]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/evp_extra_test.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Trivial shortcuts for EVP_PKEY_eq()
[thirdparty/openssl.git] / test / evp_extra_test.c
1 /*
2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include "testutil.h"
34 #include "internal/nelem.h"
35 #include "internal/sizes.h"
36 #include "crypto/evp.h"
37 #include "../e_os.h" /* strcasecmp */
38
39 static OSSL_LIB_CTX *testctx = NULL;
40 static char *testpropq = NULL;
41
42 static OSSL_PROVIDER *nullprov = NULL;
43 static OSSL_PROVIDER *deflprov = NULL;
44 static OSSL_PROVIDER *lgcyprov = NULL;
45
46 /*
47 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
48 * should never use this key anywhere but in an example.
49 */
50 static const unsigned char kExampleRSAKeyDER[] = {
51 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
52 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
53 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
54 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
55 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
56 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
57 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
58 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
59 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
60 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
61 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
62 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
63 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
64 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
65 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
66 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
67 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
68 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
69 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
70 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
71 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
72 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
73 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
74 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
75 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
76 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
77 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
78 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
79 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
80 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
81 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
82 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
83 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
84 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
85 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
86 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
87 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
88 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
89 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
90 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
91 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
92 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
93 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
94 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
95 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
96 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
97 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
98 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
99 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
100 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
101 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
102 };
103
104 /*
105 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
106 * should never use this key anywhere but in an example.
107 */
108 #ifndef OPENSSL_NO_DSA
109 static const unsigned char kExampleDSAKeyDER[] = {
110 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
111 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
112 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
113 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
114 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
115 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
116 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
117 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
118 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
119 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
120 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
121 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
122 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
123 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
124 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
125 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
126 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
127 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
128 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
129 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
130 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
131 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
132 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
133 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
134 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
135 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
136 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
137 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
138 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
139 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
140 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
141 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
142 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
143 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
144 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
145 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
146 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
147 0x40, 0x48
148 };
149 #endif
150
151 /*
152 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
153 * components are not correct.
154 */
155 static const unsigned char kExampleBadRSAKeyDER[] = {
156 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
157 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
158 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
159 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
160 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
161 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
162 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
163 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
164 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
165 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
166 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
167 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
168 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
169 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
170 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
171 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
172 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
173 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
174 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
175 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
176 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
177 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
178 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
179 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
180 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
181 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
182 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
183 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
184 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
185 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
186 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
187 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
188 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
189 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
190 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
191 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
192 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
193 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
194 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
195 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
196 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
197 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
198 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
199 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
200 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
201 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
202 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
203 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
204 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
205 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
206 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
207 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
208 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
209 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
210 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
211 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
212 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
213 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
214 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
215 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
216 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
217 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
218 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
219 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
220 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
221 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
222 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
223 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
224 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
225 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
226 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
227 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
228 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
229 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
230 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
231 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
232 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
233 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
234 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
235 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
236 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
237 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
238 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
239 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
240 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
241 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
242 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
243 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
244 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
245 };
246
247 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
248
249 static const unsigned char kSignature[] = {
250 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
251 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
252 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
253 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
254 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
255 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
256 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
257 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
258 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
259 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
260 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
261 };
262
263 /*
264 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
265 * PrivateKeyInfo.
266 */
267 static const unsigned char kExampleRSAKeyPKCS8[] = {
268 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
269 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
270 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
271 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
272 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
273 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
274 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
275 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
276 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
277 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
278 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
279 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
280 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
281 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
282 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
283 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
284 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
285 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
286 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
287 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
288 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
289 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
290 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
291 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
292 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
293 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
294 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
295 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
296 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
297 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
298 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
299 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
300 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
301 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
302 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
303 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
304 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
305 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
306 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
307 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
308 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
309 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
310 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
311 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
312 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
313 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
314 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
315 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
316 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
317 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
318 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
319 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
320 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
321 };
322
323 #ifndef OPENSSL_NO_EC
324 /*
325 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
326 * structure.
327 */
328 static const unsigned char kExampleECKeyDER[] = {
329 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
330 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
331 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
332 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
333 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
334 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
335 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
336 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
337 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
338 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
339 0xc1,
340 };
341
342 /*
343 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
344 * structure. The private key is equal to the order and will fail to import
345 */
346 static const unsigned char kExampleBadECKeyDER[] = {
347 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
348 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
349 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
350 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
351 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
352 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
353 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
354 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
355 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
356 };
357
358 /* prime256v1 */
359 static const unsigned char kExampleECPubKeyDER[] = {
360 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
361 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
362 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
363 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
364 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
365 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
366 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
367 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
368 };
369
370 /*
371 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
372 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
373 */
374 static const unsigned char kExampleBadECPubKeyDER[] = {
375 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
376 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
377 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
378 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
379 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
380 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
381 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
382 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
383 };
384
385 static const unsigned char pExampleECParamDER[] = {
386 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
387 };
388
389 static const unsigned char kExampleED25519KeyDER[] = {
390 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
391 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
392 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
393 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
394 };
395
396 static const unsigned char kExampleED25519PubKeyDER[] = {
397 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
398 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
399 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
400 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
401 };
402
403 #endif
404
405 typedef struct APK_DATA_st {
406 const unsigned char *kder;
407 size_t size;
408 const char *keytype;
409 int evptype;
410 int check;
411 int pub_check;
412 int param_check;
413 int type; /* 0 for private, 1 for public, 2 for params */
414 } APK_DATA;
415
416 static APK_DATA keydata[] = {
417 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
418 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
419 #ifndef OPENSSL_NO_EC
420 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
421 #endif
422 };
423
424 static APK_DATA keycheckdata[] = {
425 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
426 0},
427 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
428 0, 1, 1, 0},
429 #ifndef OPENSSL_NO_EC
430 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
431 /* group is also associated in our pub key */
432 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
433 1, 1},
434 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
435 2},
436 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
437 EVP_PKEY_ED25519, 1, 1, 1, 0},
438 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
439 EVP_PKEY_ED25519, 0, 1, 1, 1},
440 #endif
441 };
442
443 static EVP_PKEY *load_example_key(const char *keytype,
444 const unsigned char *data, size_t data_len)
445 {
446 const unsigned char **pdata = &data;
447 EVP_PKEY *pkey = NULL;
448 OSSL_DECODER_CTX *dctx =
449 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
450 testctx, testpropq);
451
452 /* |pkey| will be NULL on error */
453 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
454 OSSL_DECODER_CTX_free(dctx);
455 return pkey;
456 }
457
458 static EVP_PKEY *load_example_rsa_key(void)
459 {
460 return load_example_key("RSA", kExampleRSAKeyDER,
461 sizeof(kExampleRSAKeyDER));
462 }
463
464 #ifndef OPENSSL_NO_DSA
465 static EVP_PKEY *load_example_dsa_key(void)
466 {
467 return load_example_key("DSA", kExampleDSAKeyDER,
468 sizeof(kExampleDSAKeyDER));
469 }
470 #endif
471
472 static EVP_PKEY *load_example_hmac_key(void)
473 {
474 EVP_PKEY *pkey = NULL;
475 unsigned char key[] = {
476 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
477 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
478 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
479 };
480
481 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
482 NULL, key, sizeof(key));
483 if (!TEST_ptr(pkey))
484 return NULL;
485
486 return pkey;
487 }
488
489 static int test_EVP_set_default_properties(void)
490 {
491 OSSL_LIB_CTX *ctx;
492 EVP_MD *md = NULL;
493 int res = 0;
494
495 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
496 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
497 goto err;
498 EVP_MD_free(md);
499 md = NULL;
500
501 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
502 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
503 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
504 goto err;
505 EVP_MD_free(md);
506 md = NULL;
507
508 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
509 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
510 goto err;
511 res = 1;
512 err:
513 EVP_MD_free(md);
514 OSSL_LIB_CTX_free(ctx);
515 return res;
516 }
517
518 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
519 static int test_fromdata(char *keytype, OSSL_PARAM *params)
520 {
521 EVP_PKEY_CTX *pctx = NULL;
522 EVP_PKEY *pkey = NULL;
523 int testresult = 0;
524
525 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
526 goto err;
527 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
528 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
529 params), 0))
530 goto err;
531
532 if (!TEST_ptr(pkey))
533 goto err;
534
535 testresult = 1;
536 err:
537 EVP_PKEY_free(pkey);
538 EVP_PKEY_CTX_free(pctx);
539
540 return testresult;
541 }
542 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
543
544 /*
545 * Test combinations of private, public, missing and private + public key
546 * params to ensure they are all accepted
547 */
548 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
549 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
550 {
551 OSSL_PARAM_BLD *bld = NULL;
552 OSSL_PARAM *params = NULL;
553 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
554 int ret = 0;
555
556 /*
557 * Setup the parameters for our pkey object. For our purposes they don't
558 * have to actually be *valid* parameters. We just need to set something.
