]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/evp_extra_test.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Test EVP Cipher updating the context's IV
[thirdparty/openssl.git] / test / evp_extra_test.c
1 /*
2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include "testutil.h"
34 #include "internal/nelem.h"
35 #include "internal/sizes.h"
36 #include "crypto/evp.h"
37 #include "../e_os.h" /* strcasecmp */
38
39 static OSSL_LIB_CTX *testctx = NULL;
40 static char *testpropq = NULL;
41
42 static OSSL_PROVIDER *nullprov = NULL;
43 static OSSL_PROVIDER *deflprov = NULL;
44 static OSSL_PROVIDER *lgcyprov = NULL;
45
46 /*
47 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
48 * should never use this key anywhere but in an example.
49 */
50 static const unsigned char kExampleRSAKeyDER[] = {
51 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
52 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
53 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
54 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
55 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
56 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
57 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
58 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
59 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
60 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
61 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
62 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
63 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
64 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
65 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
66 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
67 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
68 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
69 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
70 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
71 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
72 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
73 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
74 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
75 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
76 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
77 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
78 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
79 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
80 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
81 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
82 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
83 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
84 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
85 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
86 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
87 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
88 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
89 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
90 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
91 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
92 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
93 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
94 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
95 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
96 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
97 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
98 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
99 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
100 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
101 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
102 };
103
104 /*
105 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
106 * should never use this key anywhere but in an example.
107 */
108 #ifndef OPENSSL_NO_DSA
109 static const unsigned char kExampleDSAKeyDER[] = {
110 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
111 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
112 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
113 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
114 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
115 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
116 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
117 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
118 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
119 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
120 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
121 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
122 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
123 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
124 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
125 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
126 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
127 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
128 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
129 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
130 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
131 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
132 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
133 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
134 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
135 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
136 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
137 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
138 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
139 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
140 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
141 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
142 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
143 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
144 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
145 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
146 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
147 0x40, 0x48
148 };
149 #endif
150
151 /*
152 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
153 * components are not correct.
154 */
155 static const unsigned char kExampleBadRSAKeyDER[] = {
156 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
157 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
158 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
159 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
160 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
161 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
162 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
163 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
164 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
165 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
166 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
167 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
168 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
169 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
170 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
171 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
172 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
173 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
174 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
175 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
176 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
177 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
178 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
179 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
180 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
181 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
182 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
183 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
184 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
185 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
186 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
187 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
188 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
189 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
190 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
191 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
192 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
193 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
194 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
195 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
196 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
197 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
198 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
199 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
200 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
201 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
202 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
203 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
204 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
205 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
206 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
207 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
208 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
209 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
210 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
211 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
212 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
213 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
214 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
215 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
216 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
217 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
218 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
219 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
220 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
221 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
222 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
223 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
224 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
225 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
226 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
227 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
228 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
229 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
230 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
231 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
232 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
233 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
234 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
235 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
236 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
237 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
238 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
239 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
240 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
241 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
242 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
243 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
244 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
245 };
246
247 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
248
249 static const unsigned char kSignature[] = {
250 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
251 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
252 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
253 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
254 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
255 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
256 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
257 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
258 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
259 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
260 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
261 };
262
263 /*
264 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
265 * PrivateKeyInfo.
266 */
267 static const unsigned char kExampleRSAKeyPKCS8[] = {
268 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
269 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
270 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
271 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
272 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
273 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
274 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
275 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
276 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
277 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
278 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
279 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
280 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
281 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
282 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
283 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
284 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
285 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
286 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
287 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
288 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
289 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
290 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
291 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
292 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
293 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
294 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
295 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
296 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
297 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
298 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
299 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
300 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
301 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
302 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
303 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
304 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
305 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
306 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
307 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
308 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
309 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
310 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
311 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
312 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
313 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
314 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
315 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
316 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
317 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
318 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
319 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
320 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
321 };
322
323 #ifndef OPENSSL_NO_EC
324 /*
325 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
326 * structure.
327 */
328 static const unsigned char kExampleECKeyDER[] = {
329 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
330 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
331 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
332 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
333 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
334 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
335 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
336 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
337 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
338 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
339 0xc1,
340 };
341
342 /*
343 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
344 * structure. The private key is equal to the order and will fail to import
345 */
346 static const unsigned char kExampleBadECKeyDER[] = {
347 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
348 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
349 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
350 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
351 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
352 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
353 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
354 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
355 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
356 };
357
358 /* prime256v1 */
359 static const unsigned char kExampleECPubKeyDER[] = {
360 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
361 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
362 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
363 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
364 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
365 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
366 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
367 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
368 };
369
370 /*
371 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
372 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
373 */
374 static const unsigned char kExampleBadECPubKeyDER[] = {
375 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
376 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
377 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
378 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
379 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
380 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
381 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
382 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
383 };
384
385 static const unsigned char pExampleECParamDER[] = {
386 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
387 };
388
389 static const unsigned char kExampleED25519KeyDER[] = {
390 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
391 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
392 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
393 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
394 };
395
396 static const unsigned char kExampleED25519PubKeyDER[] = {
397 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
398 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
399 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
400 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
401 };
402
403 # ifndef OPENSSL_NO_DEPRECATED_3_0
404 static const unsigned char kExampleX25519KeyDER[] = {
405 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
406 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
407 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
408 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
409 };
410 # endif
411 #endif
412
413 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
414 #ifndef OPENSSL_NO_DEPRECATED_3_0
415 # ifndef OPENSSL_NO_DH
416 static const unsigned char kExampleDHKeyDER[] = {
417 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
418 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
419 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
420 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
421 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
422 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
423 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
424 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
425 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
426 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
427 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
428 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
429 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
430 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
431 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
432 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
433 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
434 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
435 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
436 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
437 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
438 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
439 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
440 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
441 0x2e, 0x87, 0x2a, 0x0b, 0x7a
442 };
443 # endif
444 #endif
445
446 static const unsigned char kCFBDefaultKey[] = {
447 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
448 0x09, 0xCF, 0x4F, 0x3C
449 };
450
451 static const unsigned char kGCMDefaultKey[32] = { 0 };
452
453 static const unsigned char kGCMResetKey[] = {
454 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
455 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
456 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
457 };
458
459 static const unsigned char iCFBIV[] = {
460 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
461 0x0C, 0x0D, 0x0E, 0x0F
462 };
463
464 static const unsigned char iGCMDefaultIV[12] = { 0 };
465
466 static const unsigned char iGCMResetIV1[] = {
467 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
468 };
469
470 static const unsigned char iGCMResetIV2[] = {
471 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
472 };
473
474 static const unsigned char cfbPlaintext[] = {
475 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
476 0x73, 0x93, 0x17, 0x2A
477 };
478
479 static const unsigned char gcmDefaultPlaintext[16] = { 0 };
480
481 static const unsigned char gcmResetPlaintext[] = {
482 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
483 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
484 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
485 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
486 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
487 };
488
489 static const unsigned char cfbCiphertext[] = {
490 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
491 0xE8, 0x3C, 0xFB, 0x4A
492 };
493
494 static const unsigned char gcmDefaultCiphertext[] = {
495 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
496 0xba, 0xf3, 0x9d, 0x18
497 };
498
499 static const unsigned char gcmResetCiphertext1[] = {
500 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
501 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
502 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
503 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
504 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
505 };
506
507 static const unsigned char gcmResetCiphertext2[] = {
508 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
509 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
510 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
511 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
512 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
513 };
514
515 static const unsigned char gcmAAD[] = {
516 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
517 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
518 };
519
520 static const unsigned char gcmDefaultTag[] = {
521 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
522 0xd4, 0x8a, 0xb9, 0x19
523 };
524
525 static const unsigned char gcmResetTag1[] = {
526 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
527 0xfe, 0x2e, 0xa8, 0xf2
528 };
529
530 static const unsigned char gcmResetTag2[] = {
531 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
532 0xbb, 0x2d, 0x55, 0x1b
533 };
534
535 typedef struct APK_DATA_st {
536 const unsigned char *kder;
537 size_t size;
538 const char *keytype;
539 int evptype;
540 int check;
541 int pub_check;
542 int param_check;
543 int type; /* 0 for private, 1 for public, 2 for params */
544 } APK_DATA;
545
546 static APK_DATA keydata[] = {
547 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
548 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
549 #ifndef OPENSSL_NO_EC
550 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
551 #endif
552 };
553
554 static APK_DATA keycheckdata[] = {
555 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
556 0},
557 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
558 0, 1, 1, 0},
559 #ifndef OPENSSL_NO_EC
560 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
561 /* group is also associated in our pub key */
562 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
563 1, 1},
564 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
565 2},
566 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
567 EVP_PKEY_ED25519, 1, 1, 1, 0},
568 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
569 EVP_PKEY_ED25519, 0, 1, 1, 1},
570 #endif
571 };
572
573 static EVP_PKEY *load_example_key(const char *keytype,
574 const unsigned char *data, size_t data_len)
575 {
576 const unsigned char **pdata = &data;
577 EVP_PKEY *pkey = NULL;
578 OSSL_DECODER_CTX *dctx =
579 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
580 testctx, testpropq);
581
582 /* |pkey| will be NULL on error */
583 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
584 OSSL_DECODER_CTX_free(dctx);
585 return pkey;
586 }
587
588 static EVP_PKEY *load_example_rsa_key(void)
589 {
590 return load_example_key("RSA", kExampleRSAKeyDER,
591 sizeof(kExampleRSAKeyDER));
592 }
593
594 #ifndef OPENSSL_NO_DSA
595 static EVP_PKEY *load_example_dsa_key(void)
596 {
597 return load_example_key("DSA", kExampleDSAKeyDER,
598 sizeof(kExampleDSAKeyDER));
599 }
600 #endif
601
602 #ifndef OPENSSL_NO_DEPRECATED_3_0
603 # ifndef OPENSSL_NO_DH
604 static EVP_PKEY *load_example_dh_key(void)
605 {
606 return load_example_key("DH", kExampleDHKeyDER,
607 sizeof(kExampleDHKeyDER));
608 }
609 # endif
610
611 # ifndef OPENSSL_NO_EC
612 static EVP_PKEY *load_example_ec_key(void)
613 {
614 return load_example_key("EC", kExampleECKeyDER,
615 sizeof(kExampleECKeyDER));
616 }
617
618 static EVP_PKEY *load_example_ed25519_key(void)
619 {
620 return load_example_key("ED25519", kExampleED25519KeyDER,
621 sizeof(kExampleED25519KeyDER));
622 }
623
624 static EVP_PKEY *load_example_x25519_key(void)
625 {
626 return load_example_key("X25519", kExampleX25519KeyDER,
627 sizeof(kExampleX25519KeyDER));
628 }
629 # endif
630 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
631
632 static EVP_PKEY *load_example_hmac_key(void)
633 {
634 EVP_PKEY *pkey = NULL;
635 unsigned char key[] = {
636 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
637 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
638 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
639 };
640
641 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
642 NULL, key, sizeof(key));
643 if (!TEST_ptr(pkey))
644 return NULL;
645
646 return pkey;
647 }
648
649 static int test_EVP_set_default_properties(void)
650 {
651 OSSL_LIB_CTX *ctx;
652 EVP_MD *md = NULL;
653 int res = 0;
654
655 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
656 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
657 goto err;
658 EVP_MD_free(md);
659 md = NULL;
660
661 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
662 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
663 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
664 goto err;
665 EVP_MD_free(md);
666 md = NULL;
667
668 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
669 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
670 goto err;
671 res = 1;
672 err:
673 EVP_MD_free(md);
674 OSSL_LIB_CTX_free(ctx);
675 return res;
676 }
677
678 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
679 static int test_fromdata(char *keytype, OSSL_PARAM *params)
680 {
681 EVP_PKEY_CTX *pctx = NULL;
682 EVP_PKEY *pkey = NULL;
683 int testresult = 0;
684
685 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
686 goto err;
687 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
688 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
689 params), 0))
690 goto err;
691
692 if (!TEST_ptr(pkey))
693 goto err;
694
695 testresult = 1;
696 err:
697 EVP_PKEY_free(pkey);
698 EVP_PKEY_CTX_free(pctx);
699
700 return testresult;
701 }
702 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
703
704 /*
705 * Test combinations of private, public, missing and private + public key
706 * params to ensure they are all accepted
707 */
708 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
709 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
710 {
711 OSSL_PARAM_BLD *bld = NULL;
712 OSSL_PARAM *params = NULL;
713 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
714 int ret = 0;
715
716 /*
717 * Setup the parameters for our pkey object. For our purposes they don't
718 * have to actually be *valid* parameters. We just need to set something.
