]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/evp_extra_test.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add test for resetting SM2 dist ID
[thirdparty/openssl.git] / test / evp_extra_test.c
1 /*
2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
34 #include "testutil.h"
35 #include "internal/nelem.h"
36 #include "internal/sizes.h"
37 #include "crypto/evp.h"
38 #include "internal/e_os.h" /* strcasecmp */
39
40 static OSSL_LIB_CTX *testctx = NULL;
41 static char *testpropq = NULL;
42
43 static OSSL_PROVIDER *nullprov = NULL;
44 static OSSL_PROVIDER *deflprov = NULL;
45 static OSSL_PROVIDER *lgcyprov = NULL;
46
47 /*
48 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
49 * should never use this key anywhere but in an example.
50 */
51 static const unsigned char kExampleRSAKeyDER[] = {
52 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
53 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
54 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
55 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
56 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
57 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
58 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
59 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
60 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
61 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
62 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
63 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
64 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
65 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
66 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
67 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
68 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
69 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
70 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
71 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
72 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
73 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
74 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
75 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
76 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
77 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
78 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
79 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
80 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
81 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
82 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
83 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
84 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
85 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
86 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
87 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
88 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
89 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
90 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
91 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
92 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
93 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
94 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
95 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
96 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
97 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
98 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
99 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
100 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
101 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
102 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
103 };
104
105 /*
106 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
107 * should never use this key anywhere but in an example.
108 */
109 #ifndef OPENSSL_NO_DSA
110 static const unsigned char kExampleDSAKeyDER[] = {
111 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
112 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
113 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
114 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
115 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
116 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
117 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
118 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
119 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
120 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
121 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
122 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
123 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
124 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
125 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
126 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
127 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
128 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
129 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
130 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
131 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
132 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
133 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
134 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
135 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
136 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
137 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
138 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
139 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
140 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
141 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
142 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
143 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
144 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
145 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
146 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
147 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
148 0x40, 0x48
149 };
150 #endif
151
152 /*
153 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
154 * components are not correct.
155 */
156 static const unsigned char kExampleBadRSAKeyDER[] = {
157 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
158 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
159 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
160 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
161 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
162 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
163 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
164 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
165 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
166 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
167 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
168 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
169 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
170 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
171 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
172 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
173 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
174 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
175 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
176 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
177 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
178 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
179 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
180 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
181 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
182 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
183 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
184 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
185 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
186 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
187 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
188 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
189 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
190 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
191 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
192 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
193 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
194 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
195 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
196 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
197 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
198 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
199 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
200 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
201 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
202 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
203 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
204 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
205 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
206 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
207 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
208 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
209 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
210 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
211 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
212 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
213 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
214 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
215 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
216 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
217 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
218 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
219 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
220 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
221 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
222 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
223 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
224 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
225 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
226 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
227 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
228 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
229 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
230 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
231 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
232 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
233 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
234 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
235 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
236 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
237 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
238 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
239 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
240 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
241 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
242 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
243 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
244 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
245 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
246 };
247
248 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
249
250 static const unsigned char kSignature[] = {
251 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
252 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
253 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
254 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
255 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
256 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
257 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
258 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
259 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
260 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
261 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
262 };
263
264 /*
265 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
266 * PrivateKeyInfo.
267 */
268 static const unsigned char kExampleRSAKeyPKCS8[] = {
269 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
270 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
271 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
272 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
273 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
274 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
275 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
276 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
277 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
278 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
279 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
280 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
281 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
282 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
283 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
284 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
285 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
286 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
287 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
288 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
289 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
290 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
291 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
292 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
293 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
294 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
295 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
296 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
297 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
298 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
299 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
300 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
301 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
302 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
303 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
304 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
305 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
306 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
307 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
308 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
309 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
310 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
311 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
312 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
313 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
314 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
315 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
316 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
317 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
318 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
319 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
320 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
321 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
322 };
323
324 #ifndef OPENSSL_NO_EC
325 /*
326 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
327 * structure.
328 */
329 static const unsigned char kExampleECKeyDER[] = {
330 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
331 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
332 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
333 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
334 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
335 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
336 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
337 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
338 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
339 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
340 0xc1,
341 };
342
343 /*
344 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
345 * structure. The private key is equal to the order and will fail to import
346 */
347 static const unsigned char kExampleBadECKeyDER[] = {
348 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
349 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
350 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
351 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
352 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
353 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
354 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
355 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
356 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
357 };
358
359 /* prime256v1 */
360 static const unsigned char kExampleECPubKeyDER[] = {
361 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
362 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
363 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
364 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
365 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
366 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
367 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
368 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
369 };
370
371 /*
372 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
373 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
374 */
375 static const unsigned char kExampleBadECPubKeyDER[] = {
376 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
377 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
378 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
379 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
380 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
381 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
382 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
383 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
384 };
385
386 static const unsigned char pExampleECParamDER[] = {
387 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
388 };
389
390 static const unsigned char kExampleED25519KeyDER[] = {
391 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
392 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
393 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
394 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
395 };
396
397 static const unsigned char kExampleED25519PubKeyDER[] = {
398 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
399 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
400 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
401 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
402 };
403
404 # ifndef OPENSSL_NO_DEPRECATED_3_0
405 static const unsigned char kExampleX25519KeyDER[] = {
406 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
407 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
408 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
409 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
410 };
411 # endif
412 #endif
413
414 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
415 #ifndef OPENSSL_NO_DEPRECATED_3_0
416 # ifndef OPENSSL_NO_DH
417 static const unsigned char kExampleDHKeyDER[] = {
418 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
419 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
420 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
421 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
422 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
423 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
424 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
425 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
426 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
427 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
428 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
429 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
430 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
431 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
432 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
433 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
434 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
435 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
436 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
437 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
438 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
439 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
440 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
441 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
442 0x2e, 0x87, 0x2a, 0x0b, 0x7a
443 };
444 # endif
445 #endif
446
447 static const unsigned char kCFBDefaultKey[] = {
448 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
449 0x09, 0xCF, 0x4F, 0x3C
450 };
451
452 static const unsigned char kGCMDefaultKey[32] = { 0 };
453
454 static const unsigned char kGCMResetKey[] = {
455 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
456 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
457 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
458 };
459
460 static const unsigned char iCFBIV[] = {
461 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
462 0x0C, 0x0D, 0x0E, 0x0F
463 };
464
465 static const unsigned char iGCMDefaultIV[12] = { 0 };
466
467 static const unsigned char iGCMResetIV1[] = {
468 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
469 };
470
471 static const unsigned char iGCMResetIV2[] = {
472 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
473 };
474
475 static const unsigned char cfbPlaintext[] = {
476 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
477 0x73, 0x93, 0x17, 0x2A
478 };
479
480 static const unsigned char gcmDefaultPlaintext[16] = { 0 };
481
482 static const unsigned char gcmResetPlaintext[] = {
483 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
484 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
485 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
486 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
487 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
488 };
489
490 static const unsigned char cfbCiphertext[] = {
491 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
492 0xE8, 0x3C, 0xFB, 0x4A
493 };
494
495 static const unsigned char gcmDefaultCiphertext[] = {
496 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
497 0xba, 0xf3, 0x9d, 0x18
498 };
499
500 static const unsigned char gcmResetCiphertext1[] = {
501 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
502 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
503 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
504 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
505 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
506 };
507
508 static const unsigned char gcmResetCiphertext2[] = {
509 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
510 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
511 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
512 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
513 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
514 };
515
516 static const unsigned char gcmAAD[] = {
517 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
518 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
519 };
520
521 static const unsigned char gcmDefaultTag[] = {
522 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
523 0xd4, 0x8a, 0xb9, 0x19
524 };
525
526 static const unsigned char gcmResetTag1[] = {
527 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
528 0xfe, 0x2e, 0xa8, 0xf2
529 };
530
531 static const unsigned char gcmResetTag2[] = {
532 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
533 0xbb, 0x2d, 0x55, 0x1b
534 };
535
536 typedef struct APK_DATA_st {
537 const unsigned char *kder;
538 size_t size;
539 const char *keytype;
540 int evptype;
541 int check;
542 int pub_check;
543 int param_check;
544 int type; /* 0 for private, 1 for public, 2 for params */
545 } APK_DATA;
546
547 static APK_DATA keydata[] = {
548 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
549 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
550 #ifndef OPENSSL_NO_EC
551 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
552 #endif
553 };
554
555 static APK_DATA keycheckdata[] = {
556 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
557 0},
558 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
559 0, 1, 1, 0},
560 #ifndef OPENSSL_NO_EC
561 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
562 /* group is also associated in our pub key */
563 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
564 1, 1},
565 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
566 2},
567 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
568 EVP_PKEY_ED25519, 1, 1, 1, 0},
569 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
570 EVP_PKEY_ED25519, 0, 1, 1, 1},
571 #endif
572 };
573
574 static EVP_PKEY *load_example_key(const char *keytype,
575 const unsigned char *data, size_t data_len)
576 {
577 const unsigned char **pdata = &data;
578 EVP_PKEY *pkey = NULL;
579 OSSL_DECODER_CTX *dctx =
580 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
581 testctx, testpropq);
582
583 /* |pkey| will be NULL on error */
584 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
585 OSSL_DECODER_CTX_free(dctx);
586 return pkey;
587 }
588
589 static EVP_PKEY *load_example_rsa_key(void)
590 {
591 return load_example_key("RSA", kExampleRSAKeyDER,
592 sizeof(kExampleRSAKeyDER));
593 }
594
595 #ifndef OPENSSL_NO_DSA
596 static EVP_PKEY *load_example_dsa_key(void)
597 {
598 return load_example_key("DSA", kExampleDSAKeyDER,
599 sizeof(kExampleDSAKeyDER));
600 }
601 #endif
602
603 #ifndef OPENSSL_NO_EC
604 static EVP_PKEY *load_example_ec_key(void)
605 {
606 return load_example_key("EC", kExampleECKeyDER,
607 sizeof(kExampleECKeyDER));
608 }
609 #endif
610
611 #ifndef OPENSSL_NO_DEPRECATED_3_0
612 # ifndef OPENSSL_NO_DH
613 static EVP_PKEY *load_example_dh_key(void)
614 {
615 return load_example_key("DH", kExampleDHKeyDER,
616 sizeof(kExampleDHKeyDER));
617 }
618 # endif
619
620 # ifndef OPENSSL_NO_EC
621 static EVP_PKEY *load_example_ed25519_key(void)
622 {
623 return load_example_key("ED25519", kExampleED25519KeyDER,
624 sizeof(kExampleED25519KeyDER));
625 }
626
627 static EVP_PKEY *load_example_x25519_key(void)
628 {
629 return load_example_key("X25519", kExampleX25519KeyDER,
630 sizeof(kExampleX25519KeyDER));
631 }
632 # endif
633 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
634
635 static EVP_PKEY *load_example_hmac_key(void)
636 {
637 EVP_PKEY *pkey = NULL;
638 unsigned char key[] = {
639 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
640 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
641 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
642 };
643
644 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
645 NULL, key, sizeof(key));
646 if (!TEST_ptr(pkey))
647 return NULL;
648
649 return pkey;
650 }
651
652 static int test_EVP_set_default_properties(void)
653 {
654 OSSL_LIB_CTX *ctx;
655 EVP_MD *md = NULL;
656 int res = 0;
657
658 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
659 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
660 goto err;
661 EVP_MD_free(md);
662 md = NULL;
663
664 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
665 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
666 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
667 goto err;
668 EVP_MD_free(md);
669 md = NULL;
670
671 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
672 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
673 goto err;
674 res = 1;
675 err:
676 EVP_MD_free(md);
677 OSSL_LIB_CTX_free(ctx);
678 return res;
679 }
680
681 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
682 static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
683 {
684 EVP_PKEY_CTX *pctx = NULL;
685 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL;
686
687 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
688 goto err;
689 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
690 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
691 params), 0))
692 goto err;
693
694 if (!TEST_ptr(tmp_pkey))
695 goto err;
696
697 pkey = tmp_pkey;
698 tmp_pkey = NULL;
699 err:
700 EVP_PKEY_free(tmp_pkey);
701 EVP_PKEY_CTX_free(pctx);
702 return pkey;
703 }
704
705 static int test_selection(EVP_PKEY *pkey, int selection)
706 {
707 int testresult = 0;
708 int ret;
709 BIO *bio = BIO_new(BIO_s_mem());
710
711 ret = PEM_write_bio_PUBKEY(bio, pkey);
712 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
713 if (!TEST_true(ret))
714 goto err;
715 } else {
716 if (!TEST_false(ret))
717 goto err;
718 }
719 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
720 testctx, NULL);
721 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
722 if (!TEST_true(ret))
723 goto err;
724 } else {
725 if (!TEST_false(ret))
726 goto err;
727 }
728
729 testresult = 1;
730 err:
731 BIO_free(bio);
732
733 return testresult;
734 }
735 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
736
737 /*
738 * Test combinations of private, public, missing and private + public key
739 * params to ensure they are all accepted
740 */
741 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
742 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
743 {
744 OSSL_PARAM_BLD *bld = NULL;
745 OSSL_PARAM *params = NULL;
746 EVP_PKEY *just_params = NULL;
747 EVP_PKEY *params_and_priv = NULL;
748 EVP_PKEY *params_and_pub = NULL;
749 EVP_PKEY *params_and_keypair = NULL;
750 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
751 int ret = 0;
752
753 /*
754 * Setup the parameters for our pkey object. For our purposes they don't
755 * have to actually be *valid* parameters. We just need to set something.