559 */
560 if (!TEST_ptr(p = BN_new())
561 || !TEST_ptr(q = BN_new())
562 || !TEST_ptr(g = BN_new())
563 || !TEST_ptr(pub = BN_new())
564 || !TEST_ptr(priv = BN_new()))
565 goto err;
566
567 /* Test !priv and !pub */
568 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
569 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
570 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
571 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
572 goto err;
573 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
574 goto err;
575
576 if (!test_fromdata(keytype, params))
577 goto err;
578 OSSL_PARAM_free(params);
579 params = NULL;
580 OSSL_PARAM_BLD_free(bld);
581
582 /* Test priv and !pub */
583 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
584 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
585 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
586 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
587 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
588 priv)))
589 goto err;
590 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
591 goto err;
592
593 if (!test_fromdata(keytype, params))
594 goto err;
595 OSSL_PARAM_free(params);
596 params = NULL;
597 OSSL_PARAM_BLD_free(bld);
598
599 /* Test !priv and pub */
600 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
601 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
602 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
603 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
604 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
605 pub)))
606 goto err;
607 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
608 goto err;
609
610 if (!test_fromdata(keytype, params))
611 goto err;
612 OSSL_PARAM_free(params);
613 params = NULL;
614 OSSL_PARAM_BLD_free(bld);
615
616 /* Test priv and pub */
617 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
618 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
619 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
620 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
621 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
622 pub))
623 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
624 priv)))
625 goto err;
626 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
627 goto err;
628
629 if (!test_fromdata(keytype, params))
630 goto err;
631
632 ret = 1;
633 err:
634 OSSL_PARAM_free(params);
635 OSSL_PARAM_BLD_free(bld);
636 BN_free(p);
637 BN_free(q);
638 BN_free(g);
639 BN_free(pub);
640 BN_free(priv);
641
642 return ret;
643 }
644 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
645
646 /*
647 * Test combinations of private, public, missing and private + public key
648 * params to ensure they are all accepted for EC keys
649 */
650 #ifndef OPENSSL_NO_EC
651 static unsigned char ec_priv[] = {
652 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
653 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
654 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
655 };
656 static unsigned char ec_pub[] = {
657 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
658 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
659 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
660 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
661 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
662 0x08, 0x09, 0xb8, 0xdb, 0x03
663 };
664
665 static int test_EC_priv_pub(void)
666 {
667 OSSL_PARAM_BLD *bld = NULL;
668 OSSL_PARAM *params = NULL;
669 BIGNUM *priv = NULL;
670 int ret = 0;
671
672 /*
673 * Setup the parameters for our pkey object. For our purposes they don't
674 * have to actually be *valid* parameters. We just need to set something.
675 */
676 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
677 goto err;
678
679 /* Test !priv and !pub */
680 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
681 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
682 OSSL_PKEY_PARAM_GROUP_NAME,
683 "P-256", 0)))
684 goto err;
685 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
686 goto err;
687
688 if (!test_fromdata("EC", params))
689 goto err;
690 OSSL_PARAM_free(params);
691 OSSL_PARAM_BLD_free(bld);
692
693 /* Test priv and !pub */
694 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
695 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
696 OSSL_PKEY_PARAM_GROUP_NAME,
697 "P-256", 0))
698 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
699 priv)))
700 goto err;
701 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
702 goto err;
703
704 if (!test_fromdata("EC", params))
705 goto err;
706 OSSL_PARAM_free(params);
707 OSSL_PARAM_BLD_free(bld);
708
709 /* Test !priv and pub */
710 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
711 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
712 OSSL_PKEY_PARAM_GROUP_NAME,
713 "P-256", 0))
714 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
715 OSSL_PKEY_PARAM_PUB_KEY,
716 ec_pub, sizeof(ec_pub))))
717 goto err;
718 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
719 goto err;
720
721 if (!test_fromdata("EC", params))
722 goto err;
723 OSSL_PARAM_free(params);
724 OSSL_PARAM_BLD_free(bld);
725
726 /* Test priv and pub */
727 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
728 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
729 OSSL_PKEY_PARAM_GROUP_NAME,
730 "P-256", 0))
731 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
732 OSSL_PKEY_PARAM_PUB_KEY,
733 ec_pub, sizeof(ec_pub)))
734 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
735 priv)))
736 goto err;
737 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
738 goto err;
739
740 if (!test_fromdata("EC", params))
741 goto err;
742
743 ret = 1;
744 err:
745 OSSL_PARAM_free(params);
746 OSSL_PARAM_BLD_free(bld);
747 BN_free(priv);
748
749 return ret;
750 }
751
752 /* Test that using a legacy EC key with only a private key in it works */
753 # ifndef OPENSSL_NO_DEPRECATED_3_0
754 static int test_EC_priv_only_legacy(void)
755 {
756 BIGNUM *priv = NULL;
757 int ret = 0;
758 EC_KEY *eckey = NULL;
759 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
760 EVP_MD_CTX *ctx = NULL;
761
762 /* Create the low level EC_KEY */
763 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
764 goto err;
765
766 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
767 if (!TEST_ptr(eckey))
768 goto err;
769
770 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
771 goto err;
772
773 pkey = EVP_PKEY_new();
774 if (!TEST_ptr(pkey))
775 goto err;
776
777 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
778 goto err;
779 eckey = NULL;
780
781 while (dup_pk == NULL) {
782 ret = 0;
783 ctx = EVP_MD_CTX_new();
784 if (!TEST_ptr(ctx))
785 goto err;
786
787 /*
788 * The EVP_DigestSignInit function should create the key on the
789 * provider side which is sufficient for this test.
790 */
791 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
792 testpropq, pkey, NULL)))
793 goto err;
794 EVP_MD_CTX_free(ctx);
795 ctx = NULL;
796
797 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
798 goto err;
799 /* EVP_PKEY_eq() returns -2 with missing public keys */
800 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
801 EVP_PKEY_free(pkey);
802 pkey = dup_pk;
803 if (!ret)
804 goto err;
805 }
806
807 err:
808 EVP_MD_CTX_free(ctx);
809 EVP_PKEY_free(pkey);
810 EC_KEY_free(eckey);
811 BN_free(priv);
812
813 return ret;
814 }
815 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
816 #endif /* OPENSSL_NO_EC */
817
818 static int test_EVP_Enveloped(void)
819 {
820 int ret = 0;
821 EVP_CIPHER_CTX *ctx = NULL;
822 EVP_PKEY *keypair = NULL;
823 unsigned char *kek = NULL;
824 unsigned char iv[EVP_MAX_IV_LENGTH];
825 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
826 int len, kek_len, ciphertext_len, plaintext_len;
827 unsigned char ciphertext[32], plaintext[16];
828 const EVP_CIPHER *type = NULL;
829
830 if (nullprov != NULL)
831 return TEST_skip("Test does not support a non-default library context");
832
833 type = EVP_aes_256_cbc();
834
835 if (!TEST_ptr(keypair = load_example_rsa_key())
836 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
837 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
838 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
839 &keypair, 1))
840 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
841 msg, sizeof(msg)))
842 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
843 &len)))
844 goto err;
845
846 ciphertext_len += len;
847
848 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
849 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
850 ciphertext, ciphertext_len))
851 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
852 goto err;
853
854 plaintext_len += len;
855 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
856 goto err;
857
858 ret = 1;
859 err:
860 OPENSSL_free(kek);
861 EVP_PKEY_free(keypair);
862 EVP_CIPHER_CTX_free(ctx);
863 return ret;
864 }
865
866 /*
867 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
868 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
869 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
870 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
871 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
872 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
873 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
874 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
875 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
876 */
877 static int test_EVP_DigestSignInit(int tst)
878 {
879 int ret = 0;
880 EVP_PKEY *pkey = NULL;
881 unsigned char *sig = NULL;
882 size_t sig_len = 0;
883 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
884 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
885 BIO *mdbio = NULL, *membio = NULL;
886 size_t written;
887 const EVP_MD *md;
888 EVP_MD *mdexp = NULL;
889
890 if (nullprov != NULL)
891 return TEST_skip("Test does not support a non-default library context");
892
893 if (tst >= 6) {
894 membio = BIO_new(BIO_s_mem());
895 mdbio = BIO_new(BIO_f_md());
896 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
897 goto out;
898 BIO_push(mdbio, membio);
899 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
900 goto out;
901 } else {
902 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
903 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
904 goto out;
905 }
906
907 if (tst == 0 || tst == 3 || tst == 6) {
908 if (!TEST_ptr(pkey = load_example_rsa_key()))
909 goto out;
910 } else if (tst == 1 || tst == 4 || tst == 7) {
911 #ifndef OPENSSL_NO_DSA
912 if (!TEST_ptr(pkey = load_example_dsa_key()))
913 goto out;
914 #else
915 ret = 1;
916 goto out;
917 #endif
918 } else {
919 if (!TEST_ptr(pkey = load_example_hmac_key()))
920 goto out;
921 }
922
923 if (tst >= 3 && tst <= 5)
924 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
925 else
926 md = EVP_sha256();
927
928 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
929 goto out;
930
931 if (tst >= 6) {
932 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
933 goto out;
934 } else {
935 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
936 goto out;
937 }
938
939 /* Determine the size of the signature. */
940 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
941 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
942 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
943 goto out;
944
945 if (tst >= 6) {
946 if (!TEST_int_gt(BIO_reset(mdbio), 0)
947 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
948 goto out;
949 }
950
951 /*
952 * Ensure that the signature round-trips (Verification isn't supported for
953 * HMAC via EVP_DigestVerify*)
954 */
955 if (tst != 2 && tst != 5 && tst != 8) {
956 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
957 NULL, pkey)))
958 goto out;
959
960 if (tst >= 6) {
961 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
962 goto out;
963 } else {
964 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
965 sizeof(kMsg))))
966 goto out;
967 }
968 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
969 goto out;
970 }
971
972 ret = 1;
973
974 out:
975 BIO_free(membio);
976 BIO_free(mdbio);
977 EVP_MD_CTX_free(a_md_ctx);
978 EVP_MD_CTX_free(a_md_ctx_verify);
979 EVP_PKEY_free(pkey);
980 OPENSSL_free(sig);
981 EVP_MD_free(mdexp);
982
983 return ret;
984 }
985
986 static int test_EVP_DigestVerifyInit(void)
987 {
988 int ret = 0;
989 EVP_PKEY *pkey = NULL;
990 EVP_MD_CTX *md_ctx = NULL;
991
992 if (nullprov != NULL)
993 return TEST_skip("Test does not support a non-default library context");
994
995 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
996 || !TEST_ptr(pkey = load_example_rsa_key()))
997 goto out;
998
999 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1000 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1001 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
1002 sizeof(kSignature))))
1003 goto out;
1004 ret = 1;
1005
1006 out:
1007 EVP_MD_CTX_free(md_ctx);
1008 EVP_PKEY_free(pkey);
1009 return ret;
1010 }
1011
1012 /*
1013 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1014 */
1015 static int test_EVP_Digest(void)
1016 {
1017 int ret = 0;
1018 EVP_MD_CTX *md_ctx = NULL;
1019 unsigned char md[EVP_MAX_MD_SIZE];
1020 EVP_MD *sha256 = NULL;
1021 EVP_MD *shake256 = NULL;
1022
1023 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1024 goto out;
1025
1026 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1027 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1028 goto out;
1029
1030 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1031 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1032 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1033 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1034 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1035 goto out;
1036
1037 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1038 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1039 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1040 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1041 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1042 /*
1043 * EVP_DigestInit_ex with NULL type should work on
1044 * pre-initialized context.
