]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/evp_extra_test.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
evp_extra_test: Add SIPHASH MAC digestsign test with reinitialization
[thirdparty/openssl.git] / test / evp_extra_test.c
1 /*
2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
34 #include "testutil.h"
35 #include "internal/nelem.h"
36 #include "internal/sizes.h"
37 #include "crypto/evp.h"
38 #include "../e_os.h" /* strcasecmp */
39
40 static OSSL_LIB_CTX *testctx = NULL;
41 static char *testpropq = NULL;
42
43 static OSSL_PROVIDER *nullprov = NULL;
44 static OSSL_PROVIDER *deflprov = NULL;
45 static OSSL_PROVIDER *lgcyprov = NULL;
46
47 /*
48 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
49 * should never use this key anywhere but in an example.
50 */
51 static const unsigned char kExampleRSAKeyDER[] = {
52 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
53 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
54 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
55 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
56 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
57 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
58 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
59 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
60 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
61 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
62 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
63 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
64 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
65 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
66 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
67 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
68 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
69 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
70 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
71 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
72 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
73 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
74 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
75 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
76 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
77 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
78 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
79 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
80 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
81 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
82 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
83 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
84 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
85 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
86 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
87 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
88 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
89 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
90 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
91 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
92 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
93 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
94 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
95 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
96 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
97 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
98 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
99 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
100 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
101 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
102 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
103 };
104
105 /*
106 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
107 * should never use this key anywhere but in an example.
108 */
109 #ifndef OPENSSL_NO_DSA
110 static const unsigned char kExampleDSAKeyDER[] = {
111 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
112 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
113 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
114 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
115 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
116 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
117 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
118 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
119 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
120 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
121 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
122 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
123 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
124 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
125 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
126 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
127 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
128 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
129 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
130 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
131 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
132 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
133 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
134 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
135 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
136 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
137 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
138 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
139 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
140 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
141 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
142 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
143 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
144 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
145 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
146 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
147 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
148 0x40, 0x48
149 };
150 #endif
151
152 /*
153 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
154 * components are not correct.
155 */
156 static const unsigned char kExampleBadRSAKeyDER[] = {
157 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
158 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
159 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
160 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
161 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
162 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
163 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
164 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
165 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
166 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
167 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
168 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
169 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
170 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
171 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
172 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
173 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
174 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
175 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
176 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
177 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
178 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
179 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
180 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
181 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
182 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
183 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
184 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
185 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
186 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
187 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
188 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
189 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
190 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
191 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
192 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
193 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
194 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
195 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
196 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
197 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
198 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
199 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
200 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
201 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
202 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
203 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
204 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
205 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
206 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
207 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
208 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
209 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
210 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
211 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
212 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
213 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
214 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
215 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
216 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
217 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
218 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
219 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
220 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
221 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
222 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
223 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
224 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
225 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
226 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
227 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
228 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
229 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
230 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
231 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
232 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
233 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
234 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
235 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
236 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
237 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
238 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
239 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
240 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
241 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
242 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
243 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
244 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
245 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
246 };
247
248 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
249
250 static const unsigned char kSignature[] = {
251 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
252 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
253 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
254 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
255 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
256 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
257 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
258 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
259 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
260 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
261 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
262 };
263
264 /*
265 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
266 * PrivateKeyInfo.
267 */
268 static const unsigned char kExampleRSAKeyPKCS8[] = {
269 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
270 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
271 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
272 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
273 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
274 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
275 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
276 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
277 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
278 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
279 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
280 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
281 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
282 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
283 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
284 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
285 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
286 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
287 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
288 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
289 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
290 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
291 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
292 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
293 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
294 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
295 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
296 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
297 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
298 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
299 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
300 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
301 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
302 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
303 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
304 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
305 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
306 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
307 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
308 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
309 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
310 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
311 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
312 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
313 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
314 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
315 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
316 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
317 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
318 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
319 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
320 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
321 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
322 };
323
324 #ifndef OPENSSL_NO_EC
325 /*
326 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
327 * structure.
328 */
329 static const unsigned char kExampleECKeyDER[] = {
330 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
331 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
332 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
333 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
334 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
335 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
336 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
337 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
338 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
339 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
340 0xc1,
341 };
342
343 /*
344 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
345 * structure. The private key is equal to the order and will fail to import
346 */
347 static const unsigned char kExampleBadECKeyDER[] = {
348 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
349 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
350 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
351 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
352 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
353 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
354 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
355 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
356 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
357 };
358
359 /* prime256v1 */
360 static const unsigned char kExampleECPubKeyDER[] = {
361 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
362 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
363 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
364 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
365 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
366 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
367 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
368 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
369 };
370
371 /*
372 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
373 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
374 */
375 static const unsigned char kExampleBadECPubKeyDER[] = {
376 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
377 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
378 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
379 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
380 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
381 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
382 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
383 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
384 };
385
386 static const unsigned char pExampleECParamDER[] = {
387 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
388 };
389
390 static const unsigned char kExampleED25519KeyDER[] = {
391 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
392 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
393 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
394 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
395 };
396
397 static const unsigned char kExampleED25519PubKeyDER[] = {
398 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
399 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
400 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
401 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
402 };
403
404 # ifndef OPENSSL_NO_DEPRECATED_3_0
405 static const unsigned char kExampleX25519KeyDER[] = {
406 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
407 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
408 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
409 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
410 };
411 # endif
412 #endif
413
414 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
415 #ifndef OPENSSL_NO_DEPRECATED_3_0
416 # ifndef OPENSSL_NO_DH
417 static const unsigned char kExampleDHKeyDER[] = {
418 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
419 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
420 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
421 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
422 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
423 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
424 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
425 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
426 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
427 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
428 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
429 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
430 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
431 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
432 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
433 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
434 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
435 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
436 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
437 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
438 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
439 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
440 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
441 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
442 0x2e, 0x87, 0x2a, 0x0b, 0x7a
443 };
444 # endif
445 #endif
446
447 static const unsigned char kCFBDefaultKey[] = {
448 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
449 0x09, 0xCF, 0x4F, 0x3C
450 };
451
452 static const unsigned char kGCMDefaultKey[32] = { 0 };
453
454 static const unsigned char kGCMResetKey[] = {
455 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
456 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
457 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
458 };
459
460 static const unsigned char iCFBIV[] = {
461 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
462 0x0C, 0x0D, 0x0E, 0x0F
463 };
464
465 static const unsigned char iGCMDefaultIV[12] = { 0 };
466
467 static const unsigned char iGCMResetIV1[] = {
468 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
469 };
470
471 static const unsigned char iGCMResetIV2[] = {
472 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
473 };
474
475 static const unsigned char cfbPlaintext[] = {
476 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
477 0x73, 0x93, 0x17, 0x2A
478 };
479
480 static const unsigned char gcmDefaultPlaintext[16] = { 0 };
481
482 static const unsigned char gcmResetPlaintext[] = {
483 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
484 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
485 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
486 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
487 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
488 };
489
490 static const unsigned char cfbCiphertext[] = {
491 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
492 0xE8, 0x3C, 0xFB, 0x4A
493 };
494
495 static const unsigned char gcmDefaultCiphertext[] = {
496 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
497 0xba, 0xf3, 0x9d, 0x18
498 };
499
500 static const unsigned char gcmResetCiphertext1[] = {
501 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
502 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
503 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
504 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
505 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
506 };
507
508 static const unsigned char gcmResetCiphertext2[] = {
509 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
510 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
511 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
512 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
513 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
514 };
515
516 static const unsigned char gcmAAD[] = {
517 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
518 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
519 };
520
521 static const unsigned char gcmDefaultTag[] = {
522 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
523 0xd4, 0x8a, 0xb9, 0x19
524 };
525
526 static const unsigned char gcmResetTag1[] = {
527 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
528 0xfe, 0x2e, 0xa8, 0xf2
529 };
530
531 static const unsigned char gcmResetTag2[] = {
532 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
533 0xbb, 0x2d, 0x55, 0x1b
534 };
535
536 typedef struct APK_DATA_st {
537 const unsigned char *kder;
538 size_t size;
539 const char *keytype;
540 int evptype;
541 int check;
542 int pub_check;
543 int param_check;
544 int type; /* 0 for private, 1 for public, 2 for params */
545 } APK_DATA;
546
547 static APK_DATA keydata[] = {
548 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
549 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
550 #ifndef OPENSSL_NO_EC
551 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
552 #endif
553 };
554
555 static APK_DATA keycheckdata[] = {
556 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
557 0},
558 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
559 0, 1, 1, 0},
560 #ifndef OPENSSL_NO_EC
561 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
562 /* group is also associated in our pub key */
563 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
564 1, 1},
565 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
566 2},
567 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
568 EVP_PKEY_ED25519, 1, 1, 1, 0},
569 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
570 EVP_PKEY_ED25519, 0, 1, 1, 1},
571 #endif
572 };
573
574 static EVP_PKEY *load_example_key(const char *keytype,
575 const unsigned char *data, size_t data_len)
576 {
577 const unsigned char **pdata = &data;
578 EVP_PKEY *pkey = NULL;
579 OSSL_DECODER_CTX *dctx =
580 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
581 testctx, testpropq);
582
583 /* |pkey| will be NULL on error */
584 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
585 OSSL_DECODER_CTX_free(dctx);
586 return pkey;
587 }
588
589 static EVP_PKEY *load_example_rsa_key(void)
590 {
591 return load_example_key("RSA", kExampleRSAKeyDER,
592 sizeof(kExampleRSAKeyDER));
593 }
594
595 #ifndef OPENSSL_NO_DSA
596 static EVP_PKEY *load_example_dsa_key(void)
597 {
598 return load_example_key("DSA", kExampleDSAKeyDER,
599 sizeof(kExampleDSAKeyDER));
600 }
601 #endif
602
603 #ifndef OPENSSL_NO_EC
604 static EVP_PKEY *load_example_ec_key(void)
605 {
606 return load_example_key("EC", kExampleECKeyDER,
607 sizeof(kExampleECKeyDER));
608 }
609 #endif
610
611 #ifndef OPENSSL_NO_DEPRECATED_3_0
612 # ifndef OPENSSL_NO_DH
613 static EVP_PKEY *load_example_dh_key(void)
614 {
615 return load_example_key("DH", kExampleDHKeyDER,
616 sizeof(kExampleDHKeyDER));
617 }
618 # endif
619
620 # ifndef OPENSSL_NO_EC
621 static EVP_PKEY *load_example_ed25519_key(void)
622 {
623 return load_example_key("ED25519", kExampleED25519KeyDER,
624 sizeof(kExampleED25519KeyDER));
625 }
626
627 static EVP_PKEY *load_example_x25519_key(void)
628 {
629 return load_example_key("X25519", kExampleX25519KeyDER,
630 sizeof(kExampleX25519KeyDER));
631 }
632 # endif
633 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
634
635 static EVP_PKEY *load_example_hmac_key(void)
636 {
637 EVP_PKEY *pkey = NULL;
638 unsigned char key[] = {
639 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
640 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
641 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
642 };
643
644 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
645 NULL, key, sizeof(key));
646 if (!TEST_ptr(pkey))
647 return NULL;
648
649 return pkey;
650 }
651
652 static int test_EVP_set_default_properties(void)
653 {
654 OSSL_LIB_CTX *ctx;
655 EVP_MD *md = NULL;
656 int res = 0;
657
658 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
659 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
660 goto err;
661 EVP_MD_free(md);
662 md = NULL;
663
664 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
665 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
666 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
667 goto err;
668 EVP_MD_free(md);
669 md = NULL;
670
671 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
672 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
673 goto err;
674 res = 1;
675 err:
676 EVP_MD_free(md);
677 OSSL_LIB_CTX_free(ctx);
678 return res;
679 }
680
681 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
682 static int test_fromdata(char *keytype, int selection, OSSL_PARAM *params)
683 {
684 EVP_PKEY_CTX *pctx = NULL;
685 EVP_PKEY *pkey = NULL;
686 int testresult = 0;
687 int ret;
688 BIO *bio = BIO_new(BIO_s_mem());
689
690 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
691 goto err;
692 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
693 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
694 params), 0))
695 goto err;
696
697 if (!TEST_ptr(pkey))
698 goto err;
699
700 /* Check we can use the resulting key */
701 ret = PEM_write_bio_PUBKEY(bio, pkey);
702 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
703 if (!TEST_true(ret))
704 goto err;
705 } else {
706 if (!TEST_false(ret))
707 goto err;
708 }
709 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
710 testctx, NULL);
711 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
712 if (!TEST_true(ret))
713 goto err;
714 } else {
715 if (!TEST_false(ret))
716 goto err;
717 }
718
719 testresult = 1;
720 err:
721 EVP_PKEY_free(pkey);
722 EVP_PKEY_CTX_free(pctx);
723 BIO_free(bio);
724
725 return testresult;
726 }
727 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
728
729 /*
730 * Test combinations of private, public, missing and private + public key
731 * params to ensure they are all accepted
732 */
733 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
734 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
735 {
736 OSSL_PARAM_BLD *bld = NULL;
737 OSSL_PARAM *params = NULL;
738 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
739 int ret = 0;
740
741 /*
742 * Setup the parameters for our pkey object. For our purposes they don't
743 * have to actually be *valid* parameters. We just need to set something.