756 */
757 if (!TEST_ptr(p = BN_new())
758 || !TEST_ptr(q = BN_new())
759 || !TEST_ptr(g = BN_new())
760 || !TEST_ptr(pub = BN_new())
761 || !TEST_ptr(priv = BN_new()))
762 goto err;
763
764 /* Test !priv and !pub */
765 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
766 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
767 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
768 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
769 goto err;
770 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
771 || !TEST_ptr(just_params = make_key_fromdata(keytype, params)))
772 goto err;
773
774 OSSL_PARAM_free(params);
775 OSSL_PARAM_BLD_free(bld);
776 params = NULL;
777 bld = NULL;
778
779 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
780 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
781 goto err;
782
783 /* Test priv and !pub */
784 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
785 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
786 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
787 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
788 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
789 priv)))
790 goto err;
791 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
792 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params)))
793 goto err;
794
795 OSSL_PARAM_free(params);
796 OSSL_PARAM_BLD_free(bld);
797 params = NULL;
798 bld = NULL;
799
800 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
801 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
802 goto err;
803
804 /* Test !priv and pub */
805 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
806 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
807 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
808 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
809 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
810 pub)))
811 goto err;
812 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
813 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params)))
814 goto err;
815
816 OSSL_PARAM_free(params);
817 OSSL_PARAM_BLD_free(bld);
818 params = NULL;
819 bld = NULL;
820
821 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
822 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
823 goto err;
824
825 /* Test priv and pub */
826 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
827 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
828 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
829 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
830 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
831 pub))
832 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
833 priv)))
834 goto err;
835 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
836 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params)))
837 goto err;
838
839 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
840 goto err;
841
842 ret = 1;
843 err:
844 OSSL_PARAM_free(params);
845 OSSL_PARAM_BLD_free(bld);
846 EVP_PKEY_free(just_params);
847 EVP_PKEY_free(params_and_priv);
848 EVP_PKEY_free(params_and_pub);
849 EVP_PKEY_free(params_and_keypair);
850 BN_free(p);
851 BN_free(q);
852 BN_free(g);
853 BN_free(pub);
854 BN_free(priv);
855
856 return ret;
857 }
858 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
859
860 /*
861 * Test combinations of private, public, missing and private + public key
862 * params to ensure they are all accepted for EC keys
863 */
864 #ifndef OPENSSL_NO_EC
865 static unsigned char ec_priv[] = {
866 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
867 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
868 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
869 };
870 static unsigned char ec_pub[] = {
871 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
872 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
873 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
874 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
875 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
876 0x08, 0x09, 0xb8, 0xdb, 0x03
877 };
878
879 static int test_EC_priv_pub(void)
880 {
881 OSSL_PARAM_BLD *bld = NULL;
882 OSSL_PARAM *params = NULL;
883 EVP_PKEY *just_params = NULL;
884 EVP_PKEY *params_and_priv = NULL;
885 EVP_PKEY *params_and_pub = NULL;
886 EVP_PKEY *params_and_keypair = NULL;
887 BIGNUM *priv = NULL;
888 int ret = 0;
889
890 /*
891 * Setup the parameters for our pkey object. For our purposes they don't
892 * have to actually be *valid* parameters. We just need to set something.
893 */
894 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
895 goto err;
896
897 /* Test !priv and !pub */
898 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
899 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
900 OSSL_PKEY_PARAM_GROUP_NAME,
901 "P-256", 0)))
902 goto err;
903 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
904 || !TEST_ptr(just_params = make_key_fromdata("EC", params)))
905 goto err;
906
907 OSSL_PARAM_free(params);
908 OSSL_PARAM_BLD_free(bld);
909 params = NULL;
910 bld = NULL;
911
912 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
913 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
914 goto err;
915
916 /* Test priv and !pub */
917 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
918 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
919 OSSL_PKEY_PARAM_GROUP_NAME,
920 "P-256", 0))
921 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
922 priv)))
923 goto err;
924 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
925 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params)))
926 goto err;
927
928 OSSL_PARAM_free(params);
929 OSSL_PARAM_BLD_free(bld);
930 params = NULL;
931 bld = NULL;
932
933 /*
934 * We indicate only parameters here, in spite of having built a key that
935 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
936 * expected to fail because it does not support exporting a private EC
937 * key without a corresponding public key
938 */
939 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
940 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
941 goto err;
942
943 /* Test !priv and pub */
944 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
945 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
946 OSSL_PKEY_PARAM_GROUP_NAME,
947 "P-256", 0))
948 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
949 OSSL_PKEY_PARAM_PUB_KEY,
950 ec_pub, sizeof(ec_pub))))
951 goto err;
952 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
953 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params)))
954 goto err;
955
956 OSSL_PARAM_free(params);
957 OSSL_PARAM_BLD_free(bld);
958 params = NULL;
959 bld = NULL;
960
961 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
962 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
963 goto err;
964
965 /* Test priv and pub */
966 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
967 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
968 OSSL_PKEY_PARAM_GROUP_NAME,
969 "P-256", 0))
970 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
971 OSSL_PKEY_PARAM_PUB_KEY,
972 ec_pub, sizeof(ec_pub)))
973 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
974 priv)))
975 goto err;
976 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
977 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params)))
978 goto err;
979
980 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
981 goto err;
982
983 /* Try key equality */
984 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0)
985 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub),
986 0)
987 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv),
988 0)
989 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair),
990 0)
991 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0)
992 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0)
993 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0)
994 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0))
995 goto err;
996
997 ret = 1;
998 err:
999 OSSL_PARAM_free(params);
1000 OSSL_PARAM_BLD_free(bld);
1001 EVP_PKEY_free(just_params);
1002 EVP_PKEY_free(params_and_priv);
1003 EVP_PKEY_free(params_and_pub);
1004 EVP_PKEY_free(params_and_keypair);
1005 BN_free(priv);
1006
1007 return ret;
1008 }
1009
1010 /* Test that using a legacy EC key with only a private key in it works */
1011 # ifndef OPENSSL_NO_DEPRECATED_3_0
1012 static int test_EC_priv_only_legacy(void)
1013 {
1014 BIGNUM *priv = NULL;
1015 int ret = 0;
1016 EC_KEY *eckey = NULL;
1017 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
1018 EVP_MD_CTX *ctx = NULL;
1019
1020 /* Create the low level EC_KEY */
1021 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1022 goto err;
1023
1024 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1025 if (!TEST_ptr(eckey))
1026 goto err;
1027
1028 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1029 goto err;
1030
1031 pkey = EVP_PKEY_new();
1032 if (!TEST_ptr(pkey))
1033 goto err;
1034
1035 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1036 goto err;
1037 eckey = NULL;
1038
1039 while (dup_pk == NULL) {
1040 ret = 0;
1041 ctx = EVP_MD_CTX_new();
1042 if (!TEST_ptr(ctx))
1043 goto err;
1044
1045 /*
1046 * The EVP_DigestSignInit function should create the key on the
1047 * provider side which is sufficient for this test.
1048 */
1049 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
1050 testpropq, pkey, NULL)))
1051 goto err;
1052 EVP_MD_CTX_free(ctx);
1053 ctx = NULL;
1054
1055 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
1056 goto err;
1057 /* EVP_PKEY_eq() returns -2 with missing public keys */
1058 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
1059 EVP_PKEY_free(pkey);
1060 pkey = dup_pk;
1061 if (!ret)
1062 goto err;
1063 }
1064
1065 err:
1066 EVP_MD_CTX_free(ctx);
1067 EVP_PKEY_free(pkey);
1068 EC_KEY_free(eckey);
1069 BN_free(priv);
1070
1071 return ret;
1072 }
1073 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
1074 #endif /* OPENSSL_NO_EC */
1075
1076 static int test_EVP_PKEY_sign(int tst)
1077 {
1078 int ret = 0;
1079 EVP_PKEY *pkey = NULL;
1080 unsigned char *sig = NULL;
1081 size_t sig_len = 0, shortsig_len = 1;
1082 EVP_PKEY_CTX *ctx = NULL;
1083 unsigned char tbs[] = {
1084 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1085 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1086 };
1087
1088 if (tst == 0) {
1089 if (!TEST_ptr(pkey = load_example_rsa_key()))
1090 goto out;
1091 } else if (tst == 1) {
1092 #ifndef OPENSSL_NO_DSA
1093 if (!TEST_ptr(pkey = load_example_dsa_key()))
1094 goto out;
1095 #else
1096 ret = 1;
1097 goto out;
1098 #endif
1099 } else {
1100 #ifndef OPENSSL_NO_EC
1101 if (!TEST_ptr(pkey = load_example_ec_key()))
1102 goto out;
1103 #else
1104 ret = 1;
1105 goto out;
1106 #endif
1107 }
1108
1109 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1110 if (!TEST_ptr(ctx)
1111 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1112 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1113 sizeof(tbs)), 0))
1114 goto out;
1115 sig = OPENSSL_malloc(sig_len);
1116 if (!TEST_ptr(sig)
1117 /* Test sending a signature buffer that is too short is rejected */
1118 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1119 sizeof(tbs)), 0)
1120 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1121 0)
1122 /* Test the signature round-trips */
1123 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1124 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1125 0))
1126 goto out;
1127
1128 ret = 1;
1129 out:
1130 EVP_PKEY_CTX_free(ctx);
1131 OPENSSL_free(sig);
1132 EVP_PKEY_free(pkey);
1133 return ret;
1134 }
1135
1136 /*
1137 * n = 0 => test using legacy cipher
1138 * n = 1 => test using fetched cipher
1139 */
1140 static int test_EVP_Enveloped(int n)
1141 {
1142 int ret = 0;
1143 EVP_CIPHER_CTX *ctx = NULL;
1144 EVP_PKEY *keypair = NULL;
1145 unsigned char *kek = NULL;
1146 unsigned char iv[EVP_MAX_IV_LENGTH];
1147 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1148 int len, kek_len, ciphertext_len, plaintext_len;
1149 unsigned char ciphertext[32], plaintext[16];
1150 EVP_CIPHER *type = NULL;
1151
1152 if (nullprov != NULL)
1153 return TEST_skip("Test does not support a non-default library context");
1154
1155 if (n == 0)
1156 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1157 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1158 testpropq)))
1159 goto err;
1160
1161 if (!TEST_ptr(keypair = load_example_rsa_key())
1162 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
1163 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1164 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1165 &keypair, 1))
1166 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1167 msg, sizeof(msg)))
1168 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1169 &len)))
1170 goto err;
1171
1172 ciphertext_len += len;
1173
1174 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1175 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1176 ciphertext, ciphertext_len))
1177 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1178 goto err;
1179
1180 plaintext_len += len;
1181 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1182 goto err;
1183
1184 ret = 1;
1185 err:
1186 if (n != 0)
1187 EVP_CIPHER_free(type);
1188 OPENSSL_free(kek);
1189 EVP_PKEY_free(keypair);
1190 EVP_CIPHER_CTX_free(ctx);
1191 return ret;
1192 }
1193
1194 /*
1195 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1196 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1197 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1198 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1199 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1200 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1201 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1202 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1203 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1204 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1205 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1206 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1207 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1208 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1209 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1210 * Test 15-29: Same as above with reinitialization
1211 */
1212 static int test_EVP_DigestSignInit(int tst)
1213 {
1214 int ret = 0;
1215 EVP_PKEY *pkey = NULL;
1216 unsigned char *sig = NULL, *sig2 = NULL;
1217 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
1218 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1219 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1220 BIO *mdbio = NULL, *membio = NULL;
1221 size_t written;
1222 const EVP_MD *md;
1223 EVP_MD *mdexp = NULL;
1224 int reinit = 0;
1225
1226 if (nullprov != NULL)
1227 return TEST_skip("Test does not support a non-default library context");
1228
1229 if (tst >= 15) {
1230 reinit = 1;
1231 tst -= 15;
1232 }
1233
1234 if (tst >= 6 && tst <= 8) {
1235 membio = BIO_new(BIO_s_mem());
1236 mdbio = BIO_new(BIO_f_md());
1237 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1238 goto out;
1239 BIO_push(mdbio, membio);
1240 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1241 goto out;
1242 } else {
1243 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1244 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1245 goto out;
1246 }
1247
1248 if (tst % 3 == 0) {
1249 if (!TEST_ptr(pkey = load_example_rsa_key()))
1250 goto out;
1251 } else if (tst % 3 == 1) {
1252 #ifndef OPENSSL_NO_DSA
1253 if (!TEST_ptr(pkey = load_example_dsa_key()))
1254 goto out;
1255 #else
1256 ret = 1;
1257 goto out;
1258 #endif
1259 } else {
1260 if (!TEST_ptr(pkey = load_example_hmac_key()))
1261 goto out;
1262 }
1263
1264 if (tst >= 3 && tst <= 5)
1265 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1266 else
1267 md = EVP_sha256();
1268
1269 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1270 goto out;
1271
1272 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
1273 goto out;
1274
1275 if (tst >= 6 && tst <= 8) {
1276 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1277 goto out;
1278 } else if (tst < 6) {
1279 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1280 goto out;
1281 }
1282
1283 if (tst >= 9) {
1284 /* Determine the size of the signature. */
1285 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1286 sizeof(kMsg)))
1287 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1288 goto out;
1289 if (tst <= 11) {
1290 /* Test that supply a short sig buffer fails */
1291 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1292 sizeof(kMsg))))
1293 goto out;
1294 /*
1295 * We end here because once EVP_DigestSign() has failed you should
1296 * not call it again without re-initing the ctx
1297 */
1298 ret = 1;
1299 goto out;
1300 }
1301 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1302 sizeof(kMsg))))
1303 goto out;
1304 } else {
1305 /* Determine the size of the signature. */
1306 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1307 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1308 /*
1309 * Trying to create a signature with a deliberately short
1310 * buffer should fail.
1311 */
1312 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1313 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1314 goto out;
1315 }
1316
1317 /*
1318 * Ensure that the signature round-trips (Verification isn't supported for
1319 * HMAC via EVP_DigestVerify*)
1320 */
1321 if (tst % 3 != 2) {
1322 if (tst >= 6 && tst <= 8) {
1323 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1324 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1325 goto out;
1326 }
1327
1328 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1329 NULL, pkey)))
1330 goto out;
1331
1332 if (tst >= 6 && tst <= 8) {
1333 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1334 goto out;
1335 } else {
1336 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1337 sizeof(kMsg))))
1338 goto out;
1339 }
1340 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1341 goto out;
1342
1343 /* Multiple calls to EVP_DigestVerifyFinal should work */
1344 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1345 goto out;
1346 } else {
1347 /*
1348 * For HMAC a doubled call to DigestSignFinal should produce the same
1349 * value as finalization should not happen.