1045 */
1046 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1047 goto out;
1048
1049 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1050 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1051 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1052 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1053 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1054 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1055 goto out;
1056 ret = 1;
1057
1058 out:
1059 EVP_MD_CTX_free(md_ctx);
1060 EVP_MD_free(sha256);
1061 EVP_MD_free(shake256);
1062 return ret;
1063 }
1064
1065 static int test_d2i_AutoPrivateKey(int i)
1066 {
1067 int ret = 0;
1068 const unsigned char *p;
1069 EVP_PKEY *pkey = NULL;
1070 const APK_DATA *ak = &keydata[i];
1071 const unsigned char *input = ak->kder;
1072 size_t input_len = ak->size;
1073 int expected_id = ak->evptype;
1074
1075 p = input;
1076 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1077 || !TEST_ptr_eq(p, input + input_len)
1078 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1079 goto done;
1080
1081 ret = 1;
1082
1083 done:
1084 EVP_PKEY_free(pkey);
1085 return ret;
1086 }
1087
1088 #ifndef OPENSSL_NO_EC
1089
1090 static const unsigned char ec_public_sect163k1_validxy[] = {
1091 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1092 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1093 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1094 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1095 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1096 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1097 };
1098
1099 static const unsigned char ec_public_sect163k1_badx[] = {
1100 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1101 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1102 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1103 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1104 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1105 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1106 };
1107
1108 static const unsigned char ec_public_sect163k1_bady[] = {
1109 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1110 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1111 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1112 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1113 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1114 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1115 };
1116
1117 static struct ec_der_pub_keys_st {
1118 const unsigned char *der;
1119 size_t len;
1120 int valid;
1121 } ec_der_pub_keys[] = {
1122 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1123 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1124 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1125 };
1126
1127 /*
1128 * Tests the range of the decoded EC char2 public point.
1129 * See ec_GF2m_simple_oct2point().
1130 */
1131 static int test_invalide_ec_char2_pub_range_decode(int id)
1132 {
1133 int ret = 0;
1134 EVP_PKEY *pkey;
1135
1136 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1137 ec_der_pub_keys[id].len);
1138
1139 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1140 || TEST_ptr_null(pkey);
1141 EVP_PKEY_free(pkey);
1142 return ret;
1143 }
1144
1145 /* Tests loading a bad key in PKCS8 format */
1146 static int test_EVP_PKCS82PKEY(void)
1147 {
1148 int ret = 0;
1149 const unsigned char *derp = kExampleBadECKeyDER;
1150 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1151 EVP_PKEY *pkey = NULL;
1152
1153 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1154 sizeof(kExampleBadECKeyDER))))
1155 goto done;
1156
1157 if (!TEST_ptr_eq(derp,
1158 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1159 goto done;
1160
1161 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1162 goto done;
1163
1164 ret = 1;
1165
1166 done:
1167 PKCS8_PRIV_KEY_INFO_free(p8inf);
1168 EVP_PKEY_free(pkey);
1169
1170 return ret;
1171 }
1172 #endif
1173
1174 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1175 static int test_privatekey_to_pkcs8(void)
1176 {
1177 EVP_PKEY *pkey = NULL;
1178 BIO *membio = NULL;
1179 char *membuf = NULL;
1180 long membuf_len = 0;
1181 int ok = 0;
1182
1183 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1184 || !TEST_ptr(pkey = load_example_rsa_key())
1185 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1186 NULL, 0, NULL, NULL),
1187 0)
1188 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1189 || !TEST_ptr(membuf)
1190 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1191 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1192 /*
1193 * We try to write PEM as well, just to see that it doesn't err, but
1194 * assume that the result is correct.
1195 */
1196 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1197 NULL, 0, NULL, NULL),
1198 0))
1199 goto done;
1200
1201 ok = 1;
1202 done:
1203 EVP_PKEY_free(pkey);
1204 BIO_free_all(membio);
1205 return ok;
1206 }
1207
1208 #ifndef OPENSSL_NO_EC
1209 static const struct {
1210 int encoding;
1211 const char *encoding_name;
1212 } ec_encodings[] = {
1213 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1214 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1215 };
1216
1217 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1218 {
1219 const OSSL_PARAM *p;
1220 const char *enc_name = NULL;
1221 int *enc = arg;
1222 size_t i;
1223
1224 *enc = -1;
1225
1226 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1227 OSSL_PKEY_PARAM_EC_ENCODING))
1228 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1229 return 0;
1230
1231 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1232 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1233 *enc = ec_encodings[i].encoding;
1234 break;
1235 }
1236 }
1237
1238 return (*enc != -1);
1239 }
1240
1241 static int test_EC_keygen_with_enc(int idx)
1242 {
1243 EVP_PKEY *params = NULL, *key = NULL;
1244 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1245 int enc;
1246 int ret = 0;
1247
1248 enc = ec_encodings[idx].encoding;
1249
1250 /* Create key parameters */
1251 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1252 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
1253 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
1254 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1255 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
1256 || !TEST_ptr(params))
1257 goto done;
1258
1259 /* Create key */
1260 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1261 || !TEST_true(EVP_PKEY_keygen_init(kctx))
1262 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1263 || !TEST_ptr(key))
1264 goto done;
1265
1266 /* Check that the encoding got all the way into the key */
1267 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1268 ec_export_get_encoding_cb, &enc))
1269 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1270 goto done;
1271
1272 ret = 1;
1273 done:
1274 EVP_PKEY_free(key);
1275 EVP_PKEY_free(params);
1276 EVP_PKEY_CTX_free(kctx);
1277 EVP_PKEY_CTX_free(pctx);
1278 return ret;
1279 }
1280 #endif
1281
1282 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1283
1284 static int test_EVP_SM2_verify(void)
1285 {
1286 const char *pubkey =
1287 "-----BEGIN PUBLIC KEY-----\n"
1288 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1289 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1290 "-----END PUBLIC KEY-----\n";
1291
1292 const char *msg = "message digest";
1293 const char *id = "ALICE123@YAHOO.COM";
1294
1295 const uint8_t signature[] = {
1296 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1297 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1298 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1299 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1300 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1301 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1302 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1303 };
1304
1305 int rc = 0;
1306 BIO *bio = NULL;
1307 EVP_PKEY *pkey = NULL;
1308 EVP_MD_CTX *mctx = NULL;
1309 EVP_PKEY_CTX *pctx = NULL;
1310 EVP_MD *sm3 = NULL;
1311
1312 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1313 if (!TEST_true(bio != NULL))
1314 goto done;
1315
1316 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
1317 if (!TEST_true(pkey != NULL))
1318 goto done;
1319
1320 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1321 goto done;
1322
1323 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1324 goto done;
1325
1326 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1327 goto done;
1328
1329 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1330
1331 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1332 goto done;
1333
1334 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
1335 goto done;
1336
1337 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1338 goto done;
1339
1340 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1341 goto done;
1342
1343 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
1344 goto done;
1345 rc = 1;
1346
1347 done:
1348 BIO_free(bio);
1349 EVP_PKEY_free(pkey);
1350 EVP_PKEY_CTX_free(pctx);
1351 EVP_MD_CTX_free(mctx);
1352 EVP_MD_free(sm3);
1353 return rc;
1354 }
1355
1356 static int test_EVP_SM2(void)
1357 {
1358 int ret = 0;
1359 EVP_PKEY *pkey = NULL;
1360 EVP_PKEY *pkeyparams = NULL;
1361 EVP_PKEY_CTX *pctx = NULL;
1362 EVP_PKEY_CTX *kctx = NULL;
1363 EVP_PKEY_CTX *sctx = NULL;
1364 size_t sig_len = 0;
1365 unsigned char *sig = NULL;
1366 EVP_MD_CTX *md_ctx = NULL;
1367 EVP_MD_CTX *md_ctx_verify = NULL;
1368 EVP_PKEY_CTX *cctx = NULL;
1369 EVP_MD *check_md = NULL;
1370
1371 uint8_t ciphertext[128];
1372 size_t ctext_len = sizeof(ciphertext);
1373
1374 uint8_t plaintext[8];
1375 size_t ptext_len = sizeof(plaintext);
1376
1377 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1378
1379 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1380 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1381 int i;
1382 char mdname[OSSL_MAX_NAME_SIZE];
1383
1384 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
1385 "SM2", testpropq)))
1386 goto done;
1387
