO_EC
1605 {
1606 EVP_PKEY_X25519, "01234567890123456789012345678901",
1607 "abcdefghijklmnopqrstuvwxyzabcdef"
1608 }, {
1609 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1610 "abcdefghijklmnopqrstuvwxyzabcdef"
1611 }, {
1612 EVP_PKEY_X448,
1613 "01234567890123456789012345678901234567890123456789012345",
1614 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1615 }, {
1616 EVP_PKEY_ED448,
1617 "012345678901234567890123456789012345678901234567890123456",
1618 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1619 }
1620 #endif
1621 };
1622
1623 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
1624 {
1625 int ret = 0;
1626 unsigned char buf[80];
1627 unsigned char *in;
1628 size_t inlen, len = 0;
1629 EVP_PKEY *pkey;
1630
1631 /* Check if this algorithm supports public keys */
1632 if (pub && keys[tst].pub == NULL)
1633 return 1;
1634
1635 memset(buf, 0, sizeof(buf));
1636
1637 if (pub) {
1638 #ifndef OPENSSL_NO_EC
1639 inlen = strlen(keys[tst].pub);
1640 in = (unsigned char *)keys[tst].pub;
1641 if (uselibctx) {
1642 pkey = EVP_PKEY_new_raw_public_key_ex(
1643 testctx,
1644 OBJ_nid2sn(keys[tst].type),
1645 NULL,
1646 in,
1647 inlen);
1648 } else {
1649 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1650 NULL,
1651 in,
1652 inlen);
1653 }
1654 #else
1655 return 1;
1656 #endif
1657 } else {
1658 inlen = strlen(keys[tst].priv);
1659 in = (unsigned char *)keys[tst].priv;
1660 if (uselibctx) {
1661 pkey = EVP_PKEY_new_raw_private_key_ex(
1662 testctx, OBJ_nid2sn(keys[tst].type),
1663 NULL,
1664 in,
1665 inlen);
1666 } else {
1667 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1668 NULL,
1669 in,
1670 inlen);
1671 }
1672 }
1673
1674 if (!TEST_ptr(pkey)
1675 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
1676 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1677 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1678 || !TEST_true(len == inlen)
1679 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1680 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1681 || !TEST_mem_eq(in, inlen, buf, len))
1682 goto done;
1683
1684 ret = 1;
1685 done:
1686 EVP_PKEY_free(pkey);
1687 return ret;
1688 }
1689
1690 static int test_set_get_raw_keys(int tst)
1691 {
1692 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
1693 && test_set_get_raw_keys_int(tst, 0, 1)
1694 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
1695 && test_set_get_raw_keys_int(tst, 1, 1);
1696 }
1697
1698 #ifndef OPENSSL_NO_DEPRECATED_3_0
1699 static int pkey_custom_check(EVP_PKEY *pkey)
1700 {
1701 return 0xbeef;
1702 }
1703
1704 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1705 {
1706 return 0xbeef;
1707 }
1708
1709 static int pkey_custom_param_check(EVP_PKEY *pkey)
1710 {
1711 return 0xbeef;
1712 }
1713
1714 static EVP_PKEY_METHOD *custom_pmeth;
1715 #endif
1716
1717 static int test_EVP_PKEY_check(int i)
1718 {
1719 int ret = 0;
1720 EVP_PKEY *pkey = NULL;
1721 EVP_PKEY_CTX *ctx = NULL;
1722 #ifndef OPENSSL_NO_DEPRECATED_3_0
1723 EVP_PKEY_CTX *ctx2 = NULL;
1724 #endif
1725 const APK_DATA *ak = &keycheckdata[i];
1726 const unsigned char *input = ak->kder;
1727 size_t input_len = ak->size;
1728 int expected_id = ak->evptype;
1729 int expected_check = ak->check;
1730 int expected_pub_check = ak->pub_check;
1731 int expected_param_check = ak->param_check;
1732 int type = ak->type;
1733
1734 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
1735 goto done;
1736 if (type == 0
1737 && !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1738 goto done;
1739
1740 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1741 goto done;
1742
1743 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1744 goto done;
1745
1746 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1747 goto done;
1748
1749 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1750 goto done;
1751
1752 #ifndef OPENSSL_NO_DEPRECATED_3_0
1753 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1754 /* assign the pkey directly, as an internal test */
1755 EVP_PKEY_up_ref(pkey);
1756 ctx2->pkey = pkey;
1757
1758 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1759 goto done;
1760
1761 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1762 goto done;
1763
1764 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1765 goto done;
1766 #endif
1767
1768 ret = 1;
1769
1770 done:
1771 EVP_PKEY_CTX_free(ctx);
1772 #ifndef OPENSSL_NO_DEPRECATED_3_0
1773 EVP_PKEY_CTX_free(ctx2);
1774 #endif
1775 EVP_PKEY_free(pkey);
1776 return ret;
1777 }
1778
1779 #ifndef OPENSSL_NO_CMAC
1780 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
1781 {
1782 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
1783 const char msg[] = "Hello World";
1784 size_t maclen;
1785 int ret = 1;
1786
1787 if (!TEST_ptr(mdctx)
1788 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
1789 testpropq, pkey, NULL))
1790 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
1791 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
1792 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
1793 ret = 0;
1794
1795 EVP_MD_CTX_free(mdctx);
1796
1797 return ret;
1798 }
1799 static int test_CMAC_keygen(void)
1800 {
1801 static unsigned char key[] = {
1802 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1803 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1804 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1805 };
1806 EVP_PKEY_CTX *kctx = NULL;
1807 int ret = 0;
1808 EVP_PKEY *pkey = NULL;
1809 unsigned char mac[AES_BLOCK_SIZE];
1810 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1811 unsigned char mac2[AES_BLOCK_SIZE];
1812 # endif
1813
1814 if (nullprov != NULL)
1815 return TEST_skip("Test does not support a non-default library context");
1816
1817 /*
1818 * This is a legacy method for CMACs, but should still work.