719 */
720 if (!TEST_ptr(p = BN_new())
721 || !TEST_ptr(q = BN_new())
722 || !TEST_ptr(g = BN_new())
723 || !TEST_ptr(pub = BN_new())
724 || !TEST_ptr(priv = BN_new()))
725 goto err;
726
727 /* Test !priv and !pub */
728 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
729 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
730 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
731 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
732 goto err;
733 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
734 goto err;
735
736 if (!test_fromdata(keytype, params))
737 goto err;
738 OSSL_PARAM_free(params);
739 params = NULL;
740 OSSL_PARAM_BLD_free(bld);
741
742 /* Test priv and !pub */
743 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
744 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
745 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
746 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
747 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
748 priv)))
749 goto err;
750 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
751 goto err;
752
753 if (!test_fromdata(keytype, params))
754 goto err;
755 OSSL_PARAM_free(params);
756 params = NULL;
757 OSSL_PARAM_BLD_free(bld);
758
759 /* Test !priv and pub */
760 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
761 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
762 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
763 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
764 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
765 pub)))
766 goto err;
767 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
768 goto err;
769
770 if (!test_fromdata(keytype, params))
771 goto err;
772 OSSL_PARAM_free(params);
773 params = NULL;
774 OSSL_PARAM_BLD_free(bld);
775
776 /* Test priv and pub */
777 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
778 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
779 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
780 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
781 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
782 pub))
783 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
784 priv)))
785 goto err;
786 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
787 goto err;
788
789 if (!test_fromdata(keytype, params))
790 goto err;
791
792 ret = 1;
793 err:
794 OSSL_PARAM_free(params);
795 OSSL_PARAM_BLD_free(bld);
796 BN_free(p);
797 BN_free(q);
798 BN_free(g);
799 BN_free(pub);
800 BN_free(priv);
801
802 return ret;
803 }
804 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
805
806 /*
807 * Test combinations of private, public, missing and private + public key
808 * params to ensure they are all accepted for EC keys
809 */
810 #ifndef OPENSSL_NO_EC
811 static unsigned char ec_priv[] = {
812 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
813 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
814 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
815 };
816 static unsigned char ec_pub[] = {
817 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
818 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
819 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
820 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
821 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
822 0x08, 0x09, 0xb8, 0xdb, 0x03
823 };
824
825 static int test_EC_priv_pub(void)
826 {
827 OSSL_PARAM_BLD *bld = NULL;
828 OSSL_PARAM *params = NULL;
829 BIGNUM *priv = NULL;
830 int ret = 0;
831
832 /*
833 * Setup the parameters for our pkey object. For our purposes they don't
834 * have to actually be *valid* parameters. We just need to set something.
835 */
836 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
837 goto err;
838
839 /* Test !priv and !pub */
840 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
841 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
842 OSSL_PKEY_PARAM_GROUP_NAME,
843 "P-256", 0)))
844 goto err;
845 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
846 goto err;
847
848 if (!test_fromdata("EC", params))
849 goto err;
850 OSSL_PARAM_free(params);
851 params = NULL;
852 OSSL_PARAM_BLD_free(bld);
853
854 /* Test priv and !pub */
855 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
856 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
857 OSSL_PKEY_PARAM_GROUP_NAME,
858 "P-256", 0))
859 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
860 priv)))
861 goto err;
862 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
863 goto err;
864
865 if (!test_fromdata("EC", params))
866 goto err;
867 OSSL_PARAM_free(params);
868 params = NULL;
869 OSSL_PARAM_BLD_free(bld);
870
871 /* Test !priv and pub */
872 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
873 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
874 OSSL_PKEY_PARAM_GROUP_NAME,
875 "P-256", 0))
876 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
877 OSSL_PKEY_PARAM_PUB_KEY,
878 ec_pub, sizeof(ec_pub))))
879 goto err;
880 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
881 goto err;
882
883 if (!test_fromdata("EC", params))
884 goto err;
885 OSSL_PARAM_free(params);
886 params = NULL;
887 OSSL_PARAM_BLD_free(bld);
888
889 /* Test priv and pub */
890 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
891 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
892 OSSL_PKEY_PARAM_GROUP_NAME,
893 "P-256", 0))
894 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
895 OSSL_PKEY_PARAM_PUB_KEY,
896 ec_pub, sizeof(ec_pub)))
897 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
898 priv)))
899 goto err;
900 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
901 goto err;
902
903 if (!test_fromdata("EC", params))
904 goto err;
905
906 ret = 1;
907 err:
908 OSSL_PARAM_free(params);
909 OSSL_PARAM_BLD_free(bld);
910 BN_free(priv);
911
912 return ret;
913 }
914
915 /* Test that using a legacy EC key with only a private key in it works */
916 # ifndef OPENSSL_NO_DEPRECATED_3_0
917 static int test_EC_priv_only_legacy(void)
918 {
919 BIGNUM *priv = NULL;
920 int ret = 0;
921 EC_KEY *eckey = NULL;
922 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
923 EVP_MD_CTX *ctx = NULL;
924
925 /* Create the low level EC_KEY */
926 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
927 goto err;
928
929 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
930 if (!TEST_ptr(eckey))
931 goto err;
932
933 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
934 goto err;
935
936 pkey = EVP_PKEY_new();
937 if (!TEST_ptr(pkey))
938 goto err;
939
940 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
941 goto err;
942 eckey = NULL;
943
944 while (dup_pk == NULL) {
945 ret = 0;
946 ctx = EVP_MD_CTX_new();
947 if (!TEST_ptr(ctx))
948 goto err;
949
950 /*
951 * The EVP_DigestSignInit function should create the key on the
952 * provider side which is sufficient for this test.
953 */
954 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
955 testpropq, pkey, NULL)))
956 goto err;
957 EVP_MD_CTX_free(ctx);
958 ctx = NULL;
959
960 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
961 goto err;
962 /* EVP_PKEY_eq() returns -2 with missing public keys */
963 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
964 EVP_PKEY_free(pkey);
965 pkey = dup_pk;
966 if (!ret)
967 goto err;
968 }
969
970 err:
971 EVP_MD_CTX_free(ctx);
972 EVP_PKEY_free(pkey);
973 EC_KEY_free(eckey);
974 BN_free(priv);
975
976 return ret;
977 }
978 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
979 #endif /* OPENSSL_NO_EC */
980
981 /*
982 * n = 0 => test using legacy cipher
983 * n = 1 => test using fetched cipher
984 */
985 static int test_EVP_Enveloped(int n)
986 {
987 int ret = 0;
988 EVP_CIPHER_CTX *ctx = NULL;
989 EVP_PKEY *keypair = NULL;
990 unsigned char *kek = NULL;
991 unsigned char iv[EVP_MAX_IV_LENGTH];
992 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
993 int len, kek_len, ciphertext_len, plaintext_len;
994 unsigned char ciphertext[32], plaintext[16];
995 EVP_CIPHER *type = NULL;
996
997 if (nullprov != NULL)
998 return TEST_skip("Test does not support a non-default library context");
999
1000 if (n == 0)
1001 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1002 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1003 testpropq)))
1004 goto err;
1005
1006 if (!TEST_ptr(keypair = load_example_rsa_key())
1007 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
1008 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1009 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1010 &keypair, 1))
1011 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1012 msg, sizeof(msg)))
1013 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1014 &len)))
1015 goto err;
1016
1017 ciphertext_len += len;
1018
1019 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1020 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1021 ciphertext, ciphertext_len))
1022 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1023 goto err;
1024
1025 plaintext_len += len;
1026 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1027 goto err;
1028
1029 ret = 1;
1030 err:
1031 if (n != 0)
1032 EVP_CIPHER_free(type);
1033 OPENSSL_free(kek);
1034 EVP_PKEY_free(keypair);
1035 EVP_CIPHER_CTX_free(ctx);
1036 return ret;
1037 }
1038
1039 /*
1040 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1041 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1042 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1043 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1044 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1045 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1046 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1047 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1048 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1049 */
1050 static int test_EVP_DigestSignInit(int tst)
1051 {
1052 int ret = 0;
1053 EVP_PKEY *pkey = NULL;
1054 unsigned char *sig = NULL;
1055 size_t sig_len = 0;
1056 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1057 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1058 BIO *mdbio = NULL, *membio = NULL;
1059 size_t written;
1060 const EVP_MD *md;
1061 EVP_MD *mdexp = NULL;
1062
1063 if (nullprov != NULL)
1064 return TEST_skip("Test does not support a non-default library context");
1065
1066 if (tst >= 6) {
1067 membio = BIO_new(BIO_s_mem());
1068 mdbio = BIO_new(BIO_f_md());
1069 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1070 goto out;
1071 BIO_push(mdbio, membio);
1072 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1073 goto out;
1074 } else {
1075 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1076 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1077 goto out;
1078 }
1079
1080 if (tst == 0 || tst == 3 || tst == 6) {
1081 if (!TEST_ptr(pkey = load_example_rsa_key()))
1082 goto out;
1083 } else if (tst == 1 || tst == 4 || tst == 7) {
1084 #ifndef OPENSSL_NO_DSA
1085 if (!TEST_ptr(pkey = load_example_dsa_key()))
1086 goto out;
1087 #else
1088 ret = 1;
1089 goto out;
1090 #endif
1091 } else {
1092 if (!TEST_ptr(pkey = load_example_hmac_key()))
1093 goto out;
1094 }
1095
1096 if (tst >= 3 && tst <= 5)
1097 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1098 else
1099 md = EVP_sha256();
1100
1101 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1102 goto out;
1103
1104 if (tst >= 6) {
1105 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1106 goto out;
1107 } else {
1108 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1109 goto out;
1110 }
1111
1112 /* Determine the size of the signature. */
1113 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1114 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1115 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1116 goto out;
1117
1118 if (tst >= 6) {
1119 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1120 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1121 goto out;
1122 }
1123
1124 /*
1125 * Ensure that the signature round-trips (Verification isn't supported for
1126 * HMAC via EVP_DigestVerify*)
1127 */
1128 if (tst != 2 && tst != 5 && tst != 8) {
1129 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1130 NULL, pkey)))
1131 goto out;
1132
1133 if (tst >= 6) {
1134 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1135 goto out;
1136 } else {
1137 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1138 sizeof(kMsg))))
1139 goto out;
1140 }
1141 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1142 goto out;
1143 }
1144
1145 ret = 1;
1146
1147 out:
1148 BIO_free(membio);
1149 BIO_free(mdbio);
1150 EVP_MD_CTX_free(a_md_ctx);
1151 EVP_MD_CTX_free(a_md_ctx_verify);
1152 EVP_PKEY_free(pkey);
1153 OPENSSL_free(sig);
1154 EVP_MD_free(mdexp);
1155
1156 return ret;
1157 }
1158
1159 static int test_EVP_DigestVerifyInit(void)
1160 {
1161 int ret = 0;
1162 EVP_PKEY *pkey = NULL;
1163 EVP_MD_CTX *md_ctx = NULL;
1164
1165 if (nullprov != NULL)
1166 return TEST_skip("Test does not support a non-default library context");
1167
1168 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1169 || !TEST_ptr(pkey = load_example_rsa_key()))
1170 goto out;
1171
1172 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1173 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1174 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
1175 sizeof(kSignature))))
1176 goto out;
1177 ret = 1;
1178
1179 out:
1180 EVP_MD_CTX_free(md_ctx);
1181 EVP_PKEY_free(pkey);
1182 return ret;
1183 }
1184
1185 /*
1186 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1187 */
1188 static int test_EVP_Digest(void)
1189 {
1190 int ret = 0;
1191 EVP_MD_CTX *md_ctx = NULL;
1192 unsigned char md[EVP_MAX_MD_SIZE];
1193 EVP_MD *sha256 = NULL;
1194 EVP_MD *shake256 = NULL;
1195
1196 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1197 goto out;
1198
1199 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1200 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1201 goto out;
1202
1203 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1204 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1205 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1206 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1207 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1208 goto out;
1209
1210 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1211 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1212 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1213 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1214 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1215 /*
1216 * EVP_DigestInit_ex with NULL type should work on
1217 * pre-initialized context.