744 */
745 if (!TEST_ptr(p = BN_new())
746 || !TEST_ptr(q = BN_new())
747 || !TEST_ptr(g = BN_new())
748 || !TEST_ptr(pub = BN_new())
749 || !TEST_ptr(priv = BN_new()))
750 goto err;
751
752 /* Test !priv and !pub */
753 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
754 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
755 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
756 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
757 goto err;
758 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
759 goto err;
760
761 if (!test_fromdata(keytype, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, params))
762 goto err;
763 OSSL_PARAM_free(params);
764 params = NULL;
765 OSSL_PARAM_BLD_free(bld);
766
767 /* Test priv and !pub */
768 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
769 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
770 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
771 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
772 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
773 priv)))
774 goto err;
775 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
776 goto err;
777
778 if (!test_fromdata(keytype, OSSL_KEYMGMT_SELECT_PRIVATE_KEY, params))
779 goto err;
780 OSSL_PARAM_free(params);
781 params = NULL;
782 OSSL_PARAM_BLD_free(bld);
783
784 /* Test !priv and pub */
785 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
786 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
787 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
788 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
789 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
790 pub)))
791 goto err;
792 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
793 goto err;
794
795 if (!test_fromdata(keytype, OSSL_KEYMGMT_SELECT_PUBLIC_KEY, params))
796 goto err;
797 OSSL_PARAM_free(params);
798 params = NULL;
799 OSSL_PARAM_BLD_free(bld);
800
801 /* Test priv and pub */
802 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
803 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
804 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
805 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
806 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
807 pub))
808 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
809 priv)))
810 goto err;
811 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
812 goto err;
813
814 if (!test_fromdata(keytype, EVP_PKEY_KEYPAIR, params))
815 goto err;
816
817 ret = 1;
818 err:
819 OSSL_PARAM_free(params);
820 OSSL_PARAM_BLD_free(bld);
821 BN_free(p);
822 BN_free(q);
823 BN_free(g);
824 BN_free(pub);
825 BN_free(priv);
826
827 return ret;
828 }
829 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
830
831 /*
832 * Test combinations of private, public, missing and private + public key
833 * params to ensure they are all accepted for EC keys
834 */
835 #ifndef OPENSSL_NO_EC
836 static unsigned char ec_priv[] = {
837 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
838 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
839 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
840 };
841 static unsigned char ec_pub[] = {
842 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
843 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
844 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
845 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
846 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
847 0x08, 0x09, 0xb8, 0xdb, 0x03
848 };
849
850 static int test_EC_priv_pub(void)
851 {
852 OSSL_PARAM_BLD *bld = NULL;
853 OSSL_PARAM *params = NULL;
854 BIGNUM *priv = NULL;
855 int ret = 0;
856
857 /*
858 * Setup the parameters for our pkey object. For our purposes they don't
859 * have to actually be *valid* parameters. We just need to set something.
860 */
861 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
862 goto err;
863
864 /* Test !priv and !pub */
865 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
866 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
867 OSSL_PKEY_PARAM_GROUP_NAME,
868 "P-256", 0)))
869 goto err;
870 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
871 goto err;
872
873 if (!test_fromdata("EC", OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, params))
874 goto err;
875 OSSL_PARAM_free(params);
876 params = NULL;
877 OSSL_PARAM_BLD_free(bld);
878
879 /* Test priv and !pub */
880 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
881 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
882 OSSL_PKEY_PARAM_GROUP_NAME,
883 "P-256", 0))
884 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
885 priv)))
886 goto err;
887 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
888 goto err;
889
890 /*
891 * We indicate only parameters here. The "EVP_PKEY_fromdata" call will do
892 * the private key anyway, but the subsequent PEM_write_bio_PrivateKey_ex
893 * call is expected to fail because PEM_write_bio_PrivateKey_ex does not
894 * support exporting a private EC key without a corresponding public key
895 */
896 if (!test_fromdata("EC", OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, params))
897 goto err;
898 OSSL_PARAM_free(params);
899 params = NULL;
900 OSSL_PARAM_BLD_free(bld);
901
902 /* Test !priv and pub */
903 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
904 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
905 OSSL_PKEY_PARAM_GROUP_NAME,
906 "P-256", 0))
907 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
908 OSSL_PKEY_PARAM_PUB_KEY,
909 ec_pub, sizeof(ec_pub))))
910 goto err;
911 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
912 goto err;
913
914 if (!test_fromdata("EC", OSSL_KEYMGMT_SELECT_PUBLIC_KEY, params))
915 goto err;
916 OSSL_PARAM_free(params);
917 params = NULL;
918 OSSL_PARAM_BLD_free(bld);
919
920 /* Test priv and pub */
921 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
922 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
923 OSSL_PKEY_PARAM_GROUP_NAME,
924 "P-256", 0))
925 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
926 OSSL_PKEY_PARAM_PUB_KEY,
927 ec_pub, sizeof(ec_pub)))
928 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
929 priv)))
930 goto err;
931 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
932 goto err;
933
934 if (!test_fromdata("EC", EVP_PKEY_KEYPAIR, params))
935 goto err;
936
937 ret = 1;
938 err:
939 OSSL_PARAM_free(params);
940 OSSL_PARAM_BLD_free(bld);
941 BN_free(priv);
942
943 return ret;
944 }
945
946 /* Test that using a legacy EC key with only a private key in it works */
947 # ifndef OPENSSL_NO_DEPRECATED_3_0
948 static int test_EC_priv_only_legacy(void)
949 {
950 BIGNUM *priv = NULL;
951 int ret = 0;
952 EC_KEY *eckey = NULL;
953 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
954 EVP_MD_CTX *ctx = NULL;
955
956 /* Create the low level EC_KEY */
957 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
958 goto err;
959
960 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
961 if (!TEST_ptr(eckey))
962 goto err;
963
964 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
965 goto err;
966
967 pkey = EVP_PKEY_new();
968 if (!TEST_ptr(pkey))
969 goto err;
970
971 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
972 goto err;
973 eckey = NULL;
974
975 while (dup_pk == NULL) {
976 ret = 0;
977 ctx = EVP_MD_CTX_new();
978 if (!TEST_ptr(ctx))
979 goto err;
980
981 /*
982 * The EVP_DigestSignInit function should create the key on the
983 * provider side which is sufficient for this test.
984 */
985 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
986 testpropq, pkey, NULL)))
987 goto err;
988 EVP_MD_CTX_free(ctx);
989 ctx = NULL;
990
991 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
992 goto err;
993 /* EVP_PKEY_eq() returns -2 with missing public keys */
994 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
995 EVP_PKEY_free(pkey);
996 pkey = dup_pk;
997 if (!ret)
998 goto err;
999 }
1000
1001 err:
1002 EVP_MD_CTX_free(ctx);
1003 EVP_PKEY_free(pkey);
1004 EC_KEY_free(eckey);
1005 BN_free(priv);
1006
1007 return ret;
1008 }
1009 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
1010 #endif /* OPENSSL_NO_EC */
1011
1012 static int test_EVP_PKEY_sign(int tst)
1013 {
1014 int ret = 0;
1015 EVP_PKEY *pkey = NULL;
1016 unsigned char *sig = NULL;
1017 size_t sig_len = 0, shortsig_len = 1;
1018 EVP_PKEY_CTX *ctx = NULL;
1019 unsigned char tbs[] = {
1020 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1021 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1022 };
1023
1024 if (tst == 0) {
1025 if (!TEST_ptr(pkey = load_example_rsa_key()))
1026 goto out;
1027 } else if (tst == 1) {
1028 #ifndef OPENSSL_NO_DSA
1029 if (!TEST_ptr(pkey = load_example_dsa_key()))
1030 goto out;
1031 #else
1032 ret = 1;
1033 goto out;
1034 #endif
1035 } else {
1036 #ifndef OPENSSL_NO_EC
1037 if (!TEST_ptr(pkey = load_example_ec_key()))
1038 goto out;
1039 #else
1040 ret = 1;
1041 goto out;
1042 #endif
1043 }
1044
1045 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1046 if (!TEST_ptr(ctx)
1047 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1048 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1049 sizeof(tbs)), 0))
1050 goto out;
1051 sig = OPENSSL_malloc(sig_len);
1052 if (!TEST_ptr(sig)
1053 /* Test sending a signature buffer that is too short is rejected */
1054 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1055 sizeof(tbs)), 0)
1056 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1057 0)
1058 /* Test the signature round-trips */
1059 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1060 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1061 0))
1062 goto out;
1063
1064 ret = 1;
1065 out:
1066 EVP_PKEY_CTX_free(ctx);
1067 OPENSSL_free(sig);
1068 EVP_PKEY_free(pkey);
1069 return ret;
1070 }
1071
1072 /*
1073 * n = 0 => test using legacy cipher
1074 * n = 1 => test using fetched cipher
1075 */
1076 static int test_EVP_Enveloped(int n)
1077 {
1078 int ret = 0;
1079 EVP_CIPHER_CTX *ctx = NULL;
1080 EVP_PKEY *keypair = NULL;
1081 unsigned char *kek = NULL;
1082 unsigned char iv[EVP_MAX_IV_LENGTH];
1083 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1084 int len, kek_len, ciphertext_len, plaintext_len;
1085 unsigned char ciphertext[32], plaintext[16];
1086 EVP_CIPHER *type = NULL;
1087
1088 if (nullprov != NULL)
1089 return TEST_skip("Test does not support a non-default library context");
1090
1091 if (n == 0)
1092 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1093 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1094 testpropq)))
1095 goto err;
1096
1097 if (!TEST_ptr(keypair = load_example_rsa_key())
1098 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
1099 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1100 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1101 &keypair, 1))
1102 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1103 msg, sizeof(msg)))
1104 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1105 &len)))
1106 goto err;
1107
1108 ciphertext_len += len;
1109
1110 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1111 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1112 ciphertext, ciphertext_len))
1113 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1114 goto err;
1115
1116 plaintext_len += len;
1117 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1118 goto err;
1119
1120 ret = 1;
1121 err:
1122 if (n != 0)
1123 EVP_CIPHER_free(type);
1124 OPENSSL_free(kek);
1125 EVP_PKEY_free(keypair);
1126 EVP_CIPHER_CTX_free(ctx);
1127 return ret;
1128 }
1129
1130 /*
1131 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1132 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1133 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1134 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1135 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1136 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1137 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1138 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1139 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1140 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1141 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1142 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1143 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1144 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1145 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1146 * Test 15-29: Same as above with reinitialization
1147 */
1148 static int test_EVP_DigestSignInit(int tst)
1149 {
1150 int ret = 0;
1151 EVP_PKEY *pkey = NULL;
1152 unsigned char *sig = NULL, *sig2 = NULL;
1153 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
1154 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1155 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1156 BIO *mdbio = NULL, *membio = NULL;
1157 size_t written;
1158 const EVP_MD *md;
1159 EVP_MD *mdexp = NULL;
1160 int reinit = 0;
1161
1162 if (nullprov != NULL)
1163 return TEST_skip("Test does not support a non-default library context");
1164
1165 if (tst >= 15) {
1166 reinit = 1;
1167 tst -= 15;
1168 }
1169
1170 if (tst >= 6 && tst <= 8) {
1171 membio = BIO_new(BIO_s_mem());
1172 mdbio = BIO_new(BIO_f_md());
1173 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1174 goto out;
1175 BIO_push(mdbio, membio);
1176 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1177 goto out;
1178 } else {
1179 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1180 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1181 goto out;
1182 }
1183
1184 if (tst % 3 == 0) {
1185 if (!TEST_ptr(pkey = load_example_rsa_key()))
1186 goto out;
1187 } else if (tst % 3 == 1) {
1188 #ifndef OPENSSL_NO_DSA
1189 if (!TEST_ptr(pkey = load_example_dsa_key()))
1190 goto out;
1191 #else
1192 ret = 1;
1193 goto out;
1194 #endif
1195 } else {
1196 if (!TEST_ptr(pkey = load_example_hmac_key()))
1197 goto out;
1198 }
1199
1200 if (tst >= 3 && tst <= 5)
1201 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1202 else
1203 md = EVP_sha256();
1204
1205 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1206 goto out;
1207
1208 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
1209 goto out;
1210
1211 if (tst >= 6 && tst <= 8) {
1212 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1213 goto out;
1214 } else if (tst < 6) {
1215 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1216 goto out;
1217 }
1218
1219 if (tst >= 9) {
1220 /* Determine the size of the signature. */
1221 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1222 sizeof(kMsg)))
1223 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1224 goto out;
1225 if (tst <= 11) {
1226 /* Test that supply a short sig buffer fails */
1227 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1228 sizeof(kMsg))))
1229 goto out;
1230 /*
1231 * We end here because once EVP_DigestSign() has failed you should
1232 * not call it again without re-initing the ctx
1233 */
1234 ret = 1;
1235 goto out;
1236 }
1237 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1238 sizeof(kMsg))))
1239 goto out;
1240 } else {
1241 /* Determine the size of the signature. */
1242 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1243 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1244 /*
1245 * Trying to create a signature with a deliberately short
1246 * buffer should fail.
1247 */
1248 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1249 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1250 goto out;
1251 }
1252
1253 /*
1254 * Ensure that the signature round-trips (Verification isn't supported for
1255 * HMAC via EVP_DigestVerify*)
1256 */
1257 if (tst % 3 != 2) {
1258 if (tst >= 6 && tst <= 8) {
1259 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1260 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1261 goto out;
1262 }
1263
1264 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1265 NULL, pkey)))
1266 goto out;
1267
1268 if (tst >= 6 && tst <= 8) {
1269 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1270 goto out;
1271 } else {
1272 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1273 sizeof(kMsg))))
1274 goto out;
1275 }
1276 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1277 goto out;
1278
1279 /* Multiple calls to EVP_DigestVerifyFinal should work */
1280 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1281 goto out;
1282 } else {
1283 /*
1284 * For HMAC a doubled call to DigestSignFinal should produce the same
1285 * value as finalization should not happen.