1350 */
1351 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1352 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1353 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1354 goto out;
1355
1356 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1357 goto out;
1358 }
1359
1360 ret = 1;
1361
1362 out:
1363 BIO_free(membio);
1364 BIO_free(mdbio);
1365 EVP_MD_CTX_free(a_md_ctx);
1366 EVP_MD_CTX_free(a_md_ctx_verify);
1367 EVP_PKEY_free(pkey);
1368 OPENSSL_free(sig);
1369 OPENSSL_free(sig2);
1370 EVP_MD_free(mdexp);
1371
1372 return ret;
1373 }
1374
1375 static int test_EVP_DigestVerifyInit(void)
1376 {
1377 int ret = 0;
1378 EVP_PKEY *pkey = NULL;
1379 EVP_MD_CTX *md_ctx = NULL;
1380
1381 if (nullprov != NULL)
1382 return TEST_skip("Test does not support a non-default library context");
1383
1384 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1385 || !TEST_ptr(pkey = load_example_rsa_key()))
1386 goto out;
1387
1388 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1389 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1390 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1391 sizeof(kSignature)), 0))
1392 goto out;
1393
1394 /* test with reinitialization */
1395 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
1396 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1397 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1398 sizeof(kSignature)), 0))
1399 goto out;
1400 ret = 1;
1401
1402 out:
1403 EVP_MD_CTX_free(md_ctx);
1404 EVP_PKEY_free(pkey);
1405 return ret;
1406 }
1407
1408 #ifndef OPENSSL_NO_SIPHASH
1409 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
1410 static int test_siphash_digestsign(void)
1411 {
1412 unsigned char key[16];
1413 unsigned char buf[8], digest[8];
1414 unsigned char expected[8] = {
1415 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1416 };
1417 EVP_PKEY *pkey = NULL;
1418 EVP_MD_CTX *mdctx = NULL;
1419 EVP_PKEY_CTX *ctx = NULL;
1420 int ret = 0;
1421 size_t len = 8;
1422
1423 if (nullprov != NULL)
1424 return TEST_skip("Test does not support a non-default library context");
1425
1426 memset(buf, 0, 8);
1427 memset(key, 1, 16);
1428 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
1429 key, 16)))
1430 goto out;
1431
1432 if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
1433 goto out;
1434
1435 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
1436 goto out;
1437 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
1438 EVP_PKEY_CTRL_SET_DIGEST_SIZE,
1439 8, NULL), 1))
1440 goto out;
1441 /* reinitialize */
1442 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
1443 goto out;
1444 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
1445 goto out;
1446 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
1447 goto out;
1448 if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
1449 goto out;
1450
1451 ret = 1;
1452 out:
1453 EVP_PKEY_free(pkey);
1454 EVP_MD_CTX_free(mdctx);
1455 return ret;
1456 }
1457 #endif
1458
1459 /*
1460 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1461 */
1462 static int test_EVP_Digest(void)
1463 {
1464 int ret = 0;
1465 EVP_MD_CTX *md_ctx = NULL;
1466 unsigned char md[EVP_MAX_MD_SIZE];
1467 EVP_MD *sha256 = NULL;
1468 EVP_MD *shake256 = NULL;
1469
1470 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1471 goto out;
1472
1473 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1474 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1475 goto out;
1476
1477 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1478 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1479 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1480 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1481 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1482 goto out;
1483
1484 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1485 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1486 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1487 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1488 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1489 /*
1490 * EVP_DigestInit_ex with NULL type should work on
1491 * pre-initialized context.
1492 */
1493 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1494 goto out;
1495
1496 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1497 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1498 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1499 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1500 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1501 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1502 goto out;
1503 ret = 1;
1504
1505 out:
1506 EVP_MD_CTX_free(md_ctx);
1507 EVP_MD_free(sha256);
1508 EVP_MD_free(shake256);
1509 return ret;
1510 }
1511
1512 static int test_EVP_md_null(void)
1513 {
1514 int ret = 0;
1515 EVP_MD_CTX *md_ctx = NULL;
1516 const EVP_MD *md_null = EVP_md_null();
1517 unsigned char md_value[EVP_MAX_MD_SIZE];
1518 unsigned int md_len = sizeof(md_value);
1519
1520 if (nullprov != NULL)
1521 return TEST_skip("Test does not support a non-default library context");
1522
1523 if (!TEST_ptr(md_null)
1524 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1525 goto out;
1526
1527 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
1528 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
1529 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
1530 goto out;
1531
1532 if (!TEST_uint_eq(md_len, 0))
1533 goto out;
1534
1535 ret = 1;
1536 out:
1537 EVP_MD_CTX_free(md_ctx);
1538 return ret;
1539 }
1540
1541 static int test_d2i_AutoPrivateKey(int i)
1542 {
1543 int ret = 0;
1544 const unsigned char *p;
1545 EVP_PKEY *pkey = NULL;
1546 const APK_DATA *ak = &keydata[i];
1547 const unsigned char *input = ak->kder;
1548 size_t input_len = ak->size;
1549 int expected_id = ak->evptype;
1550
1551 p = input;
1552 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1553 || !TEST_ptr_eq(p, input + input_len)
1554 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
1555 goto done;
1556
1557 ret = 1;
1558
1559 done:
1560 EVP_PKEY_free(pkey);
1561 return ret;
1562 }
1563
1564 #ifndef OPENSSL_NO_EC
1565
1566 static const unsigned char ec_public_sect163k1_validxy[] = {
1567 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1568 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1569 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1570 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1571 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1572 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1573 };
1574
1575 static const unsigned char ec_public_sect163k1_badx[] = {
1576 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1577 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1578 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1579 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1580 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1581 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1582 };
1583
1584 static const unsigned char ec_public_sect163k1_bady[] = {
1585 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1586 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1587 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1588 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1589 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1590 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1591 };
1592
1593 static struct ec_der_pub_keys_st {
1594 const unsigned char *der;
1595 size_t len;
1596 int valid;
1597 } ec_der_pub_keys[] = {
1598 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1599 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1600 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1601 };
1602
1603 /*
1604 * Tests the range of the decoded EC char2 public point.
1605 * See ec_GF2m_simple_oct2point().
1606 */
1607 static int test_invalide_ec_char2_pub_range_decode(int id)
1608 {
1609 int ret = 0;
1610 EVP_PKEY *pkey;
1611
1612 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1613 ec_der_pub_keys[id].len);
1614
1615 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1616 || TEST_ptr_null(pkey);
1617 EVP_PKEY_free(pkey);
1618 return ret;
1619 }
1620
1621 /* Tests loading a bad key in PKCS8 format */
1622 static int test_EVP_PKCS82PKEY(void)
1623 {
1624 int ret = 0;
1625 const unsigned char *derp = kExampleBadECKeyDER;
1626 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1627 EVP_PKEY *pkey = NULL;
1628
1629 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1630 sizeof(kExampleBadECKeyDER))))
1631 goto done;
1632
1633 if (!TEST_ptr_eq(derp,
1634 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1635 goto done;
1636
1637 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1638 goto done;
1639
1640 ret = 1;
1641
1642 done:
1643 PKCS8_PRIV_KEY_INFO_free(p8inf);
1644 EVP_PKEY_free(pkey);
1645
1646 return ret;
1647 }
1648
1649 #endif
1650 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1651 {
1652 EVP_PKEY *pkey = NULL;
1653 EVP_PKEY *pkey2 = NULL;
1654 BIO *membio = NULL;
1655 char *membuf = NULL;
1656 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1657 int ok = 0;
1658
1659 if (testctx != NULL)
1660 /* test not supported with non-default context */
1661 return 1;
1662
1663 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1664 || !TEST_ptr(pkey = load_example_rsa_key())
1665 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1666 NULL, 0, NULL, NULL),
1667 0)
1668 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1669 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1670 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
1671 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1672 goto done;
1673 }
1674
1675 ok = 1;
1676 done:
1677 EVP_PKEY_free(pkey);
1678 EVP_PKEY_free(pkey2);
1679 PKCS8_PRIV_KEY_INFO_free(p8inf);
1680 BIO_free_all(membio);
1681 return ok;
1682 }
1683
1684 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1685 static int test_privatekey_to_pkcs8(void)
1686 {
1687 EVP_PKEY *pkey = NULL;
1688 BIO *membio = NULL;
1689 char *membuf = NULL;
1690 long membuf_len = 0;
1691 int ok = 0;
1692
1693 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1694 || !TEST_ptr(pkey = load_example_rsa_key())
1695 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1696 NULL, 0, NULL, NULL),
1697 0)
1698 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1699 || !TEST_ptr(membuf)
1700 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1701 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1702 /*
1703 * We try to write PEM as well, just to see that it doesn't err, but
1704 * assume that the result is correct.
1705 */
1706 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1707 NULL, 0, NULL, NULL),
1708 0))
1709 goto done;
1710
1711 ok = 1;
1712 done:
1713 EVP_PKEY_free(pkey);
1714 BIO_free_all(membio);
1715 return ok;
1716 }
1717
1718 #ifndef OPENSSL_NO_EC
1719 static const struct {
1720 int encoding;
1721 const char *encoding_name;
1722 } ec_encodings[] = {
1723 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1724 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1725 };
1726
1727 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1728 {
1729 const OSSL_PARAM *p;
1730 const char *enc_name = NULL;
1731 int *enc = arg;
1732 size_t i;
1733
1734 *enc = -1;
1735
1736 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1737 OSSL_PKEY_PARAM_EC_ENCODING))
1738 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1739 return 0;
1740
1741 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1742 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1743 *enc = ec_encodings[i].encoding;
1744 break;
1745 }
1746 }
1747
1748 return (*enc != -1);
1749 }
1750
1751 static int test_EC_keygen_with_enc(int idx)
1752 {
1753 EVP_PKEY *params = NULL, *key = NULL;
1754 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1755 int enc;
1756 int ret = 0;
1757
1758 enc = ec_encodings[idx].encoding;
1759
1760 /* Create key parameters */
1761 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1762 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
1763 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
1764 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1765 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
1766 || !TEST_ptr(params))
1767 goto done;
1768
1769 /* Create key */
1770 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1771 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1772 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1773 || !TEST_ptr(key))
1774 goto done;
1775
1776 /* Check that the encoding got all the way into the key */
1777 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1778 ec_export_get_encoding_cb, &enc))
1779 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1780 goto done;
1781
1782 ret = 1;
1783 done:
1784 EVP_PKEY_free(key);
1785 EVP_PKEY_free(params);
1786 EVP_PKEY_CTX_free(kctx);
1787 EVP_PKEY_CTX_free(pctx);
1788 return ret;
1789 }
1790 #endif
1791
1792 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1793
1794 static int test_EVP_SM2_verify(void)
1795 {
1796 const char *pubkey =
1797 "-----BEGIN PUBLIC KEY-----\n"
1798 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1799 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1800 "-----END PUBLIC KEY-----\n";
1801
1802 const char *msg = "message digest";
1803 const char *id = "ALICE123@YAHOO.COM";
1804
1805 const uint8_t signature[] = {
1806 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1807 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1808 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1809 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1810 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1811 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1812 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1813 };
1814
1815 int rc = 0;
1816 BIO *bio = NULL;
1817 EVP_PKEY *pkey = NULL;
1818 EVP_MD_CTX *mctx = NULL;
1819 EVP_PKEY_CTX *pctx = NULL;
1820 EVP_MD *sm3 = NULL;
1821
1822 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1823 if (!TEST_true(bio != NULL))
1824 goto done;
1825
1826 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
1827 if (!TEST_true(pkey != NULL))
1828 goto done;
1829
1830 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1831 goto done;
1832
1833 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1834 goto done;
1835
1836 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1837 goto done;
1838
1839 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1840
1841 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1842 goto done;
1843
1844 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
1845 goto done;
1846
1847 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1848 goto done;
1849
1850 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1851 goto done;
1852
1853 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
1854 goto done;
1855 rc = 1;
1856
1857 done:
1858 BIO_free(bio);
1859 EVP_PKEY_free(pkey);
1860 EVP_PKEY_CTX_free(pctx);
1861 EVP_MD_CTX_free(mctx);
1862 EVP_MD_free(sm3);
1863 return rc;
1864 }
1865
1866 static int test_EVP_SM2(void)
1867 {
1868 int ret = 0;
1869 EVP_PKEY *pkey = NULL;
1870 EVP_PKEY *pkeyparams = NULL;
1871 EVP_PKEY_CTX *pctx = NULL;
1872 EVP_PKEY_CTX *kctx = NULL;
1873 EVP_PKEY_CTX *sctx = NULL;
1874 size_t sig_len = 0;
1875 unsigned char *sig = NULL;
1876 EVP_MD_CTX *md_ctx = NULL;
1877 EVP_MD_CTX *md_ctx_verify = NULL;
1878 EVP_PKEY_CTX *cctx = NULL;
1879 EVP_MD *check_md = NULL;
1880
1881 uint8_t ciphertext[128];
1882 size_t ctext_len = sizeof(ciphertext);
1883
1884 uint8_t plaintext[8];
1885 size_t ptext_len = sizeof(plaintext);
1886
1887 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1888
1889 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1890 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1891 int i;
1892 char mdname[OSSL_MAX_NAME_SIZE];
1893
1894 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
1895 "SM2", testpropq)))
1896 goto done;
1897
1898 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1899 goto done;
1900
1901 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1902 goto done;
1903
1904 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1905 goto done;
1906
1907 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1908 pkeyparams, testpropq)))
1909 goto done;
1910
1911 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0))
1912 goto done;
1913
1914 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1915 goto done;
1916
1917 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1918 goto done;
1919
1920 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1921 goto done;
1922
1923 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1924 goto done;
1925
1926 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1927 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1928
1929 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
1930 goto done;
1931
1932 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
1933 goto done;
1934
1935 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1936 goto done;
1937
1938 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1939 goto done;
1940
1941 /* Determine the size of the signature. */
1942 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1943 goto done;
1944
1945 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1946 goto done;
1947
1948 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1949 goto done;
1950
1951 /* Ensure that the signature round-trips. */
1952
1953 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1954 pkey)))
1955 goto done;
1956
1957 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1958 goto done;
1959
1960 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1961 goto done;
1962
1963 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1964 goto done;
1965
1966 /*
1967 * Try verify again with non-matching 0 length id but ensure that it can
1968 * be set on the context and overrides the previous value.