1388 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1389 goto done;
1390
1391 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1392 goto done;
1393
1394 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1395 goto done;
1396
1397 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1398 pkeyparams, testpropq)))
1399 goto done;
1400
1401 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1402 goto done;
1403
1404 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1405 goto done;
1406
1407 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1408 goto done;
1409
1410 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1411 goto done;
1412
1413 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1414 goto done;
1415
1416 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1417 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1418
1419 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
1420 goto done;
1421
1422 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
1423 goto done;
1424
1425 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1426 goto done;
1427
1428 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1429 goto done;
1430
1431 /* Determine the size of the signature. */
1432 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1433 goto done;
1434
1435 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1436 goto done;
1437
1438 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1439 goto done;
1440
1441 /* Ensure that the signature round-trips. */
1442
1443 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1444 pkey)))
1445 goto done;
1446
1447 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1448 goto done;
1449
1450 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1451 goto done;
1452
1453 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1454 goto done;
1455
1456 /* now check encryption/decryption */
1457
1458 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1459 mdname, sizeof(mdname));
1460 for (i = 0; i < 2; i++) {
1461 const char *mdnames[] = {
1462 #ifndef OPENSSL_NO_SM3
1463 "SM3",
1464 #else
1465 NULL,
1466 #endif
1467 "SHA2-256" };
1468 EVP_PKEY_CTX_free(cctx);
1469
1470 if (mdnames[i] == NULL)
1471 continue;
1472
1473 sparams[0] =
1474 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1475 (char *)mdnames[i], 0);
1476
1477 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1478 pkey, testpropq)))
1479 goto done;
1480
1481 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1482 goto done;
1483
1484 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1485 goto done;
1486
1487 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1488 sizeof(kMsg))))
1489 goto done;
1490
1491 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1492 goto done;
1493
1494 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1495 goto done;
1496
1497 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1498 ctext_len)))
1499 goto done;
1500
1501 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1502 goto done;
1503
1504 /*
1505 * Test we're still using the digest we think we are.
1506 * Because of aliases, the easiest is to fetch the digest and
1507 * check the name with EVP_MD_is_a().
1508 */
1509 EVP_MD_free(check_md);
1510 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
1511 goto done;
1512 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
1513 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
1514 goto done;
1515 }
1516
1517 if (!TEST_true(ptext_len == sizeof(kMsg)))
1518 goto done;
1519
1520 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1521 goto done;
1522 }
1523
1524 ret = 1;
1525 done:
1526 EVP_PKEY_CTX_free(pctx);
1527 EVP_PKEY_CTX_free(kctx);
1528 EVP_PKEY_CTX_free(sctx);
1529 EVP_PKEY_CTX_free(cctx);
1530 EVP_PKEY_free(pkey);
1531 EVP_PKEY_free(pkeyparams);
1532 EVP_MD_CTX_free(md_ctx);
1533 EVP_MD_CTX_free(md_ctx_verify);
1534 EVP_MD_free(check_md);
1535 OPENSSL_free(sig);
1536 return ret;
1537 }
1538
1539 #endif
1540
1541 static struct keys_st {
1542 int type;
1543 char *priv;
1544 char *pub;
1545 } keys[] = {
1546 {
1547 EVP_PKEY_HMAC, "0123456789", NULL
1548 #ifndef OPENSSL_NO_POLY1305
1549 }, {
1550 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1551 #endif
1552 #ifndef OPENSSL_NO_SIPHASH
1553 }, {
1554 EVP_PKEY_SIPHASH, "0123456789012345", NULL
1555 #endif
1556 },
1557 #ifndef OPENSSL_NO_EC
1558 {
1559 EVP_PKEY_X25519, "01234567890123456789012345678901",
1560 "abcdefghijklmnopqrstuvwxyzabcdef"
1561 }, {
1562 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1563 "abcdefghijklmnopqrstuvwxyzabcdef"
1564 }, {
1565 EVP_PKEY_X448,
1566 "01234567890123456789012345678901234567890123456789012345",
1567 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1568 }, {
1569 EVP_PKEY_ED448,
1570 "012345678901234567890123456789012345678901234567890123456",
1571 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1572 }
1573 #endif
1574 };
1575
1576 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
1577 {
1578 int ret = 0;
1579 unsigned char buf[80];
1580 unsigned char *in;
1581 size_t inlen, len = 0;
1582 EVP_PKEY *pkey;
1583
1584 /* Check if this algorithm supports public keys */
1585 if (pub && keys[tst].pub == NULL)
1586 return 1;
1587
1588 memset(buf, 0, sizeof(buf));
1589
1590 if (pub) {
1591 #ifndef OPENSSL_NO_EC
1592 inlen = strlen(keys[tst].pub);
1593 in = (unsigned char *)keys[tst].pub;
1594 if (uselibctx) {
1595 pkey = EVP_PKEY_new_raw_public_key_ex(
1596 testctx,
1597 OBJ_nid2sn(keys[tst].type),
1598 NULL,
1599 in,
1600 inlen);
1601 } else {
1602 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1603 NULL,
1604 in,
1605 inlen);
1606 }
1607 #else
1608 return 1;
1609 #endif
1610 } else {
1611 inlen = strlen(keys[tst].priv);
1612 in = (unsigned char *)keys[tst].priv;
1613 if (uselibctx) {
1614 pkey = EVP_PKEY_new_raw_private_key_ex(
1615 testctx, OBJ_nid2sn(keys[tst].type),
1616 NULL,
1617 in,
1618 inlen);
1619 } else {
1620 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1621 NULL,
1622 in,
1623 inlen);
1624 }
1625 }
1626
1627 if (!TEST_ptr(pkey)
1628 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
1629 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1630 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1631 || !TEST_true(len == inlen)
1632 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1633 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1634 || !TEST_mem_eq(in, inlen, buf, len))
1635 goto done;
1636
1637 ret = 1;
1638 done:
1639 EVP_PKEY_free(pkey);
1640 return ret;
1641 }
1642
1643 static int test_set_get_raw_keys(int tst)
1644 {
1645 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
1646 && test_set_get_raw_keys_int(tst, 0, 1)
1647 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
1648 && test_set_get_raw_keys_int(tst, 1, 1);
1649 }
1650
1651 #ifndef OPENSSL_NO_DEPRECATED_3_0
1652 static int pkey_custom_check(EVP_PKEY *pkey)
1653 {
1654 return 0xbeef;
1655 }
1656
1657 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1658 {
1659 return 0xbeef;
1660 }
1661
1662 static int pkey_custom_param_check(EVP_PKEY *pkey)
1663 {
1664 return 0xbeef;
1665 }
1666
1667 static EVP_PKEY_METHOD *custom_pmeth;
1668 #endif
1669
1670 static int test_EVP_PKEY_check(int i)
1671 {
1672 int ret = 0;
1673 EVP_PKEY *pkey = NULL;
1674 EVP_PKEY_CTX *ctx = NULL;
1675 #ifndef OPENSSL_NO_DEPRECATED_3_0
1676 EVP_PKEY_CTX *ctx2 = NULL;
1677 #endif
1678 const APK_DATA *ak = &keycheckdata[i];
1679 const unsigned char *input = ak->kder;
1680 size_t input_len = ak->size;
1681 int expected_id = ak->evptype;
1682 int expected_check = ak->check;
1683 int expected_pub_check = ak->pub_check;
1684 int expected_param_check = ak->param_check;
1685 int type = ak->type;
1686
1687 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
1688 goto done;
1689 if (type == 0
1690 && !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1691 goto done;
1692
1693 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1694 goto done;
1695
1696 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1697 goto done;
1698
1699 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1700 goto done;
1701
1702 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1703 goto done;
1704
1705 #ifndef OPENSSL_NO_DEPRECATED_3_0
1706 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1707 /* assign the pkey directly, as an internal test */
1708 EVP_PKEY_up_ref(pkey);
1709 ctx2->pkey = pkey;
1710
1711 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1712 goto done;
1713
1714 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1715 goto done;
1716
1717 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1718 goto done;
1719 #endif
1720
1721 ret = 1;
1722
1723 done:
1724 EVP_PKEY_CTX_free(ctx);
1725 #ifndef OPENSSL_NO_DEPRECATED_3_0
1726 EVP_PKEY_CTX_free(ctx2);
1727 #endif
1728 EVP_PKEY_free(pkey);
1729 return ret;
1730 }
1731
1732 #ifndef OPENSSL_NO_CMAC
1733 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
1734 {
1735 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
1736 const char msg[] = "Hello World";
1737 size_t maclen;
1738 int ret = 1;
1739
1740 if (!TEST_ptr(mdctx)
1741 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
1742 testpropq, pkey, NULL))
1743 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
1744 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
1745 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
1746 ret = 0;
1747
1748 EVP_MD_CTX_free(mdctx);
1749
1750 return ret;
1751 }
1752 static int test_CMAC_keygen(void)
1753 {
1754 static unsigned char key[] = {
1755 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1756 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1757 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1758 };
1759 EVP_PKEY_CTX *kctx = NULL;
1760 int ret = 0;
1761 EVP_PKEY *pkey = NULL;
1762 unsigned char mac[AES_BLOCK_SIZE];
1763 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1764 unsigned char mac2[AES_BLOCK_SIZE];
1765 # endif
1766
1767 if (nullprov != NULL)
1768 return TEST_skip("Test does not support a non-default library context");
1769
1770 /*
1771 * This is a legacy method for CMACs, but should still work.