1218 */
1219 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1220 goto out;
1221
1222 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1223 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1224 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1225 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1226 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1227 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1228 goto out;
1229 ret = 1;
1230
1231 out:
1232 EVP_MD_CTX_free(md_ctx);
1233 EVP_MD_free(sha256);
1234 EVP_MD_free(shake256);
1235 return ret;
1236 }
1237
1238 static int test_d2i_AutoPrivateKey(int i)
1239 {
1240 int ret = 0;
1241 const unsigned char *p;
1242 EVP_PKEY *pkey = NULL;
1243 const APK_DATA *ak = &keydata[i];
1244 const unsigned char *input = ak->kder;
1245 size_t input_len = ak->size;
1246 int expected_id = ak->evptype;
1247
1248 p = input;
1249 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1250 || !TEST_ptr_eq(p, input + input_len)
1251 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
1252 goto done;
1253
1254 ret = 1;
1255
1256 done:
1257 EVP_PKEY_free(pkey);
1258 return ret;
1259 }
1260
1261 #ifndef OPENSSL_NO_EC
1262
1263 static const unsigned char ec_public_sect163k1_validxy[] = {
1264 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1265 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1266 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1267 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1268 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1269 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1270 };
1271
1272 static const unsigned char ec_public_sect163k1_badx[] = {
1273 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1274 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1275 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1276 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1277 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1278 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1279 };
1280
1281 static const unsigned char ec_public_sect163k1_bady[] = {
1282 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1283 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1284 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1285 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1286 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1287 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1288 };
1289
1290 static struct ec_der_pub_keys_st {
1291 const unsigned char *der;
1292 size_t len;
1293 int valid;
1294 } ec_der_pub_keys[] = {
1295 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1296 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1297 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1298 };
1299
1300 /*
1301 * Tests the range of the decoded EC char2 public point.
1302 * See ec_GF2m_simple_oct2point().
1303 */
1304 static int test_invalide_ec_char2_pub_range_decode(int id)
1305 {
1306 int ret = 0;
1307 EVP_PKEY *pkey;
1308
1309 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1310 ec_der_pub_keys[id].len);
1311
1312 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1313 || TEST_ptr_null(pkey);
1314 EVP_PKEY_free(pkey);
1315 return ret;
1316 }
1317
1318 /* Tests loading a bad key in PKCS8 format */
1319 static int test_EVP_PKCS82PKEY(void)
1320 {
1321 int ret = 0;
1322 const unsigned char *derp = kExampleBadECKeyDER;
1323 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1324 EVP_PKEY *pkey = NULL;
1325
1326 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1327 sizeof(kExampleBadECKeyDER))))
1328 goto done;
1329
1330 if (!TEST_ptr_eq(derp,
1331 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1332 goto done;
1333
1334 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1335 goto done;
1336
1337 ret = 1;
1338
1339 done:
1340 PKCS8_PRIV_KEY_INFO_free(p8inf);
1341 EVP_PKEY_free(pkey);
1342
1343 return ret;
1344 }
1345
1346 #endif
1347 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1348 {
1349 EVP_PKEY *pkey = NULL;
1350 EVP_PKEY *pkey2 = NULL;
1351 BIO *membio = NULL;
1352 char *membuf = NULL;
1353 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1354 int ok = 0;
1355
1356 if (testctx != NULL)
1357 /* test not supported with non-default context */
1358 return 1;
1359
1360 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1361 || !TEST_ptr(pkey = load_example_rsa_key())
1362 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1363 NULL, 0, NULL, NULL),
1364 0)
1365 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1366 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1367 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
1368 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1369 goto done;
1370 }
1371
1372 ok = 1;
1373 done:
1374 EVP_PKEY_free(pkey);
1375 EVP_PKEY_free(pkey2);
1376 PKCS8_PRIV_KEY_INFO_free(p8inf);
1377 BIO_free_all(membio);
1378 return ok;
1379 }
1380
1381 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1382 static int test_privatekey_to_pkcs8(void)
1383 {
1384 EVP_PKEY *pkey = NULL;
1385 BIO *membio = NULL;
1386 char *membuf = NULL;
1387 long membuf_len = 0;
1388 int ok = 0;
1389
1390 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1391 || !TEST_ptr(pkey = load_example_rsa_key())
1392 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1393 NULL, 0, NULL, NULL),
1394 0)
1395 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1396 || !TEST_ptr(membuf)
1397 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1398 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1399 /*
1400 * We try to write PEM as well, just to see that it doesn't err, but
1401 * assume that the result is correct.
1402 */
1403 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1404 NULL, 0, NULL, NULL),
1405 0))
1406 goto done;
1407
1408 ok = 1;
1409 done:
1410 EVP_PKEY_free(pkey);
1411 BIO_free_all(membio);
1412 return ok;
1413 }
1414
1415 #ifndef OPENSSL_NO_EC
1416 static const struct {
1417 int encoding;
1418 const char *encoding_name;
1419 } ec_encodings[] = {
1420 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1421 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1422 };
1423
1424 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1425 {
1426 const OSSL_PARAM *p;
1427 const char *enc_name = NULL;
1428 int *enc = arg;
1429 size_t i;
1430
1431 *enc = -1;
1432
1433 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1434 OSSL_PKEY_PARAM_EC_ENCODING))
1435 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1436 return 0;
1437
1438 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1439 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1440 *enc = ec_encodings[i].encoding;
1441 break;
1442 }
1443 }
1444
1445 return (*enc != -1);
1446 }
1447
1448 static int test_EC_keygen_with_enc(int idx)
1449 {
1450 EVP_PKEY *params = NULL, *key = NULL;
1451 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1452 int enc;
1453 int ret = 0;
1454
1455 enc = ec_encodings[idx].encoding;
1456
1457 /* Create key parameters */
1458 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1459 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
1460 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
1461 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1462 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
1463 || !TEST_ptr(params))
1464 goto done;
1465
1466 /* Create key */
1467 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1468 || !TEST_true(EVP_PKEY_keygen_init(kctx))
1469 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1470 || !TEST_ptr(key))
1471 goto done;
1472
1473 /* Check that the encoding got all the way into the key */
1474 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1475 ec_export_get_encoding_cb, &enc))
1476 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1477 goto done;
1478
1479 ret = 1;
1480 done:
1481 EVP_PKEY_free(key);
1482 EVP_PKEY_free(params);
1483 EVP_PKEY_CTX_free(kctx);
1484 EVP_PKEY_CTX_free(pctx);
1485 return ret;
1486 }
1487 #endif
1488
1489 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1490
1491 static int test_EVP_SM2_verify(void)
1492 {
1493 const char *pubkey =
1494 "-----BEGIN PUBLIC KEY-----\n"
1495 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1496 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1497 "-----END PUBLIC KEY-----\n";
1498
1499 const char *msg = "message digest";
1500 const char *id = "ALICE123@YAHOO.COM";
1501
1502 const uint8_t signature[] = {
1503 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1504 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1505 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1506 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1507 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1508 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1509 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1510 };
1511
1512 int rc = 0;
1513 BIO *bio = NULL;
1514 EVP_PKEY *pkey = NULL;
1515 EVP_MD_CTX *mctx = NULL;
1516 EVP_PKEY_CTX *pctx = NULL;
1517 EVP_MD *sm3 = NULL;
1518
1519 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1520 if (!TEST_true(bio != NULL))
1521 goto done;
1522
1523 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
1524 if (!TEST_true(pkey != NULL))
1525 goto done;
1526
1527 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1528 goto done;
1529
1530 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1531 goto done;
1532
1533 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1534 goto done;
1535
1536 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1537
1538 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1539 goto done;
1540
1541 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
1542 goto done;
1543
1544 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1545 goto done;
1546
1547 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1548 goto done;
1549
1550 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
1551 goto done;
1552 rc = 1;
1553
1554 done:
1555 BIO_free(bio);
1556 EVP_PKEY_free(pkey);
1557 EVP_PKEY_CTX_free(pctx);
1558 EVP_MD_CTX_free(mctx);
1559 EVP_MD_free(sm3);
1560 return rc;
1561 }
1562
1563 static int test_EVP_SM2(void)
1564 {
1565 int ret = 0;
1566 EVP_PKEY *pkey = NULL;
1567 EVP_PKEY *pkeyparams = NULL;
1568 EVP_PKEY_CTX *pctx = NULL;
1569 EVP_PKEY_CTX *kctx = NULL;
1570 EVP_PKEY_CTX *sctx = NULL;
1571 size_t sig_len = 0;
1572 unsigned char *sig = NULL;
1573 EVP_MD_CTX *md_ctx = NULL;
1574 EVP_MD_CTX *md_ctx_verify = NULL;
1575 EVP_PKEY_CTX *cctx = NULL;
1576 EVP_MD *check_md = NULL;
1577
1578 uint8_t ciphertext[128];
1579 size_t ctext_len = sizeof(ciphertext);
1580
1581 uint8_t plaintext[8];
1582 size_t ptext_len = sizeof(plaintext);
1583
1584 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1585
1586 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1587 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1588 int i;
1589 char mdname[OSSL_MAX_NAME_SIZE];
1590
1591 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
1592 "SM2", testpropq)))
1593 goto done;
1594
1595 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1596 goto done;
1597
1598 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1599 goto done;
1600
1601 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1602 goto done;
1603
1604 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1605 pkeyparams, testpropq)))
1606 goto done;
1607
1608 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1609 goto done;
1610
1611 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1612 goto done;
1613
1614 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1615 goto done;
1616
1617 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1618 goto done;
1619
1620 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1621 goto done;
1622
1623 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1624 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1625
1626 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
1627 goto done;
1628
1629 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
1630 goto done;
1631
1632 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1633 goto done;
1634
1635 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1636 goto done;
1637
1638 /* Determine the size of the signature. */
1639 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1640 goto done;
1641
1642 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1643 goto done;
1644
1645 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1646 goto done;
1647
1648 /* Ensure that the signature round-trips. */
1649
1650 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1651 pkey)))
1652 goto done;
1653
1654 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1655 goto done;
1656
1657 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1658 goto done;
1659
1660 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1661 goto done;
1662
1663 /* now check encryption/decryption */
1664
1665 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1666 mdname, sizeof(mdname));
1667 for (i = 0; i < 2; i++) {
1668 const char *mdnames[] = {
1669 #ifndef OPENSSL_NO_SM3
1670 "SM3",
1671 #else
1672 NULL,
1673 #endif
1674 "SHA2-256" };
1675 EVP_PKEY_CTX_free(cctx);
1676
1677 if (mdnames[i] == NULL)
1678 continue;
1679
1680 sparams[0] =
1681 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1682 (char *)mdnames[i], 0);
1683
1684 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1685 pkey, testpropq)))
1686 goto done;
1687
1688 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1689 goto done;
1690
1691 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1692 goto done;
1693
1694 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1695 sizeof(kMsg))))
1696 goto done;
1697
1698 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1699 goto done;
1700
1701 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1702 goto done;
1703
1704 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1705 ctext_len)))
1706 goto done;
1707
1708 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1709 goto done;
1710
1711 /*
1712 * Test we're still using the digest we think we are.
1713 * Because of aliases, the easiest is to fetch the digest and
1714 * check the name with EVP_MD_is_a().