1969 */
1970
1971 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1972 pkey)))
1973 goto done;
1974
1975 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0))
1976 goto done;
1977
1978 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1979 goto done;
1980
1981 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1982 goto done;
1983
1984 /* now check encryption/decryption */
1985
1986 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1987 mdname, sizeof(mdname));
1988 for (i = 0; i < 2; i++) {
1989 const char *mdnames[] = {
1990 #ifndef OPENSSL_NO_SM3
1991 "SM3",
1992 #else
1993 NULL,
1994 #endif
1995 "SHA2-256" };
1996 EVP_PKEY_CTX_free(cctx);
1997
1998 if (mdnames[i] == NULL)
1999 continue;
2000
2001 sparams[0] =
2002 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2003 (char *)mdnames[i], 0);
2004
2005 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2006 pkey, testpropq)))
2007 goto done;
2008
2009 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
2010 goto done;
2011
2012 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2013 goto done;
2014
2015 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
2016 sizeof(kMsg))))
2017 goto done;
2018
2019 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
2020 goto done;
2021
2022 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2023 goto done;
2024
2025 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
2026 ctext_len), 0))
2027 goto done;
2028
2029 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
2030 goto done;
2031
2032 /*
2033 * Test we're still using the digest we think we are.
2034 * Because of aliases, the easiest is to fetch the digest and
2035 * check the name with EVP_MD_is_a().
2036 */
2037 EVP_MD_free(check_md);
2038 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
2039 goto done;
2040 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
2041 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
2042 goto done;
2043 }
2044
2045 if (!TEST_true(ptext_len == sizeof(kMsg)))
2046 goto done;
2047
2048 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
2049 goto done;
2050 }
2051
2052 ret = 1;
2053 done:
2054 EVP_PKEY_CTX_free(pctx);
2055 EVP_PKEY_CTX_free(kctx);
2056 EVP_PKEY_CTX_free(sctx);
2057 EVP_PKEY_CTX_free(cctx);
2058 EVP_PKEY_free(pkey);
2059 EVP_PKEY_free(pkeyparams);
2060 EVP_MD_CTX_free(md_ctx);
2061 EVP_MD_CTX_free(md_ctx_verify);
2062 EVP_MD_free(check_md);
2063 OPENSSL_free(sig);
2064 return ret;
2065 }
2066
2067 #endif
2068
2069 static struct keys_st {
2070 int type;
2071 char *priv;
2072 char *pub;
2073 } keys[] = {
2074 {
2075 EVP_PKEY_HMAC, "0123456789", NULL
2076 },
2077 {
2078 EVP_PKEY_HMAC, "", NULL
2079 #ifndef OPENSSL_NO_POLY1305
2080 }, {
2081 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
2082 #endif
2083 #ifndef OPENSSL_NO_SIPHASH
2084 }, {
2085 EVP_PKEY_SIPHASH, "0123456789012345", NULL
2086 #endif
2087 },
2088 #ifndef OPENSSL_NO_EC
2089 {
2090 EVP_PKEY_X25519, "01234567890123456789012345678901",
2091 "abcdefghijklmnopqrstuvwxyzabcdef"
2092 }, {
2093 EVP_PKEY_ED25519, "01234567890123456789012345678901",
2094 "abcdefghijklmnopqrstuvwxyzabcdef"
2095 }, {
2096 EVP_PKEY_X448,
2097 "01234567890123456789012345678901234567890123456789012345",
2098 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2099 }, {
2100 EVP_PKEY_ED448,
2101 "012345678901234567890123456789012345678901234567890123456",
2102 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2103 }
2104 #endif
2105 };
2106
2107 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
2108 {
2109 int ret = 0;
2110 unsigned char buf[80];
2111 unsigned char *in;
2112 size_t inlen, len = 0, shortlen = 1;
2113 EVP_PKEY *pkey;
2114
2115 /* Check if this algorithm supports public keys */
2116 if (pub && keys[tst].pub == NULL)
2117 return 1;
2118
2119 memset(buf, 0, sizeof(buf));
2120
2121 if (pub) {
2122 #ifndef OPENSSL_NO_EC
2123 inlen = strlen(keys[tst].pub);
2124 in = (unsigned char *)keys[tst].pub;
2125 if (uselibctx) {
2126 pkey = EVP_PKEY_new_raw_public_key_ex(
2127 testctx,
2128 OBJ_nid2sn(keys[tst].type),
2129 NULL,
2130 in,
2131 inlen);
2132 } else {
2133 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
2134 NULL,
2135 in,
2136 inlen);
2137 }
2138 #else
2139 return 1;
2140 #endif
2141 } else {
2142 inlen = strlen(keys[tst].priv);
2143 in = (unsigned char *)keys[tst].priv;
2144 if (uselibctx) {
2145 pkey = EVP_PKEY_new_raw_private_key_ex(
2146 testctx, OBJ_nid2sn(keys[tst].type),
2147 NULL,
2148 in,
2149 inlen);
2150 } else {
2151 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
2152 NULL,
2153 in,
2154 inlen);
2155 }
2156 }
2157
2158 if (!TEST_ptr(pkey)
2159 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
2160 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
2161 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
2162 || !TEST_true(len == inlen))
2163 goto done;
2164 if (tst != 1) {
2165 /*
2166 * Test that supplying a buffer that is too small fails. Doesn't apply
2167 * to HMAC with a zero length key
2168 */
2169 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
2170 &shortlen)))
2171 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
2172 &shortlen))))
2173 goto done;
2174 }
2175 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
2176 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
2177 || !TEST_mem_eq(in, inlen, buf, len))
2178 goto done;
2179
2180 ret = 1;
2181 done:
2182 EVP_PKEY_free(pkey);
2183 return ret;
2184 }
2185
2186 static int test_set_get_raw_keys(int tst)
2187 {
2188 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
2189 && test_set_get_raw_keys_int(tst, 0, 1)
2190 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
2191 && test_set_get_raw_keys_int(tst, 1, 1);
2192 }
2193
2194 #ifndef OPENSSL_NO_DEPRECATED_3_0
2195 static int pkey_custom_check(EVP_PKEY *pkey)
2196 {
2197 return 0xbeef;
2198 }
2199
2200 static int pkey_custom_pub_check(EVP_PKEY *pkey)
2201 {
2202 return 0xbeef;
2203 }
2204
2205 static int pkey_custom_param_check(EVP_PKEY *pkey)
2206 {
2207 return 0xbeef;
2208 }
2209
2210 static EVP_PKEY_METHOD *custom_pmeth;
2211 #endif
2212
2213 static int test_EVP_PKEY_check(int i)
2214 {
2215 int ret = 0;
2216 EVP_PKEY *pkey = NULL;
2217 EVP_PKEY_CTX *ctx = NULL;
2218 #ifndef OPENSSL_NO_DEPRECATED_3_0
2219 EVP_PKEY_CTX *ctx2 = NULL;
2220 #endif
2221 const APK_DATA *ak = &keycheckdata[i];
2222 const unsigned char *input = ak->kder;
2223 size_t input_len = ak->size;
2224 int expected_id = ak->evptype;
2225 int expected_check = ak->check;
2226 int expected_pub_check = ak->pub_check;
2227 int expected_param_check = ak->param_check;
2228 int type = ak->type;
2229
2230 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
2231 goto done;
2232 if (type == 0
2233 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2234 goto done;
2235
2236 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2237 goto done;
2238
2239 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
2240 goto done;
2241
2242 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
2243 goto done;
2244
2245 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
2246 goto done;
2247
2248 #ifndef OPENSSL_NO_DEPRECATED_3_0
2249 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
2250 /* assign the pkey directly, as an internal test */
2251 EVP_PKEY_up_ref(pkey);
2252 ctx2->pkey = pkey;
2253
2254 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
2255 goto done;
2256
2257 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
2258 goto done;
2259
2260 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
2261 goto done;
2262 #endif
2263
2264 ret = 1;
2265
2266 done:
2267 EVP_PKEY_CTX_free(ctx);
2268 #ifndef OPENSSL_NO_DEPRECATED_3_0
2269 EVP_PKEY_CTX_free(ctx2);
2270 #endif
2271 EVP_PKEY_free(pkey);
2272 return ret;
2273 }
2274
2275 #ifndef OPENSSL_NO_CMAC
2276 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
2277 {
2278 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
2279 const char msg[] = "Hello World";
2280 size_t maclen = AES_BLOCK_SIZE;
2281 int ret = 1;
2282
2283 if (!TEST_ptr(mdctx)
2284 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
2285 testpropq, pkey, NULL))
2286 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
2287 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
2288 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
2289 ret = 0;
2290
2291 EVP_MD_CTX_free(mdctx);
2292
2293 return ret;
2294 }
2295 static int test_CMAC_keygen(void)
2296 {
2297 static unsigned char key[] = {
2298 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2299 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2300 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2301 };
2302 EVP_PKEY_CTX *kctx = NULL;
2303 int ret = 0;
2304 EVP_PKEY *pkey = NULL;
2305 unsigned char mac[AES_BLOCK_SIZE];
2306 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2307 unsigned char mac2[AES_BLOCK_SIZE];
2308 # endif
2309
2310 if (nullprov != NULL)
2311 return TEST_skip("Test does not support a non-default library context");
2312
2313 /*
2314 * This is a legacy method for CMACs, but should still work.
2315 * This verifies that it works without an ENGINE.
2316 */
2317 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2318
2319 /* Test a CMAC key created using the "generated" method */
2320 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2321 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2322 EVP_PKEY_CTRL_CIPHER,
2323 0, (void *)EVP_aes_256_ecb()), 0)
2324 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2325 EVP_PKEY_CTRL_SET_MAC_KEY,
2326 sizeof(key), (void *)key), 0)
2327 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2328 || !TEST_ptr(pkey)
2329 || !TEST_true(get_cmac_val(pkey, mac)))
2330 goto done;
2331
2332 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2333 EVP_PKEY_free(pkey);
2334
2335 /*
2336 * Test a CMAC key using the direct method, and compare with the mac
2337 * created above.
2338 */
2339 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
2340 if (!TEST_ptr(pkey)
2341 || !TEST_true(get_cmac_val(pkey, mac2))
2342 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
2343 goto done;
2344 # endif
2345
2346 ret = 1;
2347
2348 done:
2349 EVP_PKEY_free(pkey);
2350 EVP_PKEY_CTX_free(kctx);
2351 return ret;
2352 }
2353 #endif
2354
2355 static int test_HKDF(void)
2356 {
2357 EVP_PKEY_CTX *pctx;
2358 unsigned char out[20];
2359 size_t outlen;
2360 int i, ret = 0;
2361 unsigned char salt[] = "0123456789";
2362 unsigned char key[] = "012345678901234567890123456789";
2363 unsigned char info[] = "infostring";
2364 const unsigned char expected[] = {
2365 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2366 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2367 };
2368 size_t expectedlen = sizeof(expected);
2369
2370 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2371 goto done;
2372
2373 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2374 for (i = 0; i < 2; i++) {
2375 outlen = sizeof(out);
2376 memset(out, 0, outlen);
2377
2378 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2379 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2380 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2381 sizeof(salt) - 1), 0)
2382 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2383 sizeof(key) - 1), 0)
2384 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2385 sizeof(info) - 1), 0)
2386 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2387 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2388 goto done;
2389 }
2390
2391 ret = 1;
2392
2393 done:
2394 EVP_PKEY_CTX_free(pctx);
2395
2396 return ret;
2397 }
2398
2399 static int test_emptyikm_HKDF(void)
2400 {
2401 EVP_PKEY_CTX *pctx;
2402 unsigned char out[20];
2403 size_t outlen;
2404 int ret = 0;
2405 unsigned char salt[] = "9876543210";
2406 unsigned char key[] = "";
2407 unsigned char info[] = "stringinfo";
2408 const unsigned char expected[] = {
2409 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2410 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2411 };
2412 size_t expectedlen = sizeof(expected);
2413
2414 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2415 goto done;
2416
2417 outlen = sizeof(out);
2418 memset(out, 0, outlen);
2419
2420 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2421 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2422 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2423 sizeof(salt) - 1), 0)
2424 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2425 sizeof(key) - 1), 0)
2426 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2427 sizeof(info) - 1), 0)
2428 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2429 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2430 goto done;
2431
2432 ret = 1;
2433
2434 done:
2435 EVP_PKEY_CTX_free(pctx);
2436
2437 return ret;
2438 }
2439
2440 #ifndef OPENSSL_NO_EC
2441 static int test_X509_PUBKEY_inplace(void)
2442 {
2443 int ret = 0;
2444 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
2445 const unsigned char *p = kExampleECPubKeyDER;
2446 size_t input_len = sizeof(kExampleECPubKeyDER);
2447
2448 if (!TEST_ptr(xp))
2449 goto done;
2450 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
2451 goto done;
2452
2453 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2454 goto done;
2455
2456 p = kExampleBadECPubKeyDER;
2457 input_len = sizeof(kExampleBadECPubKeyDER);
2458
2459 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2460 goto done;
2461
2462 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2463 goto done;
2464
2465 ret = 1;
2466
2467 done:
2468 X509_PUBKEY_free(xp);
2469 return ret;
2470 }
2471
2472 static int test_X509_PUBKEY_dup(void)
2473 {
2474 int ret = 0;
2475 X509_PUBKEY *xp = NULL, *xq = NULL;
2476 const unsigned char *p = kExampleECPubKeyDER;
2477 size_t input_len = sizeof(kExampleECPubKeyDER);
2478
2479 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2480 if (!TEST_ptr(xp)
2481 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
2482 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2483 || !TEST_ptr_ne(xp, xq))
2484 goto done;
2485
2486 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2487 || !TEST_ptr(X509_PUBKEY_get0(xp))
2488 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
2489 goto done;
2490
2491 X509_PUBKEY_free(xq);
2492 xq = NULL;
2493 p = kExampleBadECPubKeyDER;
2494 input_len = sizeof(kExampleBadECPubKeyDER);
2495
2496 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2497 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2498 goto done;
2499
2500 X509_PUBKEY_free(xp);
2501 xp = NULL;
2502 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2503 goto done;
2504
2505 ret = 1;
2506
2507 done:
2508 X509_PUBKEY_free(xp);
2509 X509_PUBKEY_free(xq);
2510 return ret;
2511 }
2512 #endif /* OPENSSL_NO_EC */
2513
2514 /* Test getting and setting parameters on an EVP_PKEY_CTX */
2515 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
2516 {
2517 EVP_MD_CTX *mdctx = NULL;
2518 EVP_PKEY_CTX *ctx = NULL;
2519 const OSSL_PARAM *params;
2520 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
2521 int ret = 0;
2522 const EVP_MD *md;
2523 char mdname[OSSL_MAX_NAME_SIZE];
2524 char ssl3ms[48];
2525
2526 /* Initialise a sign operation */
2527 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
2528 if (!TEST_ptr(ctx)
2529 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
2530 goto err;
2531
2532 /*
2533 * We should be able to query the parameters now.