1772 * This verifies that it works without an ENGINE.
1773 */
1774 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
1775
1776 /* Test a CMAC key created using the "generated" method */
1777 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1778 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1779 EVP_PKEY_CTRL_CIPHER,
1780 0, (void *)EVP_aes_256_ecb()), 0)
1781 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1782 EVP_PKEY_CTRL_SET_MAC_KEY,
1783 sizeof(key), (void *)key), 0)
1784 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
1785 || !TEST_ptr(pkey)
1786 || !TEST_true(get_cmac_val(pkey, mac)))
1787 goto done;
1788
1789 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1790 EVP_PKEY_free(pkey);
1791
1792 /*
1793 * Test a CMAC key using the direct method, and compare with the mac
1794 * created above.
1795 */
1796 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
1797 if (!TEST_ptr(pkey)
1798 || !TEST_true(get_cmac_val(pkey, mac2))
1799 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
1800 goto done;
1801 # endif
1802
1803 ret = 1;
1804
1805 done:
1806 EVP_PKEY_free(pkey);
1807 EVP_PKEY_CTX_free(kctx);
1808 return ret;
1809 }
1810 #endif
1811
1812 static int test_HKDF(void)
1813 {
1814 EVP_PKEY_CTX *pctx;
1815 unsigned char out[20];
1816 size_t outlen;
1817 int i, ret = 0;
1818 unsigned char salt[] = "0123456789";
1819 unsigned char key[] = "012345678901234567890123456789";
1820 unsigned char info[] = "infostring";
1821 const unsigned char expected[] = {
1822 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1823 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1824 };
1825 size_t expectedlen = sizeof(expected);
1826
1827 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
1828 goto done;
1829
1830 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1831 for (i = 0; i < 2; i++) {
1832 outlen = sizeof(out);
1833 memset(out, 0, outlen);
1834
1835 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1836 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1837 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1838 sizeof(salt) - 1), 0)
1839 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1840 sizeof(key) - 1), 0)
1841 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1842 sizeof(info) - 1), 0)
1843 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1844 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1845 goto done;
1846 }
1847
1848 ret = 1;
1849
1850 done:
1851 EVP_PKEY_CTX_free(pctx);
1852
1853 return ret;
1854 }
1855
1856 static int test_emptyikm_HKDF(void)
1857 {
1858 EVP_PKEY_CTX *pctx;
1859 unsigned char out[20];
1860 size_t outlen;
1861 int ret = 0;
1862 unsigned char salt[] = "9876543210";
1863 unsigned char key[] = "";
1864 unsigned char info[] = "stringinfo";
1865 const unsigned char expected[] = {
1866 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
1867 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
1868 };
1869 size_t expectedlen = sizeof(expected);
1870
1871 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
1872 goto done;
1873
1874 outlen = sizeof(out);
1875 memset(out, 0, outlen);
1876
1877 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1878 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1879 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1880 sizeof(salt) - 1), 0)
1881 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1882 sizeof(key) - 1), 0)
1883 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1884 sizeof(info) - 1), 0)
1885 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1886 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1887 goto done;
1888
1889 ret = 1;
1890
1891 done:
1892 EVP_PKEY_CTX_free(pctx);
1893
1894 return ret;
1895 }
1896
1897 #ifndef OPENSSL_NO_EC
1898 static int test_X509_PUBKEY_inplace(void)
1899 {
1900 int ret = 0;
1901 X509_PUBKEY *xp = NULL;
1902 const unsigned char *p = kExampleECPubKeyDER;
1903 size_t input_len = sizeof(kExampleECPubKeyDER);
1904
1905 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1906 goto done;
1907
1908 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1909 goto done;
1910
1911 p = kExampleBadECPubKeyDER;
1912 input_len = sizeof(kExampleBadECPubKeyDER);
1913
1914 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1915 goto done;
1916
1917 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1918 goto done;
1919
1920 ret = 1;
1921
1922 done:
1923 X509_PUBKEY_free(xp);
1924 return ret;
1925 }
1926
1927 static int test_X509_PUBKEY_dup(void)
1928 {
1929 int ret = 0;
1930 X509_PUBKEY *xp = NULL, *xq = NULL;
1931 const unsigned char *p = kExampleECPubKeyDER;
1932 size_t input_len = sizeof(kExampleECPubKeyDER);
1933
1934 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len))
1935 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
1936 || !TEST_ptr_ne(xp, xq))
1937 goto done;
1938
1939 if (!TEST_ptr(X509_PUBKEY_get0(xq))
1940 || !TEST_ptr(X509_PUBKEY_get0(xp))
1941 || !TEST_ptr_eq(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
1942 goto done;
1943
1944 X509_PUBKEY_free(xq);
1945 xq = NULL;
1946 p = kExampleBadECPubKeyDER;
1947 input_len = sizeof(kExampleBadECPubKeyDER);
1948
1949 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
1950 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
1951 goto done;
1952
1953 X509_PUBKEY_free(xp);
1954 xp = NULL;
1955 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
1956 goto done;
1957
1958 ret = 1;
1959
1960 done:
1961 X509_PUBKEY_free(xp);
1962 X509_PUBKEY_free(xq);
1963 return ret;
1964 }
1965 #endif /* OPENSSL_NO_EC */
1966
1967 /* Test getting and setting parameters on an EVP_PKEY_CTX */
1968 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
1969 {
1970 EVP_MD_CTX *mdctx = NULL;
1971 EVP_PKEY_CTX *ctx = NULL;
1972 const OSSL_PARAM *params;
1973 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
1974 int ret = 0;
1975 const EVP_MD *md;
1976 char mdname[OSSL_MAX_NAME_SIZE];
1977 char ssl3ms[48];
1978
1979 /* Initialise a sign operation */
1980 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
1981 if (!TEST_ptr(ctx)
1982 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
1983 goto err;
1984
1985 /*
1986 * We should be able to query the parameters now.
1987 */
1988 params = EVP_PKEY_CTX_settable_params(ctx);
1989 if (!TEST_ptr(params)
1990 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1991 OSSL_SIGNATURE_PARAM_DIGEST)))
1992 goto err;
1993
1994 params = EVP_PKEY_CTX_gettable_params(ctx);
1995 if (!TEST_ptr(params)
1996 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1997 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
1998 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1999 OSSL_SIGNATURE_PARAM_DIGEST)))
2000 goto err;
2001
2002 /*
2003 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2004 * EVP_PKEY_CTX_get_params()
2005 */
2006 strcpy(mdname, "SHA512");
2007 param_md = param;
2008 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2009 mdname, 0);
2010 *param++ = OSSL_PARAM_construct_end();
2011
2012 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2013 goto err;
2014
2015 mdname[0] = '\0';
2016 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2017 mdname, sizeof(mdname));
2018 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
2019 || !TEST_str_eq(mdname, "SHA512"))
2020 goto err;
2021
2022 /*
2023 * Test the TEST_PKEY_CTX_set_signature_md() and
2024 * TEST_PKEY_CTX_get_signature_md() functions
2025 */
2026 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2027 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2028 || !TEST_ptr_eq(md, EVP_sha256()))
2029 goto err;
2030
2031 /*
2032 * Test getting MD parameters via an associated EVP_PKEY_CTX
2033 */
2034 mdctx = EVP_MD_CTX_new();
2035 if (!TEST_ptr(mdctx)
2036 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2037 pkey, NULL)))
2038 goto err;
2039
2040 /*
2041 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2042 * able to obtain the digest's settable parameters from the provider.
