/*
- * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#include "internal/nelem.h"
#include "internal/sizes.h"
#include "crypto/evp.h"
-#include "../e_os.h" /* strcasecmp */
static OSSL_LIB_CTX *testctx = NULL;
static char *testpropq = NULL;
0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
};
+/*
+ * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All
+ * values are 0.
+ */
+static const unsigned char kExampleBad2RSAKeyDER[] = {
+ 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
+ 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
+ 0x01, 0x00, 0x02, 0x01, 0x00
+};
+
static const unsigned char kMsg[] = { 1, 2, 3, 4 };
static const unsigned char kSignature[] = {
0},
{kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
0, 1, 1, 0},
+ {kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA,
+ 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0},
#ifndef OPENSSL_NO_EC
{kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
/* group is also associated in our pub key */
}
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
-static int test_fromdata(char *keytype, int selection, OSSL_PARAM *params)
+static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
{
EVP_PKEY_CTX *pctx = NULL;
- EVP_PKEY *pkey = NULL;
- int testresult = 0;
- int ret;
- BIO *bio = BIO_new(BIO_s_mem());
+ EVP_PKEY *tmp_pkey = NULL, *pkey = NULL;
if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
goto err;
if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
- || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
+ || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
params), 0))
goto err;
- if (!TEST_ptr(pkey))
+ if (!TEST_ptr(tmp_pkey))
goto err;
- /* Check we can use the resulting key */
+ pkey = tmp_pkey;
+ tmp_pkey = NULL;
+ err:
+ EVP_PKEY_free(tmp_pkey);
+ EVP_PKEY_CTX_free(pctx);
+ return pkey;
+}
+
+static int test_selection(EVP_PKEY *pkey, int selection)
+{
+ int testresult = 0;
+ int ret;
+ BIO *bio = BIO_new(BIO_s_mem());
+
ret = PEM_write_bio_PUBKEY(bio, pkey);
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
if (!TEST_true(ret))
testresult = 1;
err:
- EVP_PKEY_free(pkey);
- EVP_PKEY_CTX_free(pctx);
BIO_free(bio);
return testresult;
{
OSSL_PARAM_BLD *bld = NULL;
OSSL_PARAM *params = NULL;
+ EVP_PKEY *just_params = NULL;
+ EVP_PKEY *params_and_priv = NULL;
+ EVP_PKEY *params_and_pub = NULL;
+ EVP_PKEY *params_and_keypair = NULL;
BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
int ret = 0;
|| !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
|| !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
goto err;
- if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
+ if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
+ || !TEST_ptr(just_params = make_key_fromdata(keytype, params)))
goto err;
- if (!test_fromdata(keytype, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, params))
- goto err;
OSSL_PARAM_free(params);
- params = NULL;
OSSL_PARAM_BLD_free(bld);
+ params = NULL;
+ bld = NULL;
+
+ if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
+ || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
+ goto err;
/* Test priv and !pub */
if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
|| !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
priv)))
goto err;
- if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
+ if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
+ || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params)))
goto err;
- if (!test_fromdata(keytype, OSSL_KEYMGMT_SELECT_PRIVATE_KEY, params))
- goto err;
OSSL_PARAM_free(params);
- params = NULL;
OSSL_PARAM_BLD_free(bld);
+ params = NULL;
+ bld = NULL;
+
+ if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
+ || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
+ goto err;
/* Test !priv and pub */
if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
|| !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
pub)))
goto err;
- if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
+ if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
+ || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params)))
goto err;
- if (!test_fromdata(keytype, OSSL_KEYMGMT_SELECT_PUBLIC_KEY, params))
- goto err;
OSSL_PARAM_free(params);
- params = NULL;
OSSL_PARAM_BLD_free(bld);
+ params = NULL;
+ bld = NULL;
+
+ if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
+ || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
+ goto err;
/* Test priv and pub */
if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
|| !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
priv)))
goto err;
- if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
+ if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
+ || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params)))
goto err;
- if (!test_fromdata(keytype, EVP_PKEY_KEYPAIR, params))
+ if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