1715 */
1716 EVP_MD_free(check_md);
1717 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
1718 goto done;
1719 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
1720 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
1721 goto done;
1722 }
1723
1724 if (!TEST_true(ptext_len == sizeof(kMsg)))
1725 goto done;
1726
1727 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1728 goto done;
1729 }
1730
1731 ret = 1;
1732 done:
1733 EVP_PKEY_CTX_free(pctx);
1734 EVP_PKEY_CTX_free(kctx);
1735 EVP_PKEY_CTX_free(sctx);
1736 EVP_PKEY_CTX_free(cctx);
1737 EVP_PKEY_free(pkey);
1738 EVP_PKEY_free(pkeyparams);
1739 EVP_MD_CTX_free(md_ctx);
1740 EVP_MD_CTX_free(md_ctx_verify);
1741 EVP_MD_free(check_md);
1742 OPENSSL_free(sig);
1743 return ret;
1744 }
1745
1746 #endif
1747
1748 static struct keys_st {
1749 int type;
1750 char *priv;
1751 char *pub;
1752 } keys[] = {
1753 {
1754 EVP_PKEY_HMAC, "0123456789", NULL
1755 },
1756 {
1757 EVP_PKEY_HMAC, "", NULL
1758 #ifndef OPENSSL_NO_POLY1305
1759 }, {
1760 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1761 #endif
1762 #ifndef OPENSSL_NO_SIPHASH
1763 }, {
1764 EVP_PKEY_SIPHASH, "0123456789012345", NULL
1765 #endif
1766 },
1767 #ifndef OPENSSL_NO_EC
1768 {
1769 EVP_PKEY_X25519, "01234567890123456789012345678901",
1770 "abcdefghijklmnopqrstuvwxyzabcdef"
1771 }, {
1772 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1773 "abcdefghijklmnopqrstuvwxyzabcdef"
1774 }, {
1775 EVP_PKEY_X448,
1776 "01234567890123456789012345678901234567890123456789012345",
1777 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1778 }, {
1779 EVP_PKEY_ED448,
1780 "012345678901234567890123456789012345678901234567890123456",
1781 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1782 }
1783 #endif
1784 };
1785
1786 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
1787 {
1788 int ret = 0;
1789 unsigned char buf[80];
1790 unsigned char *in;
1791 size_t inlen, len = 0;
1792 EVP_PKEY *pkey;
1793
1794 /* Check if this algorithm supports public keys */
1795 if (pub && keys[tst].pub == NULL)
1796 return 1;
1797
1798 memset(buf, 0, sizeof(buf));
1799
1800 if (pub) {
1801 #ifndef OPENSSL_NO_EC
1802 inlen = strlen(keys[tst].pub);
1803 in = (unsigned char *)keys[tst].pub;
1804 if (uselibctx) {
1805 pkey = EVP_PKEY_new_raw_public_key_ex(
1806 testctx,
1807 OBJ_nid2sn(keys[tst].type),
1808 NULL,
1809 in,
1810 inlen);
1811 } else {
1812 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1813 NULL,
1814 in,
1815 inlen);
1816 }
1817 #else
1818 return 1;
1819 #endif
1820 } else {
1821 inlen = strlen(keys[tst].priv);
1822 in = (unsigned char *)keys[tst].priv;
1823 if (uselibctx) {
1824 pkey = EVP_PKEY_new_raw_private_key_ex(
1825 testctx, OBJ_nid2sn(keys[tst].type),
1826 NULL,
1827 in,
1828 inlen);
1829 } else {
1830 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1831 NULL,
1832 in,
1833 inlen);
1834 }
1835 }
1836
1837 if (!TEST_ptr(pkey)
1838 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
1839 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1840 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1841 || !TEST_true(len == inlen)
1842 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1843 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1844 || !TEST_mem_eq(in, inlen, buf, len))
1845 goto done;
1846
1847 ret = 1;
1848 done:
1849 EVP_PKEY_free(pkey);
1850 return ret;
1851 }
1852
1853 static int test_set_get_raw_keys(int tst)
1854 {
1855 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
1856 && test_set_get_raw_keys_int(tst, 0, 1)
1857 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
1858 && test_set_get_raw_keys_int(tst, 1, 1);
1859 }
1860
1861 #ifndef OPENSSL_NO_DEPRECATED_3_0
1862 static int pkey_custom_check(EVP_PKEY *pkey)
1863 {
1864 return 0xbeef;
1865 }
1866
1867 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1868 {
1869 return 0xbeef;
1870 }
1871
1872 static int pkey_custom_param_check(EVP_PKEY *pkey)
1873 {
1874 return 0xbeef;
1875 }
1876
1877 static EVP_PKEY_METHOD *custom_pmeth;
1878 #endif
1879
1880 static int test_EVP_PKEY_check(int i)
1881 {
1882 int ret = 0;
1883 EVP_PKEY *pkey = NULL;
1884 EVP_PKEY_CTX *ctx = NULL;
1885 #ifndef OPENSSL_NO_DEPRECATED_3_0
1886 EVP_PKEY_CTX *ctx2 = NULL;
1887 #endif
1888 const APK_DATA *ak = &keycheckdata[i];
1889 const unsigned char *input = ak->kder;
1890 size_t input_len = ak->size;
1891 int expected_id = ak->evptype;
1892 int expected_check = ak->check;
1893 int expected_pub_check = ak->pub_check;
1894 int expected_param_check = ak->param_check;
1895 int type = ak->type;
1896
1897 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
1898 goto done;
1899 if (type == 0
1900 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
1901 goto done;
1902
1903 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1904 goto done;
1905
1906 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1907 goto done;
1908
1909 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1910 goto done;
1911
1912 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1913 goto done;
1914
1915 #ifndef OPENSSL_NO_DEPRECATED_3_0
1916 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1917 /* assign the pkey directly, as an internal test */
1918 EVP_PKEY_up_ref(pkey);
1919 ctx2->pkey = pkey;
1920
1921 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1922 goto done;
1923
1924 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1925 goto done;
1926
1927 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1928 goto done;
1929 #endif
1930
1931 ret = 1;
1932
1933 done:
1934 EVP_PKEY_CTX_free(ctx);
1935 #ifndef OPENSSL_NO_DEPRECATED_3_0
1936 EVP_PKEY_CTX_free(ctx2);
1937 #endif
1938 EVP_PKEY_free(pkey);
1939 return ret;
1940 }
1941
1942 #ifndef OPENSSL_NO_CMAC
1943 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
1944 {
1945 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
1946 const char msg[] = "Hello World";
1947 size_t maclen;
1948 int ret = 1;
1949
1950 if (!TEST_ptr(mdctx)
1951 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
1952 testpropq, pkey, NULL))
1953 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
1954 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
1955 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
1956 ret = 0;
1957
1958 EVP_MD_CTX_free(mdctx);
1959
1960 return ret;
1961 }
1962 static int test_CMAC_keygen(void)
1963 {
1964 static unsigned char key[] = {
1965 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1966 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1967 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1968 };
1969 EVP_PKEY_CTX *kctx = NULL;
1970 int ret = 0;
1971 EVP_PKEY *pkey = NULL;
1972 unsigned char mac[AES_BLOCK_SIZE];
1973 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1974 unsigned char mac2[AES_BLOCK_SIZE];
1975 # endif
1976
1977 if (nullprov != NULL)
1978 return TEST_skip("Test does not support a non-default library context");
1979
1980 /*
1981 * This is a legacy method for CMACs, but should still work.
1982 * This verifies that it works without an ENGINE.
1983 */
1984 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
1985
1986 /* Test a CMAC key created using the "generated" method */
1987 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1988 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1989 EVP_PKEY_CTRL_CIPHER,
1990 0, (void *)EVP_aes_256_ecb()), 0)
1991 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1992 EVP_PKEY_CTRL_SET_MAC_KEY,
1993 sizeof(key), (void *)key), 0)
1994 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
1995 || !TEST_ptr(pkey)
1996 || !TEST_true(get_cmac_val(pkey, mac)))
1997 goto done;
1998
1999 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2000 EVP_PKEY_free(pkey);
2001
2002 /*
2003 * Test a CMAC key using the direct method, and compare with the mac
2004 * created above.
2005 */
2006 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
2007 if (!TEST_ptr(pkey)
2008 || !TEST_true(get_cmac_val(pkey, mac2))
2009 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
2010 goto done;
2011 # endif
2012
2013 ret = 1;
2014
2015 done:
2016 EVP_PKEY_free(pkey);
2017 EVP_PKEY_CTX_free(kctx);
2018 return ret;
2019 }
2020 #endif
2021
2022 static int test_HKDF(void)
2023 {
2024 EVP_PKEY_CTX *pctx;
2025 unsigned char out[20];
2026 size_t outlen;
2027 int i, ret = 0;
2028 unsigned char salt[] = "0123456789";
2029 unsigned char key[] = "012345678901234567890123456789";
2030 unsigned char info[] = "infostring";
2031 const unsigned char expected[] = {
2032 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2033 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2034 };
2035 size_t expectedlen = sizeof(expected);
2036
2037 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2038 goto done;
2039
2040 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2041 for (i = 0; i < 2; i++) {
2042 outlen = sizeof(out);
2043 memset(out, 0, outlen);
2044
2045 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2046 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2047 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2048 sizeof(salt) - 1), 0)
2049 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2050 sizeof(key) - 1), 0)
2051 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2052 sizeof(info) - 1), 0)
2053 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2054 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2055 goto done;
2056 }
2057
2058 ret = 1;
2059
2060 done:
2061 EVP_PKEY_CTX_free(pctx);
2062
2063 return ret;
2064 }
2065
2066 static int test_emptyikm_HKDF(void)
2067 {
2068 EVP_PKEY_CTX *pctx;
2069 unsigned char out[20];
2070 size_t outlen;
2071 int ret = 0;
2072 unsigned char salt[] = "9876543210";
2073 unsigned char key[] = "";
2074 unsigned char info[] = "stringinfo";
2075 const unsigned char expected[] = {
2076 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2077 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2078 };
2079 size_t expectedlen = sizeof(expected);
2080
2081 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2082 goto done;
2083
2084 outlen = sizeof(out);
2085 memset(out, 0, outlen);
2086
2087 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2088 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2089 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2090 sizeof(salt) - 1), 0)
2091 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2092 sizeof(key) - 1), 0)
2093 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2094 sizeof(info) - 1), 0)
2095 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2096 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2097 goto done;
2098
2099 ret = 1;
2100
2101 done:
2102 EVP_PKEY_CTX_free(pctx);
2103
2104 return ret;
2105 }
2106
2107 #ifndef OPENSSL_NO_EC
2108 static int test_X509_PUBKEY_inplace(void)
2109 {
2110 int ret = 0;
2111 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
2112 const unsigned char *p = kExampleECPubKeyDER;
2113 size_t input_len = sizeof(kExampleECPubKeyDER);
2114
2115 if (!TEST_ptr(xp))
2116 goto done;
2117 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
2118 goto done;
2119
2120 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2121 goto done;
2122
2123 p = kExampleBadECPubKeyDER;
2124 input_len = sizeof(kExampleBadECPubKeyDER);
2125
2126 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2127 goto done;
2128
2129 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2130 goto done;
2131
2132 ret = 1;
2133
2134 done:
2135 X509_PUBKEY_free(xp);
2136 return ret;
2137 }
2138
2139 static int test_X509_PUBKEY_dup(void)
2140 {
2141 int ret = 0;
2142 X509_PUBKEY *xp = NULL, *xq = NULL;
2143 const unsigned char *p = kExampleECPubKeyDER;
2144 size_t input_len = sizeof(kExampleECPubKeyDER);
2145
2146 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2147 if (!TEST_ptr(xp)
2148 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
2149 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2150 || !TEST_ptr_ne(xp, xq))
2151 goto done;
2152
2153 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2154 || !TEST_ptr(X509_PUBKEY_get0(xp))
2155 || !TEST_ptr_eq(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
2156 goto done;
2157
2158 X509_PUBKEY_free(xq);
2159 xq = NULL;
2160 p = kExampleBadECPubKeyDER;
2161 input_len = sizeof(kExampleBadECPubKeyDER);
2162
2163 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2164 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2165 goto done;
2166
2167 X509_PUBKEY_free(xp);
2168 xp = NULL;
2169 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2170 goto done;
2171
2172 ret = 1;
2173
2174 done:
2175 X509_PUBKEY_free(xp);
2176 X509_PUBKEY_free(xq);
2177 return ret;
2178 }
2179 #endif /* OPENSSL_NO_EC */
2180
2181 /* Test getting and setting parameters on an EVP_PKEY_CTX */
2182 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
2183 {
2184 EVP_MD_CTX *mdctx = NULL;
2185 EVP_PKEY_CTX *ctx = NULL;
2186 const OSSL_PARAM *params;
2187 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
2188 int ret = 0;
2189 const EVP_MD *md;
2190 char mdname[OSSL_MAX_NAME_SIZE];
2191 char ssl3ms[48];
2192
2193 /* Initialise a sign operation */
2194 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
2195 if (!TEST_ptr(ctx)
2196 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
2197 goto err;
2198
2199 /*
2200 * We should be able to query the parameters now.