2043 */
2044 params = EVP_MD_CTX_settable_params(mdctx);
2045 if (!TEST_ptr(params)
2046 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2047 /* The final key should be NULL */
2048 || !TEST_ptr_null(params[1].key))
2049 goto err;
2050
2051 param = ourparams;
2052 memset(ssl3ms, 0, sizeof(ssl3ms));
2053 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2054 ssl3ms, sizeof(ssl3ms));
2055 *param++ = OSSL_PARAM_construct_end();
2056
2057 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2058 goto err;
2059
2060 ret = 1;
2061
2062 err:
2063 EVP_MD_CTX_free(mdctx);
2064 EVP_PKEY_CTX_free(ctx);
2065
2066 return ret;
2067 }
2068
2069 #ifndef OPENSSL_NO_DSA
2070 static int test_DSA_get_set_params(void)
2071 {
2072 OSSL_PARAM_BLD *bld = NULL;
2073 OSSL_PARAM *params = NULL;
2074 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2075 EVP_PKEY_CTX *pctx = NULL;
2076 EVP_PKEY *pkey = NULL;
2077 int ret = 0;
2078
2079 /*
2080 * Setup the parameters for our DSA object. For our purposes they don't
2081 * have to actually be *valid* parameters. We just need to set something.
2082 */
2083 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2084 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2085 || !TEST_ptr(p = BN_new())
2086 || !TEST_ptr(q = BN_new())
2087 || !TEST_ptr(g = BN_new())
2088 || !TEST_ptr(pub = BN_new())
2089 || !TEST_ptr(priv = BN_new()))
2090 goto err;
2091 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2092 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2093 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2094 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2095 pub))
2096 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2097 priv)))
2098 goto err;
2099 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2100 goto err;
2101
2102 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2103 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2104 params), 0))
2105 goto err;
2106
2107 if (!TEST_ptr(pkey))
2108 goto err;
2109
2110 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2111
2112 err:
2113 EVP_PKEY_free(pkey);
2114 EVP_PKEY_CTX_free(pctx);
2115 OSSL_PARAM_free(params);
2116 OSSL_PARAM_BLD_free(bld);
2117 BN_free(p);
2118 BN_free(q);
2119 BN_free(g);
2120 BN_free(pub);
2121 BN_free(priv);
2122
2123 return ret;
2124 }
2125
2126 /*
2127 * Test combinations of private, public, missing and private + public key
2128 * params to ensure they are all accepted
2129 */
2130 static int test_DSA_priv_pub(void)
2131 {
2132 return test_EVP_PKEY_ffc_priv_pub("DSA");
2133 }
2134
2135 #endif /* !OPENSSL_NO_DSA */
2136
2137 static int test_RSA_get_set_params(void)
2138 {
2139 OSSL_PARAM_BLD *bld = NULL;
2140 OSSL_PARAM *params = NULL;
2141 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2142 EVP_PKEY_CTX *pctx = NULL;
2143 EVP_PKEY *pkey = NULL;
2144 int ret = 0;
2145
2146 /*
2147 * Setup the parameters for our RSA object. For our purposes they don't
2148 * have to actually be *valid* parameters. We just need to set something.
2149 */
2150 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2151 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2152 || !TEST_ptr(n = BN_new())
2153 || !TEST_ptr(e = BN_new())
2154 || !TEST_ptr(d = BN_new()))
2155 goto err;
2156 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2157 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2158 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2159 goto err;
2160 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2161 goto err;
2162
2163 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2164 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2165 params), 0))
2166 goto err;
2167
2168 if (!TEST_ptr(pkey))
2169 goto err;
2170
2171 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2172
2173 err:
2174 EVP_PKEY_free(pkey);
2175 EVP_PKEY_CTX_free(pctx);
2176 OSSL_PARAM_free(params);
2177 OSSL_PARAM_BLD_free(bld);
2178 BN_free(n);
2179 BN_free(e);
2180 BN_free(d);
2181
2182 return ret;
2183 }
2184
2185 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2186 static int test_decrypt_null_chunks(void)
2187 {
2188 EVP_CIPHER_CTX* ctx = NULL;
2189 EVP_CIPHER *cipher = NULL;
2190 const unsigned char key[32] = {
2191 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2192 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2193 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2194 };
2195 unsigned char iv[12] = {
2196 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2197 };
2198 unsigned char msg[] = "It was the best of times, it was the worst of times";
2199 unsigned char ciphertext[80];
2200 unsigned char plaintext[80];
2201 /* We initialise tmp to a non zero value on purpose */
2202 int ctlen, ptlen, tmp = 99;
2203 int ret = 0;
2204 const int enc_offset = 10, dec_offset = 20;
2205
2206 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2207 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2208 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
2209 key, iv))
2210 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2211 enc_offset))
2212 /* Deliberate add a zero length update */
2213 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2214 0))
2215 || !TEST_int_eq(tmp, 0)
2216 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2217 msg + enc_offset,
2218 sizeof(msg) - enc_offset))
2219 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2220 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2221 || !TEST_int_eq(tmp, 0))
2222 goto err;
2223
2224 /* Deliberately initialise tmp to a non zero value */
2225 tmp = 99;
2226 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
2227 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2228 dec_offset))
2229 /*
2230 * Deliberately add a zero length update. We also deliberately do
2231 * this at a different offset than for encryption.
2232 */
2233 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2234 0))
2235 || !TEST_int_eq(tmp, 0)
2236 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2237 ciphertext + dec_offset,
2238 ctlen - dec_offset))
2239 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2240 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2241 || !TEST_int_eq(tmp, 0)
2242 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2243 goto err;
2244
2245 ret = 1;
2246 err:
2247 EVP_CIPHER_CTX_free(ctx);
2248 EVP_CIPHER_free(cipher);
2249 return ret;
2250 }
2251 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2252
2253 #ifndef OPENSSL_NO_DH
2254 /*
2255 * Test combinations of private, public, missing and private + public key
2256 * params to ensure they are all accepted
2257 */
2258 static int test_DH_priv_pub(void)
2259 {
2260 return test_EVP_PKEY_ffc_priv_pub("DH");
2261 }
2262
2263 # ifndef OPENSSL_NO_DEPRECATED_3_0
2264 static int test_EVP_PKEY_set1_DH(void)
2265 {
2266 DH *x942dh = NULL, *noqdh = NULL;
2267 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
2268 int ret = 0;
2269 BIGNUM *p, *g = NULL;
2270
2271 if (!TEST_ptr(p = BN_new())
2272 || !TEST_ptr(g = BN_new())
2273 || !BN_set_word(p, 9999)
2274 || !BN_set_word(g, 2)
2275 || !TEST_ptr(noqdh = DH_new())
2276 || !DH_set0_pqg(noqdh, p, NULL, g))
2277 goto err;
2278 p = g = NULL;
2279
2280 x942dh = DH_get_2048_256();
2281 pkey1 = EVP_PKEY_new();
2282 pkey2 = EVP_PKEY_new();
2283 if (!TEST_ptr(x942dh)
2284 || !TEST_ptr(noqdh)
2285 || !TEST_ptr(pkey1)
2286 || !TEST_ptr(pkey2))
2287 goto err;
2288
2289 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2290 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
2291 goto err;
2292
2293 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
2294 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
2295 goto err;
2296
2297 ret = 1;
2298 err:
2299 BN_free(p);
2300 BN_free(g);
2301 EVP_PKEY_free(pkey1);
2302 EVP_PKEY_free(pkey2);
2303 DH_free(x942dh);
2304 DH_free(noqdh);
2305
2306 return ret;
2307 }
2308 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2309 #endif /* !OPENSSL_NO_DH */
2310
2311 /*
2312 * We test what happens with an empty template. For the sake of this test,
2313 * the template must be ignored, and we know that's the case for RSA keys
2314 * (this might arguably be a misfeature, but that's what we currently do,
2315 * even in provider code, since that's how the legacy RSA implementation
2316 * does things)
2317 */
2318 static int test_keygen_with_empty_template(int n)
2319 {
2320 EVP_PKEY_CTX *ctx = NULL;
2321 EVP_PKEY *pkey = NULL;
2322 EVP_PKEY *tkey = NULL;
2323 int ret = 0;
2324
2325 if (nullprov != NULL)
2326 return TEST_skip("Test does not support a non-default library context");
2327
2328 switch (n) {
2329 case 0:
2330 /* We do test with no template at all as well */
2331 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2332 goto err;
2333 break;
2334 case 1:
2335 /* Here we create an empty RSA key that serves as our template */
2336 if (!TEST_ptr(tkey = EVP_PKEY_new())
2337 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2338 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2339 goto err;
2340 break;
2341 }
2342
2343 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2344 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2345 goto err;
2346
2347 ret = 1;
2348 err:
2349 EVP_PKEY_CTX_free(ctx);
2350 EVP_PKEY_free(pkey);
2351 EVP_PKEY_free(tkey);
2352 return ret;
2353 }
2354
2355 /*
2356 * Test that we fail if we attempt to use an algorithm that is not available
2357 * in the current library context (unless we are using an algorithm that
2358 * should be made available via legacy codepaths).