2534 */
2535 params = EVP_PKEY_CTX_settable_params(ctx);
2536 if (!TEST_ptr(params)
2537 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2538 OSSL_SIGNATURE_PARAM_DIGEST)))
2539 goto err;
2540
2541 params = EVP_PKEY_CTX_gettable_params(ctx);
2542 if (!TEST_ptr(params)
2543 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2544 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
2545 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2546 OSSL_SIGNATURE_PARAM_DIGEST)))
2547 goto err;
2548
2549 /*
2550 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2551 * EVP_PKEY_CTX_get_params()
2552 */
2553 strcpy(mdname, "SHA512");
2554 param_md = param;
2555 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2556 mdname, 0);
2557 *param++ = OSSL_PARAM_construct_end();
2558
2559 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2560 goto err;
2561
2562 mdname[0] = '\0';
2563 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2564 mdname, sizeof(mdname));
2565 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
2566 || !TEST_str_eq(mdname, "SHA512"))
2567 goto err;
2568
2569 /*
2570 * Test the TEST_PKEY_CTX_set_signature_md() and
2571 * TEST_PKEY_CTX_get_signature_md() functions
2572 */
2573 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2574 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2575 || !TEST_ptr_eq(md, EVP_sha256()))
2576 goto err;
2577
2578 /*
2579 * Test getting MD parameters via an associated EVP_PKEY_CTX
2580 */
2581 mdctx = EVP_MD_CTX_new();
2582 if (!TEST_ptr(mdctx)
2583 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2584 pkey, NULL)))
2585 goto err;
2586
2587 /*
2588 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2589 * able to obtain the digest's settable parameters from the provider.
2590 */
2591 params = EVP_MD_CTX_settable_params(mdctx);
2592 if (!TEST_ptr(params)
2593 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2594 /* The final key should be NULL */
2595 || !TEST_ptr_null(params[1].key))
2596 goto err;
2597
2598 param = ourparams;
2599 memset(ssl3ms, 0, sizeof(ssl3ms));
2600 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2601 ssl3ms, sizeof(ssl3ms));
2602 *param++ = OSSL_PARAM_construct_end();
2603
2604 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2605 goto err;
2606
2607 ret = 1;
2608
2609 err:
2610 EVP_MD_CTX_free(mdctx);
2611 EVP_PKEY_CTX_free(ctx);
2612
2613 return ret;
2614 }
2615
2616 #ifndef OPENSSL_NO_DSA
2617 static int test_DSA_get_set_params(void)
2618 {
2619 OSSL_PARAM_BLD *bld = NULL;
2620 OSSL_PARAM *params = NULL;
2621 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2622 EVP_PKEY_CTX *pctx = NULL;
2623 EVP_PKEY *pkey = NULL;
2624 int ret = 0;
2625
2626 /*
2627 * Setup the parameters for our DSA object. For our purposes they don't
2628 * have to actually be *valid* parameters. We just need to set something.
2629 */
2630 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2631 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2632 || !TEST_ptr(p = BN_new())
2633 || !TEST_ptr(q = BN_new())
2634 || !TEST_ptr(g = BN_new())
2635 || !TEST_ptr(pub = BN_new())
2636 || !TEST_ptr(priv = BN_new()))
2637 goto err;
2638 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2639 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2640 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2641 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2642 pub))
2643 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2644 priv)))
2645 goto err;
2646 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2647 goto err;
2648
2649 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2650 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2651 params), 0))
2652 goto err;
2653
2654 if (!TEST_ptr(pkey))
2655 goto err;
2656
2657 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2658
2659 err:
2660 EVP_PKEY_free(pkey);
2661 EVP_PKEY_CTX_free(pctx);
2662 OSSL_PARAM_free(params);
2663 OSSL_PARAM_BLD_free(bld);
2664 BN_free(p);
2665 BN_free(q);
2666 BN_free(g);
2667 BN_free(pub);
2668 BN_free(priv);
2669
2670 return ret;
2671 }
2672
2673 /*
2674 * Test combinations of private, public, missing and private + public key
2675 * params to ensure they are all accepted
2676 */
2677 static int test_DSA_priv_pub(void)
2678 {
2679 return test_EVP_PKEY_ffc_priv_pub("DSA");
2680 }
2681
2682 #endif /* !OPENSSL_NO_DSA */
2683
2684 static int test_RSA_get_set_params(void)
2685 {
2686 OSSL_PARAM_BLD *bld = NULL;
2687 OSSL_PARAM *params = NULL;
2688 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2689 EVP_PKEY_CTX *pctx = NULL;
2690 EVP_PKEY *pkey = NULL;
2691 int ret = 0;
2692
2693 /*
2694 * Setup the parameters for our RSA object. For our purposes they don't
2695 * have to actually be *valid* parameters. We just need to set something.
2696 */
2697 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2698 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2699 || !TEST_ptr(n = BN_new())
2700 || !TEST_ptr(e = BN_new())
2701 || !TEST_ptr(d = BN_new()))
2702 goto err;
2703 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2704 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2705 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2706 goto err;
2707 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2708 goto err;
2709
2710 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2711 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2712 params), 0))
2713 goto err;
2714
2715 if (!TEST_ptr(pkey))
2716 goto err;
2717
2718 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2719
2720 err:
2721 EVP_PKEY_free(pkey);
2722 EVP_PKEY_CTX_free(pctx);
2723 OSSL_PARAM_free(params);
2724 OSSL_PARAM_BLD_free(bld);
2725 BN_free(n);
2726 BN_free(e);
2727 BN_free(d);
2728
2729 return ret;
2730 }
2731
2732 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2733 static int test_decrypt_null_chunks(void)
2734 {
2735 EVP_CIPHER_CTX* ctx = NULL;
2736 EVP_CIPHER *cipher = NULL;
2737 const unsigned char key[32] = {
2738 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2739 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2740 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2741 };
2742 unsigned char iv[12] = {
2743 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2744 };
2745 unsigned char msg[] = "It was the best of times, it was the worst of times";
2746 unsigned char ciphertext[80];
2747 unsigned char plaintext[80];
2748 /* We initialise tmp to a non zero value on purpose */
2749 int ctlen, ptlen, tmp = 99;
2750 int ret = 0;
2751 const int enc_offset = 10, dec_offset = 20;
2752
2753 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2754 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2755 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
2756 key, iv))
2757 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2758 enc_offset))
2759 /* Deliberate add a zero length update */
2760 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2761 0))
2762 || !TEST_int_eq(tmp, 0)
2763 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2764 msg + enc_offset,
2765 sizeof(msg) - enc_offset))
2766 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2767 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2768 || !TEST_int_eq(tmp, 0))
2769 goto err;
2770
2771 /* Deliberately initialise tmp to a non zero value */
2772 tmp = 99;
2773 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
2774 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2775 dec_offset))
2776 /*
2777 * Deliberately add a zero length update. We also deliberately do
2778 * this at a different offset than for encryption.
2779 */
2780 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2781 0))
2782 || !TEST_int_eq(tmp, 0)
2783 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2784 ciphertext + dec_offset,
2785 ctlen - dec_offset))
2786 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2787 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2788 || !TEST_int_eq(tmp, 0)
2789 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2790 goto err;
2791
2792 ret = 1;
2793 err:
2794 EVP_CIPHER_CTX_free(ctx);
2795 EVP_CIPHER_free(cipher);
2796 return ret;
2797 }
2798 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2799
2800 #ifndef OPENSSL_NO_DH
2801 /*
2802 * Test combinations of private, public, missing and private + public key
2803 * params to ensure they are all accepted
2804 */
2805 static int test_DH_priv_pub(void)
2806 {
2807 return test_EVP_PKEY_ffc_priv_pub("DH");
2808 }
2809
2810 # ifndef OPENSSL_NO_DEPRECATED_3_0
2811 static int test_EVP_PKEY_set1_DH(void)
2812 {
2813 DH *x942dh = NULL, *noqdh = NULL;
2814 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
2815 int ret = 0;
2816 BIGNUM *p, *g = NULL;
2817 BIGNUM *pubkey = NULL;
2818 unsigned char pub[2048 / 8];
2819 size_t len = 0;
2820
2821 if (!TEST_ptr(p = BN_new())
2822 || !TEST_ptr(g = BN_new())
2823 || !TEST_ptr(pubkey = BN_new())
2824 || !TEST_true(BN_set_word(p, 9999))
2825 || !TEST_true(BN_set_word(g, 2))
2826 || !TEST_true(BN_set_word(pubkey, 4321))
2827 || !TEST_ptr(noqdh = DH_new())
2828 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
2829 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
2830 || !TEST_ptr(pubkey = BN_new())
2831 || !TEST_true(BN_set_word(pubkey, 4321)))
2832 goto err;
2833 p = g = NULL;
2834
2835 x942dh = DH_get_2048_256();
2836 pkey1 = EVP_PKEY_new();
2837 pkey2 = EVP_PKEY_new();
2838 if (!TEST_ptr(x942dh)
2839 || !TEST_ptr(noqdh)
2840 || !TEST_ptr(pkey1)
2841 || !TEST_ptr(pkey2)
2842 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
2843 goto err;
2844 pubkey = NULL;
2845
2846 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2847 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
2848 goto err;
2849
2850 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
2851 &pubkey))
2852 || !TEST_ptr(pubkey))
2853 goto err;
2854
2855 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
2856 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
2857 goto err;
2858
2859 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
2860 OSSL_PKEY_PARAM_PUB_KEY,
2861 pub, sizeof(pub), &len))
2862 || !TEST_size_t_ne(len, 0))
2863 goto err;
2864
2865 ret = 1;
2866 err:
2867 BN_free(p);
2868 BN_free(g);
2869 BN_free(pubkey);
2870 EVP_PKEY_free(pkey1);
2871 EVP_PKEY_free(pkey2);
2872 DH_free(x942dh);
2873 DH_free(noqdh);
2874
2875 return ret;
2876 }
2877 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2878 #endif /* !OPENSSL_NO_DH */
2879
2880 /*
2881 * We test what happens with an empty template. For the sake of this test,
2882 * the template must be ignored, and we know that's the case for RSA keys
2883 * (this might arguably be a misfeature, but that's what we currently do,
2884 * even in provider code, since that's how the legacy RSA implementation
2885 * does things)
2886 */
2887 static int test_keygen_with_empty_template(int n)
2888 {
2889 EVP_PKEY_CTX *ctx = NULL;
2890 EVP_PKEY *pkey = NULL;
2891 EVP_PKEY *tkey = NULL;
2892 int ret = 0;
2893
2894 if (nullprov != NULL)
2895 return TEST_skip("Test does not support a non-default library context");
2896
2897 switch (n) {
2898 case 0:
2899 /* We do test with no template at all as well */
2900 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2901 goto err;
2902 break;
2903 case 1:
2904 /* Here we create an empty RSA key that serves as our template */
2905 if (!TEST_ptr(tkey = EVP_PKEY_new())
2906 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2907 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2908 goto err;
2909 break;
2910 }
2911
2912 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2913 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2914 goto err;
2915
2916 ret = 1;
2917 err:
2918 EVP_PKEY_CTX_free(ctx);
2919 EVP_PKEY_free(pkey);
2920 EVP_PKEY_free(tkey);
2921 return ret;
2922 }
2923
2924 /*
2925 * Test that we fail if we attempt to use an algorithm that is not available
2926 * in the current library context (unless we are using an algorithm that
2927 * should be made available via legacy codepaths).
2928 *
2929 * 0: RSA
2930 * 1: SM2
2931 */
2932 static int test_pkey_ctx_fail_without_provider(int tst)
2933 {
2934 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
2935 OSSL_PROVIDER *tmpnullprov = NULL;
2936 EVP_PKEY_CTX *pctx = NULL;
2937 const char *keytype = NULL;
2938 int expect_null = 0;
2939 int ret = 0;
2940
2941 if (!TEST_ptr(tmpctx))
2942 goto err;
2943
2944 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
2945 if (!TEST_ptr(tmpnullprov))
2946 goto err;
2947
2948 /*
2949 * We check for certain algos in the null provider.
2950 * If an algo is expected to have a provider keymgmt, constructing an
2951 * EVP_PKEY_CTX is expected to fail (return NULL).
2952 * Otherwise, if it's expected to have legacy support, constructing an
2953 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2954 */
2955 switch (tst) {
2956 case 0:
2957 keytype = "RSA";
2958 expect_null = 1;
2959 break;
2960 case 1:
2961 keytype = "SM2";
2962 expect_null = 1;
2963 #ifdef OPENSSL_NO_EC
2964 TEST_info("EC disable, skipping SM2 check...");
2965 goto end;
2966 #endif
2967 #ifdef OPENSSL_NO_SM2
2968 TEST_info("SM2 disable, skipping SM2 check...");
2969 goto end;
2970 #endif
2971 break;
2972 default:
2973 TEST_error("No test for case %d", tst);
2974 goto err;
2975 }
2976
2977 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2978 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
2979 goto err;
2980
2981 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2982 end:
2983 #endif
2984 ret = 1;
2985
2986 err:
2987 EVP_PKEY_CTX_free(pctx);
2988 OSSL_PROVIDER_unload(tmpnullprov);
2989 OSSL_LIB_CTX_free(tmpctx);
2990 return ret;
2991 }
2992
2993 static int test_rand_agglomeration(void)
2994 {
2995 EVP_RAND *rand;
2996 EVP_RAND_CTX *ctx;
2997 OSSL_PARAM params[3], *p = params;
2998 int res;
2999 unsigned int step = 7;
3000 static unsigned char seed[] = "It does not matter how slowly you go "
3001 "as long as you do not stop.";
3002 unsigned char out[sizeof(seed)];
3003
3004 if (!TEST_int_ne(sizeof(seed) % step, 0)
3005 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
3006 return 0;
3007 ctx = EVP_RAND_CTX_new(rand, NULL);
3008 EVP_RAND_free(rand);
3009 if (!TEST_ptr(ctx))
3010 return 0;
3011
3012 memset(out, 0, sizeof(out));
3013 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
3014 seed, sizeof(seed));
3015 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
3016 *p = OSSL_PARAM_construct_end();
3017 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
3018 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
3019 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
3020 EVP_RAND_CTX_free(ctx);
3021 return res;
3022 }
3023
3024 /*
3025 * Test that we correctly return the original or "running" IV after
3026 * an encryption operation.