2201 */
2202 params = EVP_PKEY_CTX_settable_params(ctx);
2203 if (!TEST_ptr(params)
2204 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2205 OSSL_SIGNATURE_PARAM_DIGEST)))
2206 goto err;
2207
2208 params = EVP_PKEY_CTX_gettable_params(ctx);
2209 if (!TEST_ptr(params)
2210 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2211 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
2212 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2213 OSSL_SIGNATURE_PARAM_DIGEST)))
2214 goto err;
2215
2216 /*
2217 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2218 * EVP_PKEY_CTX_get_params()
2219 */
2220 strcpy(mdname, "SHA512");
2221 param_md = param;
2222 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2223 mdname, 0);
2224 *param++ = OSSL_PARAM_construct_end();
2225
2226 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2227 goto err;
2228
2229 mdname[0] = '\0';
2230 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2231 mdname, sizeof(mdname));
2232 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
2233 || !TEST_str_eq(mdname, "SHA512"))
2234 goto err;
2235
2236 /*
2237 * Test the TEST_PKEY_CTX_set_signature_md() and
2238 * TEST_PKEY_CTX_get_signature_md() functions
2239 */
2240 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2241 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2242 || !TEST_ptr_eq(md, EVP_sha256()))
2243 goto err;
2244
2245 /*
2246 * Test getting MD parameters via an associated EVP_PKEY_CTX
2247 */
2248 mdctx = EVP_MD_CTX_new();
2249 if (!TEST_ptr(mdctx)
2250 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2251 pkey, NULL)))
2252 goto err;
2253
2254 /*
2255 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2256 * able to obtain the digest's settable parameters from the provider.
2257 */
2258 params = EVP_MD_CTX_settable_params(mdctx);
2259 if (!TEST_ptr(params)
2260 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2261 /* The final key should be NULL */
2262 || !TEST_ptr_null(params[1].key))
2263 goto err;
2264
2265 param = ourparams;
2266 memset(ssl3ms, 0, sizeof(ssl3ms));
2267 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2268 ssl3ms, sizeof(ssl3ms));
2269 *param++ = OSSL_PARAM_construct_end();
2270
2271 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2272 goto err;
2273
2274 ret = 1;
2275
2276 err:
2277 EVP_MD_CTX_free(mdctx);
2278 EVP_PKEY_CTX_free(ctx);
2279
2280 return ret;
2281 }
2282
2283 #ifndef OPENSSL_NO_DSA
2284 static int test_DSA_get_set_params(void)
2285 {
2286 OSSL_PARAM_BLD *bld = NULL;
2287 OSSL_PARAM *params = NULL;
2288 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2289 EVP_PKEY_CTX *pctx = NULL;
2290 EVP_PKEY *pkey = NULL;
2291 int ret = 0;
2292
2293 /*
2294 * Setup the parameters for our DSA object. For our purposes they don't
2295 * have to actually be *valid* parameters. We just need to set something.
2296 */
2297 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2298 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2299 || !TEST_ptr(p = BN_new())
2300 || !TEST_ptr(q = BN_new())
2301 || !TEST_ptr(g = BN_new())
2302 || !TEST_ptr(pub = BN_new())
2303 || !TEST_ptr(priv = BN_new()))
2304 goto err;
2305 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2306 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2307 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2308 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2309 pub))
2310 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2311 priv)))
2312 goto err;
2313 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2314 goto err;
2315
2316 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2317 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2318 params), 0))
2319 goto err;
2320
2321 if (!TEST_ptr(pkey))
2322 goto err;
2323
2324 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2325
2326 err:
2327 EVP_PKEY_free(pkey);
2328 EVP_PKEY_CTX_free(pctx);
2329 OSSL_PARAM_free(params);
2330 OSSL_PARAM_BLD_free(bld);
2331 BN_free(p);
2332 BN_free(q);
2333 BN_free(g);
2334 BN_free(pub);
2335 BN_free(priv);
2336
2337 return ret;
2338 }
2339
2340 /*
2341 * Test combinations of private, public, missing and private + public key
2342 * params to ensure they are all accepted
2343 */
2344 static int test_DSA_priv_pub(void)
2345 {
2346 return test_EVP_PKEY_ffc_priv_pub("DSA");
2347 }
2348
2349 #endif /* !OPENSSL_NO_DSA */
2350
2351 static int test_RSA_get_set_params(void)
2352 {
2353 OSSL_PARAM_BLD *bld = NULL;
2354 OSSL_PARAM *params = NULL;
2355 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2356 EVP_PKEY_CTX *pctx = NULL;
2357 EVP_PKEY *pkey = NULL;
2358 int ret = 0;
2359
2360 /*
2361 * Setup the parameters for our RSA object. For our purposes they don't
2362 * have to actually be *valid* parameters. We just need to set something.
2363 */
2364 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2365 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2366 || !TEST_ptr(n = BN_new())
2367 || !TEST_ptr(e = BN_new())
2368 || !TEST_ptr(d = BN_new()))
2369 goto err;
2370 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2371 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2372 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2373 goto err;
2374 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2375 goto err;
2376
2377 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2378 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2379 params), 0))
2380 goto err;
2381
2382 if (!TEST_ptr(pkey))
2383 goto err;
2384
2385 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2386
2387 err:
2388 EVP_PKEY_free(pkey);
2389 EVP_PKEY_CTX_free(pctx);
2390 OSSL_PARAM_free(params);
2391 OSSL_PARAM_BLD_free(bld);
2392 BN_free(n);
2393 BN_free(e);
2394 BN_free(d);
2395
2396 return ret;
2397 }
2398
2399 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2400 static int test_decrypt_null_chunks(void)
2401 {
2402 EVP_CIPHER_CTX* ctx = NULL;
2403 EVP_CIPHER *cipher = NULL;
2404 const unsigned char key[32] = {
2405 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2406 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2407 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2408 };
2409 unsigned char iv[12] = {
2410 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2411 };
2412 unsigned char msg[] = "It was the best of times, it was the worst of times";
2413 unsigned char ciphertext[80];
2414 unsigned char plaintext[80];
2415 /* We initialise tmp to a non zero value on purpose */
2416 int ctlen, ptlen, tmp = 99;
2417 int ret = 0;
2418 const int enc_offset = 10, dec_offset = 20;
2419
2420 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2421 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2422 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
2423 key, iv))
2424 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2425 enc_offset))
2426 /* Deliberate add a zero length update */
2427 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2428 0))
2429 || !TEST_int_eq(tmp, 0)
2430 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2431 msg + enc_offset,
2432 sizeof(msg) - enc_offset))
2433 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2434 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2435 || !TEST_int_eq(tmp, 0))
2436 goto err;
2437
2438 /* Deliberately initialise tmp to a non zero value */
2439 tmp = 99;
2440 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
2441 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2442 dec_offset))
2443 /*
2444 * Deliberately add a zero length update. We also deliberately do
2445 * this at a different offset than for encryption.
2446 */
2447 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2448 0))
2449 || !TEST_int_eq(tmp, 0)
2450 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2451 ciphertext + dec_offset,
2452 ctlen - dec_offset))
2453 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2454 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2455 || !TEST_int_eq(tmp, 0)
2456 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2457 goto err;
2458
2459 ret = 1;
2460 err:
2461 EVP_CIPHER_CTX_free(ctx);
2462 EVP_CIPHER_free(cipher);
2463 return ret;
2464 }
2465 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2466
2467 #ifndef OPENSSL_NO_DH
2468 /*
2469 * Test combinations of private, public, missing and private + public key
2470 * params to ensure they are all accepted
2471 */
2472 static int test_DH_priv_pub(void)
2473 {
2474 return test_EVP_PKEY_ffc_priv_pub("DH");
2475 }
2476
2477 # ifndef OPENSSL_NO_DEPRECATED_3_0
2478 static int test_EVP_PKEY_set1_DH(void)
2479 {
2480 DH *x942dh = NULL, *noqdh = NULL;
2481 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
2482 int ret = 0;
2483 BIGNUM *p, *g = NULL;
2484 BIGNUM *pubkey = NULL;
2485 unsigned char pub[2048 / 8];
2486 size_t len = 0;
2487
2488 if (!TEST_ptr(p = BN_new())
2489 || !TEST_ptr(g = BN_new())
2490 || !TEST_ptr(pubkey = BN_new())
2491 || !TEST_true(BN_set_word(p, 9999))
2492 || !TEST_true(BN_set_word(g, 2))
2493 || !TEST_true(BN_set_word(pubkey, 4321))
2494 || !TEST_ptr(noqdh = DH_new())
2495 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
2496 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
2497 || !TEST_ptr(pubkey = BN_new())
2498 || !TEST_true(BN_set_word(pubkey, 4321)))
2499 goto err;
2500 p = g = NULL;
2501
2502 x942dh = DH_get_2048_256();
2503 pkey1 = EVP_PKEY_new();
2504 pkey2 = EVP_PKEY_new();
2505 if (!TEST_ptr(x942dh)
2506 || !TEST_ptr(noqdh)
2507 || !TEST_ptr(pkey1)
2508 || !TEST_ptr(pkey2)
2509 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
2510 goto err;
2511 pubkey = NULL;
2512
2513 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2514 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
2515 goto err;
2516
2517 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
2518 &pubkey))
2519 || !TEST_ptr(pubkey))
2520 goto err;
2521
2522 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
2523 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
2524 goto err;
2525
2526 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
2527 OSSL_PKEY_PARAM_PUB_KEY,
2528 pub, sizeof(pub), &len))
2529 || !TEST_size_t_ne(len, 0))
2530 goto err;
2531
2532 ret = 1;
2533 err:
2534 BN_free(p);
2535 BN_free(g);
2536 BN_free(pubkey);
2537 EVP_PKEY_free(pkey1);
2538 EVP_PKEY_free(pkey2);
2539 DH_free(x942dh);
2540 DH_free(noqdh);
2541
2542 return ret;
2543 }
2544 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2545 #endif /* !OPENSSL_NO_DH */
2546
2547 /*
2548 * We test what happens with an empty template. For the sake of this test,
2549 * the template must be ignored, and we know that's the case for RSA keys
2550 * (this might arguably be a misfeature, but that's what we currently do,
2551 * even in provider code, since that's how the legacy RSA implementation
2552 * does things)
2553 */
2554 static int test_keygen_with_empty_template(int n)
2555 {
2556 EVP_PKEY_CTX *ctx = NULL;
2557 EVP_PKEY *pkey = NULL;
2558 EVP_PKEY *tkey = NULL;
2559 int ret = 0;
2560
2561 if (nullprov != NULL)
2562 return TEST_skip("Test does not support a non-default library context");
2563
2564 switch (n) {
2565 case 0:
2566 /* We do test with no template at all as well */
2567 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2568 goto err;
2569 break;
2570 case 1:
2571 /* Here we create an empty RSA key that serves as our template */
2572 if (!TEST_ptr(tkey = EVP_PKEY_new())
2573 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2574 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2575 goto err;
2576 break;
2577 }
2578
2579 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2580 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2581 goto err;
2582
2583 ret = 1;
2584 err:
2585 EVP_PKEY_CTX_free(ctx);
2586 EVP_PKEY_free(pkey);
2587 EVP_PKEY_free(tkey);
2588 return ret;
2589 }
2590
2591 /*
2592 * Test that we fail if we attempt to use an algorithm that is not available
2593 * in the current library context (unless we are using an algorithm that
2594 * should be made available via legacy codepaths).
2595 *
2596 * 0: RSA
2597 * 1: SM2
2598 */
2599 static int test_pkey_ctx_fail_without_provider(int tst)
2600 {
2601 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
2602 OSSL_PROVIDER *tmpnullprov = NULL;
2603 EVP_PKEY_CTX *pctx = NULL;
2604 const char *keytype = NULL;
2605 int expect_null = 0;
2606 int ret = 0;
2607
2608 if (!TEST_ptr(tmpctx))
2609 goto err;
2610
2611 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
2612 if (!TEST_ptr(tmpnullprov))
2613 goto err;
2614
2615 /*
2616 * We check for certain algos in the null provider.
2617 * If an algo is expected to have a provider keymgmt, contructing an
2618 * EVP_PKEY_CTX is expected to fail (return NULL).