1286 */
1287 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1288 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1289 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1290 goto out;
1291
1292 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1293 goto out;
1294 }
1295
1296 ret = 1;
1297
1298 out:
1299 BIO_free(membio);
1300 BIO_free(mdbio);
1301 EVP_MD_CTX_free(a_md_ctx);
1302 EVP_MD_CTX_free(a_md_ctx_verify);
1303 EVP_PKEY_free(pkey);
1304 OPENSSL_free(sig);
1305 OPENSSL_free(sig2);
1306 EVP_MD_free(mdexp);
1307
1308 return ret;
1309 }
1310
1311 static int test_EVP_DigestVerifyInit(void)
1312 {
1313 int ret = 0;
1314 EVP_PKEY *pkey = NULL;
1315 EVP_MD_CTX *md_ctx = NULL;
1316
1317 if (nullprov != NULL)
1318 return TEST_skip("Test does not support a non-default library context");
1319
1320 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1321 || !TEST_ptr(pkey = load_example_rsa_key()))
1322 goto out;
1323
1324 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1325 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1326 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
1327 sizeof(kSignature))))
1328 goto out;
1329
1330 /* test with reinitialization */
1331 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
1332 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1333 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
1334 sizeof(kSignature))))
1335 goto out;
1336 ret = 1;
1337
1338 out:
1339 EVP_MD_CTX_free(md_ctx);
1340 EVP_PKEY_free(pkey);
1341 return ret;
1342 }
1343
1344 #ifndef OPENSSL_NO_SIPHASH
1345 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
1346 static int test_siphash_digestsign(void)
1347 {
1348 unsigned char key[16];
1349 unsigned char buf[8], digest[8];
1350 unsigned char expected[8] = {
1351 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1352 };
1353 EVP_PKEY *pkey = NULL;
1354 EVP_MD_CTX *mdctx = NULL;
1355 EVP_PKEY_CTX *ctx = NULL;
1356 int ret = 0;
1357 size_t len = 8;
1358
1359 if (nullprov != NULL)
1360 return TEST_skip("Test does not support a non-default library context");
1361
1362 memset(buf, 0, 8);
1363 memset(key, 1, 16);
1364 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
1365 key, 16)))
1366 goto out;
1367
1368 if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
1369 goto out;
1370
1371 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
1372 goto out;
1373 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
1374 EVP_PKEY_CTRL_SET_DIGEST_SIZE,
1375 8, NULL), 1))
1376 goto out;
1377 /* reinitialize */
1378 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
1379 goto out;
1380 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
1381 goto out;
1382 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
1383 goto out;
1384 if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
1385 goto out;
1386
1387 ret = 1;
1388 out:
1389 EVP_PKEY_free(pkey);
1390 EVP_MD_CTX_free(mdctx);
1391 return ret;
1392 }
1393 #endif
1394
1395 /*
1396 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1397 */
1398 static int test_EVP_Digest(void)
1399 {
1400 int ret = 0;
1401 EVP_MD_CTX *md_ctx = NULL;
1402 unsigned char md[EVP_MAX_MD_SIZE];
1403 EVP_MD *sha256 = NULL;
1404 EVP_MD *shake256 = NULL;
1405
1406 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1407 goto out;
1408
1409 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1410 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1411 goto out;
1412
1413 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1414 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1415 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1416 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1417 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1418 goto out;
1419
1420 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1421 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1422 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1423 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1424 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1425 /*
1426 * EVP_DigestInit_ex with NULL type should work on
1427 * pre-initialized context.
1428 */
1429 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1430 goto out;
1431
1432 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1433 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1434 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1435 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1436 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1437 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1438 goto out;
1439 ret = 1;
1440
1441 out:
1442 EVP_MD_CTX_free(md_ctx);
1443 EVP_MD_free(sha256);
1444 EVP_MD_free(shake256);
1445 return ret;
1446 }
1447
1448 static int test_d2i_AutoPrivateKey(int i)
1449 {
1450 int ret = 0;
1451 const unsigned char *p;
1452 EVP_PKEY *pkey = NULL;
1453 const APK_DATA *ak = &keydata[i];
1454 const unsigned char *input = ak->kder;
1455 size_t input_len = ak->size;
1456 int expected_id = ak->evptype;
1457
1458 p = input;
1459 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1460 || !TEST_ptr_eq(p, input + input_len)
1461 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
1462 goto done;
1463
1464 ret = 1;
1465
1466 done:
1467 EVP_PKEY_free(pkey);
1468 return ret;
1469 }
1470
1471 #ifndef OPENSSL_NO_EC
1472
1473 static const unsigned char ec_public_sect163k1_validxy[] = {
1474 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1475 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1476 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1477 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1478 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1479 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1480 };
1481
1482 static const unsigned char ec_public_sect163k1_badx[] = {
1483 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1484 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1485 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1486 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1487 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1488 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1489 };
1490
1491 static const unsigned char ec_public_sect163k1_bady[] = {
1492 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1493 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1494 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1495 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1496 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1497 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1498 };
1499
1500 static struct ec_der_pub_keys_st {
1501 const unsigned char *der;
1502 size_t len;
1503 int valid;
1504 } ec_der_pub_keys[] = {
1505 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1506 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1507 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1508 };
1509
1510 /*
1511 * Tests the range of the decoded EC char2 public point.
1512 * See ec_GF2m_simple_oct2point().
1513 */
1514 static int test_invalide_ec_char2_pub_range_decode(int id)
1515 {
1516 int ret = 0;
1517 EVP_PKEY *pkey;
1518
1519 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1520 ec_der_pub_keys[id].len);
1521
1522 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1523 || TEST_ptr_null(pkey);
1524 EVP_PKEY_free(pkey);
1525 return ret;
1526 }
1527
1528 /* Tests loading a bad key in PKCS8 format */
1529 static int test_EVP_PKCS82PKEY(void)
1530 {
1531 int ret = 0;
1532 const unsigned char *derp = kExampleBadECKeyDER;
1533 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1534 EVP_PKEY *pkey = NULL;
1535
1536 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1537 sizeof(kExampleBadECKeyDER))))
1538 goto done;
1539
1540 if (!TEST_ptr_eq(derp,
1541 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1542 goto done;
1543
1544 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1545 goto done;
1546
1547 ret = 1;
1548
1549 done:
1550 PKCS8_PRIV_KEY_INFO_free(p8inf);
1551 EVP_PKEY_free(pkey);
1552
1553 return ret;
1554 }
1555
1556 #endif
1557 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1558 {
1559 EVP_PKEY *pkey = NULL;
1560 EVP_PKEY *pkey2 = NULL;
1561 BIO *membio = NULL;
1562 char *membuf = NULL;
1563 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1564 int ok = 0;
1565
1566 if (testctx != NULL)
1567 /* test not supported with non-default context */
1568 return 1;
1569
1570 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1571 || !TEST_ptr(pkey = load_example_rsa_key())
1572 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1573 NULL, 0, NULL, NULL),
1574 0)
1575 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1576 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1577 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
1578 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1579 goto done;
1580 }
1581
1582 ok = 1;
1583 done:
1584 EVP_PKEY_free(pkey);
1585 EVP_PKEY_free(pkey2);
1586 PKCS8_PRIV_KEY_INFO_free(p8inf);
1587 BIO_free_all(membio);
1588 return ok;
1589 }
1590
1591 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1592 static int test_privatekey_to_pkcs8(void)
1593 {
1594 EVP_PKEY *pkey = NULL;
1595 BIO *membio = NULL;
1596 char *membuf = NULL;
1597 long membuf_len = 0;
1598 int ok = 0;
1599
1600 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1601 || !TEST_ptr(pkey = load_example_rsa_key())
1602 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1603 NULL, 0, NULL, NULL),
1604 0)
1605 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1606 || !TEST_ptr(membuf)
1607 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1608 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1609 /*
1610 * We try to write PEM as well, just to see that it doesn't err, but
1611 * assume that the result is correct.
1612 */
1613 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1614 NULL, 0, NULL, NULL),
1615 0))
1616 goto done;
1617
1618 ok = 1;
1619 done:
1620 EVP_PKEY_free(pkey);
1621 BIO_free_all(membio);
1622 return ok;
1623 }
1624
1625 #ifndef OPENSSL_NO_EC
1626 static const struct {
1627 int encoding;
1628 const char *encoding_name;
1629 } ec_encodings[] = {
1630 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1631 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1632 };
1633
1634 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1635 {
1636 const OSSL_PARAM *p;
1637 const char *enc_name = NULL;
1638 int *enc = arg;
1639 size_t i;
1640
1641 *enc = -1;
1642
1643 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1644 OSSL_PKEY_PARAM_EC_ENCODING))
1645 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1646 return 0;
1647
1648 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1649 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1650 *enc = ec_encodings[i].encoding;
1651 break;
1652 }
1653 }
1654
1655 return (*enc != -1);
1656 }
1657
1658 static int test_EC_keygen_with_enc(int idx)
1659 {
1660 EVP_PKEY *params = NULL, *key = NULL;
1661 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1662 int enc;
1663 int ret = 0;
1664
1665 enc = ec_encodings[idx].encoding;
1666
1667 /* Create key parameters */
1668 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1669 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
1670 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
1671 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1672 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
1673 || !TEST_ptr(params))
1674 goto done;
1675
1676 /* Create key */
1677 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1678 || !TEST_true(EVP_PKEY_keygen_init(kctx))
1679 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1680 || !TEST_ptr(key))
1681 goto done;
1682
1683 /* Check that the encoding got all the way into the key */
1684 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1685 ec_export_get_encoding_cb, &enc))
1686 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1687 goto done;
1688
1689 ret = 1;
1690 done:
1691 EVP_PKEY_free(key);
1692 EVP_PKEY_free(params);
1693 EVP_PKEY_CTX_free(kctx);
1694 EVP_PKEY_CTX_free(pctx);
1695 return ret;
1696 }
1697 #endif
1698
1699 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1700
1701 static int test_EVP_SM2_verify(void)
1702 {
1703 const char *pubkey =
1704 "-----BEGIN PUBLIC KEY-----\n"
1705 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1706 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1707 "-----END PUBLIC KEY-----\n";
1708
1709 const char *msg = "message digest";
1710 const char *id = "ALICE123@YAHOO.COM";
1711
1712 const uint8_t signature[] = {
1713 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1714 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1715 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1716 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1717 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1718 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1719 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1720 };
1721
1722 int rc = 0;
1723 BIO *bio = NULL;
1724 EVP_PKEY *pkey = NULL;
1725 EVP_MD_CTX *mctx = NULL;
1726 EVP_PKEY_CTX *pctx = NULL;
1727 EVP_MD *sm3 = NULL;
1728
1729 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1730 if (!TEST_true(bio != NULL))
1731 goto done;
1732
1733 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
1734 if (!TEST_true(pkey != NULL))
1735 goto done;
1736
1737 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1738 goto done;
1739
1740 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1741 goto done;
1742
1743 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1744 goto done;
1745
1746 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1747
1748 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1749 goto done;
1750
1751 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
1752 goto done;
1753
1754 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1755 goto done;
1756
1757 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1758 goto done;
1759
1760 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
1761 goto done;
1762 rc = 1;
1763
1764 done:
1765 BIO_free(bio);
1766 EVP_PKEY_free(pkey);
1767 EVP_PKEY_CTX_free(pctx);
1768 EVP_MD_CTX_free(mctx);
1769 EVP_MD_free(sm3);
1770 return rc;
1771 }
1772
1773 static int test_EVP_SM2(void)
1774 {
1775 int ret = 0;
1776 EVP_PKEY *pkey = NULL;
1777 EVP_PKEY *pkeyparams = NULL;
1778 EVP_PKEY_CTX *pctx = NULL;
1779 EVP_PKEY_CTX *kctx = NULL;
1780 EVP_PKEY_CTX *sctx = NULL;
1781 size_t sig_len = 0;
1782 unsigned char *sig = NULL;
1783 EVP_MD_CTX *md_ctx = NULL;
1784 EVP_MD_CTX *md_ctx_verify = NULL;
1785 EVP_PKEY_CTX *cctx = NULL;
1786 EVP_MD *check_md = NULL;
1787
1788 uint8_t ciphertext[128];
1789 size_t ctext_len = sizeof(ciphertext);
1790
1791 uint8_t plaintext[8];
1792 size_t ptext_len = sizeof(plaintext);
1793
1794 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1795
1796 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1797 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1798 int i;
1799 char mdname[OSSL_MAX_NAME_SIZE];
1800
1801 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
1802 "SM2", testpropq)))
1803 goto done;
1804
1805 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1806 goto done;
1807
1808 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1809 goto done;
1810
1811 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1812 goto done;
1813
1814 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1815 pkeyparams, testpropq)))
1816 goto done;
1817
1818 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1819 goto done;
1820
1821 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1822 goto done;
1823
1824 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1825 goto done;
1826
1827 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1828 goto done;
1829
1830 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1831 goto done;
1832
1833 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1834 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1835
1836 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
1837 goto done;
1838
1839 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
1840 goto done;
1841
1842 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1843 goto done;
1844
1845 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1846 goto done;
1847
1848 /* Determine the size of the signature. */
1849 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1850 goto done;
1851
1852 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1853 goto done;
1854
1855 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1856 goto done;
1857
1858 /* Ensure that the signature round-trips. */
1859
1860 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1861 pkey)))
1862 goto done;
1863
1864 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1865 goto done;
1866
1867 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1868 goto done;
1869
1870 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1871 goto done;
1872
1873 /* now check encryption/decryption */
1874
1875 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1876 mdname, sizeof(mdname));
1877 for (i = 0; i < 2; i++) {
1878 const char *mdnames[] = {
1879 #ifndef OPENSSL_NO_SM3
1880 "SM3",
1881 #else
1882 NULL,
1883 #endif
1884 "SHA2-256" };
1885 EVP_PKEY_CTX_free(cctx);
1886
1887 if (mdnames[i] == NULL)
1888 continue;
1889
1890 sparams[0] =
1891 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1892 (char *)mdnames[i], 0);
1893
1894 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1895 pkey, testpropq)))
1896 goto done;
1897
1898 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1899 goto done;
1900
1901 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1902 goto done;
1903
1904 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1905 sizeof(kMsg))))
1906 goto done;
1907
1908 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1909 goto done;
1910
1911 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1912 goto done;
1913
1914 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1915 ctext_len)))
1916 goto done;
1917
1918 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1919 goto done;
1920
1921 /*
1922 * Test we're still using the digest we think we are.