3027 * Run multiple times for some different relevant algorithms/modes.
3028 */
3029 static int test_evp_iv_aes(int idx)
3030 {
3031 int ret = 0;
3032 EVP_CIPHER_CTX *ctx = NULL;
3033 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
3034 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
3035 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
3036 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
3037 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
3038 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3039 9, 10, 11, 12, 13, 14, 15, 16 };
3040 unsigned char ciphertext[32], oiv[16], iv[16];
3041 unsigned char *ref_iv;
3042 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
3043 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
3044
3045 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
3046 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
3047 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
3048 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
3049 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3050 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3051 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
3052 #ifndef OPENSSL_NO_OCB
3053 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3054 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3055 #endif
3056 int len = sizeof(ciphertext);
3057 size_t ivlen, ref_len;
3058 const EVP_CIPHER *type = NULL;
3059 int iv_reset = 0;
3060
3061 if (nullprov != NULL && idx < 6)
3062 return TEST_skip("Test does not support a non-default library context");
3063
3064 switch (idx) {
3065 case 0:
3066 type = EVP_aes_128_cbc();
3067 /* FALLTHROUGH */
3068 case 6:
3069 type = (type != NULL) ? type :
3070 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
3071 ref_iv = cbc_state;
3072 ref_len = sizeof(cbc_state);
3073 iv_reset = 1;
3074 break;
3075 case 1:
3076 type = EVP_aes_128_ofb();
3077 /* FALLTHROUGH */
3078 case 7:
3079 type = (type != NULL) ? type :
3080 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
3081 ref_iv = ofb_state;
3082 ref_len = sizeof(ofb_state);
3083 iv_reset = 1;
3084 break;
3085 case 2:
3086 type = EVP_aes_128_cfb();
3087 /* FALLTHROUGH */
3088 case 8:
3089 type = (type != NULL) ? type :
3090 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
3091 ref_iv = cfb_state;
3092 ref_len = sizeof(cfb_state);
3093 iv_reset = 1;
3094 break;
3095 case 3:
3096 type = EVP_aes_128_gcm();
3097 /* FALLTHROUGH */
3098 case 9:
3099 type = (type != NULL) ? type :
3100 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
3101 ref_iv = gcm_state;
3102 ref_len = sizeof(gcm_state);
3103 break;
3104 case 4:
3105 type = EVP_aes_128_ccm();
3106 /* FALLTHROUGH */
3107 case 10:
3108 type = (type != NULL) ? type :
3109 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
3110 ref_iv = ccm_state;
3111 ref_len = sizeof(ccm_state);
3112 break;
3113 #ifdef OPENSSL_NO_OCB
3114 case 5:
3115 case 11:
3116 return 1;
3117 #else
3118 case 5:
3119 type = EVP_aes_128_ocb();
3120 /* FALLTHROUGH */
3121 case 11:
3122 type = (type != NULL) ? type :
3123 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
3124 ref_iv = ocb_state;
3125 ref_len = sizeof(ocb_state);
3126 break;
3127 #endif
3128 default:
3129 return 0;
3130 }
3131
3132 if (!TEST_ptr(type)
3133 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3134 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3135 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3136 (int)sizeof(msg)))
3137 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3138 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3139 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3140 goto err;
3141 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3142 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3143 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3144 goto err;
3145
3146 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3147 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3148 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3149 goto err;
3150 if (iv_reset) {
3151 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3152 goto err;
3153 } else {
3154 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
3155 goto err;
3156 }
3157
3158 ret = 1;
3159 err:
3160 EVP_CIPHER_CTX_free(ctx);
3161 if (idx >= 6)
3162 EVP_CIPHER_free((EVP_CIPHER *)type);
3163 return ret;
3164 }
3165
3166 #ifndef OPENSSL_NO_DES
3167 static int test_evp_iv_des(int idx)
3168 {
3169 int ret = 0;
3170 EVP_CIPHER_CTX *ctx = NULL;
3171 static const unsigned char key[24] = {
3172 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3173 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3174 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3175 };
3176 static const unsigned char init_iv[8] = {
3177 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3178 };
3179 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3180 9, 10, 11, 12, 13, 14, 15, 16 };
3181 unsigned char ciphertext[32], oiv[8], iv[8];
3182 unsigned const char *ref_iv;
3183 static const unsigned char cbc_state_des[8] = {
3184 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3185 };
3186 static const unsigned char cbc_state_3des[8] = {
3187 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3188 };
3189 static const unsigned char ofb_state_des[8] = {
3190 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3191 };
3192 static const unsigned char ofb_state_3des[8] = {
3193 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3194 };
3195 static const unsigned char cfb_state_des[8] = {
3196 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3197 };
3198 static const unsigned char cfb_state_3des[8] = {
3199 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3200 };
3201 int len = sizeof(ciphertext);
3202 size_t ivlen, ref_len;
3203 EVP_CIPHER *type = NULL;
3204
3205 if (lgcyprov == NULL && idx < 3)
3206 return TEST_skip("Test requires legacy provider to be loaded");
3207
3208 switch (idx) {
3209 case 0:
3210 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
3211 ref_iv = cbc_state_des;
3212 ref_len = sizeof(cbc_state_des);
3213 break;
3214 case 1:
3215 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
3216 ref_iv = ofb_state_des;
3217 ref_len = sizeof(ofb_state_des);
3218 break;
3219 case 2:
3220 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
3221 ref_iv = cfb_state_des;
3222 ref_len = sizeof(cfb_state_des);
3223 break;
3224 case 3:
3225 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
3226 ref_iv = cbc_state_3des;
3227 ref_len = sizeof(cbc_state_3des);
3228 break;
3229 case 4:
3230 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
3231 ref_iv = ofb_state_3des;
3232 ref_len = sizeof(ofb_state_3des);
3233 break;
3234 case 5:
3235 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
3236 ref_iv = cfb_state_3des;
3237 ref_len = sizeof(cfb_state_3des);
3238 break;
3239 default:
3240 return 0;
3241 }
3242
3243 if (!TEST_ptr(type)
3244 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3245 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3246 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3247 (int)sizeof(msg)))
3248 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3249 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3250 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3251 goto err;
3252 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3253 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3254 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3255 goto err;
3256
3257 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3258 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3259 goto err;
3260 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3261 goto err;
3262
3263 ret = 1;
3264 err:
3265 EVP_CIPHER_CTX_free(ctx);
3266 EVP_CIPHER_free(type);
3267 return ret;
3268 }
3269 #endif
3270
3271 #ifndef OPENSSL_NO_EC
3272 static int ecpub_nids[] = {
3273 NID_brainpoolP256r1, NID_X9_62_prime256v1,
3274 NID_secp384r1, NID_secp521r1,
3275 # ifndef OPENSSL_NO_EC2M
3276 NID_sect233k1, NID_sect233r1, NID_sect283r1,
3277 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
3278 # endif
3279 NID_brainpoolP384r1, NID_brainpoolP512r1
3280 };
3281
3282 static int test_ecpub(int idx)
3283 {
3284 int ret = 0, len, savelen;
3285 int nid;
3286 unsigned char buf[1024];
3287 unsigned char *p;
3288 EVP_PKEY *pkey = NULL;
3289 EVP_PKEY_CTX *ctx = NULL;
3290 # ifndef OPENSSL_NO_DEPRECATED_3_0
3291 const unsigned char *q;
3292 EVP_PKEY *pkey2 = NULL;
3293 EC_KEY *ec = NULL;
3294 # endif
3295
3296 if (nullprov != NULL)
3297 return TEST_skip("Test does not support a non-default library context");
3298
3299 nid = ecpub_nids[idx];
3300
3301 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
3302 if (!TEST_ptr(ctx)
3303 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3304 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid))
3305 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
3306 goto done;
3307 len = i2d_PublicKey(pkey, NULL);
3308 savelen = len;
3309 if (!TEST_int_ge(len, 1)
3310 || !TEST_int_lt(len, 1024))
3311 goto done;
3312 p = buf;
3313 len = i2d_PublicKey(pkey, &p);
3314 if (!TEST_int_ge(len, 1)
3315 || !TEST_int_eq(len, savelen))
3316 goto done;
3317
3318 # ifndef OPENSSL_NO_DEPRECATED_3_0
3319 /* Now try to decode the just-created DER. */
3320 q = buf;
3321 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
3322 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
3323 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
3324 goto done;
3325 /* EC_KEY ownership transferred */
3326 ec = NULL;
3327 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
3328 goto done;
3329 /* The keys should match. */
3330 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
3331 goto done;
3332 # endif
3333
3334 ret = 1;
3335
3336 done:
3337 EVP_PKEY_CTX_free(ctx);
3338 EVP_PKEY_free(pkey);
3339 # ifndef OPENSSL_NO_DEPRECATED_3_0
3340 EVP_PKEY_free(pkey2);
3341 EC_KEY_free(ec);
3342 # endif
3343 return ret;
3344 }
3345 #endif
3346
3347 static int test_EVP_rsa_pss_with_keygen_bits(void)
3348 {
3349 int ret = 0;
3350 EVP_PKEY_CTX *ctx = NULL;
3351 EVP_PKEY *pkey = NULL;
3352 EVP_MD *md;
3353
3354 md = EVP_MD_fetch(testctx, "sha256", testpropq);
3355 ret = TEST_ptr(md)
3356 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", testpropq)))
3357 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3358 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
3359 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
3360 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
3361
3362 EVP_MD_free(md);
3363 EVP_PKEY_free(pkey);
3364 EVP_PKEY_CTX_free(ctx);
3365 return ret;
3366 }
3367
3368 static int test_EVP_rsa_pss_set_saltlen(void)
3369 {
3370 int ret = 0;
3371 EVP_PKEY *pkey = NULL;
3372 EVP_PKEY_CTX *pkey_ctx = NULL;
3373 EVP_MD *sha256 = NULL;
3374 EVP_MD_CTX *sha256_ctx = NULL;
3375 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
3376 const int test_value = 32;
3377
3378 ret = TEST_ptr(pkey = load_example_rsa_key())
3379 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
3380 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
3381 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
3382 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
3383 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value))
3384 && TEST_true(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen))
3385 && TEST_int_eq(saltlen, test_value);
3386
3387 EVP_MD_CTX_free(sha256_ctx);
3388 EVP_PKEY_free(pkey);
3389 EVP_MD_free(sha256);
3390
3391 return ret;
3392 }
3393
3394 static int success = 1;
3395 static void md_names(const char *name, void *vctx)
3396 {
3397 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
3398 /* Force a namemap update */
3399 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
3400
3401 if (!TEST_ptr(aes128))
3402 success = 0;
3403
3404 EVP_CIPHER_free(aes128);
3405 }
3406
3407 /*
3408 * Test that changing the namemap in a user callback works in a names_do_all
3409 * function.
3410 */
3411 static int test_names_do_all(void)
3412 {
3413 /* We use a custom libctx so that we know the state of the namemap */
3414 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
3415 EVP_MD *sha256 = NULL;
3416 int testresult = 0;
3417
3418 if (!TEST_ptr(ctx))
3419 goto err;
3420
3421 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
3422 if (!TEST_ptr(sha256))
3423 goto err;
3424
3425 /*
3426 * We loop through all the names for a given digest. This should still work
3427 * even if the namemap changes part way through.
3428 */
3429 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
3430 goto err;
3431
3432 if (!TEST_true(success))
3433 goto err;
3434
3435 testresult = 1;
3436 err:
3437 EVP_MD_free(sha256);
3438 OSSL_LIB_CTX_free(ctx);
3439 return testresult;
3440 }
3441
3442 typedef struct {
3443 const char *cipher;
3444 const unsigned char *key;
3445 const unsigned char *iv;
3446 const unsigned char *input;
3447 const unsigned char *expected;
3448 const unsigned char *tag;
3449 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3450 size_t inlen;
3451 size_t expectedlen;
3452 size_t taglen;
3453 int keyfirst;
3454 int initenc;
3455 int finalenc;
3456 } EVP_INIT_TEST_st;
3457
3458 static const EVP_INIT_TEST_st evp_init_tests[] = {
3459 {
3460 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3461 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3462 0, 1, 0, 1
3463 },
3464 {
3465 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3466 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3467 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3468 sizeof(gcmDefaultTag), 1, 0, 1
3469 },
3470 {
3471 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3472 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3473 0, 0, 0, 1
3474 },
3475 {
3476 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3477 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3478 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3479 sizeof(gcmDefaultTag), 0, 0, 1
3480 },
3481 {
3482 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3483 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3484 0, 1, 1, 0
3485 },
3486 {
3487 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3488 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3489 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3490 sizeof(gcmDefaultTag), 1, 1, 0
3491 },
3492 {
3493 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3494 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3495 0, 0, 1, 0
3496 },
3497 {
3498 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3499 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3500 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3501 sizeof(gcmDefaultTag), 0, 1, 0
3502 }
3503 };
3504
3505 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
3506 {
3507 int res = 0;
3508
3509 if (t->ivlen != 0) {
3510 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL)))
3511 goto err;
3512 }
3513 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
3514 goto err;
3515 res = 1;
3516 err:
3517 return res;
3518 }
3519
3520 /*
3521 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3522 * arguments are given one at a time and a final adjustment to the enc
3523 * parameter sets the correct operation.