1819 * This verifies that it works without an ENGINE.
1820 */
1821 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
1822
1823 /* Test a CMAC key created using the "generated" method */
1824 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1825 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1826 EVP_PKEY_CTRL_CIPHER,
1827 0, (void *)EVP_aes_256_ecb()), 0)
1828 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1829 EVP_PKEY_CTRL_SET_MAC_KEY,
1830 sizeof(key), (void *)key), 0)
1831 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
1832 || !TEST_ptr(pkey)
1833 || !TEST_true(get_cmac_val(pkey, mac)))
1834 goto done;
1835
1836 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1837 EVP_PKEY_free(pkey);
1838
1839 /*
1840 * Test a CMAC key using the direct method, and compare with the mac
1841 * created above.
1842 */
1843 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
1844 if (!TEST_ptr(pkey)
1845 || !TEST_true(get_cmac_val(pkey, mac2))
1846 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
1847 goto done;
1848 # endif
1849
1850 ret = 1;
1851
1852 done:
1853 EVP_PKEY_free(pkey);
1854 EVP_PKEY_CTX_free(kctx);
1855 return ret;
1856 }
1857 #endif
1858
1859 static int test_HKDF(void)
1860 {
1861 EVP_PKEY_CTX *pctx;
1862 unsigned char out[20];
1863 size_t outlen;
1864 int i, ret = 0;
1865 unsigned char salt[] = "0123456789";
1866 unsigned char key[] = "012345678901234567890123456789";
1867 unsigned char info[] = "infostring";
1868 const unsigned char expected[] = {
1869 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1870 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1871 };
1872 size_t expectedlen = sizeof(expected);
1873
1874 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
1875 goto done;
1876
1877 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1878 for (i = 0; i < 2; i++) {
1879 outlen = sizeof(out);
1880 memset(out, 0, outlen);
1881
1882 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1883 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1884 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1885 sizeof(salt) - 1), 0)
1886 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1887 sizeof(key) - 1), 0)
1888 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1889 sizeof(info) - 1), 0)
1890 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1891 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1892 goto done;
1893 }
1894
1895 ret = 1;
1896
1897 done:
1898 EVP_PKEY_CTX_free(pctx);
1899
1900 return ret;
1901 }
1902
1903 static int test_emptyikm_HKDF(void)
1904 {
1905 EVP_PKEY_CTX *pctx;
1906 unsigned char out[20];
1907 size_t outlen;
1908 int ret = 0;
1909 unsigned char salt[] = "9876543210";
1910 unsigned char key[] = "";
1911 unsigned char info[] = "stringinfo";
1912 const unsigned char expected[] = {
1913 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
1914 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
1915 };
1916 size_t expectedlen = sizeof(expected);
1917
1918 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
1919 goto done;
1920
1921 outlen = sizeof(out);
1922 memset(out, 0, outlen);
1923
1924 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1925 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1926 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1927 sizeof(salt) - 1), 0)
1928 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1929 sizeof(key) - 1), 0)
1930 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1931 sizeof(info) - 1), 0)
1932 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1933 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1934 goto done;
1935
1936 ret = 1;
1937
1938 done:
1939 EVP_PKEY_CTX_free(pctx);
1940
1941 return ret;
1942 }
1943
1944 #ifndef OPENSSL_NO_EC
1945 static int test_X509_PUBKEY_inplace(void)
1946 {
1947 int ret = 0;
1948 X509_PUBKEY *xp = NULL;
1949 const unsigned char *p = kExampleECPubKeyDER;
1950 size_t input_len = sizeof(kExampleECPubKeyDER);
1951
1952 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1953 goto done;
1954
1955 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1956 goto done;
1957
1958 p = kExampleBadECPubKeyDER;
1959 input_len = sizeof(kExampleBadECPubKeyDER);
1960
1961 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1962 goto done;
1963
1964 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1965 goto done;
1966
1967 ret = 1;
1968
1969 done:
1970 X509_PUBKEY_free(xp);
1971 return ret;
1972 }
1973
1974 static int test_X509_PUBKEY_dup(void)
1975 {
1976 int ret = 0;
1977 X509_PUBKEY *xp = NULL, *xq = NULL;
1978 const unsigned char *p = kExampleECPubKeyDER;
1979 size_t input_len = sizeof(kExampleECPubKeyDER);
1980
1981 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len))
1982 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
1983 || !TEST_ptr_ne(xp, xq))
1984 goto done;
1985
1986 if (!TEST_ptr(X509_PUBKEY_get0(xq))
1987 || !TEST_ptr(X509_PUBKEY_get0(xp))
1988 || !TEST_ptr_eq(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
1989 goto done;
1990
1991 X509_PUBKEY_free(xq);
1992 xq = NULL;
1993 p = kExampleBadECPubKeyDER;
1994 input_len = sizeof(kExampleBadECPubKeyDER);
1995
1996 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
1997 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
1998 goto done;
1999
2000 X509_PUBKEY_free(xp);
2001 xp = NULL;
2002 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2003 goto done;
2004
2005 ret = 1;
2006
2007 done:
2008 X509_PUBKEY_free(xp);
2009 X509_PUBKEY_free(xq);
2010 return ret;
2011 }
2012 #endif /* OPENSSL_NO_EC */
2013
2014 /* Test getting and setting parameters on an EVP_PKEY_CTX */
2015 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
2016 {
2017 EVP_MD_CTX *mdctx = NULL;
2018 EVP_PKEY_CTX *ctx = NULL;
2019 const OSSL_PARAM *params;
2020 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
2021 int ret = 0;
2022 const EVP_MD *md;
2023 char mdname[OSSL_MAX_NAME_SIZE];
2024 char ssl3ms[48];
2025
2026 /* Initialise a sign operation */
2027 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
2028 if (!TEST_ptr(ctx)
2029 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
2030 goto err;
2031
2032 /*
2033 * We should be able to query the parameters now.