1923 * Because of aliases, the easiest is to fetch the digest and
1924 * check the name with EVP_MD_is_a().
1925 */
1926 EVP_MD_free(check_md);
1927 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
1928 goto done;
1929 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
1930 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
1931 goto done;
1932 }
1933
1934 if (!TEST_true(ptext_len == sizeof(kMsg)))
1935 goto done;
1936
1937 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1938 goto done;
1939 }
1940
1941 ret = 1;
1942 done:
1943 EVP_PKEY_CTX_free(pctx);
1944 EVP_PKEY_CTX_free(kctx);
1945 EVP_PKEY_CTX_free(sctx);
1946 EVP_PKEY_CTX_free(cctx);
1947 EVP_PKEY_free(pkey);
1948 EVP_PKEY_free(pkeyparams);
1949 EVP_MD_CTX_free(md_ctx);
1950 EVP_MD_CTX_free(md_ctx_verify);
1951 EVP_MD_free(check_md);
1952 OPENSSL_free(sig);
1953 return ret;
1954 }
1955
1956 #endif
1957
1958 static struct keys_st {
1959 int type;
1960 char *priv;
1961 char *pub;
1962 } keys[] = {
1963 {
1964 EVP_PKEY_HMAC, "0123456789", NULL
1965 },
1966 {
1967 EVP_PKEY_HMAC, "", NULL
1968 #ifndef OPENSSL_NO_POLY1305
1969 }, {
1970 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1971 #endif
1972 #ifndef OPENSSL_NO_SIPHASH
1973 }, {
1974 EVP_PKEY_SIPHASH, "0123456789012345", NULL
1975 #endif
1976 },
1977 #ifndef OPENSSL_NO_EC
1978 {
1979 EVP_PKEY_X25519, "01234567890123456789012345678901",
1980 "abcdefghijklmnopqrstuvwxyzabcdef"
1981 }, {
1982 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1983 "abcdefghijklmnopqrstuvwxyzabcdef"
1984 }, {
1985 EVP_PKEY_X448,
1986 "01234567890123456789012345678901234567890123456789012345",
1987 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1988 }, {
1989 EVP_PKEY_ED448,
1990 "012345678901234567890123456789012345678901234567890123456",
1991 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1992 }
1993 #endif
1994 };
1995
1996 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
1997 {
1998 int ret = 0;
1999 unsigned char buf[80];
2000 unsigned char *in;
2001 size_t inlen, len = 0, shortlen = 1;
2002 EVP_PKEY *pkey;
2003
2004 /* Check if this algorithm supports public keys */
2005 if (pub && keys[tst].pub == NULL)
2006 return 1;
2007
2008 memset(buf, 0, sizeof(buf));
2009
2010 if (pub) {
2011 #ifndef OPENSSL_NO_EC
2012 inlen = strlen(keys[tst].pub);
2013 in = (unsigned char *)keys[tst].pub;
2014 if (uselibctx) {
2015 pkey = EVP_PKEY_new_raw_public_key_ex(
2016 testctx,
2017 OBJ_nid2sn(keys[tst].type),
2018 NULL,
2019 in,
2020 inlen);
2021 } else {
2022 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
2023 NULL,
2024 in,
2025 inlen);
2026 }
2027 #else
2028 return 1;
2029 #endif
2030 } else {
2031 inlen = strlen(keys[tst].priv);
2032 in = (unsigned char *)keys[tst].priv;
2033 if (uselibctx) {
2034 pkey = EVP_PKEY_new_raw_private_key_ex(
2035 testctx, OBJ_nid2sn(keys[tst].type),
2036 NULL,
2037 in,
2038 inlen);
2039 } else {
2040 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
2041 NULL,
2042 in,
2043 inlen);
2044 }
2045 }
2046
2047 if (!TEST_ptr(pkey)
2048 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
2049 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
2050 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
2051 || !TEST_true(len == inlen))
2052 goto done;
2053 if (tst != 1) {
2054 /*
2055 * Test that supplying a buffer that is too small fails. Doesn't apply
2056 * to HMAC with a zero length key
2057 */
2058 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
2059 &shortlen)))
2060 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
2061 &shortlen))))
2062 goto done;
2063 }
2064 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
2065 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
2066 || !TEST_mem_eq(in, inlen, buf, len))
2067 goto done;
2068
2069 ret = 1;
2070 done:
2071 EVP_PKEY_free(pkey);
2072 return ret;
2073 }
2074
2075 static int test_set_get_raw_keys(int tst)
2076 {
2077 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
2078 && test_set_get_raw_keys_int(tst, 0, 1)
2079 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
2080 && test_set_get_raw_keys_int(tst, 1, 1);
2081 }
2082
2083 #ifndef OPENSSL_NO_DEPRECATED_3_0
2084 static int pkey_custom_check(EVP_PKEY *pkey)
2085 {
2086 return 0xbeef;
2087 }
2088
2089 static int pkey_custom_pub_check(EVP_PKEY *pkey)
2090 {
2091 return 0xbeef;
2092 }
2093
2094 static int pkey_custom_param_check(EVP_PKEY *pkey)
2095 {
2096 return 0xbeef;
2097 }
2098
2099 static EVP_PKEY_METHOD *custom_pmeth;
2100 #endif
2101
2102 static int test_EVP_PKEY_check(int i)
2103 {
2104 int ret = 0;
2105 EVP_PKEY *pkey = NULL;
2106 EVP_PKEY_CTX *ctx = NULL;
2107 #ifndef OPENSSL_NO_DEPRECATED_3_0
2108 EVP_PKEY_CTX *ctx2 = NULL;
2109 #endif
2110 const APK_DATA *ak = &keycheckdata[i];
2111 const unsigned char *input = ak->kder;
2112 size_t input_len = ak->size;
2113 int expected_id = ak->evptype;
2114 int expected_check = ak->check;
2115 int expected_pub_check = ak->pub_check;
2116 int expected_param_check = ak->param_check;
2117 int type = ak->type;
2118
2119 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
2120 goto done;
2121 if (type == 0
2122 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2123 goto done;
2124
2125 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2126 goto done;
2127
2128 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
2129 goto done;
2130
2131 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
2132 goto done;
2133
2134 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
2135 goto done;
2136
2137 #ifndef OPENSSL_NO_DEPRECATED_3_0
2138 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
2139 /* assign the pkey directly, as an internal test */
2140 EVP_PKEY_up_ref(pkey);
2141 ctx2->pkey = pkey;
2142
2143 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
2144 goto done;
2145
2146 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
2147 goto done;
2148
2149 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
2150 goto done;
2151 #endif
2152
2153 ret = 1;
2154
2155 done:
2156 EVP_PKEY_CTX_free(ctx);
2157 #ifndef OPENSSL_NO_DEPRECATED_3_0
2158 EVP_PKEY_CTX_free(ctx2);
2159 #endif
2160 EVP_PKEY_free(pkey);
2161 return ret;
2162 }
2163
2164 #ifndef OPENSSL_NO_CMAC
2165 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
2166 {
2167 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
2168 const char msg[] = "Hello World";
2169 size_t maclen = AES_BLOCK_SIZE;
2170 int ret = 1;
2171
2172 if (!TEST_ptr(mdctx)
2173 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
2174 testpropq, pkey, NULL))
2175 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
2176 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
2177 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
2178 ret = 0;
2179
2180 EVP_MD_CTX_free(mdctx);
2181
2182 return ret;
2183 }
2184 static int test_CMAC_keygen(void)
2185 {
2186 static unsigned char key[] = {
2187 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2188 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2189 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2190 };
2191 EVP_PKEY_CTX *kctx = NULL;
2192 int ret = 0;
2193 EVP_PKEY *pkey = NULL;
2194 unsigned char mac[AES_BLOCK_SIZE];
2195 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2196 unsigned char mac2[AES_BLOCK_SIZE];
2197 # endif
2198
2199 if (nullprov != NULL)
2200 return TEST_skip("Test does not support a non-default library context");
2201
2202 /*
2203 * This is a legacy method for CMACs, but should still work.
2204 * This verifies that it works without an ENGINE.
2205 */
2206 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2207
2208 /* Test a CMAC key created using the "generated" method */
2209 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2210 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2211 EVP_PKEY_CTRL_CIPHER,
2212 0, (void *)EVP_aes_256_ecb()), 0)
2213 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2214 EVP_PKEY_CTRL_SET_MAC_KEY,
2215 sizeof(key), (void *)key), 0)
2216 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2217 || !TEST_ptr(pkey)
2218 || !TEST_true(get_cmac_val(pkey, mac)))
2219 goto done;
2220
2221 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2222 EVP_PKEY_free(pkey);
2223
2224 /*
2225 * Test a CMAC key using the direct method, and compare with the mac
2226 * created above.
2227 */
2228 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
2229 if (!TEST_ptr(pkey)
2230 || !TEST_true(get_cmac_val(pkey, mac2))
2231 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
2232 goto done;
2233 # endif
2234
2235 ret = 1;
2236
2237 done:
2238 EVP_PKEY_free(pkey);
2239 EVP_PKEY_CTX_free(kctx);
2240 return ret;
2241 }
2242 #endif
2243
2244 static int test_HKDF(void)
2245 {
2246 EVP_PKEY_CTX *pctx;
2247 unsigned char out[20];
2248 size_t outlen;
2249 int i, ret = 0;
2250 unsigned char salt[] = "0123456789";
2251 unsigned char key[] = "012345678901234567890123456789";
2252 unsigned char info[] = "infostring";
2253 const unsigned char expected[] = {
2254 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2255 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2256 };
2257 size_t expectedlen = sizeof(expected);
2258
2259 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2260 goto done;
2261
2262 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2263 for (i = 0; i < 2; i++) {
2264 outlen = sizeof(out);
2265 memset(out, 0, outlen);
2266
2267 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2268 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2269 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2270 sizeof(salt) - 1), 0)
2271 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2272 sizeof(key) - 1), 0)
2273 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2274 sizeof(info) - 1), 0)
2275 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2276 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2277 goto done;
2278 }
2279
2280 ret = 1;
2281
2282 done:
2283 EVP_PKEY_CTX_free(pctx);
2284
2285 return ret;
2286 }
2287
2288 static int test_emptyikm_HKDF(void)
2289 {
2290 EVP_PKEY_CTX *pctx;
2291 unsigned char out[20];
2292 size_t outlen;
2293 int ret = 0;
2294 unsigned char salt[] = "9876543210";
2295 unsigned char key[] = "";
2296 unsigned char info[] = "stringinfo";
2297 const unsigned char expected[] = {
2298 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2299 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2300 };
2301 size_t expectedlen = sizeof(expected);
2302
2303 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2304 goto done;
2305
2306 outlen = sizeof(out);
2307 memset(out, 0, outlen);
2308
2309 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2310 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2311 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2312 sizeof(salt) - 1), 0)
2313 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2314 sizeof(key) - 1), 0)
2315 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2316 sizeof(info) - 1), 0)
2317 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2318 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2319 goto done;
2320
2321 ret = 1;
2322
2323 done:
2324 EVP_PKEY_CTX_free(pctx);
2325
2326 return ret;
2327 }
2328
2329 #ifndef OPENSSL_NO_EC
2330 static int test_X509_PUBKEY_inplace(void)
2331 {
2332 int ret = 0;
2333 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
2334 const unsigned char *p = kExampleECPubKeyDER;
2335 size_t input_len = sizeof(kExampleECPubKeyDER);
2336
2337 if (!TEST_ptr(xp))
2338 goto done;
2339 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
2340 goto done;
2341
2342 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2343 goto done;
2344
2345 p = kExampleBadECPubKeyDER;
2346 input_len = sizeof(kExampleBadECPubKeyDER);
2347
2348 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2349 goto done;
2350
2351 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2352 goto done;
2353
2354 ret = 1;
2355
2356 done:
2357 X509_PUBKEY_free(xp);
2358 return ret;
2359 }
2360
2361 static int test_X509_PUBKEY_dup(void)
2362 {
2363 int ret = 0;
2364 X509_PUBKEY *xp = NULL, *xq = NULL;
2365 const unsigned char *p = kExampleECPubKeyDER;
2366 size_t input_len = sizeof(kExampleECPubKeyDER);
2367
2368 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2369 if (!TEST_ptr(xp)
2370 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
2371 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2372 || !TEST_ptr_ne(xp, xq))
2373 goto done;
2374
2375 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2376 || !TEST_ptr(X509_PUBKEY_get0(xp))
2377 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
2378 goto done;
2379
2380 X509_PUBKEY_free(xq);
2381 xq = NULL;
2382 p = kExampleBadECPubKeyDER;
2383 input_len = sizeof(kExampleBadECPubKeyDER);
2384
2385 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2386 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2387 goto done;
2388
2389 X509_PUBKEY_free(xp);
2390 xp = NULL;
2391 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2392 goto done;
2393
2394 ret = 1;
2395
2396 done:
2397 X509_PUBKEY_free(xp);
2398 X509_PUBKEY_free(xq);
2399 return ret;
2400 }
2401 #endif /* OPENSSL_NO_EC */
2402
2403 /* Test getting and setting parameters on an EVP_PKEY_CTX */
2404 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
2405 {
2406 EVP_MD_CTX *mdctx = NULL;
2407 EVP_PKEY_CTX *ctx = NULL;
2408 const OSSL_PARAM *params;
2409 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
2410 int ret = 0;
2411 const EVP_MD *md;
2412 char mdname[OSSL_MAX_NAME_SIZE];
2413 char ssl3ms[48];
2414
2415 /* Initialise a sign operation */
2416 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
2417 if (!TEST_ptr(ctx)
2418 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
2419 goto err;
2420
2421 /*
2422 * We should be able to query the parameters now.