3524 */
3525 static int test_evp_init_seq(int idx)
3526 {
3527 int outlen1, outlen2;
3528 int testresult = 0;
3529 unsigned char outbuf[1024];
3530 unsigned char tag[16];
3531 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
3532 EVP_CIPHER_CTX *ctx = NULL;
3533 EVP_CIPHER *type = NULL;
3534 size_t taglen = sizeof(tag);
3535 char *errmsg = NULL;
3536
3537 ctx = EVP_CIPHER_CTX_new();
3538 if (ctx == NULL) {
3539 errmsg = "CTX_ALLOC";
3540 goto err;
3541 }
3542 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
3543 errmsg = "CIPHER_FETCH";
3544 goto err;
3545 }
3546 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
3547 errmsg = "EMPTY_ENC_INIT";
3548 goto err;
3549 }
3550 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3551 errmsg = "PADDING";
3552 goto err;
3553 }
3554 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3555 errmsg = "KEY_INIT (before iv)";
3556 goto err;
3557 }
3558 if (!evp_init_seq_set_iv(ctx, t)) {
3559 errmsg = "IV_INIT";
3560 goto err;
3561 }
3562 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3563 errmsg = "KEY_INIT (after iv)";
3564 goto err;
3565 }
3566 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
3567 errmsg = "FINAL_ENC_INIT";
3568 goto err;
3569 }
3570 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3571 errmsg = "CIPHER_UPDATE";
3572 goto err;
3573 }
3574 if (t->finalenc == 0 && t->tag != NULL) {
3575 /* Set expected tag */
3576 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
3577 t->taglen, (void *)t->tag))) {
3578 errmsg = "SET_TAG";
3579 goto err;
3580 }
3581 }
3582 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3583 errmsg = "CIPHER_FINAL";
3584 goto err;
3585 }
3586 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3587 errmsg = "WRONG_RESULT";
3588 goto err;
3589 }
3590 if (t->finalenc != 0 && t->tag != NULL) {
3591 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3592 errmsg = "GET_TAG";
3593 goto err;
3594 }
3595 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
3596 errmsg = "TAG_ERROR";
3597 goto err;
3598 }
3599 }
3600 testresult = 1;
3601 err:
3602 if (errmsg != NULL)
3603 TEST_info("evp_init_test %d: %s", idx, errmsg);
3604 EVP_CIPHER_CTX_free(ctx);
3605 EVP_CIPHER_free(type);
3606 return testresult;
3607 }
3608
3609 typedef struct {
3610 const unsigned char *input;
3611 const unsigned char *expected;
3612 size_t inlen;
3613 size_t expectedlen;
3614 int enc;
3615 } EVP_RESET_TEST_st;
3616
3617 static const EVP_RESET_TEST_st evp_reset_tests[] = {
3618 {
3619 cfbPlaintext, cfbCiphertext,
3620 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
3621 },
3622 {
3623 cfbCiphertext, cfbPlaintext,
3624 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
3625 }
3626 };
3627
3628 /*
3629 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3630 * been used.
3631 */
3632 static int test_evp_reset(int idx)
3633 {
3634 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
3635 int outlen1, outlen2;
3636 int testresult = 0;
3637 unsigned char outbuf[1024];
3638 EVP_CIPHER_CTX *ctx = NULL;
3639 EVP_CIPHER *type = NULL;
3640 char *errmsg = NULL;
3641
3642 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3643 errmsg = "CTX_ALLOC";
3644 goto err;
3645 }
3646 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
3647 errmsg = "CIPHER_FETCH";
3648 goto err;
3649 }
3650 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3651 errmsg = "CIPHER_INIT";
3652 goto err;
3653 }
3654 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3655 errmsg = "PADDING";
3656 goto err;
3657 }
3658 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3659 errmsg = "CIPHER_UPDATE";
3660 goto err;
3661 }
3662 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3663 errmsg = "CIPHER_FINAL";
3664 goto err;
3665 }
3666 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3667 errmsg = "WRONG_RESULT";
3668 goto err;
3669 }
3670 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
3671 errmsg = "CIPHER_REINIT";
3672 goto err;
3673 }
3674 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3675 errmsg = "CIPHER_UPDATE (reinit)";
3676 goto err;
3677 }
3678 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3679 errmsg = "CIPHER_FINAL (reinit)";
3680 goto err;
3681 }
3682 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3683 errmsg = "WRONG_RESULT (reinit)";
3684 goto err;
3685 }
3686 testresult = 1;
3687 err:
3688 if (errmsg != NULL)
3689 TEST_info("test_evp_reset %d: %s", idx, errmsg);
3690 EVP_CIPHER_CTX_free(ctx);
3691 EVP_CIPHER_free(type);
3692 return testresult;
3693 }
3694
3695 typedef struct {
3696 const char *cipher;
3697 int enc;
3698 } EVP_UPDATED_IV_TEST_st;
3699
3700 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
3701 {
3702 "aes-128-cfb", 1
3703 },
3704 {
3705 "aes-128-cfb", 0
3706 },
3707 {
3708 "aes-128-cfb1", 1
3709 },
3710 {
3711 "aes-128-cfb1", 0
3712 },
3713 {
3714 "aes-128-cfb8", 1
3715 },
3716 {
3717 "aes-128-cfb8", 0
3718 },
3719 {
3720 "aes-128-ofb", 1
3721 },
3722 {
3723 "aes-128-ofb", 0
3724 },
3725 {
3726 "aes-128-ctr", 1
3727 },
3728 {
3729 "aes-128-ctr", 0
3730 },
3731 {
3732 "aes-128-cbc", 1
3733 },
3734 {
3735 "aes-128-cbc", 0
3736 }
3737 };
3738
3739 /*
3740 * Test that the IV in the context is updated during a crypto operation for CFB
3741 * and OFB.
3742 */
3743 static int test_evp_updated_iv(int idx)
3744 {
3745 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
3746 int outlen1, outlen2;
3747 int testresult = 0;
3748 unsigned char outbuf[1024];
3749 EVP_CIPHER_CTX *ctx = NULL;
3750 EVP_CIPHER *type = NULL;
3751 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
3752 int iv_len;
3753 char *errmsg = NULL;
3754
3755 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3756 errmsg = "CTX_ALLOC";
3757 goto err;
3758 }
3759 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
3760 TEST_info("cipher %s not supported, skipping", t->cipher);
3761 goto ok;
3762 }
3763
3764 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3765 errmsg = "CIPHER_INIT";
3766 goto err;
3767 }
3768 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3769 errmsg = "PADDING";
3770 goto err;
3771 }
3772 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
3773 errmsg = "CIPHER_UPDATE";
3774 goto err;
3775 }
3776 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
3777 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
3778 goto err;
3779 }
3780 if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) {
3781 errmsg = "CIPHER_CTX_GET_IV_LEN";
3782 goto err;
3783 }
3784 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
3785 errmsg = "IV_NOT_UPDATED";
3786 goto err;
3787 }
3788 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3789 errmsg = "CIPHER_FINAL";
3790 goto err;
3791 }
3792 ok:
3793 testresult = 1;
3794 err:
3795 if (errmsg != NULL)
3796 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
3797 EVP_CIPHER_CTX_free(ctx);
3798 EVP_CIPHER_free(type);
3799 return testresult;
3800 }
3801
3802 typedef struct {
3803 const unsigned char *iv1;
3804 const unsigned char *iv2;
3805 const unsigned char *expected1;
3806 const unsigned char *expected2;
3807 const unsigned char *tag1;
3808 const unsigned char *tag2;
3809 size_t ivlen1;
3810 size_t ivlen2;
3811 size_t expectedlen1;
3812 size_t expectedlen2;
3813 } TEST_GCM_IV_REINIT_st;
3814
3815 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
3816 {
3817 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
3818 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
3819 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
3820 },
3821 {
3822 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
3823 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
3824 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
3825 }
3826 };
3827
3828 static int test_gcm_reinit(int idx)
3829 {
3830 int outlen1, outlen2, outlen3;
3831 int testresult = 0;
3832 unsigned char outbuf[1024];
3833 unsigned char tag[16];
3834 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
3835 EVP_CIPHER_CTX *ctx = NULL;
3836 EVP_CIPHER *type = NULL;
3837 size_t taglen = sizeof(tag);
3838 char *errmsg = NULL;
3839
3840 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3841 errmsg = "CTX_ALLOC";
3842 goto err;
3843 }
3844 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
3845 errmsg = "CIPHER_FETCH";
3846 goto err;
3847 }
3848 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
3849 errmsg = "ENC_INIT";
3850 goto err;
3851 }
3852 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL))) {
3853 errmsg = "SET_IVLEN1";
3854 goto err;
3855 }
3856 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
3857 errmsg = "SET_IV1";
3858 goto err;
3859 }
3860 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3861 errmsg = "AAD1";
3862 goto err;
3863 }
3864 EVP_CIPHER_CTX_set_padding(ctx, 0);
3865 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3866 sizeof(gcmResetPlaintext)))) {
3867 errmsg = "CIPHER_UPDATE1";
3868 goto err;
3869 }
3870 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3871 errmsg = "CIPHER_FINAL1";
3872 goto err;
3873 }
3874 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
3875 errmsg = "WRONG_RESULT1";
3876 goto err;
3877 }
3878 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3879 errmsg = "GET_TAG1";
3880 goto err;
3881 }
3882 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
3883 errmsg = "TAG_ERROR1";
3884 goto err;
3885 }
3886 /* Now reinit */
3887 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL))) {
3888 errmsg = "SET_IVLEN2";
3889 goto err;
3890 }
3891 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
3892 errmsg = "SET_IV2";
3893 goto err;
3894 }
3895 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3896 errmsg = "AAD2";
3897 goto err;
3898 }
3899 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3900 sizeof(gcmResetPlaintext)))) {
3901 errmsg = "CIPHER_UPDATE2";
3902 goto err;
3903 }
3904 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3905 errmsg = "CIPHER_FINAL2";
3906 goto err;
3907 }
3908 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
3909 errmsg = "WRONG_RESULT2";
3910 goto err;
3911 }
3912 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3913 errmsg = "GET_TAG2";
3914 goto err;
3915 }
3916 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
3917 errmsg = "TAG_ERROR2";
3918 goto err;
3919 }
3920 testresult = 1;
3921 err:
3922 if (errmsg != NULL)
3923 TEST_info("evp_init_test %d: %s", idx, errmsg);
3924 EVP_CIPHER_CTX_free(ctx);
3925 EVP_CIPHER_free(type);
3926 return testresult;
3927 }
3928
3929 #ifndef OPENSSL_NO_DEPRECATED_3_0
3930 static EVP_PKEY_METHOD *custom_pmeth = NULL;
3931 static const EVP_PKEY_METHOD *orig_pmeth = NULL;
3932
3933 # define EVP_PKEY_CTRL_MY_COMMAND 9999
3934
3935 static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
3936 {
3937 int (*pinit)(EVP_PKEY_CTX *ctx);
3938
3939 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
3940 return pinit(ctx);
3941 }
3942
3943 static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
3944 {
3945 void (*pcleanup)(EVP_PKEY_CTX *ctx);
3946
3947 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
3948 pcleanup(ctx);
3949 }
3950
3951 static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
3952 size_t *outlen, const unsigned char *in,
3953 size_t inlen)
3954 {
3955 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
3956 const unsigned char *tbs, size_t tbslen);
3957
3958 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
3959 return psign(ctx, out, outlen, in, inlen);
3960 }
3961
3962 static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
3963 size_t *siglen, const unsigned char *tbs,
3964 size_t tbslen)
3965 {
3966 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
3967 const unsigned char *tbs, size_t tbslen);
3968
3969 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
3970 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
3971 }
3972
3973 static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
3974 size_t *keylen)
3975 {
3976 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
3977
3978 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
3979 return pderive(ctx, key, keylen);
3980 }
3981
3982 static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
3983 {
3984 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
3985
3986 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
3987 return pcopy(dst, src);
3988 }
3989
3990 static int ctrl_called;
3991
3992 static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
3993 {
3994 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
3995
3996 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
3997
3998 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
3999 ctrl_called = 1;
4000 return 1;
4001 }
4002
4003 return pctrl(ctx, type, p1, p2);
4004 }
4005
4006 static int test_custom_pmeth(int idx)
4007 {
4008 EVP_PKEY_CTX *pctx = NULL;
4009 EVP_MD_CTX *ctx = NULL;
4010 EVP_PKEY *pkey = NULL;
4011 int id, orig_id, orig_flags;
4012 int testresult = 0;
4013 size_t reslen;
4014 unsigned char *res = NULL;
4015 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
4016 const EVP_MD *md = EVP_sha256();
4017 int doderive = 0;
4018
4019 ctrl_called = 0;
4020
4021 /* We call deprecated APIs so this test doesn't support a custom libctx */
4022 if (testctx != NULL)
4023 return 1;
4024
4025 switch (idx) {
4026 case 0:
4027 case 6:
4028 id = EVP_PKEY_RSA;
4029 pkey = load_example_rsa_key();
4030 break;
4031 case 1:
4032 case 7:
4033 # ifndef OPENSSL_NO_DSA
4034 id = EVP_PKEY_DSA;
4035 pkey = load_example_dsa_key();
4036 break;
4037 # else
4038 return 1;
4039 # endif
4040 case 2:
4041 case 8:
4042 # ifndef OPENSSL_NO_EC
4043 id = EVP_PKEY_EC;
4044 pkey = load_example_ec_key();
4045 break;
4046 # else
4047 return 1;
4048 # endif
4049 case 3:
4050 case 9:
4051 # ifndef OPENSSL_NO_EC
4052 id = EVP_PKEY_ED25519;
4053 md = NULL;
4054 pkey = load_example_ed25519_key();
4055 break;
4056 # else
4057 return 1;
4058 # endif
4059 case 4:
4060 case 10:
4061 # ifndef OPENSSL_NO_DH
4062 id = EVP_PKEY_DH;
4063 doderive = 1;
4064 pkey = load_example_dh_key();
4065 break;
4066 # else
4067 return 1;
4068 # endif
4069 case 5:
4070 case 11:
4071 # ifndef OPENSSL_NO_EC
4072 id = EVP_PKEY_X25519;
4073 doderive = 1;
4074 pkey = load_example_x25519_key();
4075 break;
4076 # else
4077 return 1;
4078 # endif
4079 default:
4080 TEST_error("Should not happen");
4081 goto err;
4082 }
4083
4084 if (!TEST_ptr(pkey))
4085 goto err;
4086
4087 if (idx < 6) {
4088 if (!TEST_true(evp_pkey_is_provided(pkey)))
4089 goto err;
4090 } else {
4091 EVP_PKEY *tmp = pkey;
4092
4093 /* Convert to a legacy key */
4094 pkey = EVP_PKEY_new();
4095 if (!TEST_ptr(pkey)) {
4096 pkey = tmp;
4097 goto err;
4098 }
4099 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
4100 EVP_PKEY_free(tmp);
4101 goto err;
4102 }
4103 EVP_PKEY_free(tmp);
4104 if (!TEST_true(evp_pkey_is_legacy(pkey)))
4105 goto err;
4106 }
4107
4108 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
4109 || !TEST_ptr(pkey))
4110 goto err;
4111
4112 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
4113 if (!TEST_int_eq(orig_id, id)
4114 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
4115 goto err;
4116
4117 if (id == EVP_PKEY_ED25519) {
4118 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
4119 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
4120 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
4121 } else {
4122 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
4123 }
4124 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
4125 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
4126 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
4127 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
4128 }
4129 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
4130 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
4131 goto err;
4132
4133 if (doderive) {
4134 pctx = EVP_PKEY_CTX_new(pkey, NULL);
4135 if (!TEST_ptr(pctx)
4136 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
4137 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4138 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4139 1)
4140 || !TEST_int_eq(ctrl_called, 1)
4141 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
4142 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
4143 || !TEST_ptr(res = OPENSSL_malloc(reslen))
4144 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
4145 goto err;
4146 } else {
4147 ctx = EVP_MD_CTX_new();
4148 reslen = EVP_PKEY_size(pkey);
4149 res = OPENSSL_malloc(reslen);
4150 if (!TEST_ptr(ctx)
4151 || !TEST_ptr(res)
4152 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
4153 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4154 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4155 1)
4156 || !TEST_int_eq(ctrl_called, 1))
4157 goto err;
4158
4159 if (id == EVP_PKEY_ED25519) {
4160 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
4161 goto err;
4162 } else {
4163 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
4164 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
4165 goto err;
4166 }
4167 }
4168
4169 testresult = 1;
4170 err:
4171 OPENSSL_free(res);
4172 EVP_MD_CTX_free(ctx);
4173 if (doderive)
4174 EVP_PKEY_CTX_free(pctx);
4175 EVP_PKEY_free(pkey);
4176 EVP_PKEY_meth_remove(custom_pmeth);
4177 EVP_PKEY_meth_free(custom_pmeth);
4178 custom_pmeth = NULL;
4179 return testresult;
4180 }
4181
4182 static int test_evp_md_cipher_meth(void)
4183 {
4184 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
4185 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
4186 int testresult = 0;
4187
4188 if (!TEST_ptr(md) || !TEST_ptr(ciph))
4189 goto err;
4190
4191 testresult = 1;
4192
4193 err:
4194 EVP_MD_meth_free(md);
4195 EVP_CIPHER_meth_free(ciph);
4196
4197 return testresult;
4198 }
4199
4200 typedef struct {
4201 int data;
4202 } custom_dgst_ctx;
4203
4204 static int custom_md_init_called = 0;
4205 static int custom_md_cleanup_called = 0;
4206
4207 static int custom_md_init(EVP_MD_CTX *ctx)
4208 {
4209 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4210
4211 if (p == NULL)
4212 return 0;
4213
4214 custom_md_init_called++;
4215 return 1;
4216 }
4217
4218 static int custom_md_cleanup(EVP_MD_CTX *ctx)
4219 {
4220 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4221
4222 if (p == NULL)
4223 /* Nothing to do */
4224 return 1;
4225
4226 custom_md_cleanup_called++;
4227 return 1;
4228 }
4229
4230 static int test_custom_md_meth(void)
4231 {
4232 EVP_MD_CTX *mdctx = NULL;
4233 EVP_MD *tmp = NULL;
4234 char mess[] = "Test Message\n";
4235 unsigned char md_value[EVP_MAX_MD_SIZE];
4236 unsigned int md_len;
4237 int testresult = 0;
4238 int nid;
4239
4240 /*
4241 * We are testing deprecated functions. We don't support a non-default
4242 * library context in this test.