2359 *
2360 * 0: RSA
2361 * 1: SM2
2362 */
2363 static int test_pkey_ctx_fail_without_provider(int tst)
2364 {
2365 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
2366 OSSL_PROVIDER *tmpnullprov = NULL;
2367 EVP_PKEY_CTX *pctx = NULL;
2368 const char *keytype = NULL;
2369 int expect_null = 0;
2370 int ret = 0;
2371
2372 if (!TEST_ptr(tmpctx))
2373 goto err;
2374
2375 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
2376 if (!TEST_ptr(tmpnullprov))
2377 goto err;
2378
2379 /*
2380 * We check for certain algos in the null provider.
2381 * If an algo is expected to have a provider keymgmt, contructing an
2382 * EVP_PKEY_CTX is expected to fail (return NULL).
2383 * Otherwise, if it's expected to have legacy support, contructing an
2384 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2385 */
2386 switch (tst) {
2387 case 0:
2388 keytype = "RSA";
2389 expect_null = 1;
2390 break;
2391 case 1:
2392 keytype = "SM2";
2393 expect_null = 1;
2394 #ifdef OPENSSL_NO_EC
2395 TEST_info("EC disable, skipping SM2 check...");
2396 goto end;
2397 #endif
2398 #ifdef OPENSSL_NO_SM2
2399 TEST_info("SM2 disable, skipping SM2 check...");
2400 goto end;
2401 #endif
2402 break;
2403 default:
2404 TEST_error("No test for case %d", tst);
2405 goto err;
2406 }
2407
2408 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2409 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
2410 goto err;
2411
2412 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2413 end:
2414 #endif
2415 ret = 1;
2416
2417 err:
2418 EVP_PKEY_CTX_free(pctx);
2419 OSSL_PROVIDER_unload(tmpnullprov);
2420 OSSL_LIB_CTX_free(tmpctx);
2421 return ret;
2422 }
2423
2424 static int test_rand_agglomeration(void)
2425 {
2426 EVP_RAND *rand;
2427 EVP_RAND_CTX *ctx;
2428 OSSL_PARAM params[3], *p = params;
2429 int res;
2430 unsigned int step = 7;
2431 static unsigned char seed[] = "It does not matter how slowly you go "
2432 "as long as you do not stop.";
2433 unsigned char out[sizeof(seed)];
2434
2435 if (!TEST_int_ne(sizeof(seed) % step, 0)
2436 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
2437 return 0;
2438 ctx = EVP_RAND_CTX_new(rand, NULL);
2439 EVP_RAND_free(rand);
2440 if (!TEST_ptr(ctx))
2441 return 0;
2442
2443 memset(out, 0, sizeof(out));
2444 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2445 seed, sizeof(seed));
2446 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
2447 *p = OSSL_PARAM_construct_end();
2448 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
2449 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
2450 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
2451 EVP_RAND_CTX_free(ctx);
2452 return res;
2453 }
2454
2455 /*
2456 * Test that we correctly return the original or "running" IV after
2457 * an encryption operation.
2458 * Run multiple times for some different relevant algorithms/modes.
2459 */
2460 static int test_evp_iv_aes(int idx)
2461 {
2462 int ret = 0;
2463 EVP_CIPHER_CTX *ctx = NULL;
2464 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2465 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2466 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
2467 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2468 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2469 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2470 9, 10, 11, 12, 13, 14, 15, 16 };
2471 unsigned char ciphertext[32], oiv[16], iv[16];
2472 unsigned char *ref_iv;
2473 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2474 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2475
2476 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2477 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2478 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
2479 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
2480 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2481 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2482 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2483 #ifndef OPENSSL_NO_OCB
2484 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2485 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2486 #endif
2487 int len = sizeof(ciphertext);
2488 size_t ivlen, ref_len;
2489 const EVP_CIPHER *type = NULL;
2490 int iv_reset = 0;
2491
2492 if (nullprov != NULL && idx < 6)
2493 return TEST_skip("Test does not support a non-default library context");
2494
2495 switch(idx) {
2496 case 0:
2497 type = EVP_aes_128_cbc();
2498 /* FALLTHROUGH */
2499 case 6:
2500 type = (type != NULL) ? type :
2501 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
2502 ref_iv = cbc_state;
2503 ref_len = sizeof(cbc_state);
2504 iv_reset = 1;
2505 break;
2506 case 1:
2507 type = EVP_aes_128_ofb();
2508 /* FALLTHROUGH */
2509 case 7:
2510 type = (type != NULL) ? type :
2511 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
2512 ref_iv = ofb_state;
2513 ref_len = sizeof(ofb_state);
2514 iv_reset = 1;
2515 break;
2516 case 2:
2517 type = EVP_aes_128_cfb();
2518 /* FALLTHROUGH */
2519 case 8:
2520 type = (type != NULL) ? type :
2521 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
2522 ref_iv = cfb_state;
2523 ref_len = sizeof(cfb_state);
2524 iv_reset = 1;
2525 break;
2526 case 3:
2527 type = EVP_aes_128_gcm();
2528 /* FALLTHROUGH */
2529 case 9:
2530 type = (type != NULL) ? type :
2531 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
2532 ref_iv = gcm_state;
2533 ref_len = sizeof(gcm_state);
2534 break;
2535 case 4:
2536 type = EVP_aes_128_ccm();
2537 /* FALLTHROUGH */
2538 case 10:
2539 type = (type != NULL) ? type :
2540 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
2541 ref_iv = ccm_state;
2542 ref_len = sizeof(ccm_state);
2543 break;
2544 #ifdef OPENSSL_NO_OCB
2545 case 5:
2546 case 11:
2547 return 1;
2548 #else
2549 case 5:
2550 type = EVP_aes_128_ocb();
2551 /* FALLTHROUGH */
2552 case 11:
2553 type = (type != NULL) ? type :
2554 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
2555 ref_iv = ocb_state;
2556 ref_len = sizeof(ocb_state);
2557 break;
2558 #endif
2559 default:
2560 return 0;
2561 }
2562
2563 if (!TEST_ptr(type)
2564 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2565 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2566 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2567 (int)sizeof(msg)))
2568 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2569 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
2570 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2571 goto err;
2572 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
2573 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2574 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2575 goto err;
2576
2577 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
2578 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
2579 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
2580 goto err;
2581 if (iv_reset) {
2582 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
2583 goto err;
2584 } else {
2585 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
2586 goto err;
2587 }
2588
2589 ret = 1;
2590 err:
2591 EVP_CIPHER_CTX_free(ctx);
2592 if (idx >= 6)
2593 EVP_CIPHER_free((EVP_CIPHER *)type);
2594 return ret;
2595 }
2596
2597 #ifndef OPENSSL_NO_DES
2598 static int test_evp_iv_des(int idx)
2599 {
2600 int ret = 0;
2601 EVP_CIPHER_CTX *ctx = NULL;
2602 static const unsigned char key[24] = {
2603 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
2604 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
2605 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2606 };
2607 static const unsigned char init_iv[8] = {
2608 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2609 };
2610 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2611 9, 10, 11, 12, 13, 14, 15, 16 };
2612 unsigned char ciphertext[32], oiv[8], iv[8];
2613 unsigned const char *ref_iv;
2614 static const unsigned char cbc_state_des[8] = {
2615 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
2616 };
2617 static const unsigned char cbc_state_3des[8] = {
2618 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
2619 };
2620 static const unsigned char ofb_state_des[8] = {
2621 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
2622 };
2623 static const unsigned char ofb_state_3des[8] = {
2624 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
2625 };
2626 static const unsigned char cfb_state_des[8] = {
2627 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
2628 };
2629 static const unsigned char cfb_state_3des[8] = {
2630 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
2631 };
2632 int len = sizeof(ciphertext);
2633 size_t ivlen, ref_len;
2634 EVP_CIPHER *type = NULL;
2635
2636 if (lgcyprov == NULL && idx < 3)
2637 return TEST_skip("Test requires legacy provider to be loaded");
2638
2639 switch(idx) {
2640 case 0:
2641 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
2642 ref_iv = cbc_state_des;
2643 ref_len = sizeof(cbc_state_des);
2644 break;
2645 case 1:
2646 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
2647 ref_iv = ofb_state_des;
2648 ref_len = sizeof(ofb_state_des);
2649 break;
2650 case 2:
2651 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
2652 ref_iv = cfb_state_des;
2653 ref_len = sizeof(cfb_state_des);
2654 break;