2423 */
2424 params = EVP_PKEY_CTX_settable_params(ctx);
2425 if (!TEST_ptr(params)
2426 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2427 OSSL_SIGNATURE_PARAM_DIGEST)))
2428 goto err;
2429
2430 params = EVP_PKEY_CTX_gettable_params(ctx);
2431 if (!TEST_ptr(params)
2432 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2433 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
2434 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2435 OSSL_SIGNATURE_PARAM_DIGEST)))
2436 goto err;
2437
2438 /*
2439 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2440 * EVP_PKEY_CTX_get_params()
2441 */
2442 strcpy(mdname, "SHA512");
2443 param_md = param;
2444 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2445 mdname, 0);
2446 *param++ = OSSL_PARAM_construct_end();
2447
2448 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2449 goto err;
2450
2451 mdname[0] = '\0';
2452 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2453 mdname, sizeof(mdname));
2454 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
2455 || !TEST_str_eq(mdname, "SHA512"))
2456 goto err;
2457
2458 /*
2459 * Test the TEST_PKEY_CTX_set_signature_md() and
2460 * TEST_PKEY_CTX_get_signature_md() functions
2461 */
2462 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2463 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2464 || !TEST_ptr_eq(md, EVP_sha256()))
2465 goto err;
2466
2467 /*
2468 * Test getting MD parameters via an associated EVP_PKEY_CTX
2469 */
2470 mdctx = EVP_MD_CTX_new();
2471 if (!TEST_ptr(mdctx)
2472 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2473 pkey, NULL)))
2474 goto err;
2475
2476 /*
2477 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2478 * able to obtain the digest's settable parameters from the provider.
2479 */
2480 params = EVP_MD_CTX_settable_params(mdctx);
2481 if (!TEST_ptr(params)
2482 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2483 /* The final key should be NULL */
2484 || !TEST_ptr_null(params[1].key))
2485 goto err;
2486
2487 param = ourparams;
2488 memset(ssl3ms, 0, sizeof(ssl3ms));
2489 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2490 ssl3ms, sizeof(ssl3ms));
2491 *param++ = OSSL_PARAM_construct_end();
2492
2493 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2494 goto err;
2495
2496 ret = 1;
2497
2498 err:
2499 EVP_MD_CTX_free(mdctx);
2500 EVP_PKEY_CTX_free(ctx);
2501
2502 return ret;
2503 }
2504
2505 #ifndef OPENSSL_NO_DSA
2506 static int test_DSA_get_set_params(void)
2507 {
2508 OSSL_PARAM_BLD *bld = NULL;
2509 OSSL_PARAM *params = NULL;
2510 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2511 EVP_PKEY_CTX *pctx = NULL;
2512 EVP_PKEY *pkey = NULL;
2513 int ret = 0;
2514
2515 /*
2516 * Setup the parameters for our DSA object. For our purposes they don't
2517 * have to actually be *valid* parameters. We just need to set something.
2518 */
2519 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2520 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2521 || !TEST_ptr(p = BN_new())
2522 || !TEST_ptr(q = BN_new())
2523 || !TEST_ptr(g = BN_new())
2524 || !TEST_ptr(pub = BN_new())
2525 || !TEST_ptr(priv = BN_new()))
2526 goto err;
2527 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2528 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2529 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2530 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2531 pub))
2532 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2533 priv)))
2534 goto err;
2535 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2536 goto err;
2537
2538 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2539 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2540 params), 0))
2541 goto err;
2542
2543 if (!TEST_ptr(pkey))
2544 goto err;
2545
2546 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2547
2548 err:
2549 EVP_PKEY_free(pkey);
2550 EVP_PKEY_CTX_free(pctx);
2551 OSSL_PARAM_free(params);
2552 OSSL_PARAM_BLD_free(bld);
2553 BN_free(p);
2554 BN_free(q);
2555 BN_free(g);
2556 BN_free(pub);
2557 BN_free(priv);
2558
2559 return ret;
2560 }
2561
2562 /*
2563 * Test combinations of private, public, missing and private + public key
2564 * params to ensure they are all accepted
2565 */
2566 static int test_DSA_priv_pub(void)
2567 {
2568 return test_EVP_PKEY_ffc_priv_pub("DSA");
2569 }
2570
2571 #endif /* !OPENSSL_NO_DSA */
2572
2573 static int test_RSA_get_set_params(void)
2574 {
2575 OSSL_PARAM_BLD *bld = NULL;
2576 OSSL_PARAM *params = NULL;
2577 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2578 EVP_PKEY_CTX *pctx = NULL;
2579 EVP_PKEY *pkey = NULL;
2580 int ret = 0;
2581
2582 /*
2583 * Setup the parameters for our RSA object. For our purposes they don't
2584 * have to actually be *valid* parameters. We just need to set something.
2585 */
2586 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2587 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2588 || !TEST_ptr(n = BN_new())
2589 || !TEST_ptr(e = BN_new())
2590 || !TEST_ptr(d = BN_new()))
2591 goto err;
2592 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2593 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2594 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2595 goto err;
2596 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2597 goto err;
2598
2599 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2600 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2601 params), 0))
2602 goto err;
2603
2604 if (!TEST_ptr(pkey))
2605 goto err;
2606
2607 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2608
2609 err:
2610 EVP_PKEY_free(pkey);
2611 EVP_PKEY_CTX_free(pctx);
2612 OSSL_PARAM_free(params);
2613 OSSL_PARAM_BLD_free(bld);
2614 BN_free(n);
2615 BN_free(e);
2616 BN_free(d);
2617
2618 return ret;
2619 }
2620
2621 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2622 static int test_decrypt_null_chunks(void)
2623 {
2624 EVP_CIPHER_CTX* ctx = NULL;
2625 EVP_CIPHER *cipher = NULL;
2626 const unsigned char key[32] = {
2627 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2628 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2629 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2630 };
2631 unsigned char iv[12] = {
2632 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2633 };
2634 unsigned char msg[] = "It was the best of times, it was the worst of times";
2635 unsigned char ciphertext[80];
2636 unsigned char plaintext[80];
2637 /* We initialise tmp to a non zero value on purpose */
2638 int ctlen, ptlen, tmp = 99;
2639 int ret = 0;
2640 const int enc_offset = 10, dec_offset = 20;
2641
2642 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2643 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2644 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
2645 key, iv))
2646 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2647 enc_offset))
2648 /* Deliberate add a zero length update */
2649 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2650 0))
2651 || !TEST_int_eq(tmp, 0)
2652 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2653 msg + enc_offset,
2654 sizeof(msg) - enc_offset))
2655 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2656 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2657 || !TEST_int_eq(tmp, 0))
2658 goto err;
2659
2660 /* Deliberately initialise tmp to a non zero value */
2661 tmp = 99;
2662 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
2663 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2664 dec_offset))
2665 /*
2666 * Deliberately add a zero length update. We also deliberately do
2667 * this at a different offset than for encryption.
2668 */
2669 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2670 0))
2671 || !TEST_int_eq(tmp, 0)
2672 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2673 ciphertext + dec_offset,
2674 ctlen - dec_offset))
2675 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2676 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2677 || !TEST_int_eq(tmp, 0)
2678 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2679 goto err;
2680
2681 ret = 1;
2682 err:
2683 EVP_CIPHER_CTX_free(ctx);
2684 EVP_CIPHER_free(cipher);
2685 return ret;
2686 }
2687 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2688
2689 #ifndef OPENSSL_NO_DH
2690 /*
2691 * Test combinations of private, public, missing and private + public key
2692 * params to ensure they are all accepted
2693 */
2694 static int test_DH_priv_pub(void)
2695 {
2696 return test_EVP_PKEY_ffc_priv_pub("DH");
2697 }
2698
2699 # ifndef OPENSSL_NO_DEPRECATED_3_0
2700 static int test_EVP_PKEY_set1_DH(void)
2701 {
2702 DH *x942dh = NULL, *noqdh = NULL;
2703 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
2704 int ret = 0;
2705 BIGNUM *p, *g = NULL;
2706 BIGNUM *pubkey = NULL;
2707 unsigned char pub[2048 / 8];
2708 size_t len = 0;
2709
2710 if (!TEST_ptr(p = BN_new())
2711 || !TEST_ptr(g = BN_new())
2712 || !TEST_ptr(pubkey = BN_new())
2713 || !TEST_true(BN_set_word(p, 9999))
2714 || !TEST_true(BN_set_word(g, 2))
2715 || !TEST_true(BN_set_word(pubkey, 4321))
2716 || !TEST_ptr(noqdh = DH_new())
2717 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
2718 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
2719 || !TEST_ptr(pubkey = BN_new())
2720 || !TEST_true(BN_set_word(pubkey, 4321)))
2721 goto err;
2722 p = g = NULL;
2723
2724 x942dh = DH_get_2048_256();
2725 pkey1 = EVP_PKEY_new();
2726 pkey2 = EVP_PKEY_new();
2727 if (!TEST_ptr(x942dh)
2728 || !TEST_ptr(noqdh)
2729 || !TEST_ptr(pkey1)
2730 || !TEST_ptr(pkey2)
2731 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
2732 goto err;
2733 pubkey = NULL;
2734
2735 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2736 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
2737 goto err;
2738
2739 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
2740 &pubkey))
2741 || !TEST_ptr(pubkey))
2742 goto err;
2743
2744 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
2745 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
2746 goto err;
2747
2748 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
2749 OSSL_PKEY_PARAM_PUB_KEY,
2750 pub, sizeof(pub), &len))
2751 || !TEST_size_t_ne(len, 0))
2752 goto err;
2753
2754 ret = 1;
2755 err:
2756 BN_free(p);
2757 BN_free(g);
2758 BN_free(pubkey);
2759 EVP_PKEY_free(pkey1);
2760 EVP_PKEY_free(pkey2);
2761 DH_free(x942dh);
2762 DH_free(noqdh);
2763
2764 return ret;
2765 }
2766 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2767 #endif /* !OPENSSL_NO_DH */
2768
2769 /*
2770 * We test what happens with an empty template. For the sake of this test,
2771 * the template must be ignored, and we know that's the case for RSA keys
2772 * (this might arguably be a misfeature, but that's what we currently do,
2773 * even in provider code, since that's how the legacy RSA implementation
2774 * does things)
2775 */
2776 static int test_keygen_with_empty_template(int n)
2777 {
2778 EVP_PKEY_CTX *ctx = NULL;
2779 EVP_PKEY *pkey = NULL;
2780 EVP_PKEY *tkey = NULL;
2781 int ret = 0;
2782
2783 if (nullprov != NULL)
2784 return TEST_skip("Test does not support a non-default library context");
2785
2786 switch (n) {
2787 case 0:
2788 /* We do test with no template at all as well */
2789 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2790 goto err;
2791 break;
2792 case 1:
2793 /* Here we create an empty RSA key that serves as our template */
2794 if (!TEST_ptr(tkey = EVP_PKEY_new())
2795 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2796 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2797 goto err;
2798 break;
2799 }
2800
2801 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2802 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2803 goto err;
2804
2805 ret = 1;
2806 err:
2807 EVP_PKEY_CTX_free(ctx);
2808 EVP_PKEY_free(pkey);
2809 EVP_PKEY_free(tkey);
2810 return ret;
2811 }
2812
2813 /*
2814 * Test that we fail if we attempt to use an algorithm that is not available
2815 * in the current library context (unless we are using an algorithm that
2816 * should be made available via legacy codepaths).
2817 *
2818 * 0: RSA
2819 * 1: SM2
2820 */
2821 static int test_pkey_ctx_fail_without_provider(int tst)
2822 {
2823 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
2824 OSSL_PROVIDER *tmpnullprov = NULL;
2825 EVP_PKEY_CTX *pctx = NULL;
2826 const char *keytype = NULL;
2827 int expect_null = 0;
2828 int ret = 0;
2829
2830 if (!TEST_ptr(tmpctx))
2831 goto err;
2832
2833 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
2834 if (!TEST_ptr(tmpnullprov))
2835 goto err;
2836
2837 /*
2838 * We check for certain algos in the null provider.
2839 * If an algo is expected to have a provider keymgmt, contructing an
2840 * EVP_PKEY_CTX is expected to fail (return NULL).