2034 */
2035 params = EVP_PKEY_CTX_settable_params(ctx);
2036 if (!TEST_ptr(params)
2037 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2038 OSSL_SIGNATURE_PARAM_DIGEST)))
2039 goto err;
2040
2041 params = EVP_PKEY_CTX_gettable_params(ctx);
2042 if (!TEST_ptr(params)
2043 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2044 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
2045 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2046 OSSL_SIGNATURE_PARAM_DIGEST)))
2047 goto err;
2048
2049 /*
2050 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2051 * EVP_PKEY_CTX_get_params()
2052 */
2053 strcpy(mdname, "SHA512");
2054 param_md = param;
2055 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2056 mdname, 0);
2057 *param++ = OSSL_PARAM_construct_end();
2058
2059 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2060 goto err;
2061
2062 mdname[0] = '\0';
2063 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2064 mdname, sizeof(mdname));
2065 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
2066 || !TEST_str_eq(mdname, "SHA512"))
2067 goto err;
2068
2069 /*
2070 * Test the TEST_PKEY_CTX_set_signature_md() and
2071 * TEST_PKEY_CTX_get_signature_md() functions
2072 */
2073 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2074 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2075 || !TEST_ptr_eq(md, EVP_sha256()))
2076 goto err;
2077
2078 /*
2079 * Test getting MD parameters via an associated EVP_PKEY_CTX
2080 */
2081 mdctx = EVP_MD_CTX_new();
2082 if (!TEST_ptr(mdctx)
2083 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2084 pkey, NULL)))
2085 goto err;
2086
2087 /*
2088 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2089 * able to obtain the digest's settable parameters from the provider.
2090 */
2091 params = EVP_MD_CTX_settable_params(mdctx);
2092 if (!TEST_ptr(params)
2093 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2094 /* The final key should be NULL */
2095 || !TEST_ptr_null(params[1].key))
2096 goto err;
2097
2098 param = ourparams;
2099 memset(ssl3ms, 0, sizeof(ssl3ms));
2100 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2101 ssl3ms, sizeof(ssl3ms));
2102 *param++ = OSSL_PARAM_construct_end();
2103
2104 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2105 goto err;
2106
2107 ret = 1;
2108
2109 err:
2110 EVP_MD_CTX_free(mdctx);
2111 EVP_PKEY_CTX_free(ctx);
2112
2113 return ret;
2114 }
2115
2116 #ifndef OPENSSL_NO_DSA
2117 static int test_DSA_get_set_params(void)
2118 {
2119 OSSL_PARAM_BLD *bld = NULL;
2120 OSSL_PARAM *params = NULL;
2121 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2122 EVP_PKEY_CTX *pctx = NULL;
2123 EVP_PKEY *pkey = NULL;
2124 int ret = 0;
2125
2126 /*
2127 * Setup the parameters for our DSA object. For our purposes they don't
2128 * have to actually be *valid* parameters. We just need to set something.