2619 * Otherwise, if it's expected to have legacy support, contructing an
2620 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2621 */
2622 switch (tst) {
2623 case 0:
2624 keytype = "RSA";
2625 expect_null = 1;
2626 break;
2627 case 1:
2628 keytype = "SM2";
2629 expect_null = 1;
2630 #ifdef OPENSSL_NO_EC
2631 TEST_info("EC disable, skipping SM2 check...");
2632 goto end;
2633 #endif
2634 #ifdef OPENSSL_NO_SM2
2635 TEST_info("SM2 disable, skipping SM2 check...");
2636 goto end;
2637 #endif
2638 break;
2639 default:
2640 TEST_error("No test for case %d", tst);
2641 goto err;
2642 }
2643
2644 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2645 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
2646 goto err;
2647
2648 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2649 end:
2650 #endif
2651 ret = 1;
2652
2653 err:
2654 EVP_PKEY_CTX_free(pctx);
2655 OSSL_PROVIDER_unload(tmpnullprov);
2656 OSSL_LIB_CTX_free(tmpctx);
2657 return ret;
2658 }
2659
2660 static int test_rand_agglomeration(void)
2661 {
2662 EVP_RAND *rand;
2663 EVP_RAND_CTX *ctx;
2664 OSSL_PARAM params[3], *p = params;
2665 int res;
2666 unsigned int step = 7;
2667 static unsigned char seed[] = "It does not matter how slowly you go "
2668 "as long as you do not stop.";
2669 unsigned char out[sizeof(seed)];
2670
2671 if (!TEST_int_ne(sizeof(seed) % step, 0)
2672 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
2673 return 0;
2674 ctx = EVP_RAND_CTX_new(rand, NULL);
2675 EVP_RAND_free(rand);
2676 if (!TEST_ptr(ctx))
2677 return 0;
2678
2679 memset(out, 0, sizeof(out));
2680 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2681 seed, sizeof(seed));
2682 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
2683 *p = OSSL_PARAM_construct_end();
2684 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
2685 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
2686 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
2687 EVP_RAND_CTX_free(ctx);
2688 return res;
2689 }
2690
2691 /*
2692 * Test that we correctly return the original or "running" IV after
2693 * an encryption operation.
2694 * Run multiple times for some different relevant algorithms/modes.
2695 */
2696 static int test_evp_iv_aes(int idx)
2697 {
2698 int ret = 0;
2699 EVP_CIPHER_CTX *ctx = NULL;
2700 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2701 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2702 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
2703 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2704 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2705 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2706 9, 10, 11, 12, 13, 14, 15, 16 };
2707 unsigned char ciphertext[32], oiv[16], iv[16];
2708 unsigned char *ref_iv;
2709 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2710 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2711
2712 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2713 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2714 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
2715 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
2716 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2717 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2718 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2719 #ifndef OPENSSL_NO_OCB
2720 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2721 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2722 #endif
2723 int len = sizeof(ciphertext);
2724 size_t ivlen, ref_len;
2725 const EVP_CIPHER *type = NULL;
2726 int iv_reset = 0;
2727
2728 if (nullprov != NULL && idx < 6)
2729 return TEST_skip("Test does not support a non-default library context");
2730
2731 switch(idx) {
2732 case 0:
2733 type = EVP_aes_128_cbc();
2734 /* FALLTHROUGH */
2735 case 6:
2736 type = (type != NULL) ? type :
2737 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
2738 ref_iv = cbc_state;
2739 ref_len = sizeof(cbc_state);
2740 iv_reset = 1;
2741 break;
2742 case 1:
2743 type = EVP_aes_128_ofb();
2744 /* FALLTHROUGH */
2745 case 7:
2746 type = (type != NULL) ? type :
2747 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
2748 ref_iv = ofb_state;
2749 ref_len = sizeof(ofb_state);
2750 iv_reset = 1;
2751 break;
2752 case 2:
2753 type = EVP_aes_128_cfb();
2754 /* FALLTHROUGH */
2755 case 8:
2756 type = (type != NULL) ? type :
2757 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
2758 ref_iv = cfb_state;
2759 ref_len = sizeof(cfb_state);
2760 iv_reset = 1;
2761 break;
2762 case 3:
2763 type = EVP_aes_128_gcm();
2764 /* FALLTHROUGH */
2765 case 9:
2766 type = (type != NULL) ? type :
2767 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
2768 ref_iv = gcm_state;
2769 ref_len = sizeof(gcm_state);
2770 break;
2771 case 4:
2772 type = EVP_aes_128_ccm();
2773 /* FALLTHROUGH */
2774 case 10:
2775 type = (type != NULL) ? type :
2776 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
2777 ref_iv = ccm_state;
2778 ref_len = sizeof(ccm_state);
2779 break;
2780 #ifdef OPENSSL_NO_OCB
2781 case 5:
2782 case 11:
2783 return 1;
2784 #else
2785 case 5:
2786 type = EVP_aes_128_ocb();
2787 /* FALLTHROUGH */
2788 case 11:
2789 type = (type != NULL) ? type :
2790 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
2791 ref_iv = ocb_state;
2792 ref_len = sizeof(ocb_state);
2793 break;
2794 #endif
2795 default:
2796 return 0;
2797 }
2798
2799 if (!TEST_ptr(type)
2800 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2801 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2802 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2803 (int)sizeof(msg)))
2804 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2805 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
2806 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2807 goto err;
2808 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
2809 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2810 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2811 goto err;
2812
2813 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
2814 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
2815 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
2816 goto err;
2817 if (iv_reset) {
2818 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
2819 goto err;
2820 } else {
2821 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
2822 goto err;
2823 }
2824
2825 ret = 1;
2826 err:
2827 EVP_CIPHER_CTX_free(ctx);
2828 if (idx >= 6)
2829 EVP_CIPHER_free((EVP_CIPHER *)type);
2830 return ret;
2831 }
2832
2833 #ifndef OPENSSL_NO_DES
2834 static int test_evp_iv_des(int idx)
2835 {
2836 int ret = 0;
2837 EVP_CIPHER_CTX *ctx = NULL;
2838 static const unsigned char key[24] = {
2839 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
2840 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
2841 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2842 };
2843 static const unsigned char init_iv[8] = {
2844 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2845 };
2846 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2847 9, 10, 11, 12, 13, 14, 15, 16 };
2848 unsigned char ciphertext[32], oiv[8], iv[8];
2849 unsigned const char *ref_iv;
2850 static const unsigned char cbc_state_des[8] = {
2851 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
2852 };
2853 static const unsigned char cbc_state_3des[8] = {
2854 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
2855 };
2856 static const unsigned char ofb_state_des[8] = {
2857 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
2858 };
2859 static const unsigned char ofb_state_3des[8] = {
2860 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
2861 };
2862 static const unsigned char cfb_state_des[8] = {
2863 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
2864 };
2865 static const unsigned char cfb_state_3des[8] = {
2866 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
2867 };
2868 int len = sizeof(ciphertext);
2869 size_t ivlen, ref_len;
2870 EVP_CIPHER *type = NULL;
2871
2872 if (lgcyprov == NULL && idx < 3)
2873 return TEST_skip("Test requires legacy provider to be loaded");
2874
2875 switch(idx) {
2876 case 0:
2877 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
2878 ref_iv = cbc_state_des;
2879 ref_len = sizeof(cbc_state_des);
2880 break;
2881 case 1:
2882 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
2883 ref_iv = ofb_state_des;
2884 ref_len = sizeof(ofb_state_des);
2885 break;
2886 case 2:
2887 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
2888 ref_iv = cfb_state_des;
2889 ref_len = sizeof(cfb_state_des);
2890 break;
2891 case 3:
2892 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
2893 ref_iv = cbc_state_3des;
2894 ref_len = sizeof(cbc_state_3des);
2895 break;
2896 case 4:
2897 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
2898 ref_iv = ofb_state_3des;
2899 ref_len = sizeof(ofb_state_3des);
2900 break;
2901 case 5:
2902 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
2903 ref_iv = cfb_state_3des;
2904 ref_len = sizeof(cfb_state_3des);
2905 break;
2906 default:
2907 return 0;
2908 }
2909
2910 if (!TEST_ptr(type)
2911 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2912 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2913 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2914 (int)sizeof(msg)))
2915 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2916 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
2917 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2918 goto err;
2919 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
2920 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2921 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2922 goto err;
2923
2924 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
2925 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
2926 goto err;
2927 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
2928 goto err;
2929
2930 ret = 1;
2931 err:
2932 EVP_CIPHER_CTX_free(ctx);
2933 EVP_CIPHER_free(type);
2934 return ret;
2935 }
2936 #endif
2937
2938 #ifndef OPENSSL_NO_EC
2939 static int ecpub_nids[] = {
2940 NID_brainpoolP256r1, NID_X9_62_prime256v1,
2941 NID_secp384r1, NID_secp521r1,
2942 # ifndef OPENSSL_NO_EC2M
2943 NID_sect233k1, NID_sect233r1, NID_sect283r1,
2944 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
2945 # endif
2946 NID_brainpoolP384r1, NID_brainpoolP512r1
2947 };
2948
2949 static int test_ecpub(int idx)
2950 {
2951 int ret = 0, len, savelen;
2952 int nid;
2953 unsigned char buf[1024];
2954 unsigned char *p;
2955 EVP_PKEY *pkey = NULL;
2956 EVP_PKEY_CTX *ctx = NULL;
2957 # ifndef OPENSSL_NO_DEPRECATED_3_0
2958 const unsigned char *q;
2959 EVP_PKEY *pkey2 = NULL;
2960 EC_KEY *ec = NULL;
2961 # endif
2962
2963 if (nullprov != NULL)
2964 return TEST_skip("Test does not support a non-default library context");
2965
2966 nid = ecpub_nids[idx];
2967
2968 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
2969 if (!TEST_ptr(ctx)
2970 || !TEST_true(EVP_PKEY_keygen_init(ctx))
2971 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid))
2972 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
2973 goto done;
2974 len = i2d_PublicKey(pkey, NULL);
2975 savelen = len;
2976 if (!TEST_int_ge(len, 1)
2977 || !TEST_int_lt(len, 1024))
2978 goto done;
2979 p = buf;
2980 len = i2d_PublicKey(pkey, &p);
2981 if (!TEST_int_ge(len, 1)
2982 || !TEST_int_eq(len, savelen))
2983 goto done;
2984
2985 # ifndef OPENSSL_NO_DEPRECATED_3_0
2986 /* Now try to decode the just-created DER. */
2987 q = buf;
2988 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
2989 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
2990 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
2991 goto done;
2992 /* EC_KEY ownership transferred */
2993 ec = NULL;
2994 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
2995 goto done;
2996 /* The keys should match. */
2997 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
2998 goto done;
2999 # endif
3000
3001 ret = 1;
3002
3003 done:
3004 EVP_PKEY_CTX_free(ctx);
3005 EVP_PKEY_free(pkey);
3006 # ifndef OPENSSL_NO_DEPRECATED_3_0
3007 EVP_PKEY_free(pkey2);
3008 EC_KEY_free(ec);
3009 # endif
3010 return ret;
3011 }
3012 #endif
3013
3014 static int test_EVP_rsa_pss_with_keygen_bits(void)
3015 {
3016 int ret = 0;
3017 EVP_PKEY_CTX *ctx = NULL;
3018 EVP_PKEY *pkey = NULL;
3019 EVP_MD *md;
3020
3021 md = EVP_MD_fetch(testctx, "sha256", testpropq);
3022 ret = TEST_ptr(md)
3023 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", testpropq)))
3024 && TEST_true(EVP_PKEY_keygen_init(ctx))
3025 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
3026 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
3027 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
3028
3029 EVP_MD_free(md);
3030 EVP_PKEY_free(pkey);
3031 EVP_PKEY_CTX_free(ctx);
3032 return ret;
3033 }
3034
3035 static int success = 1;
3036 static void md_names(const char *name, void *vctx)
3037 {
3038 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
3039 /* Force a namemap update */
3040 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
3041
3042 if (!TEST_ptr(aes128))
3043 success = 0;
3044
3045 EVP_CIPHER_free(aes128);
3046 }
3047
3048 /*
3049 * Test that changing the namemap in a user callback works in a names_do_all
3050 * function.