2841 * Otherwise, if it's expected to have legacy support, contructing an
2842 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2843 */
2844 switch (tst) {
2845 case 0:
2846 keytype = "RSA";
2847 expect_null = 1;
2848 break;
2849 case 1:
2850 keytype = "SM2";
2851 expect_null = 1;
2852 #ifdef OPENSSL_NO_EC
2853 TEST_info("EC disable, skipping SM2 check...");
2854 goto end;
2855 #endif
2856 #ifdef OPENSSL_NO_SM2
2857 TEST_info("SM2 disable, skipping SM2 check...");
2858 goto end;
2859 #endif
2860 break;
2861 default:
2862 TEST_error("No test for case %d", tst);
2863 goto err;
2864 }
2865
2866 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2867 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
2868 goto err;
2869
2870 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2871 end:
2872 #endif
2873 ret = 1;
2874
2875 err:
2876 EVP_PKEY_CTX_free(pctx);
2877 OSSL_PROVIDER_unload(tmpnullprov);
2878 OSSL_LIB_CTX_free(tmpctx);
2879 return ret;
2880 }
2881
2882 static int test_rand_agglomeration(void)
2883 {
2884 EVP_RAND *rand;
2885 EVP_RAND_CTX *ctx;
2886 OSSL_PARAM params[3], *p = params;
2887 int res;
2888 unsigned int step = 7;
2889 static unsigned char seed[] = "It does not matter how slowly you go "
2890 "as long as you do not stop.";
2891 unsigned char out[sizeof(seed)];
2892
2893 if (!TEST_int_ne(sizeof(seed) % step, 0)
2894 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
2895 return 0;
2896 ctx = EVP_RAND_CTX_new(rand, NULL);
2897 EVP_RAND_free(rand);
2898 if (!TEST_ptr(ctx))
2899 return 0;
2900
2901 memset(out, 0, sizeof(out));
2902 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2903 seed, sizeof(seed));
2904 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
2905 *p = OSSL_PARAM_construct_end();
2906 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
2907 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
2908 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
2909 EVP_RAND_CTX_free(ctx);
2910 return res;
2911 }
2912
2913 /*
2914 * Test that we correctly return the original or "running" IV after
2915 * an encryption operation.
2916 * Run multiple times for some different relevant algorithms/modes.
2917 */
2918 static int test_evp_iv_aes(int idx)
2919 {
2920 int ret = 0;
2921 EVP_CIPHER_CTX *ctx = NULL;
2922 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2923 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2924 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
2925 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2926 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2927 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2928 9, 10, 11, 12, 13, 14, 15, 16 };
2929 unsigned char ciphertext[32], oiv[16], iv[16];
2930 unsigned char *ref_iv;
2931 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2932 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2933
2934 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2935 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2936 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
2937 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
2938 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2939 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2940 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2941 #ifndef OPENSSL_NO_OCB
2942 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2943 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2944 #endif
2945 int len = sizeof(ciphertext);
2946 size_t ivlen, ref_len;
2947 const EVP_CIPHER *type = NULL;
2948 int iv_reset = 0;
2949
2950 if (nullprov != NULL && idx < 6)
2951 return TEST_skip("Test does not support a non-default library context");
2952
2953 switch (idx) {
2954 case 0:
2955 type = EVP_aes_128_cbc();
2956 /* FALLTHROUGH */
2957 case 6:
2958 type = (type != NULL) ? type :
2959 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
2960 ref_iv = cbc_state;
2961 ref_len = sizeof(cbc_state);
2962 iv_reset = 1;
2963 break;
2964 case 1:
2965 type = EVP_aes_128_ofb();
2966 /* FALLTHROUGH */
2967 case 7:
2968 type = (type != NULL) ? type :
2969 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
2970 ref_iv = ofb_state;
2971 ref_len = sizeof(ofb_state);
2972 iv_reset = 1;
2973 break;
2974 case 2:
2975 type = EVP_aes_128_cfb();
2976 /* FALLTHROUGH */
2977 case 8:
2978 type = (type != NULL) ? type :
2979 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
2980 ref_iv = cfb_state;
2981 ref_len = sizeof(cfb_state);
2982 iv_reset = 1;
2983 break;
2984 case 3:
2985 type = EVP_aes_128_gcm();
2986 /* FALLTHROUGH */
2987 case 9:
2988 type = (type != NULL) ? type :
2989 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
2990 ref_iv = gcm_state;
2991 ref_len = sizeof(gcm_state);
2992 break;
2993 case 4:
2994 type = EVP_aes_128_ccm();
2995 /* FALLTHROUGH */
2996 case 10:
2997 type = (type != NULL) ? type :
2998 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
2999 ref_iv = ccm_state;
3000 ref_len = sizeof(ccm_state);
3001 break;
3002 #ifdef OPENSSL_NO_OCB
3003 case 5:
3004 case 11:
3005 return 1;
3006 #else
3007 case 5:
3008 type = EVP_aes_128_ocb();
3009 /* FALLTHROUGH */
3010 case 11:
3011 type = (type != NULL) ? type :
3012 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
3013 ref_iv = ocb_state;
3014 ref_len = sizeof(ocb_state);
3015 break;
3016 #endif
3017 default:
3018 return 0;
3019 }
3020
3021 if (!TEST_ptr(type)
3022 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3023 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3024 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3025 (int)sizeof(msg)))
3026 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3027 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3028 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3029 goto err;
3030 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3031 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3032 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3033 goto err;
3034
3035 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3036 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3037 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3038 goto err;
3039 if (iv_reset) {
3040 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3041 goto err;
3042 } else {
3043 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
3044 goto err;
3045 }
3046
3047 ret = 1;
3048 err:
3049 EVP_CIPHER_CTX_free(ctx);
3050 if (idx >= 6)
3051 EVP_CIPHER_free((EVP_CIPHER *)type);
3052 return ret;
3053 }
3054
3055 #ifndef OPENSSL_NO_DES
3056 static int test_evp_iv_des(int idx)
3057 {
3058 int ret = 0;
3059 EVP_CIPHER_CTX *ctx = NULL;
3060 static const unsigned char key[24] = {
3061 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3062 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3063 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3064 };
3065 static const unsigned char init_iv[8] = {
3066 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3067 };
3068 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3069 9, 10, 11, 12, 13, 14, 15, 16 };
3070 unsigned char ciphertext[32], oiv[8], iv[8];
3071 unsigned const char *ref_iv;
3072 static const unsigned char cbc_state_des[8] = {
3073 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3074 };
3075 static const unsigned char cbc_state_3des[8] = {
3076 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3077 };
3078 static const unsigned char ofb_state_des[8] = {
3079 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3080 };
3081 static const unsigned char ofb_state_3des[8] = {
3082 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3083 };
3084 static const unsigned char cfb_state_des[8] = {
3085 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3086 };
3087 static const unsigned char cfb_state_3des[8] = {
3088 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3089 };
3090 int len = sizeof(ciphertext);
3091 size_t ivlen, ref_len;
3092 EVP_CIPHER *type = NULL;
3093
3094 if (lgcyprov == NULL && idx < 3)
3095 return TEST_skip("Test requires legacy provider to be loaded");
3096
3097 switch (idx) {
3098 case 0:
3099 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
3100 ref_iv = cbc_state_des;
3101 ref_len = sizeof(cbc_state_des);
3102 break;
3103 case 1:
3104 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
3105 ref_iv = ofb_state_des;
3106 ref_len = sizeof(ofb_state_des);
3107 break;
3108 case 2:
3109 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
3110 ref_iv = cfb_state_des;
3111 ref_len = sizeof(cfb_state_des);
3112 break;
3113 case 3:
3114 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
3115 ref_iv = cbc_state_3des;
3116 ref_len = sizeof(cbc_state_3des);
3117 break;
3118 case 4:
3119 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
3120 ref_iv = ofb_state_3des;
3121 ref_len = sizeof(ofb_state_3des);
3122 break;
3123 case 5:
3124 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
3125 ref_iv = cfb_state_3des;
3126 ref_len = sizeof(cfb_state_3des);
3127 break;
3128 default:
3129 return 0;
3130 }
3131
3132 if (!TEST_ptr(type)
3133 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3134 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3135 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3136 (int)sizeof(msg)))
3137 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3138 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3139 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3140 goto err;
3141 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3142 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3143 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3144 goto err;
3145
3146 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3147 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3148 goto err;
3149 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3150 goto err;
3151
3152 ret = 1;
3153 err:
3154 EVP_CIPHER_CTX_free(ctx);
3155 EVP_CIPHER_free(type);
3156 return ret;
3157 }
3158 #endif
3159
3160 #ifndef OPENSSL_NO_EC
3161 static int ecpub_nids[] = {
3162 NID_brainpoolP256r1, NID_X9_62_prime256v1,
3163 NID_secp384r1, NID_secp521r1,
3164 # ifndef OPENSSL_NO_EC2M
3165 NID_sect233k1, NID_sect233r1, NID_sect283r1,
3166 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
3167 # endif
3168 NID_brainpoolP384r1, NID_brainpoolP512r1
3169 };
3170
3171 static int test_ecpub(int idx)
3172 {
3173 int ret = 0, len, savelen;
3174 int nid;
3175 unsigned char buf[1024];
3176 unsigned char *p;
3177 EVP_PKEY *pkey = NULL;
3178 EVP_PKEY_CTX *ctx = NULL;
3179 # ifndef OPENSSL_NO_DEPRECATED_3_0
3180 const unsigned char *q;
3181 EVP_PKEY *pkey2 = NULL;
3182 EC_KEY *ec = NULL;
3183 # endif
3184
3185 if (nullprov != NULL)
3186 return TEST_skip("Test does not support a non-default library context");
3187
3188 nid = ecpub_nids[idx];
3189
3190 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
3191 if (!TEST_ptr(ctx)
3192 || !TEST_true(EVP_PKEY_keygen_init(ctx))
3193 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid))
3194 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
3195 goto done;
3196 len = i2d_PublicKey(pkey, NULL);
3197 savelen = len;
3198 if (!TEST_int_ge(len, 1)
3199 || !TEST_int_lt(len, 1024))
3200 goto done;
3201 p = buf;
3202 len = i2d_PublicKey(pkey, &p);
3203 if (!TEST_int_ge(len, 1)
3204 || !TEST_int_eq(len, savelen))
3205 goto done;
3206
3207 # ifndef OPENSSL_NO_DEPRECATED_3_0
3208 /* Now try to decode the just-created DER. */
3209 q = buf;
3210 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
3211 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
3212 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
3213 goto done;
3214 /* EC_KEY ownership transferred */
3215 ec = NULL;
3216 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
3217 goto done;
3218 /* The keys should match. */
3219 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
3220 goto done;
3221 # endif
3222
3223 ret = 1;
3224
3225 done:
3226 EVP_PKEY_CTX_free(ctx);
3227 EVP_PKEY_free(pkey);
3228 # ifndef OPENSSL_NO_DEPRECATED_3_0
3229 EVP_PKEY_free(pkey2);
3230 EC_KEY_free(ec);
3231 # endif
3232 return ret;
3233 }
3234 #endif
3235
3236 static int test_EVP_rsa_pss_with_keygen_bits(void)
3237 {
3238 int ret = 0;
3239 EVP_PKEY_CTX *ctx = NULL;
3240 EVP_PKEY *pkey = NULL;
3241 EVP_MD *md;
3242
3243 md = EVP_MD_fetch(testctx, "sha256", testpropq);
3244 ret = TEST_ptr(md)
3245 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", testpropq)))
3246 && TEST_true(EVP_PKEY_keygen_init(ctx))
3247 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
3248 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
3249 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
3250
3251 EVP_MD_free(md);
3252 EVP_PKEY_free(pkey);
3253 EVP_PKEY_CTX_free(ctx);
3254 return ret;
3255 }
3256
3257 static int success = 1;
3258 static void md_names(const char *name, void *vctx)
3259 {
3260 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
3261 /* Force a namemap update */
3262 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
3263
3264 if (!TEST_ptr(aes128))
3265 success = 0;
3266
3267 EVP_CIPHER_free(aes128);
3268 }
3269
3270 /*
3271 * Test that changing the namemap in a user callback works in a names_do_all
3272 * function.
3273 */
3274 static int test_names_do_all(void)
3275 {
3276 /* We use a custom libctx so that we know the state of the namemap */
3277 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
3278 EVP_MD *sha256 = NULL;
3279 int testresult = 0;
3280
3281 if (!TEST_ptr(ctx))
3282 goto err;
3283
3284 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
3285 if (!TEST_ptr(sha256))
3286 goto err;
3287
3288 /*
3289 * We loop through all the names for a given digest. This should still work
3290 * even if the namemap changes part way through.
3291 */
3292 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
3293 goto err;
3294
3295 if (!TEST_true(success))
3296 goto err;
3297
3298 testresult = 1;
3299 err:
3300 EVP_MD_free(sha256);
3301 OSSL_LIB_CTX_free(ctx);
3302 return testresult;
3303 }
3304
3305 typedef struct {
3306 const char *cipher;
3307 const unsigned char *key;
3308 const unsigned char *iv;
3309 const unsigned char *input;
3310 const unsigned char *expected;
3311 const unsigned char *tag;
3312 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3313 size_t inlen;
3314 size_t expectedlen;
3315 size_t taglen;
3316 int keyfirst;
3317 int initenc;
3318 int finalenc;
3319 } EVP_INIT_TEST_st;
3320
3321 static const EVP_INIT_TEST_st evp_init_tests[] = {
3322 {
3323 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3324 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3325 0, 1, 0, 1
3326 },
3327 {
3328 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3329 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3330 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3331 sizeof(gcmDefaultTag), 1, 0, 1
3332 },
3333 {
3334 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3335 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3336 0, 0, 0, 1
3337 },
3338 {
3339 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3340 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3341 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3342 sizeof(gcmDefaultTag), 0, 0, 1
3343 },
3344 {
3345 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3346 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3347 0, 1, 1, 0
3348 },
3349 {
3350 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3351 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3352 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3353 sizeof(gcmDefaultTag), 1, 1, 0
3354 },
3355 {
3356 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3357 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3358 0, 0, 1, 0
3359 },
3360 {
3361 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3362 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3363 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3364 sizeof(gcmDefaultTag), 0, 1, 0
3365 }
3366 };
3367
3368 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
3369 {
3370 int res = 0;
3371
3372 if (t->ivlen != 0) {
3373 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL)))
3374 goto err;
3375 }
3376 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
3377 goto err;
3378 res = 1;
3379 err:
3380 return res;
3381 }
3382
3383 /*
3384 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3385 * arguments are given one at a time and a final adjustment to the enc
3386 * parameter sets the correct operation.