2129 */
2130 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2131 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2132 || !TEST_ptr(p = BN_new())
2133 || !TEST_ptr(q = BN_new())
2134 || !TEST_ptr(g = BN_new())
2135 || !TEST_ptr(pub = BN_new())
2136 || !TEST_ptr(priv = BN_new()))
2137 goto err;
2138 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2139 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2140 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2141 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2142 pub))
2143 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2144 priv)))
2145 goto err;
2146 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2147 goto err;
2148
2149 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2150 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2151 params), 0))
2152 goto err;
2153
2154 if (!TEST_ptr(pkey))
2155 goto err;
2156
2157 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2158
2159 err:
2160 EVP_PKEY_free(pkey);
2161 EVP_PKEY_CTX_free(pctx);
2162 OSSL_PARAM_free(params);
2163 OSSL_PARAM_BLD_free(bld);
2164 BN_free(p);
2165 BN_free(q);
2166 BN_free(g);
2167 BN_free(pub);
2168 BN_free(priv);
2169
2170 return ret;
2171 }
2172
2173 /*
2174 * Test combinations of private, public, missing and private + public key
2175 * params to ensure they are all accepted
2176 */
2177 static int test_DSA_priv_pub(void)
2178 {
2179 return test_EVP_PKEY_ffc_priv_pub("DSA");
2180 }
2181
2182 #endif /* !OPENSSL_NO_DSA */
2183
2184 static int test_RSA_get_set_params(void)
2185 {
2186 OSSL_PARAM_BLD *bld = NULL;
2187 OSSL_PARAM *params = NULL;
2188 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2189 EVP_PKEY_CTX *pctx = NULL;
2190 EVP_PKEY *pkey = NULL;
2191 int ret = 0;
2192
2193 /*
2194 * Setup the parameters for our RSA object. For our purposes they don't
2195 * have to actually be *valid* parameters. We just need to set something.
2196 */
2197 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2198 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2199 || !TEST_ptr(n = BN_new())
2200 || !TEST_ptr(e = BN_new())
2201 || !TEST_ptr(d = BN_new()))
2202 goto err;
2203 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2204 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2205 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2206 goto err;
2207 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2208 goto err;
2209
2210 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2211 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2212 params), 0))
2213 goto err;
2214
2215 if (!TEST_ptr(pkey))
2216 goto err;
2217
2218 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2219
2220 err:
2221 EVP_PKEY_free(pkey);
2222 EVP_PKEY_CTX_free(pctx);
2223 OSSL_PARAM_free(params);
2224 OSSL_PARAM_BLD_free(bld);
2225 BN_free(n);
2226 BN_free(e);
2227 BN_free(d);
2228
2229 return ret;
2230 }
2231
2232 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2233 static int test_decrypt_null_chunks(void)
2234 {
2235 EVP_CIPHER_CTX* ctx = NULL;
2236 EVP_CIPHER *cipher = NULL;
2237 const unsigned char key[32] = {
2238 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2239 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2240 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2241 };
2242 unsigned char iv[12] = {
2243 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2244 };
2245 unsigned char msg[] = "It was the best of times, it was the worst of times";
2246 unsigned char ciphertext[80];
2247 unsigned char plaintext[80];
2248 /* We initialise tmp to a non zero value on purpose */
2249 int ctlen, ptlen, tmp = 99;
2250 int ret = 0;
2251 const int enc_offset = 10, dec_offset = 20;
2252
2253 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2254 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2255 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
2256 key, iv))
2257 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2258 enc_offset))
2259 /* Deliberate add a zero length update */
2260 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2261 0))
2262 || !TEST_int_eq(tmp, 0)
2263 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2264 msg + enc_offset,
2265 sizeof(msg) - enc_offset))
2266 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2267 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2268 || !TEST_int_eq(tmp, 0))
2269 goto err;
2270
2271 /* Deliberately initialise tmp to a non zero value */
2272 tmp = 99;
2273 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
2274 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2275 dec_offset))
2276 /*
2277 * Deliberately add a zero length update. We also deliberately do
2278 * this at a different offset than for encryption.
2279 */
2280 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2281 0))
2282 || !TEST_int_eq(tmp, 0)
2283 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2284 ciphertext + dec_offset,
2285 ctlen - dec_offset))
2286 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2287 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2288 || !TEST_int_eq(tmp, 0)
2289 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2290 goto err;
2291
2292 ret = 1;
2293 err:
2294 EVP_CIPHER_CTX_free(ctx);
2295 EVP_CIPHER_free(cipher);
2296 return ret;
2297 }
2298 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2299
2300 #ifndef OPENSSL_NO_DH
2301 /*
2302 * Test combinations of private, public, missing and private + public key
2303 * params to ensure they are all accepted
2304 */
2305 static int test_DH_priv_pub(void)
2306 {
2307 return test_EVP_PKEY_ffc_priv_pub("DH");
2308 }
2309