3051 */
3052 static int test_names_do_all(void)
3053 {
3054 /* We use a custom libctx so that we know the state of the namemap */
3055 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
3056 EVP_MD *sha256 = NULL;
3057 int testresult = 0;
3058
3059 if (!TEST_ptr(ctx))
3060 goto err;
3061
3062 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
3063 if (!TEST_ptr(sha256))
3064 goto err;
3065
3066 /*
3067 * We loop through all the names for a given digest. This should still work
3068 * even if the namemap changes part way through.
3069 */
3070 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
3071 goto err;
3072
3073 if (!TEST_true(success))
3074 goto err;
3075
3076 testresult = 1;
3077 err:
3078 EVP_MD_free(sha256);
3079 OSSL_LIB_CTX_free(ctx);
3080 return testresult;
3081 }
3082
3083 typedef struct {
3084 const char *cipher;
3085 const unsigned char *key;
3086 const unsigned char *iv;
3087 const unsigned char *input;
3088 const unsigned char *expected;
3089 const unsigned char *tag;
3090 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3091 size_t inlen;
3092 size_t expectedlen;
3093 size_t taglen;
3094 int keyfirst;
3095 int initenc;
3096 int finalenc;
3097 } EVP_INIT_TEST_st;
3098
3099 static const EVP_INIT_TEST_st evp_init_tests[] = {
3100 {
3101 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3102 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3103 0, 1, 0, 1
3104 },
3105 {
3106 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3107 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3108 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3109 sizeof(gcmDefaultTag), 1, 0, 1
3110 },
3111 {
3112 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3113 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3114 0, 0, 0, 1
3115 },
3116 {
3117 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3118 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3119 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3120 sizeof(gcmDefaultTag), 0, 0, 1
3121 },
3122 {
3123 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3124 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3125 0, 1, 1, 0
3126 },
3127 {
3128 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3129 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3130 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3131 sizeof(gcmDefaultTag), 1, 1, 0
3132 },
3133 {
3134 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3135 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3136 0, 0, 1, 0
3137 },
3138 {
3139 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3140 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3141 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3142 sizeof(gcmDefaultTag), 0, 1, 0
3143 }
3144 };
3145
3146 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
3147 {
3148 int res = 0;
3149
3150 if (t->ivlen != 0) {
3151 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL)))
3152 goto err;
3153 }
3154 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
3155 goto err;
3156 res = 1;
3157 err:
3158 return res;
3159 }
3160
3161 /*
3162 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3163 * arguments are given one at a time and a final adjustment to the enc
3164 * parameter sets the correct operation.
3165 */
3166 static int test_evp_init_seq(int idx)
3167 {
3168 int outlen1, outlen2;
3169 int testresult = 0;
3170 unsigned char outbuf[1024];
3171 unsigned char tag[16];
3172 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
3173 EVP_CIPHER_CTX *ctx = NULL;
3174 EVP_CIPHER *type = NULL;
3175 size_t taglen = sizeof(tag);
3176 char *errmsg = NULL;
3177
3178 ctx = EVP_CIPHER_CTX_new();
3179 if (ctx == NULL) {
3180 errmsg = "CTX_ALLOC";
3181 goto err;
3182 }
3183 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
3184 errmsg = "CIPHER_FETCH";
3185 goto err;
3186 }
3187 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
3188 errmsg = "EMPTY_ENC_INIT";
3189 goto err;
3190 }
3191 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3192 errmsg = "PADDING";
3193 goto err;
3194 }
3195 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3196 errmsg = "KEY_INIT (before iv)";
3197 goto err;
3198 }
3199 if (!evp_init_seq_set_iv(ctx, t)) {
3200 errmsg = "IV_INIT";
3201 goto err;
3202 }
3203 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3204 errmsg = "KEY_INIT (after iv)";
3205 goto err;
3206 }
3207 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
3208 errmsg = "FINAL_ENC_INIT";
3209 goto err;
3210 }
3211 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3212 errmsg = "CIPHER_UPDATE";
3213 goto err;
3214 }
3215 if (t->finalenc == 0 && t->tag != NULL) {
3216 /* Set expected tag */
3217 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
3218 t->taglen, (void *)t->tag))) {
3219 errmsg = "SET_TAG";
3220 goto err;
3221 }
3222 }
3223 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3224 errmsg = "CIPHER_FINAL";
3225 goto err;
3226 }
3227 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3228 errmsg = "WRONG_RESULT";
3229 goto err;
3230 }
3231 if (t->finalenc != 0 && t->tag != NULL) {
3232 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3233 errmsg = "GET_TAG";
3234 goto err;
3235 }
3236 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
3237 errmsg = "TAG_ERROR";
3238 goto err;
3239 }
3240 }
3241 testresult = 1;
3242 err:
3243 if (errmsg != NULL)
3244 TEST_info("evp_init_test %d: %s", idx, errmsg);
3245 EVP_CIPHER_CTX_free(ctx);
3246 EVP_CIPHER_free(type);
3247 return testresult;
3248 }
3249
3250 typedef struct {
3251 const unsigned char *input;
3252 const unsigned char *expected;
3253 size_t inlen;
3254 size_t expectedlen;
3255 int enc;
3256 } EVP_RESET_TEST_st;
3257
3258 static const EVP_RESET_TEST_st evp_reset_tests[] = {
3259 {
3260 cfbPlaintext, cfbCiphertext,
3261 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
3262 },
3263 {
3264 cfbCiphertext, cfbPlaintext,
3265 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
3266 }
3267 };
3268
3269 /*
3270 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3271 * been used.
3272 */
3273 static int test_evp_reset(int idx)
3274 {
3275 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
3276 int outlen1, outlen2;
3277 int testresult = 0;
3278 unsigned char outbuf[1024];
3279 EVP_CIPHER_CTX *ctx = NULL;
3280 EVP_CIPHER *type = NULL;
3281 char *errmsg = NULL;
3282
3283 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3284 errmsg = "CTX_ALLOC";
3285 goto err;
3286 }
3287 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
3288 errmsg = "CIPHER_FETCH";
3289 goto err;
3290 }
3291 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3292 errmsg = "CIPHER_INIT";
3293 goto err;
3294 }
3295 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3296 errmsg = "PADDING";
3297 goto err;
3298 }
3299 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3300 errmsg = "CIPHER_UPDATE";
3301 goto err;
3302 }
3303 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3304 errmsg = "CIPHER_FINAL";
3305 goto err;
3306 }
3307 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3308 errmsg = "WRONG_RESULT";
3309 goto err;
3310 }
3311 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
3312 errmsg = "CIPHER_REINIT";
3313 goto err;
3314 }
3315 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3316 errmsg = "CIPHER_UPDATE (reinit)";
3317 goto err;
3318 }
3319 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3320 errmsg = "CIPHER_FINAL (reinit)";
3321 goto err;
3322 }
3323 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3324 errmsg = "WRONG_RESULT (reinit)";
3325 goto err;
3326 }
3327 testresult = 1;
3328 err:
3329 if (errmsg != NULL)
3330 TEST_info("test_evp_reset %d: %s", idx, errmsg);
3331 EVP_CIPHER_CTX_free(ctx);
3332 EVP_CIPHER_free(type);
3333 return testresult;
3334 }
3335
3336 typedef struct {
3337 const char *cipher;
3338 int enc;
3339 } EVP_UPDATED_IV_TEST_st;
3340
3341 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
3342 {
3343 "aes-128-cfb", 1
3344 },
3345 {
3346 "aes-128-cfb", 0
3347 },
3348 {
3349 "aes-128-cfb1", 1
3350 },
3351 {
3352 "aes-128-cfb1", 0
3353 },
3354 {
3355 "aes-128-cfb8", 1
3356 },
3357 {
3358 "aes-128-cfb8", 0
3359 },
3360 {
3361 "aes-128-ofb", 1
3362 },
3363 {
3364 "aes-128-ofb", 0
3365 },
3366 {
3367 "aes-128-ctr", 1
3368 },
3369 {
3370 "aes-128-ctr", 0
3371 },
3372 {
3373 "aes-128-cbc", 1
3374 },
3375 {
3376 "aes-128-cbc", 0
3377 }
3378 };
3379
3380 /*
3381 * Test that the IV in the context is updated during a crypto operation for CFB
3382 * and OFB.
3383 */
3384 static int test_evp_updated_iv(int idx)
3385 {
3386 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
3387 int outlen1, outlen2;
3388 int testresult = 0;
3389 unsigned char outbuf[1024];
3390 EVP_CIPHER_CTX *ctx = NULL;
3391 EVP_CIPHER *type = NULL;
3392 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
3393 int iv_len;
3394 char *errmsg = NULL;
3395
3396 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3397 errmsg = "CTX_ALLOC";
3398 goto err;
3399 }
3400 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
3401 TEST_info("cipher %s not supported, skipping", t->cipher);
3402 goto ok;
3403 }
3404
3405 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3406 errmsg = "CIPHER_INIT";
3407 goto err;
3408 }
3409 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3410 errmsg = "PADDING";
3411 goto err;
3412 }
3413 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
3414 errmsg = "CIPHER_UPDATE";
3415 goto err;
3416 }
3417 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
3418 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
3419 goto err;
3420 }
3421 if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) {
3422 errmsg = "CIPHER_CTX_GET_IV_LEN";
3423 goto err;
3424 }
3425 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
3426 errmsg = "IV_NOT_UPDATED";
3427 goto err;
3428 }
3429 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3430 errmsg = "CIPHER_FINAL";
3431 goto err;
3432 }
3433 ok:
3434 testresult = 1;
3435 err:
3436 if (errmsg != NULL)
3437 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
3438 EVP_CIPHER_CTX_free(ctx);
3439 EVP_CIPHER_free(type);
3440 return testresult;
3441 }
3442
3443 typedef struct {
3444 const unsigned char *iv1;
3445 const unsigned char *iv2;
3446 const unsigned char *expected1;
3447 const unsigned char *expected2;
3448 const unsigned char *tag1;
3449 const unsigned char *tag2;
3450 size_t ivlen1;
3451 size_t ivlen2;
3452 size_t expectedlen1;
3453 size_t expectedlen2;
3454 } TEST_GCM_IV_REINIT_st;
3455
3456 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
3457 {
3458 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
3459 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
3460 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
3461 },
3462 {
3463 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
3464 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
3465 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
3466 }
3467 };
3468
3469 static int test_gcm_reinit(int idx)
3470 {
3471 int outlen1, outlen2, outlen3;
3472 int testresult = 0;
3473 unsigned char outbuf[1024];
3474 unsigned char tag[16];
3475 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
3476 EVP_CIPHER_CTX *ctx = NULL;
3477 EVP_CIPHER *type = NULL;
3478 size_t taglen = sizeof(tag);
3479 char *errmsg = NULL;
3480
3481 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3482 errmsg = "CTX_ALLOC";
3483 goto err;
3484 }
3485 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
3486 errmsg = "CIPHER_FETCH";
3487 goto err;
3488 }
3489 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
3490 errmsg = "ENC_INIT";
3491 goto err;
3492 }
3493 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL))) {
3494 errmsg = "SET_IVLEN1";
3495 goto err;
3496 }
3497 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
3498 errmsg = "SET_IV1";
3499 goto err;
3500 }
3501 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3502 errmsg = "AAD1";
3503 goto err;
3504 }
3505 EVP_CIPHER_CTX_set_padding(ctx, 0);
3506 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3507 sizeof(gcmResetPlaintext)))) {
3508 errmsg = "CIPHER_UPDATE1";
3509 goto err;
3510 }
3511 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3512 errmsg = "CIPHER_FINAL1";
3513 goto err;
3514 }
3515 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
3516 errmsg = "WRONG_RESULT1";
3517 goto err;
3518 }
3519 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3520 errmsg = "GET_TAG1";
3521 goto err;
3522 }
3523 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
3524 errmsg = "TAG_ERROR1";
3525 goto err;
3526 }
3527 /* Now reinit */