4243 */
4244 if (testctx != NULL)
4245 return 1;
4246
4247 custom_md_init_called = custom_md_cleanup_called = 0;
4248
4249 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
4250 if (!TEST_int_ne(nid, NID_undef))
4251 goto err;
4252 tmp = EVP_MD_meth_new(nid, NID_undef);
4253 if (!TEST_ptr(tmp))
4254 goto err;
4255
4256 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init))
4257 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup))
4258 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp,
4259 sizeof(custom_dgst_ctx))))
4260 goto err;
4261
4262 mdctx = EVP_MD_CTX_new();
4263 if (!TEST_ptr(mdctx)
4264 /*
4265 * Initing our custom md and then initing another md should
4266 * result in the init and cleanup functions of the custom md
4267 * from being called.
4268 */
4269 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL))
4270 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
4271 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess)))
4272 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len))
4273 || !TEST_int_eq(custom_md_init_called, 1)
4274 || !TEST_int_eq(custom_md_cleanup_called, 1))
4275 goto err;
4276
4277 testresult = 1;
4278 err:
4279 EVP_MD_CTX_free(mdctx);
4280 EVP_MD_meth_free(tmp);
4281 return testresult;
4282 }
4283
4284 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4285 /* Test we can create a signature keys with an associated ENGINE */
4286 static int test_signatures_with_engine(int tst)
4287 {
4288 ENGINE *e;
4289 const char *engine_id = "dasync";
4290 EVP_PKEY *pkey = NULL;
4291 const unsigned char badcmackey[] = { 0x00, 0x01 };
4292 const unsigned char cmackey[] = {
4293 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4294 0x0c, 0x0d, 0x0e, 0x0f
4295 };
4296 const unsigned char ed25519key[] = {
4297 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4298 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4299 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
4300 };
4301 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4302 int testresult = 0;
4303 EVP_MD_CTX *ctx = NULL;
4304 unsigned char *mac = NULL;
4305 size_t maclen = 0;
4306 int ret;
4307
4308 # ifdef OPENSSL_NO_CMAC
4309 /* Skip CMAC tests in a no-cmac build */
4310 if (tst <= 1)
4311 return 1;
4312 # endif
4313
4314 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4315 return 0;
4316
4317 if (!TEST_true(ENGINE_init(e))) {
4318 ENGINE_free(e);
4319 return 0;
4320 }
4321
4322 switch (tst) {
4323 case 0:
4324 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
4325 EVP_aes_128_cbc());
4326 break;
4327 case 1:
4328 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
4329 EVP_aes_128_cbc());
4330 break;
4331 case 2:
4332 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
4333 sizeof(ed25519key));
4334 break;
4335 default:
4336 TEST_error("Invalid test case");
4337 goto err;
4338 }
4339 if (!TEST_ptr(pkey))
4340 goto err;
4341
4342 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
4343 goto err;
4344
4345 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
4346 pkey);
4347 if (tst == 0) {
4348 if (!TEST_true(ret))
4349 goto err;
4350
4351 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
4352 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
4353 goto err;
4354
4355 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
4356 goto err;
4357
4358 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
4359 goto err;
4360 } else {
4361 /* We used a bad key. We expect a failure here */
4362 if (!TEST_false(ret))
4363 goto err;
4364 }
4365
4366 testresult = 1;
4367 err:
4368 EVP_MD_CTX_free(ctx);
4369 OPENSSL_free(mac);
4370 EVP_PKEY_free(pkey);
4371 ENGINE_finish(e);
4372 ENGINE_free(e);
4373
4374 return testresult;
4375 }
4376
4377 static int test_cipher_with_engine(void)
4378 {
4379 ENGINE *e;
4380 const char *engine_id = "dasync";
4381 const unsigned char keyiv[] = {
4382 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4383 0x0c, 0x0d, 0x0e, 0x0f
4384 };
4385 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4386 int testresult = 0;
4387 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
4388 unsigned char buf[AES_BLOCK_SIZE];
4389 int len = 0;
4390
4391 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4392 return 0;
4393
4394 if (!TEST_true(ENGINE_init(e))) {
4395 ENGINE_free(e);
4396 return 0;
4397 }
4398
4399 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4400 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
4401 goto err;
4402
4403 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
4404 goto err;
4405
4406 /* Copy the ctx, and complete the operation with the new ctx */
4407 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
4408 goto err;
4409
4410 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
4411 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
4412 goto err;
4413
4414 testresult = 1;
4415 err:
4416 EVP_CIPHER_CTX_free(ctx);
4417 EVP_CIPHER_CTX_free(ctx2);
4418 ENGINE_finish(e);
4419 ENGINE_free(e);
4420
4421 return testresult;
4422 }
4423 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
4424 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
4425
4426 static int ecxnids[] = {
4427 NID_X25519,
4428 NID_X448,
4429 NID_ED25519,
4430 NID_ED448
4431 };
4432
4433 /* Test that creating ECX keys with a short private key fails as expected */
4434 static int test_ecx_short_keys(int tst)
4435 {
4436 unsigned char ecxkeydata = 1;
4437 EVP_PKEY *pkey;
4438
4439
4440 pkey = EVP_PKEY_new_raw_private_key(ecxnids[tst], NULL, &ecxkeydata, 1);
4441 if (!TEST_ptr_null(pkey)) {
4442 EVP_PKEY_free(pkey);
4443 return 0;
4444 }
4445 return 1;
4446 }
4447
4448 typedef enum OPTION_choice {
4449 OPT_ERR = -1,
4450 OPT_EOF = 0,
4451 OPT_CONTEXT,
4452 OPT_TEST_ENUM
4453 } OPTION_CHOICE;
4454
4455 const OPTIONS *test_get_options(void)
4456 {
4457 static const OPTIONS options[] = {
4458 OPT_TEST_OPTIONS_DEFAULT_USAGE,
4459 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
4460 { NULL }
4461 };
4462 return options;
4463 }
4464
4465 int setup_tests(void)
4466 {
4467 OPTION_CHOICE o;
4468
4469 while ((o = opt_next()) != OPT_EOF) {
4470 switch (o) {
4471 case OPT_CONTEXT:
4472 /* Set up an alternate library context */
4473 testctx = OSSL_LIB_CTX_new();
4474 if (!TEST_ptr(testctx))
4475 return 0;
4476 /* Swap the libctx to test non-default context only */
4477 nullprov = OSSL_PROVIDER_load(NULL, "null");
4478 deflprov = OSSL_PROVIDER_load(testctx, "default");
4479 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
4480 break;
4481 case OPT_TEST_CASES:
4482 break;
4483 default:
4484 return 0;
4485 }
4486 }
4487
4488 ADD_TEST(test_EVP_set_default_properties);
4489 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
4490 ADD_TEST(test_EVP_DigestVerifyInit);
4491 #ifndef OPENSSL_NO_SIPHASH
4492 ADD_TEST(test_siphash_digestsign);
4493 #endif
4494 ADD_TEST(test_EVP_Digest);
4495 ADD_TEST(test_EVP_md_null);
4496 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
4497 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
4498 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
4499 ADD_TEST(test_privatekey_to_pkcs8);
4500 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
4501 #ifndef OPENSSL_NO_EC
4502 ADD_TEST(test_EVP_PKCS82PKEY);
4503 #endif
4504 #ifndef OPENSSL_NO_EC
4505 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
4506 #endif
4507 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
4508 ADD_TEST(test_EVP_SM2);
4509 ADD_TEST(test_EVP_SM2_verify);
4510 #endif
4511 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
4512 #ifndef OPENSSL_NO_DEPRECATED_3_0
4513 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
4514 if (!TEST_ptr(custom_pmeth))
4515 return 0;
4516 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
4517 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
4518 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
4519 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
4520 return 0;
4521 #endif
4522 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
4523 #ifndef OPENSSL_NO_CMAC
4524 ADD_TEST(test_CMAC_keygen);
4525 #endif
4526 ADD_TEST(test_HKDF);
4527 ADD_TEST(test_emptyikm_HKDF);
4528 #ifndef OPENSSL_NO_EC
4529 ADD_TEST(test_X509_PUBKEY_inplace);
4530 ADD_TEST(test_X509_PUBKEY_dup);
4531 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
4532 OSSL_NELEM(ec_der_pub_keys));
4533 #endif
4534 #ifndef OPENSSL_NO_DSA
4535 ADD_TEST(test_DSA_get_set_params);
4536 ADD_TEST(test_DSA_priv_pub);
4537 #endif
4538 ADD_TEST(test_RSA_get_set_params);
4539 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
4540 ADD_TEST(test_decrypt_null_chunks);
4541 #endif
4542 #ifndef OPENSSL_NO_DH
4543 ADD_TEST(test_DH_priv_pub);
4544 # ifndef OPENSSL_NO_DEPRECATED_3_0
4545 ADD_TEST(test_EVP_PKEY_set1_DH);
4546 # endif
4547 #endif
4548 #ifndef OPENSSL_NO_EC
4549 ADD_TEST(test_EC_priv_pub);
4550 # ifndef OPENSSL_NO_DEPRECATED_3_0
4551 ADD_TEST(test_EC_priv_only_legacy);
4552 # endif
4553 #endif
4554 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
4555 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
4556
4557 ADD_TEST(test_rand_agglomeration);
4558 ADD_ALL_TESTS(test_evp_iv_aes, 12);
4559 #ifndef OPENSSL_NO_DES
4560 ADD_ALL_TESTS(test_evp_iv_des, 6);
4561 #endif
4562 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
4563 ADD_TEST(test_EVP_rsa_pss_set_saltlen);
4564 #ifndef OPENSSL_NO_EC
4565 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
4566 #endif
4567
4568 ADD_TEST(test_names_do_all);
4569
4570 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
4571 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
4572 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
4573 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
4574
4575 #ifndef OPENSSL_NO_DEPRECATED_3_0
4576 ADD_ALL_TESTS(test_custom_pmeth, 12);
4577 ADD_TEST(test_evp_md_cipher_meth);
4578 ADD_TEST(test_custom_md_meth);
4579
4580 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4581 /* Tests only support the default libctx */
4582 if (testctx == NULL) {
4583 # ifndef OPENSSL_NO_EC
4584 ADD_ALL_TESTS(test_signatures_with_engine, 3);
4585 # else
4586 ADD_ALL_TESTS(test_signatures_with_engine, 2);
4587 # endif
4588 ADD_TEST(test_cipher_with_engine);
4589 }
4590 # endif
4591 #endif
4592
4593 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
4594
4595 return 1;
4596 }
4597
4598 void cleanup_tests(void)
4599 {
4600 OSSL_PROVIDER_unload(nullprov);
4601 OSSL_PROVIDER_unload(deflprov);
4602 OSSL_PROVIDER_unload(lgcyprov);
4603 OSSL_LIB_CTX_free(testctx);
4604 }
A mirror of the official openssl repository