2655 case 3:
2656 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
2657 ref_iv = cbc_state_3des;
2658 ref_len = sizeof(cbc_state_3des);
2659 break;
2660 case 4:
2661 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
2662 ref_iv = ofb_state_3des;
2663 ref_len = sizeof(ofb_state_3des);
2664 break;
2665 case 5:
2666 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
2667 ref_iv = cfb_state_3des;
2668 ref_len = sizeof(cfb_state_3des);
2669 break;
2670 default:
2671 return 0;
2672 }
2673
2674 if (!TEST_ptr(type)
2675 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2676 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2677 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2678 (int)sizeof(msg)))
2679 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2680 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
2681 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2682 goto err;
2683 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
2684 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2685 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2686 goto err;
2687
2688 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
2689 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
2690 goto err;
2691 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
2692 goto err;
2693
2694 ret = 1;
2695 err:
2696 EVP_CIPHER_CTX_free(ctx);
2697 EVP_CIPHER_free(type);
2698 return ret;
2699 }
2700 #endif
2701
2702 #ifndef OPENSSL_NO_EC
2703 static int ecpub_nids[] = { NID_brainpoolP256r1, NID_X9_62_prime256v1,
2704 NID_secp384r1, NID_secp521r1, NID_sect233k1, NID_sect233r1, NID_sect283r1,
2705 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
2706 NID_brainpoolP384r1, NID_brainpoolP512r1};
2707
2708 static int test_ecpub(int idx)
2709 {
2710 int ret = 0, len, savelen;
2711 int nid;
2712 unsigned char buf[1024];
2713 unsigned char *p;
2714 EVP_PKEY *pkey = NULL;
2715 EVP_PKEY_CTX *ctx = NULL;
2716 # ifndef OPENSSL_NO_DEPRECATED_3_0
2717 const unsigned char *q;
2718 EVP_PKEY *pkey2 = NULL;
2719 EC_KEY *ec = NULL;
2720 # endif
2721
2722 if (nullprov != NULL)
2723 return TEST_skip("Test does not support a non-default library context");
2724
2725 nid = ecpub_nids[idx];
2726
2727 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
2728 if (!TEST_ptr(ctx)
2729 || !TEST_true(EVP_PKEY_keygen_init(ctx))
2730 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid))
2731 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
2732 goto done;
2733 len = i2d_PublicKey(pkey, NULL);
2734 savelen = len;
2735 if (!TEST_int_ge(len, 1)
2736 || !TEST_int_lt(len, 1024))
2737 goto done;
2738 p = buf;
2739 len = i2d_PublicKey(pkey, &p);
2740 if (!TEST_int_ge(len, 1)
2741 || !TEST_int_eq(len, savelen))
2742 goto done;
2743
2744 # ifndef OPENSSL_NO_DEPRECATED_3_0
2745 /* Now try to decode the just-created DER. */
2746 q = buf;
2747 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
2748 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
2749 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
2750 goto done;
2751 /* EC_KEY ownership transferred */
2752 ec = NULL;
2753 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
2754 goto done;
2755 /* The keys should match. */
2756 if (!TEST_int_eq(EVP_PKEY_cmp(pkey, pkey2), 1))
2757 goto done;
2758 # endif
2759
2760 ret = 1;
2761
2762 done:
2763 EVP_PKEY_CTX_free(ctx);
2764 EVP_PKEY_free(pkey);
2765 # ifndef OPENSSL_NO_DEPRECATED_3_0
2766 EVP_PKEY_free(pkey2);
2767 EC_KEY_free(ec);
2768 # endif
2769 return ret;
2770 }
2771 #endif
2772
2773 static int test_EVP_rsa_pss_with_keygen_bits(void)
2774 {
2775 int ret = 0;
2776 EVP_PKEY_CTX *ctx = NULL;
2777 EVP_PKEY *pkey = NULL;
2778 EVP_MD *md;
2779
2780 md = EVP_MD_fetch(testctx, "sha256", testpropq);
2781 ret = TEST_ptr(md)
2782 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", testpropq)))
2783 && TEST_true(EVP_PKEY_keygen_init(ctx))
2784 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
2785 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
2786 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
2787
2788 EVP_MD_free(md);
2789 EVP_PKEY_free(pkey);
2790 EVP_PKEY_CTX_free(ctx);
2791 return ret;
2792 }
2793
2794 static int success = 1;
2795 static void md_names(const char *name, void *vctx)
2796 {
2797 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
2798 /* Force a namemap update */
2799 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
2800
2801 if (!TEST_ptr(aes128))
2802 success = 0;
2803
2804 EVP_CIPHER_free(aes128);
2805 }
2806
2807 /*
2808 * Test that changing the namemap in a user callback works in a names_do_all
2809 * function.
2810 */
2811 static int test_names_do_all(void)
2812 {
2813 /* We use a custom libctx so that we know the state of the namemap */
2814 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
2815 EVP_MD *sha256 = NULL;
2816 int testresult = 0;
2817
2818 if (!TEST_ptr(ctx))
2819 goto err;
2820
2821 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
2822 if (!TEST_ptr(sha256))
2823 goto err;
2824
2825 /*
2826 * We loop through all the names for a given digest. This should still work
2827 * even if the namemap changes part way through.
2828 */
2829 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
2830 goto err;
2831
2832 if (!TEST_true(success))
2833 goto err;
2834
2835 testresult = 1;
2836 err:
2837 EVP_MD_free(sha256);
2838 OSSL_LIB_CTX_free(ctx);
2839 return testresult;
2840 }
2841
2842 typedef enum OPTION_choice {
2843 OPT_ERR = -1,
2844 OPT_EOF = 0,
2845 OPT_CONTEXT,
2846 OPT_TEST_ENUM
2847 } OPTION_CHOICE;
2848
2849 const OPTIONS *test_get_options(void)
2850 {
2851 static const OPTIONS options[] = {
2852 OPT_TEST_OPTIONS_DEFAULT_USAGE,
2853 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
2854 { NULL }
2855 };
2856 return options;
2857 }
2858
2859 int setup_tests(void)
2860 {
2861 OPTION_CHOICE o;
2862
2863 while ((o = opt_next()) != OPT_EOF) {
2864 switch (o) {
2865 case OPT_CONTEXT:
2866 /* Set up an alternate library context */
2867 testctx = OSSL_LIB_CTX_new();
2868 if (!TEST_ptr(testctx))
2869 return 0;
2870 /* Swap the libctx to test non-default context only */
2871 nullprov = OSSL_PROVIDER_load(NULL, "null");
2872 deflprov = OSSL_PROVIDER_load(testctx, "default");
2873 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
2874 break;
2875 case OPT_TEST_CASES:
2876 break;
2877 default:
2878 return 0;
2879 }
2880 }
2881
2882 ADD_TEST(test_EVP_set_default_properties);
2883 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
2884 ADD_TEST(test_EVP_DigestVerifyInit);
2885 ADD_TEST(test_EVP_Digest);
2886 ADD_TEST(test_EVP_Enveloped);
2887 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
2888 ADD_TEST(test_privatekey_to_pkcs8);
2889 #ifndef OPENSSL_NO_EC
2890 ADD_TEST(test_EVP_PKCS82PKEY);
2891 #endif
2892 #ifndef OPENSSL_NO_EC
2893 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
2894 #endif
2895 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
2896 ADD_TEST(test_EVP_SM2);
2897 ADD_TEST(test_EVP_SM2_verify);
2898 #endif
2899 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
2900 #ifndef OPENSSL_NO_DEPRECATED_3_0
2901 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
2902 if (!TEST_ptr(custom_pmeth))
2903 return 0;
2904 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
2905 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
2906 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
2907 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
2908 return 0;
2909 #endif
2910 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
2911 #ifndef OPENSSL_NO_CMAC
2912 ADD_TEST(test_CMAC_keygen);
2913 #endif
2914 ADD_TEST(test_HKDF);
2915 ADD_TEST(test_emptyikm_HKDF);
2916 #ifndef OPENSSL_NO_EC
2917 ADD_TEST(test_X509_PUBKEY_inplace);
2918 ADD_TEST(test_X509_PUBKEY_dup);
2919 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
2920 OSSL_NELEM(ec_der_pub_keys));
2921 #endif
2922 #ifndef OPENSSL_NO_DSA
2923 ADD_TEST(test_DSA_get_set_params);
2924 ADD_TEST(test_DSA_priv_pub);
2925 #endif
2926 ADD_TEST(test_RSA_get_set_params);
2927 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2928 ADD_TEST(test_decrypt_null_chunks);
2929 #endif
2930 #ifndef OPENSSL_NO_DH
2931 ADD_TEST(test_DH_priv_pub);
2932 # ifndef OPENSSL_NO_DEPRECATED_3_0
2933 ADD_TEST(test_EVP_PKEY_set1_DH);
2934 # endif
2935 #endif
2936 #ifndef OPENSSL_NO_EC
2937 ADD_TEST(test_EC_priv_pub);
2938 # ifndef OPENSSL_NO_DEPRECATED_3_0
2939 ADD_TEST(test_EC_priv_only_legacy);
2940 # endif
2941 #endif
2942 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
2943 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
2944
2945 ADD_TEST(test_rand_agglomeration);
2946 ADD_ALL_TESTS(test_evp_iv_aes, 12);
2947 #ifndef OPENSSL_NO_DES
2948 ADD_ALL_TESTS(test_evp_iv_des, 6);
2949 #endif
2950 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
2951 #ifndef OPENSSL_NO_EC
2952 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
2953 #endif
2954
2955 ADD_TEST(test_names_do_all);
2956
2957 return 1;
2958 }
2959
2960 void cleanup_tests(void)
2961 {
2962 OSSL_PROVIDER_unload(nullprov);
2963 OSSL_PROVIDER_unload(deflprov);
2964 OSSL_PROVIDER_unload(lgcyprov);
2965 OSSL_LIB_CTX_free(testctx);
2966 }
A mirror of the official openssl repository