3528 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL))) {
3529 errmsg = "SET_IVLEN2";
3530 goto err;
3531 }
3532 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
3533 errmsg = "SET_IV2";
3534 goto err;
3535 }
3536 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3537 errmsg = "AAD2";
3538 goto err;
3539 }
3540 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3541 sizeof(gcmResetPlaintext)))) {
3542 errmsg = "CIPHER_UPDATE2";
3543 goto err;
3544 }
3545 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3546 errmsg = "CIPHER_FINAL2";
3547 goto err;
3548 }
3549 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
3550 errmsg = "WRONG_RESULT2";
3551 goto err;
3552 }
3553 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3554 errmsg = "GET_TAG2";
3555 goto err;
3556 }
3557 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
3558 errmsg = "TAG_ERROR2";
3559 goto err;
3560 }
3561 testresult = 1;
3562 err:
3563 if (errmsg != NULL)
3564 TEST_info("evp_init_test %d: %s", idx, errmsg);
3565 EVP_CIPHER_CTX_free(ctx);
3566 EVP_CIPHER_free(type);
3567 return testresult;
3568 }
3569
3570 #ifndef OPENSSL_NO_DEPRECATED_3_0
3571 static EVP_PKEY_METHOD *custom_pmeth = NULL;
3572 static const EVP_PKEY_METHOD *orig_pmeth = NULL;
3573
3574 # define EVP_PKEY_CTRL_MY_COMMAND 9999
3575
3576 static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
3577 {
3578 int (*pinit)(EVP_PKEY_CTX *ctx);
3579
3580 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
3581 return pinit(ctx);
3582 }
3583
3584 static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
3585 {
3586 void (*pcleanup)(EVP_PKEY_CTX *ctx);
3587
3588 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
3589 pcleanup(ctx);
3590 }
3591
3592 static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
3593 size_t *outlen, const unsigned char *in,
3594 size_t inlen)
3595 {
3596 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
3597 const unsigned char *tbs, size_t tbslen);
3598
3599 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
3600 return psign(ctx, out, outlen, in, inlen);
3601 }
3602
3603 static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
3604 size_t *siglen, const unsigned char *tbs,
3605 size_t tbslen)
3606 {
3607 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
3608 const unsigned char *tbs, size_t tbslen);
3609
3610 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
3611 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
3612 }
3613
3614 static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
3615 size_t *keylen)
3616 {
3617 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
3618
3619 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
3620 return pderive(ctx, key, keylen);
3621 }
3622
3623 static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
3624 {
3625 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
3626
3627 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
3628 return pcopy(dst, src);
3629 }
3630
3631 static int ctrl_called;
3632
3633 static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
3634 {
3635 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
3636
3637 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
3638
3639 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
3640 ctrl_called = 1;
3641 return 1;
3642 }
3643
3644 return pctrl(ctx, type, p1, p2);
3645 }
3646
3647 static int test_custom_pmeth(int idx)
3648 {
3649 EVP_PKEY_CTX *pctx = NULL;
3650 EVP_MD_CTX *ctx = NULL;
3651 EVP_PKEY *pkey = NULL;
3652 int id, orig_id, orig_flags;
3653 int testresult = 0;
3654 size_t reslen;
3655 unsigned char *res = NULL;
3656 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
3657 const EVP_MD *md = EVP_sha256();
3658 int doderive = 0;
3659
3660 ctrl_called = 0;
3661
3662 /* We call deprecated APIs so this test doesn't support a custom libctx */
3663 if (testctx != NULL)
3664 return 1;
3665
3666 switch(idx) {
3667 case 0:
3668 case 6:
3669 id = EVP_PKEY_RSA;
3670 pkey = load_example_rsa_key();
3671 break;
3672 case 1:
3673 case 7:
3674 # ifndef OPENSSL_NO_DSA
3675 id = EVP_PKEY_DSA;
3676 pkey = load_example_dsa_key();
3677 break;
3678 # else
3679 return 1;
3680 # endif
3681 case 2:
3682 case 8:
3683 # ifndef OPENSSL_NO_EC
3684 id = EVP_PKEY_EC;
3685 pkey = load_example_ec_key();
3686 break;
3687 # else
3688 return 1;
3689 # endif
3690 case 3:
3691 case 9:
3692 # ifndef OPENSSL_NO_EC
3693 id = EVP_PKEY_ED25519;
3694 md = NULL;
3695 pkey = load_example_ed25519_key();
3696 break;
3697 # else
3698 return 1;
3699 # endif
3700 case 4:
3701 case 10:
3702 # ifndef OPENSSL_NO_DH
3703 id = EVP_PKEY_DH;
3704 doderive = 1;
3705 pkey = load_example_dh_key();
3706 break;
3707 # else
3708 return 1;
3709 # endif
3710 case 5:
3711 case 11:
3712 # ifndef OPENSSL_NO_EC
3713 id = EVP_PKEY_X25519;
3714 doderive = 1;
3715 pkey = load_example_x25519_key();
3716 break;
3717 # else
3718 return 1;
3719 # endif
3720 default:
3721 TEST_error("Should not happen");
3722 goto err;
3723 }
3724
3725 if (!TEST_ptr(pkey))
3726 goto err;
3727
3728 if (idx < 6) {
3729 if (!TEST_true(evp_pkey_is_provided(pkey)))
3730 goto err;
3731 } else {
3732 EVP_PKEY *tmp = pkey;
3733
3734 /* Convert to a legacy key */
3735 pkey = EVP_PKEY_new();
3736 if (!TEST_ptr(pkey)) {
3737 pkey = tmp;
3738 goto err;
3739 }
3740 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
3741 EVP_PKEY_free(tmp);
3742 goto err;
3743 }
3744 EVP_PKEY_free(tmp);
3745 if (!TEST_true(evp_pkey_is_legacy(pkey)))
3746 goto err;
3747 }
3748
3749 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
3750 || !TEST_ptr(pkey))
3751 goto err;
3752
3753 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
3754 if (!TEST_int_eq(orig_id, id)
3755 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
3756 goto err;
3757
3758 if (id == EVP_PKEY_ED25519) {
3759 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
3760 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
3761 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
3762 } else {
3763 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
3764 }
3765 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
3766 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
3767 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
3768 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
3769 }
3770 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
3771 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
3772 goto err;
3773
3774 if (doderive) {
3775 pctx = EVP_PKEY_CTX_new(pkey, NULL);
3776 if (!TEST_ptr(pctx)
3777 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
3778 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
3779 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
3780 1)
3781 || !TEST_int_eq(ctrl_called, 1)
3782 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
3783 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
3784 || !TEST_ptr(res = OPENSSL_malloc(reslen))
3785 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
3786 goto err;
3787 } else {
3788 ctx = EVP_MD_CTX_new();
3789 reslen = EVP_PKEY_size(pkey);
3790 res = OPENSSL_malloc(reslen);
3791 if (!TEST_ptr(ctx)
3792 || !TEST_ptr(res)
3793 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
3794 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
3795 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
3796 1)
3797 || !TEST_int_eq(ctrl_called, 1))
3798 goto err;
3799
3800 if (id == EVP_PKEY_ED25519) {
3801 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
3802 goto err;
3803 } else {
3804 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
3805 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
3806 goto err;
3807 }
3808 }
3809
3810 testresult = 1;
3811 err:
3812 OPENSSL_free(res);
3813 EVP_MD_CTX_free(ctx);
3814 if (doderive)
3815 EVP_PKEY_CTX_free(pctx);
3816 EVP_PKEY_free(pkey);
3817 EVP_PKEY_meth_remove(custom_pmeth);
3818 EVP_PKEY_meth_free(custom_pmeth);
3819 custom_pmeth = NULL;
3820 return testresult;
3821 }
3822
3823 static int test_evp_md_cipher_meth(void)
3824 {
3825 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
3826 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
3827 int testresult = 0;
3828
3829 if (!TEST_ptr(md) || !TEST_ptr(ciph))
3830 goto err;
3831
3832 testresult = 1;
3833
3834 err:
3835 EVP_MD_meth_free(md);
3836 EVP_CIPHER_meth_free(ciph);
3837
3838 return testresult;
3839 }
3840 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
3841
3842 typedef enum OPTION_choice {
3843 OPT_ERR = -1,
3844 OPT_EOF = 0,
3845 OPT_CONTEXT,
3846 OPT_TEST_ENUM
3847 } OPTION_CHOICE;
3848
3849 const OPTIONS *test_get_options(void)
3850 {
3851 static const OPTIONS options[] = {
3852 OPT_TEST_OPTIONS_DEFAULT_USAGE,
3853 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
3854 { NULL }
3855 };
3856 return options;
3857 }
3858
3859 int setup_tests(void)
3860 {
3861 OPTION_CHOICE o;
3862
3863 while ((o = opt_next()) != OPT_EOF) {
3864 switch (o) {
3865 case OPT_CONTEXT:
3866 /* Set up an alternate library context */
3867 testctx = OSSL_LIB_CTX_new();
3868 if (!TEST_ptr(testctx))
3869 return 0;
3870 /* Swap the libctx to test non-default context only */
3871 nullprov = OSSL_PROVIDER_load(NULL, "null");
3872 deflprov = OSSL_PROVIDER_load(testctx, "default");
3873 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
3874 break;
3875 case OPT_TEST_CASES:
3876 break;
3877 default:
3878 return 0;
3879 }
3880 }
3881
3882 ADD_TEST(test_EVP_set_default_properties);
3883 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
3884 ADD_TEST(test_EVP_DigestVerifyInit);
3885 ADD_TEST(test_EVP_Digest);
3886 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
3887 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
3888 ADD_TEST(test_privatekey_to_pkcs8);
3889 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
3890 #ifndef OPENSSL_NO_EC
3891 ADD_TEST(test_EVP_PKCS82PKEY);
3892 #endif
3893 #ifndef OPENSSL_NO_EC
3894 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
3895 #endif
3896 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
3897 ADD_TEST(test_EVP_SM2);
3898 ADD_TEST(test_EVP_SM2_verify);
3899 #endif
3900 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
3901 #ifndef OPENSSL_NO_DEPRECATED_3_0
3902 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
3903 if (!TEST_ptr(custom_pmeth))
3904 return 0;
3905 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
3906 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
3907 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
3908 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
3909 return 0;
3910 #endif
3911 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
3912 #ifndef OPENSSL_NO_CMAC
3913 ADD_TEST(test_CMAC_keygen);
3914 #endif
3915 ADD_TEST(test_HKDF);
3916 ADD_TEST(test_emptyikm_HKDF);
3917 #ifndef OPENSSL_NO_EC
3918 ADD_TEST(test_X509_PUBKEY_inplace);
3919 ADD_TEST(test_X509_PUBKEY_dup);
3920 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
3921 OSSL_NELEM(ec_der_pub_keys));
3922 #endif
3923 #ifndef OPENSSL_NO_DSA
3924 ADD_TEST(test_DSA_get_set_params);
3925 ADD_TEST(test_DSA_priv_pub);
3926 #endif
3927 ADD_TEST(test_RSA_get_set_params);
3928 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
3929 ADD_TEST(test_decrypt_null_chunks);
3930 #endif
3931 #ifndef OPENSSL_NO_DH
3932 ADD_TEST(test_DH_priv_pub);
3933 # ifndef OPENSSL_NO_DEPRECATED_3_0
3934 ADD_TEST(test_EVP_PKEY_set1_DH);
3935 # endif
3936 #endif
3937 #ifndef OPENSSL_NO_EC
3938 ADD_TEST(test_EC_priv_pub);
3939 # ifndef OPENSSL_NO_DEPRECATED_3_0
3940 ADD_TEST(test_EC_priv_only_legacy);
3941 # endif
3942 #endif
3943 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
3944 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
3945
3946 ADD_TEST(test_rand_agglomeration);
3947 ADD_ALL_TESTS(test_evp_iv_aes, 12);
3948 #ifndef OPENSSL_NO_DES
3949 ADD_ALL_TESTS(test_evp_iv_des, 6);
3950 #endif
3951 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
3952 #ifndef OPENSSL_NO_EC
3953 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
3954 #endif
3955
3956 ADD_TEST(test_names_do_all);
3957
3958 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
3959 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
3960 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
3961 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
3962
3963 #ifndef OPENSSL_NO_DEPRECATED_3_0
3964 ADD_ALL_TESTS(test_custom_pmeth, 12);
3965 ADD_TEST(test_evp_md_cipher_meth);
3966 #endif
3967
3968 return 1;
3969 }
3970
3971 void cleanup_tests(void)
3972 {
3973 OSSL_PROVIDER_unload(nullprov);
3974 OSSL_PROVIDER_unload(deflprov);
3975 OSSL_PROVIDER_unload(lgcyprov);
3976 OSSL_LIB_CTX_free(testctx);
3977 }
A mirror of the official openssl repository