2310 # ifndef OPENSSL_NO_DEPRECATED_3_0
2311 static int test_EVP_PKEY_set1_DH(void)
2312 {
2313 DH *x942dh = NULL, *noqdh = NULL;
2314 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
2315 int ret = 0;
2316 BIGNUM *p, *g = NULL;
2317
2318 if (!TEST_ptr(p = BN_new())
2319 || !TEST_ptr(g = BN_new())
2320 || !BN_set_word(p, 9999)
2321 || !BN_set_word(g, 2)
2322 || !TEST_ptr(noqdh = DH_new())
2323 || !DH_set0_pqg(noqdh, p, NULL, g))
2324 goto err;
2325 p = g = NULL;
2326
2327 x942dh = DH_get_2048_256();
2328 pkey1 = EVP_PKEY_new();
2329 pkey2 = EVP_PKEY_new();
2330 if (!TEST_ptr(x942dh)
2331 || !TEST_ptr(noqdh)
2332 || !TEST_ptr(pkey1)
2333 || !TEST_ptr(pkey2))
2334 goto err;
2335
2336 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2337 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
2338 goto err;
2339
2340 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
2341 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
2342 goto err;
2343
2344 ret = 1;
2345 err:
2346 BN_free(p);
2347 BN_free(g);
2348 EVP_PKEY_free(pkey1);
2349 EVP_PKEY_free(pkey2);
2350 DH_free(x942dh);
2351 DH_free(noqdh);
2352
2353 return ret;
2354 }
2355 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2356 #endif /* !OPENSSL_NO_DH */
2357
2358 /*
2359 * We test what happens with an empty template. For the sake of this test,
2360 * the template must be ignored, and we know that's the case for RSA keys
2361 * (this might arguably be a misfeature, but that's what we currently do,
2362 * even in provider code, since that's how the legacy RSA implementation
2363 * does things)
2364 */
2365 static int test_keygen_with_empty_template(int n)
2366 {
2367 EVP_PKEY_CTX *ctx = NULL;
2368 EVP_PKEY *pkey = NULL;
2369 EVP_PKEY *tkey = NULL;
2370 int ret = 0;
2371
2372 if (nullprov != NULL)
2373 return TEST_skip("Test does not support a non-default library context");
2374
2375 switch (n) {
2376 case 0:
2377 /* We do test with no template at all as well */
2378 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2379 goto err;
2380 break;
2381 case 1:
2382 /* Here we create an empty RSA key that serves as our template */
2383 if (!TEST_ptr(tkey = EVP_PKEY_new())
2384 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2385 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2386 goto err;
2387 break;
2388 }
2389
2390 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2391 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2392 goto err;
2393
2394 ret = 1;
2395 err:
2396 EVP_PKEY_CTX_free(ctx);
2397 EVP_PKEY_free(pkey);
2398 EVP_PKEY_free(tkey);
2399 return ret;
2400 }
2401
2402 /*
2403 * Test that we fail if we attempt to use an algorithm that is not available
2404 * in the current library context (unless we are using an algorithm that
2405 * should be made available via legacy codepaths).
2406 *
2407 * 0: RSA
2408 * 1: SM2
2409 */
2410 static int test_pkey_ctx_fail_without_provider(int tst)
2411 {
2412 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
2413 OSSL_PROVIDER *tmpnullprov = NULL;
2414 EVP_PKEY_CTX *pctx = NULL;
2415 const char *keytype = NULL;
2416 int expect_null = 0;
2417 int ret = 0;
2418
2419 if (!TEST_ptr(tmpctx))
2420 goto err;
2421
2422 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
2423 if (!TEST_ptr(tmpnullprov))
2424 goto err;
2425
2426 /*
2427 * We check for certain algos in the null provider.
2428 * If an algo is expected to have a provider keymgmt, contructing an
2429 * EVP_PKEY_CTX is expected to fail (return NULL).
2430 * Otherwise, if it's expected to have legacy support, contructing an
2431 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2432 */
2433 switch (tst) {
2434 case 0:
2435 keytype = "RSA";
2436 expect_null = 1;
2437 break;
2438 case 1:
2439 keytype = "SM2";
2440 expect_null = 1;
2441 #ifdef OPENSSL_NO_EC
2442 TEST_info("EC disable, skipping SM2 check...");
2443 goto end;
2444 #endif
2445 #ifdef OPENSSL_NO_SM2
2446 TEST_info("SM2 disable, skipping SM2 check...");
2447 goto end;
2448 #endif
2449 break;
2450 default:
2451 TEST_error("No test for case %d", tst);
2452 goto err;
2453 }
2454
2455 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2456 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
2457 goto err;
2458
2459 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2460 end:
2461 #endif
2462 ret = 1;
2463
2464 err:
2465 EVP_PKEY_CTX_free(pctx);
2466 OSSL_PROVIDER_unload(tmpnullprov);
2467 OSSL_LIB_CTX_free(tmpctx);
2468 return ret;
2469 }
2470
2471 static int test_rand_agglomeration(void)
2472 {
2473 EVP_RAND *rand;
2474 EVP_RAND_CTX *ctx;
2475 OSSL_PARAM params[3], *p = params;
2476 int res;
2477 unsigned int step = 7;
2478 static unsigned char seed[] = "It does not matter how slowly you go "
2479 "as long as you do not stop.";
2480 unsigned char out[sizeof(seed)];
2481
2482 if (!TEST_int_ne(sizeof(seed) % step, 0)
2483 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
2484 return 0;
2485 ctx = EVP_RAND_CTX_new(rand, NULL);
2486 EVP_RAND_free(rand);
2487 if (!TEST_ptr(ctx))
2488 return 0;
2489
2490 memset(out, 0, sizeof(out));
2491 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2492 seed, sizeof(seed));
2493 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
2494 *p = OSSL_PARAM_construct_end();
2495 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
2496 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
2497 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
2498 EVP_RAND_CTX_free(ctx);
2499 return res;
2500 }
2501
2502 /*
2503 * Test that we correctly return the original or "running" IV after
2504 * an encryption operation.
2505 * Run multiple times for some different relevant algorithms/modes.