3387 */
3388 static int test_evp_init_seq(int idx)
3389 {
3390 int outlen1, outlen2;
3391 int testresult = 0;
3392 unsigned char outbuf[1024];
3393 unsigned char tag[16];
3394 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
3395 EVP_CIPHER_CTX *ctx = NULL;
3396 EVP_CIPHER *type = NULL;
3397 size_t taglen = sizeof(tag);
3398 char *errmsg = NULL;
3399
3400 ctx = EVP_CIPHER_CTX_new();
3401 if (ctx == NULL) {
3402 errmsg = "CTX_ALLOC";
3403 goto err;
3404 }
3405 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
3406 errmsg = "CIPHER_FETCH";
3407 goto err;
3408 }
3409 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
3410 errmsg = "EMPTY_ENC_INIT";
3411 goto err;
3412 }
3413 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3414 errmsg = "PADDING";
3415 goto err;
3416 }
3417 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3418 errmsg = "KEY_INIT (before iv)";
3419 goto err;
3420 }
3421 if (!evp_init_seq_set_iv(ctx, t)) {
3422 errmsg = "IV_INIT";
3423 goto err;
3424 }
3425 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3426 errmsg = "KEY_INIT (after iv)";
3427 goto err;
3428 }
3429 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
3430 errmsg = "FINAL_ENC_INIT";
3431 goto err;
3432 }
3433 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3434 errmsg = "CIPHER_UPDATE";
3435 goto err;
3436 }
3437 if (t->finalenc == 0 && t->tag != NULL) {
3438 /* Set expected tag */
3439 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
3440 t->taglen, (void *)t->tag))) {
3441 errmsg = "SET_TAG";
3442 goto err;
3443 }
3444 }
3445 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3446 errmsg = "CIPHER_FINAL";
3447 goto err;
3448 }
3449 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3450 errmsg = "WRONG_RESULT";
3451 goto err;
3452 }
3453 if (t->finalenc != 0 && t->tag != NULL) {
3454 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3455 errmsg = "GET_TAG";
3456 goto err;
3457 }
3458 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
3459 errmsg = "TAG_ERROR";
3460 goto err;
3461 }
3462 }
3463 testresult = 1;
3464 err:
3465 if (errmsg != NULL)
3466 TEST_info("evp_init_test %d: %s", idx, errmsg);
3467 EVP_CIPHER_CTX_free(ctx);
3468 EVP_CIPHER_free(type);
3469 return testresult;
3470 }
3471
3472 typedef struct {
3473 const unsigned char *input;
3474 const unsigned char *expected;
3475 size_t inlen;
3476 size_t expectedlen;
3477 int enc;
3478 } EVP_RESET_TEST_st;
3479
3480 static const EVP_RESET_TEST_st evp_reset_tests[] = {
3481 {
3482 cfbPlaintext, cfbCiphertext,
3483 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
3484 },
3485 {
3486 cfbCiphertext, cfbPlaintext,
3487 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
3488 }
3489 };
3490
3491 /*
3492 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3493 * been used.
3494 */
3495 static int test_evp_reset(int idx)
3496 {
3497 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
3498 int outlen1, outlen2;
3499 int testresult = 0;
3500 unsigned char outbuf[1024];
3501 EVP_CIPHER_CTX *ctx = NULL;
3502 EVP_CIPHER *type = NULL;
3503 char *errmsg = NULL;
3504
3505 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3506 errmsg = "CTX_ALLOC";
3507 goto err;
3508 }
3509 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
3510 errmsg = "CIPHER_FETCH";
3511 goto err;
3512 }
3513 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3514 errmsg = "CIPHER_INIT";
3515 goto err;
3516 }
3517 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3518 errmsg = "PADDING";
3519 goto err;
3520 }
3521 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3522 errmsg = "CIPHER_UPDATE";
3523 goto err;
3524 }
3525 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3526 errmsg = "CIPHER_FINAL";
3527 goto err;
3528 }
3529 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3530 errmsg = "WRONG_RESULT";
3531 goto err;
3532 }
3533 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
3534 errmsg = "CIPHER_REINIT";
3535 goto err;
3536 }
3537 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3538 errmsg = "CIPHER_UPDATE (reinit)";
3539 goto err;
3540 }
3541 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3542 errmsg = "CIPHER_FINAL (reinit)";
3543 goto err;
3544 }
3545 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3546 errmsg = "WRONG_RESULT (reinit)";
3547 goto err;
3548 }
3549 testresult = 1;
3550 err:
3551 if (errmsg != NULL)
3552 TEST_info("test_evp_reset %d: %s", idx, errmsg);
3553 EVP_CIPHER_CTX_free(ctx);
3554 EVP_CIPHER_free(type);
3555 return testresult;
3556 }
3557
3558 typedef struct {
3559 const char *cipher;
3560 int enc;
3561 } EVP_UPDATED_IV_TEST_st;
3562
3563 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
3564 {
3565 "aes-128-cfb", 1
3566 },
3567 {
3568 "aes-128-cfb", 0
3569 },
3570 {
3571 "aes-128-cfb1", 1
3572 },
3573 {
3574 "aes-128-cfb1", 0
3575 },
3576 {
3577 "aes-128-cfb8", 1
3578 },
3579 {
3580 "aes-128-cfb8", 0
3581 },
3582 {
3583 "aes-128-ofb", 1
3584 },
3585 {
3586 "aes-128-ofb", 0
3587 },
3588 {
3589 "aes-128-ctr", 1
3590 },
3591 {
3592 "aes-128-ctr", 0
3593 },
3594 {
3595 "aes-128-cbc", 1
3596 },
3597 {
3598 "aes-128-cbc", 0
3599 }
3600 };
3601
3602 /*
3603 * Test that the IV in the context is updated during a crypto operation for CFB
3604 * and OFB.
3605 */
3606 static int test_evp_updated_iv(int idx)
3607 {
3608 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
3609 int outlen1, outlen2;
3610 int testresult = 0;
3611 unsigned char outbuf[1024];
3612 EVP_CIPHER_CTX *ctx = NULL;
3613 EVP_CIPHER *type = NULL;
3614 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
3615 int iv_len;
3616 char *errmsg = NULL;
3617
3618 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3619 errmsg = "CTX_ALLOC";
3620 goto err;
3621 }
3622 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
3623 TEST_info("cipher %s not supported, skipping", t->cipher);
3624 goto ok;
3625 }
3626
3627 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3628 errmsg = "CIPHER_INIT";
3629 goto err;
3630 }
3631 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3632 errmsg = "PADDING";
3633 goto err;
3634 }
3635 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
3636 errmsg = "CIPHER_UPDATE";
3637 goto err;
3638 }
3639 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
3640 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
3641 goto err;
3642 }
3643 if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) {
3644 errmsg = "CIPHER_CTX_GET_IV_LEN";
3645 goto err;
3646 }
3647 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
3648 errmsg = "IV_NOT_UPDATED";
3649 goto err;
3650 }
3651 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3652 errmsg = "CIPHER_FINAL";
3653 goto err;
3654 }
3655 ok:
3656 testresult = 1;
3657 err:
3658 if (errmsg != NULL)
3659 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
3660 EVP_CIPHER_CTX_free(ctx);
3661 EVP_CIPHER_free(type);
3662 return testresult;
3663 }
3664
3665 typedef struct {
3666 const unsigned char *iv1;
3667 const unsigned char *iv2;
3668 const unsigned char *expected1;
3669 const unsigned char *expected2;
3670 const unsigned char *tag1;
3671 const unsigned char *tag2;
3672 size_t ivlen1;
3673 size_t ivlen2;
3674 size_t expectedlen1;
3675 size_t expectedlen2;
3676 } TEST_GCM_IV_REINIT_st;
3677
3678 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
3679 {
3680 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
3681 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
3682 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
3683 },
3684 {
3685 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
3686 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
3687 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
3688 }
3689 };
3690
3691 static int test_gcm_reinit(int idx)
3692 {
3693 int outlen1, outlen2, outlen3;
3694 int testresult = 0;
3695 unsigned char outbuf[1024];
3696 unsigned char tag[16];
3697 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
3698 EVP_CIPHER_CTX *ctx = NULL;
3699 EVP_CIPHER *type = NULL;
3700 size_t taglen = sizeof(tag);
3701 char *errmsg = NULL;
3702
3703 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3704 errmsg = "CTX_ALLOC";
3705 goto err;
3706 }
3707 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
3708 errmsg = "CIPHER_FETCH";
3709 goto err;
3710 }
3711 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
3712 errmsg = "ENC_INIT";
3713 goto err;
3714 }
3715 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL))) {
3716 errmsg = "SET_IVLEN1";
3717 goto err;
3718 }
3719 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
3720 errmsg = "SET_IV1";
3721 goto err;
3722 }
3723 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3724 errmsg = "AAD1";
3725 goto err;
3726 }
3727 EVP_CIPHER_CTX_set_padding(ctx, 0);
3728 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3729 sizeof(gcmResetPlaintext)))) {
3730 errmsg = "CIPHER_UPDATE1";
3731 goto err;
3732 }
3733 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3734 errmsg = "CIPHER_FINAL1";
3735 goto err;
3736 }
3737 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
3738 errmsg = "WRONG_RESULT1";
3739 goto err;
3740 }
3741 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3742 errmsg = "GET_TAG1";
3743 goto err;
3744 }
3745 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
3746 errmsg = "TAG_ERROR1";
3747 goto err;
3748 }
3749 /* Now reinit */
3750 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL))) {
3751 errmsg = "SET_IVLEN2";
3752 goto err;
3753 }
3754 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
3755 errmsg = "SET_IV2";
3756 goto err;
3757 }
3758 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3759 errmsg = "AAD2";
3760 goto err;
3761 }
3762 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3763 sizeof(gcmResetPlaintext)))) {
3764 errmsg = "CIPHER_UPDATE2";
3765 goto err;
3766 }
3767 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3768 errmsg = "CIPHER_FINAL2";
3769 goto err;
3770 }
3771 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
3772 errmsg = "WRONG_RESULT2";
3773 goto err;
3774 }
3775 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3776 errmsg = "GET_TAG2";
3777 goto err;
3778 }
3779 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
3780 errmsg = "TAG_ERROR2";
3781 goto err;
3782 }
3783 testresult = 1;
3784 err:
3785 if (errmsg != NULL)
3786 TEST_info("evp_init_test %d: %s", idx, errmsg);
3787 EVP_CIPHER_CTX_free(ctx);
3788 EVP_CIPHER_free(type);
3789 return testresult;
3790 }
3791
3792 #ifndef OPENSSL_NO_DEPRECATED_3_0
3793 static EVP_PKEY_METHOD *custom_pmeth = NULL;
3794 static const EVP_PKEY_METHOD *orig_pmeth = NULL;
3795
3796 # define EVP_PKEY_CTRL_MY_COMMAND 9999
3797
3798 static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
3799 {
3800 int (*pinit)(EVP_PKEY_CTX *ctx);
3801
3802 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
3803 return pinit(ctx);
3804 }
3805
3806 static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
3807 {
3808 void (*pcleanup)(EVP_PKEY_CTX *ctx);
3809
3810 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
3811 pcleanup(ctx);
3812 }
3813
3814 static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
3815 size_t *outlen, const unsigned char *in,
3816 size_t inlen)
3817 {
3818 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
3819 const unsigned char *tbs, size_t tbslen);
3820
3821 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
3822 return psign(ctx, out, outlen, in, inlen);
3823 }
3824
3825 static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
3826 size_t *siglen, const unsigned char *tbs,
3827 size_t tbslen)
3828 {
3829 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
3830 const unsigned char *tbs, size_t tbslen);
3831
3832 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
3833 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
3834 }
3835
3836 static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
3837 size_t *keylen)
3838 {
3839 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
3840
3841 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
3842 return pderive(ctx, key, keylen);
3843 }
3844
3845 static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
3846 {
3847 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
3848
3849 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
3850 return pcopy(dst, src);
3851 }
3852
3853 static int ctrl_called;
3854
3855 static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
3856 {
3857 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
3858
3859 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
3860
3861 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
3862 ctrl_called = 1;
3863 return 1;
3864 }
3865
3866 return pctrl(ctx, type, p1, p2);
3867 }
3868
3869 static int test_custom_pmeth(int idx)
3870 {
3871 EVP_PKEY_CTX *pctx = NULL;
3872 EVP_MD_CTX *ctx = NULL;
3873 EVP_PKEY *pkey = NULL;
3874 int id, orig_id, orig_flags;
3875 int testresult = 0;
3876 size_t reslen;
3877 unsigned char *res = NULL;
3878 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
3879 const EVP_MD *md = EVP_sha256();
3880 int doderive = 0;
3881
3882 ctrl_called = 0;
3883
3884 /* We call deprecated APIs so this test doesn't support a custom libctx */