2506 */
2507 static int test_evp_iv_aes(int idx)
2508 {
2509 int ret = 0;
2510 EVP_CIPHER_CTX *ctx = NULL;
2511 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2512 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2513 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
2514 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2515 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2516 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2517 9, 10, 11, 12, 13, 14, 15, 16 };
2518 unsigned char ciphertext[32], oiv[16], iv[16];
2519 unsigned char *ref_iv;
2520 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2521 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2522
2523 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2524 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2525 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
2526 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
2527 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2528 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2529 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2530 #ifndef OPENSSL_NO_OCB
2531 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2532 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2533 #endif
2534 int len = sizeof(ciphertext);
2535 size_t ivlen, ref_len;
2536 const EVP_CIPHER *type = NULL;
2537 int iv_reset = 0;
2538
2539 if (nullprov != NULL && idx < 6)
2540 return TEST_skip("Test does not support a non-default library context");
2541
2542 switch(idx) {
2543 case 0:
2544 type = EVP_aes_128_cbc();
2545 /* FALLTHROUGH */
2546 case 6:
2547 type = (type != NULL) ? type :
2548 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
2549 ref_iv = cbc_state;
2550 ref_len = sizeof(cbc_state);
2551 iv_reset = 1;
2552 break;
2553 case 1:
2554 type = EVP_aes_128_ofb();
2555 /* FALLTHROUGH */
2556 case 7:
2557 type = (type != NULL) ? type :
2558 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
2559 ref_iv = ofb_state;
2560 ref_len = sizeof(ofb_state);
2561 iv_reset = 1;
2562 break;
2563 case 2:
2564 type = EVP_aes_128_cfb();
2565 /* FALLTHROUGH */
2566 case 8:
2567 type = (type != NULL) ? type :
2568 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
2569 ref_iv = cfb_state;
2570 ref_len = sizeof(cfb_state);
2571 iv_reset = 1;
2572 break;
2573 case 3:
2574 type = EVP_aes_128_gcm();
2575 /* FALLTHROUGH */
2576 case 9:
2577 type = (type != NULL) ? type :
2578 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
2579 ref_iv = gcm_state;
2580 ref_len = sizeof(gcm_state);
2581 break;
2582 case 4:
2583 type = EVP_aes_128_ccm();
2584 /* FALLTHROUGH */
2585 case 10:
2586 type = (type != NULL) ? type :
2587 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
2588 ref_iv = ccm_state;
2589 ref_len = sizeof(ccm_state);
2590 break;
2591 #ifdef OPENSSL_NO_OCB
2592 case 5:
2593 case 11:
2594 return 1;
2595 #else
2596 case 5:
2597 type = EVP_aes_128_ocb();
2598 /* FALLTHROUGH */
2599 case 11:
2600 type = (type != NULL) ? type :
2601 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
2602 ref_iv = ocb_state;
2603 ref_len = sizeof(ocb_state);
2604 break;
2605 #endif
2606 default:
2607 return 0;
2608 }
2609
2610 if (!TEST_ptr(type)
2611 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2612 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2613 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2614 (int)sizeof(msg)))
2615 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2616 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
2617 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2618 goto err;
2619 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
2620 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2621 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2622 goto err;
2623
2624 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
2625 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
2626 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
2627 goto err;
2628 if (iv_reset) {
2629 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
2630 goto err;
2631 } else {
2632 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
2633 goto err;
2634 }
2635
2636 ret = 1;
2637 err:
2638 EVP_CIPHER_CTX_free(ctx);
2639 if (idx >= 6)
2640 EVP_CIPHER_free((EVP_CIPHER *)type);
2641 return ret;
2642 }
2643
2644 #ifndef OPENSSL_NO_DES
2645 static int test_evp_iv_des(int idx)
2646 {
2647 int ret = 0;
2648 EVP_CIPHER_CTX *ctx = NULL;
2649 static const unsigned char key[24] = {
2650 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
2651 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
2652 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2653 };
2654 static const unsigned char init_iv[8] = {
2655 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2656 };
2657 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2658 9, 10, 11, 12, 13, 14, 15, 16 };
2659 unsigned char ciphertext[32], oiv[8], iv[8];
2660 unsigned const char *ref_iv;
2661 static const unsigned char cbc_state_des[8] = {
2662 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
2663 };
2664 static const unsigned char cbc_state_3des[8] = {
2665 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
2666 };
2667 static const unsigned char ofb_state_des[8] = {
2668 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
2669 };
2670 static const unsigned char ofb_state_3des[8] = {
2671 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
2672 };
2673 static const unsigned char cfb_state_des[8] = {
2674 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
2675 };
2676 static const unsigned char cfb_state_3des[8] = {
2677 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
2678 };
2679 int len = sizeof(ciphertext);
2680 size_t ivlen, ref_len;
2681 EVP_CIPHER *type = NULL;
2682
2683 if (lgcyprov == NULL && idx < 3)
2684 return TEST_skip("Test requires legacy provider to be loaded");
2685
2686 switch(idx) {
2687 case 0:
2688 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
2689 ref_iv = cbc_state_des;
2690 ref_len = sizeof(cbc_state_des);
2691 break;
2692 case 1:
2693 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
2694 ref_iv = ofb_state_des;
2695 ref_len = sizeof(ofb_state_des);
2696 break;
2697 case 2:
2698 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
2699 ref_iv = cfb_state_des;
2700 ref_len = sizeof(cfb_state_des);
2701 break;
2702 case 3:
2703 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
2704 ref_iv = cbc_state_3des;
2705 ref_len = sizeof(cbc_state_3des);
2706 break;
2707 case 4:
2708 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
2709 ref_iv = ofb_state_3des;
2710 ref_len = sizeof(ofb_state_3des);
2711 break;
2712 case 5:
2713 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
2714 ref_iv = cfb_state_3des;
2715 ref_len = sizeof(cfb_state_3des);
2716 break;
2717 default:
2718 return 0;
2719 }
2720
2721 if (!TEST_ptr(type)
2722 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2723 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2724 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2725 (int)sizeof(msg)))
2726 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2727 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
2728 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2729 goto err;
2730 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
2731 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2732 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2733 goto err;
2734
2735 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
2736 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
2737 goto err;
2738 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
2739 goto err;
2740
2741 ret = 1;
2742 err:
2743 EVP_CIPHER_CTX_free(ctx);
2744 EVP_CIPHER_free(type);
2745 return ret;
2746 }
2747 #endif
2748
2749 #ifndef OPENSSL_NO_EC
2750 static int ecpub_nids[] = {
2751 NID_brainpoolP256r1, NID_X9_62_prime256v1,
2752 NID_secp384r1, NID_secp521r1,
2753 # ifndef OPENSSL_NO_EC2M
2754 NID_sect233k1, NID_sect233r1, NID_sect283r1,
2755 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
2756 # endif
2757 NID_brainpoolP384r1, NID_brainpoolP512r1
2758 };
2759
2760 static int test_ecpub(int idx)
2761 {
2762 int ret = 0, len, savelen;
2763 int nid;
2764 unsigned char buf[1024];
2765 unsigned char *p;
2766 EVP_PKEY *pkey = NULL;
2767 EVP_PKEY_CTX *ctx = NULL;
2768 # ifndef OPENSSL_NO_DEPRECATED_3_0
2769 const unsigned char *q;
2770 EVP_PKEY *pkey2 = NULL;
2771 EC_KEY *ec = NULL;
2772 # endif
2773
2774 if (nullprov != NULL)
2775 return TEST_skip("Test does not support a non-default library context");
2776
2777 nid = ecpub_nids[idx];
2778
2779 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
2780 if (!TEST_ptr(ctx)
2781 || !TEST_true(EVP_PKEY_keygen_init(ctx))
2782 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid))
2783 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
2784 goto done;
2785 len = i2d_PublicKey(pkey, NULL);
2786 savelen = len;
2787 if (!TEST_int_ge(len, 1)
2788 || !TEST_int_lt(len, 1024))
2789 goto done;
2790 p = buf;
2791 len = i2d_PublicKey(pkey, &p);
2792 if (!TEST_int_ge(len, 1)
2793 || !TEST_int_eq(len, savelen))
2794 goto done;
2795
2796 # ifndef OPENSSL_NO_DEPRECATED_3_0
2797 /* Now try to decode the just-created DER. */
2798 q = buf;
2799 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
2800 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
2801 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
2802 goto done;
2803 /* EC_KEY ownership transferred */
2804 ec = NULL;
2805 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
2806 goto done;
2807 /* The keys should match. */
2808 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
2809 goto done;
2810 # endif
2811
2812 ret = 1;
2813
2814 done:
2815 EVP_PKEY_CTX_free(ctx);
2816 EVP_PKEY_free(pkey);
2817 # ifndef OPENSSL_NO_DEPRECATED_3_0
2818 EVP_PKEY_free(pkey2);
2819 EC_KEY_free(ec);
2820 # endif
2821 return ret;
2822 }
2823 #endif
2824
2825 static int test_EVP_rsa_pss_with_keygen_bits(void)
2826 {
2827 int ret = 0;
2828 EVP_PKEY_CTX *ctx = NULL;
2829 EVP_PKEY *pkey = NULL;
2830 EVP_MD *md;
2831
2832 md = EVP_MD_fetch(testctx, "sha256", testpropq);
2833 ret = TEST_ptr(md)
2834 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", testpropq)))
2835 && TEST_true(EVP_PKEY_keygen_init(ctx))
2836 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
2837 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
2838 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
2839
2840 EVP_MD_free(md);
2841 EVP_PKEY_free(pkey);
2842 EVP_PKEY_CTX_free(ctx);
2843 return ret;
2844 }
2845
2846 static int success = 1;
2847 static void md_names(const char *name, void *vctx)
2848 {
2849 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
2850 /* Force a namemap update */
2851 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
2852
2853 if (!TEST_ptr(aes128))
2854 success = 0;
2855
2856 EVP_CIPHER_free(aes128);
2857 }
2858
2859 /*
2860 * Test that changing the namemap in a user callback works in a names_do_all
2861 * function.