3885 if (testctx != NULL)
3886 return 1;
3887
3888 switch (idx) {
3889 case 0:
3890 case 6:
3891 id = EVP_PKEY_RSA;
3892 pkey = load_example_rsa_key();
3893 break;
3894 case 1:
3895 case 7:
3896 # ifndef OPENSSL_NO_DSA
3897 id = EVP_PKEY_DSA;
3898 pkey = load_example_dsa_key();
3899 break;
3900 # else
3901 return 1;
3902 # endif
3903 case 2:
3904 case 8:
3905 # ifndef OPENSSL_NO_EC
3906 id = EVP_PKEY_EC;
3907 pkey = load_example_ec_key();
3908 break;
3909 # else
3910 return 1;
3911 # endif
3912 case 3:
3913 case 9:
3914 # ifndef OPENSSL_NO_EC
3915 id = EVP_PKEY_ED25519;
3916 md = NULL;
3917 pkey = load_example_ed25519_key();
3918 break;
3919 # else
3920 return 1;
3921 # endif
3922 case 4:
3923 case 10:
3924 # ifndef OPENSSL_NO_DH
3925 id = EVP_PKEY_DH;
3926 doderive = 1;
3927 pkey = load_example_dh_key();
3928 break;
3929 # else
3930 return 1;
3931 # endif
3932 case 5:
3933 case 11:
3934 # ifndef OPENSSL_NO_EC
3935 id = EVP_PKEY_X25519;
3936 doderive = 1;
3937 pkey = load_example_x25519_key();
3938 break;
3939 # else
3940 return 1;
3941 # endif
3942 default:
3943 TEST_error("Should not happen");
3944 goto err;
3945 }
3946
3947 if (!TEST_ptr(pkey))
3948 goto err;
3949
3950 if (idx < 6) {
3951 if (!TEST_true(evp_pkey_is_provided(pkey)))
3952 goto err;
3953 } else {
3954 EVP_PKEY *tmp = pkey;
3955
3956 /* Convert to a legacy key */
3957 pkey = EVP_PKEY_new();
3958 if (!TEST_ptr(pkey)) {
3959 pkey = tmp;
3960 goto err;
3961 }
3962 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
3963 EVP_PKEY_free(tmp);
3964 goto err;
3965 }
3966 EVP_PKEY_free(tmp);
3967 if (!TEST_true(evp_pkey_is_legacy(pkey)))
3968 goto err;
3969 }
3970
3971 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
3972 || !TEST_ptr(pkey))
3973 goto err;
3974
3975 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
3976 if (!TEST_int_eq(orig_id, id)
3977 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
3978 goto err;
3979
3980 if (id == EVP_PKEY_ED25519) {
3981 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
3982 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
3983 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
3984 } else {
3985 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
3986 }
3987 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
3988 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
3989 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
3990 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
3991 }
3992 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
3993 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
3994 goto err;
3995
3996 if (doderive) {
3997 pctx = EVP_PKEY_CTX_new(pkey, NULL);
3998 if (!TEST_ptr(pctx)
3999 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
4000 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4001 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4002 1)
4003 || !TEST_int_eq(ctrl_called, 1)
4004 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
4005 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
4006 || !TEST_ptr(res = OPENSSL_malloc(reslen))
4007 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
4008 goto err;
4009 } else {
4010 ctx = EVP_MD_CTX_new();
4011 reslen = EVP_PKEY_size(pkey);
4012 res = OPENSSL_malloc(reslen);
4013 if (!TEST_ptr(ctx)
4014 || !TEST_ptr(res)
4015 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
4016 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4017 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4018 1)
4019 || !TEST_int_eq(ctrl_called, 1))
4020 goto err;
4021
4022 if (id == EVP_PKEY_ED25519) {
4023 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
4024 goto err;
4025 } else {
4026 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
4027 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
4028 goto err;
4029 }
4030 }
4031
4032 testresult = 1;
4033 err:
4034 OPENSSL_free(res);
4035 EVP_MD_CTX_free(ctx);
4036 if (doderive)
4037 EVP_PKEY_CTX_free(pctx);
4038 EVP_PKEY_free(pkey);
4039 EVP_PKEY_meth_remove(custom_pmeth);
4040 EVP_PKEY_meth_free(custom_pmeth);
4041 custom_pmeth = NULL;
4042 return testresult;
4043 }
4044
4045 static int test_evp_md_cipher_meth(void)
4046 {
4047 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
4048 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
4049 int testresult = 0;
4050
4051 if (!TEST_ptr(md) || !TEST_ptr(ciph))
4052 goto err;
4053
4054 testresult = 1;
4055
4056 err:
4057 EVP_MD_meth_free(md);
4058 EVP_CIPHER_meth_free(ciph);
4059
4060 return testresult;
4061 }
4062
4063 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4064 /* Test we can create a signature keys with an associated ENGINE */
4065 static int test_signatures_with_engine(int tst)
4066 {
4067 ENGINE *e;
4068 const char *engine_id = "dasync";
4069 EVP_PKEY *pkey = NULL;
4070 const unsigned char badcmackey[] = { 0x00, 0x01 };
4071 const unsigned char cmackey[] = {
4072 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4073 0x0c, 0x0d, 0x0e, 0x0f
4074 };
4075 const unsigned char ed25519key[] = {
4076 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4077 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4078 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
4079 };
4080 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4081 int testresult = 0;
4082 EVP_MD_CTX *ctx = NULL;
4083 unsigned char *mac = NULL;
4084 size_t maclen = 0;
4085 int ret;
4086
4087 # ifdef OPENSSL_NO_CMAC
4088 /* Skip CMAC tests in a no-cmac build */
4089 if (tst <= 1)
4090 return 1;
4091 # endif
4092
4093 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4094 return 0;
4095
4096 if (!TEST_true(ENGINE_init(e))) {
4097 ENGINE_free(e);
4098 return 0;
4099 }
4100
4101 switch (tst) {
4102 case 0:
4103 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
4104 EVP_aes_128_cbc());
4105 break;
4106 case 1:
4107 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
4108 EVP_aes_128_cbc());
4109 break;
4110 case 2:
4111 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
4112 sizeof(ed25519key));
4113 break;
4114 default:
4115 TEST_error("Invalid test case");
4116 goto err;
4117 }
4118 if (!TEST_ptr(pkey))
4119 goto err;
4120
4121 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
4122 goto err;
4123
4124 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
4125 pkey);
4126 if (tst == 0) {
4127 if (!TEST_true(ret))
4128 goto err;
4129
4130 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
4131 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
4132 goto err;
4133
4134 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
4135 goto err;
4136
4137 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
4138 goto err;
4139 } else {
4140 /* We used a bad key. We expect a failure here */
4141 if (!TEST_false(ret))
4142 goto err;
4143 }
4144
4145 testresult = 1;
4146 err:
4147 EVP_MD_CTX_free(ctx);
4148 OPENSSL_free(mac);
4149 EVP_PKEY_free(pkey);
4150 ENGINE_finish(e);
4151 ENGINE_free(e);
4152
4153 return testresult;
4154 }
4155
4156 static int test_cipher_with_engine(void)
4157 {
4158 ENGINE *e;
4159 const char *engine_id = "dasync";
4160 const unsigned char keyiv[] = {
4161 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4162 0x0c, 0x0d, 0x0e, 0x0f
4163 };
4164 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4165 int testresult = 0;
4166 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
4167 unsigned char buf[AES_BLOCK_SIZE];
4168 int len = 0;
4169
4170 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4171 return 0;
4172
4173 if (!TEST_true(ENGINE_init(e))) {
4174 ENGINE_free(e);
4175 return 0;
4176 }
4177
4178 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4179 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
4180 goto err;
4181
4182 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
4183 goto err;
4184
4185 /* Copy the ctx, and complete the operation with the new ctx */
4186 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
4187 goto err;
4188
4189 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
4190 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
4191 goto err;
4192
4193 testresult = 1;
4194 err:
4195 EVP_CIPHER_CTX_free(ctx);
4196 EVP_CIPHER_CTX_free(ctx2);
4197 ENGINE_finish(e);
4198 ENGINE_free(e);
4199
4200 return testresult;
4201 }
4202 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
4203 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
4204
4205 typedef enum OPTION_choice {
4206 OPT_ERR = -1,
4207 OPT_EOF = 0,
4208 OPT_CONTEXT,
4209 OPT_TEST_ENUM
4210 } OPTION_CHOICE;
4211
4212 const OPTIONS *test_get_options(void)
4213 {
4214 static const OPTIONS options[] = {
4215 OPT_TEST_OPTIONS_DEFAULT_USAGE,
4216 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
4217 { NULL }
4218 };
4219 return options;
4220 }
4221
4222 int setup_tests(void)
4223 {
4224 OPTION_CHOICE o;
4225
4226 while ((o = opt_next()) != OPT_EOF) {
4227 switch (o) {
4228 case OPT_CONTEXT:
4229 /* Set up an alternate library context */
4230 testctx = OSSL_LIB_CTX_new();
4231 if (!TEST_ptr(testctx))
4232 return 0;
4233 /* Swap the libctx to test non-default context only */
4234 nullprov = OSSL_PROVIDER_load(NULL, "null");
4235 deflprov = OSSL_PROVIDER_load(testctx, "default");
4236 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
4237 break;
4238 case OPT_TEST_CASES:
4239 break;
4240 default:
4241 return 0;
4242 }
4243 }
4244
4245 ADD_TEST(test_EVP_set_default_properties);
4246 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
4247 ADD_TEST(test_EVP_DigestVerifyInit);
4248 #ifndef OPENSSL_NO_SIPHASH
4249 ADD_TEST(test_siphash_digestsign);
4250 #endif
4251 ADD_TEST(test_EVP_Digest);
4252 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
4253 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
4254 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
4255 ADD_TEST(test_privatekey_to_pkcs8);
4256 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
4257 #ifndef OPENSSL_NO_EC
4258 ADD_TEST(test_EVP_PKCS82PKEY);
4259 #endif
4260 #ifndef OPENSSL_NO_EC
4261 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
4262 #endif
4263 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
4264 ADD_TEST(test_EVP_SM2);
4265 ADD_TEST(test_EVP_SM2_verify);
4266 #endif
4267 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
4268 #ifndef OPENSSL_NO_DEPRECATED_3_0
4269 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
4270 if (!TEST_ptr(custom_pmeth))
4271 return 0;
4272 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
4273 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
4274 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
4275 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
4276 return 0;
4277 #endif
4278 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
4279 #ifndef OPENSSL_NO_CMAC
4280 ADD_TEST(test_CMAC_keygen);
4281 #endif
4282 ADD_TEST(test_HKDF);
4283 ADD_TEST(test_emptyikm_HKDF);
4284 #ifndef OPENSSL_NO_EC
4285 ADD_TEST(test_X509_PUBKEY_inplace);
4286 ADD_TEST(test_X509_PUBKEY_dup);
4287 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
4288 OSSL_NELEM(ec_der_pub_keys));
4289 #endif
4290 #ifndef OPENSSL_NO_DSA
4291 ADD_TEST(test_DSA_get_set_params);
4292 ADD_TEST(test_DSA_priv_pub);
4293 #endif
4294 ADD_TEST(test_RSA_get_set_params);
4295 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
4296 ADD_TEST(test_decrypt_null_chunks);
4297 #endif
4298 #ifndef OPENSSL_NO_DH
4299 ADD_TEST(test_DH_priv_pub);
4300 # ifndef OPENSSL_NO_DEPRECATED_3_0
4301 ADD_TEST(test_EVP_PKEY_set1_DH);
4302 # endif
4303 #endif
4304 #ifndef OPENSSL_NO_EC
4305 ADD_TEST(test_EC_priv_pub);
4306 # ifndef OPENSSL_NO_DEPRECATED_3_0
4307 ADD_TEST(test_EC_priv_only_legacy);
4308 # endif
4309 #endif
4310 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
4311 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
4312
4313 ADD_TEST(test_rand_agglomeration);
4314 ADD_ALL_TESTS(test_evp_iv_aes, 12);
4315 #ifndef OPENSSL_NO_DES
4316 ADD_ALL_TESTS(test_evp_iv_des, 6);
4317 #endif
4318 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
4319 #ifndef OPENSSL_NO_EC
4320 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
4321 #endif
4322
4323 ADD_TEST(test_names_do_all);
4324
4325 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
4326 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
4327 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
4328 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
4329
4330 #ifndef OPENSSL_NO_DEPRECATED_3_0
4331 ADD_ALL_TESTS(test_custom_pmeth, 12);
4332 ADD_TEST(test_evp_md_cipher_meth);
4333
4334 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4335 /* Tests only support the default libctx */
4336 if (testctx == NULL) {
4337 # ifndef OPENSSL_NO_EC
4338 ADD_ALL_TESTS(test_signatures_with_engine, 3);
4339 # else
4340 ADD_ALL_TESTS(test_signatures_with_engine, 2);
4341 # endif
4342 ADD_TEST(test_cipher_with_engine);
4343 }
4344 # endif
4345 #endif
4346
4347 return 1;
4348 }
4349
4350 void cleanup_tests(void)
4351 {
4352 OSSL_PROVIDER_unload(nullprov);
4353 OSSL_PROVIDER_unload(deflprov);
4354 OSSL_PROVIDER_unload(lgcyprov);
4355 OSSL_LIB_CTX_free(testctx);
4356 }
A mirror of the official openssl repository