2862 */
2863 static int test_names_do_all(void)
2864 {
2865 /* We use a custom libctx so that we know the state of the namemap */
2866 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
2867 EVP_MD *sha256 = NULL;
2868 int testresult = 0;
2869
2870 if (!TEST_ptr(ctx))
2871 goto err;
2872
2873 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
2874 if (!TEST_ptr(sha256))
2875 goto err;
2876
2877 /*
2878 * We loop through all the names for a given digest. This should still work
2879 * even if the namemap changes part way through.
2880 */
2881 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
2882 goto err;
2883
2884 if (!TEST_true(success))
2885 goto err;
2886
2887 testresult = 1;
2888 err:
2889 EVP_MD_free(sha256);
2890 OSSL_LIB_CTX_free(ctx);
2891 return testresult;
2892 }
2893
2894 typedef enum OPTION_choice {
2895 OPT_ERR = -1,
2896 OPT_EOF = 0,
2897 OPT_CONTEXT,
2898 OPT_TEST_ENUM
2899 } OPTION_CHOICE;
2900
2901 const OPTIONS *test_get_options(void)
2902 {
2903 static const OPTIONS options[] = {
2904 OPT_TEST_OPTIONS_DEFAULT_USAGE,
2905 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
2906 { NULL }
2907 };
2908 return options;
2909 }
2910
2911 int setup_tests(void)
2912 {
2913 OPTION_CHOICE o;
2914
2915 while ((o = opt_next()) != OPT_EOF) {
2916 switch (o) {
2917 case OPT_CONTEXT:
2918 /* Set up an alternate library context */
2919 testctx = OSSL_LIB_CTX_new();
2920 if (!TEST_ptr(testctx))
2921 return 0;
2922 /* Swap the libctx to test non-default context only */
2923 nullprov = OSSL_PROVIDER_load(NULL, "null");
2924 deflprov = OSSL_PROVIDER_load(testctx, "default");
2925 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
2926 break;
2927 case OPT_TEST_CASES:
2928 break;
2929 default:
2930 return 0;
2931 }
2932 }
2933
2934 ADD_TEST(test_EVP_set_default_properties);
2935 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
2936 ADD_TEST(test_EVP_DigestVerifyInit);
2937 ADD_TEST(test_EVP_Digest);
2938 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
2939 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
2940 ADD_TEST(test_privatekey_to_pkcs8);
2941 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
2942 #ifndef OPENSSL_NO_EC
2943 ADD_TEST(test_EVP_PKCS82PKEY);
2944 #endif
2945 #ifndef OPENSSL_NO_EC
2946 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
2947 #endif
2948 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
2949 ADD_TEST(test_EVP_SM2);
2950 ADD_TEST(test_EVP_SM2_verify);
2951 #endif
2952 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
2953 #ifndef OPENSSL_NO_DEPRECATED_3_0
2954 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
2955 if (!TEST_ptr(custom_pmeth))
2956 return 0;
2957 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
2958 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
2959 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
2960 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
2961 return 0;
2962 #endif
2963 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
2964 #ifndef OPENSSL_NO_CMAC
2965 ADD_TEST(test_CMAC_keygen);
2966 #endif
2967 ADD_TEST(test_HKDF);
2968 ADD_TEST(test_emptyikm_HKDF);
2969 #ifndef OPENSSL_NO_EC
2970 ADD_TEST(test_X509_PUBKEY_inplace);
2971 ADD_TEST(test_X509_PUBKEY_dup);
2972 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
2973 OSSL_NELEM(ec_der_pub_keys));
2974 #endif
2975 #ifndef OPENSSL_NO_DSA
2976 ADD_TEST(test_DSA_get_set_params);
2977 ADD_TEST(test_DSA_priv_pub);
2978 #endif
2979 ADD_TEST(test_RSA_get_set_params);
2980 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2981 ADD_TEST(test_decrypt_null_chunks);
2982 #endif
2983 #ifndef OPENSSL_NO_DH
2984 ADD_TEST(test_DH_priv_pub);
2985 # ifndef OPENSSL_NO_DEPRECATED_3_0
2986 ADD_TEST(test_EVP_PKEY_set1_DH);
2987 # endif
2988 #endif
2989 #ifndef OPENSSL_NO_EC
2990 ADD_TEST(test_EC_priv_pub);
2991 # ifndef OPENSSL_NO_DEPRECATED_3_0
2992 ADD_TEST(test_EC_priv_only_legacy);
2993 # endif
2994 #endif
2995 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
2996 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
2997
2998 ADD_TEST(test_rand_agglomeration);
2999 ADD_ALL_TESTS(test_evp_iv_aes, 12);
3000 #ifndef OPENSSL_NO_DES
3001 ADD_ALL_TESTS(test_evp_iv_des, 6);
3002 #endif
3003 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
3004 #ifndef OPENSSL_NO_EC
3005 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
3006 #endif
3007
3008 ADD_TEST(test_names_do_all);
3009
3010 return 1;
3011 }
3012
3013 void cleanup_tests(void)
3014 {
3015 OSSL_PROVIDER_unload(nullprov);
3016 OSSL_PROVIDER_unload(deflprov);
3017 OSSL_PROVIDER_unload(lgcyprov);
3018 OSSL_LIB_CTX_free(testctx);
3019 }
A mirror of the official openssl repository