goto err;
ret = 1;
err:
OSSL_PARAM_free(params);
OSSL_PARAM_BLD_free(bld);
+ EVP_PKEY_free(just_params);
+ EVP_PKEY_free(params_and_priv);
+ EVP_PKEY_free(params_and_pub);
+ EVP_PKEY_free(params_and_keypair);
BN_free(p);
BN_free(q);
BN_free(g);
{
OSSL_PARAM_BLD *bld = NULL;
OSSL_PARAM *params = NULL;
+ EVP_PKEY *just_params = NULL;
+ EVP_PKEY *params_and_priv = NULL;
+ EVP_PKEY *params_and_pub = NULL;
+ EVP_PKEY *params_and_keypair = NULL;
BIGNUM *priv = NULL;
int ret = 0;
+ unsigned char *encoded = NULL;
/*
* Setup the parameters for our pkey object. For our purposes they don't
OSSL_PKEY_PARAM_GROUP_NAME,
"P-256", 0)))
goto err;
- if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
+ if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
+ || !TEST_ptr(just_params = make_key_fromdata("EC", params)))
goto err;
- if (!test_fromdata("EC", OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, params))
- goto err;
OSSL_PARAM_free(params);
- params = NULL;
OSSL_PARAM_BLD_free(bld);
+ params = NULL;
+ bld = NULL;
+
+ if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
+ || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
+ goto err;
/* Test priv and !pub */
if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
|| !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
priv)))
goto err;
- if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
+ if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
+ || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params)))
goto err;
+ OSSL_PARAM_free(params);
+ OSSL_PARAM_BLD_free(bld);
+ params = NULL;
+ bld = NULL;
+
/*
- * We indicate only parameters here. The "EVP_PKEY_fromdata" call will do
- * the private key anyway, but the subsequent PEM_write_bio_PrivateKey_ex
- * call is expected to fail because PEM_write_bio_PrivateKey_ex does not
- * support exporting a private EC key without a corresponding public key
+ * We indicate only parameters here, in spite of having built a key that
+ * has a private part, because the PEM_write_bio_PrivateKey_ex call is
+ * expected to fail because it does not support exporting a private EC
+ * key without a corresponding public key
*/
- if (!test_fromdata("EC", OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, params))
+ if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
+ || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
goto err;
- OSSL_PARAM_free(params);
- params = NULL;
- OSSL_PARAM_BLD_free(bld);
/* Test !priv and pub */
if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
OSSL_PKEY_PARAM_PUB_KEY,
ec_pub, sizeof(ec_pub))))
goto err;
- if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
+ if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
+ || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params)))
goto err;
- if (!test_fromdata("EC", OSSL_KEYMGMT_SELECT_PUBLIC_KEY, params))
- goto err;
OSSL_PARAM_free(params);
- params = NULL;
OSSL_PARAM_BLD_free(bld);
+ params = NULL;
+ bld = NULL;
+
+ if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
+ || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
+ goto err;
/* Test priv and pub */
if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
|| !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
priv)))
goto err;
- if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
+ if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
+ || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params)))
+ goto err;
+
+ if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
goto err;
- if (!test_fromdata("EC", EVP_PKEY_KEYPAIR, params))
+ /* Try key equality */
+ if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0)
+ || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub),
+ 0)
+ || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv),
+ 0)
+ || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair),
+ 0)
+ || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0)
+ || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0)
+ || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0)
+ || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0))
goto err;
+ /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */
+ if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0))
+ goto err;
+ OPENSSL_free(encoded);
+ encoded = NULL;
+ if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) {
+ OPENSSL_free(encoded);
+ encoded = NULL;
+ goto err;
+ }
+
ret = 1;
err:
OSSL_PARAM_free(params);
OSSL_PARAM_BLD_free(bld);
+ EVP_PKEY_free(just_params);
+ EVP_PKEY_free(params_and_priv);
+ EVP_PKEY_free(params_and_pub);
+ EVP_PKEY_free(params_and_keypair);
BN_free(priv);
return ret;
sizeof(kMsg))))
goto out;
}
- if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
+ if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
goto out;
/* Multiple calls to EVP_DigestVerifyFinal should work */
- if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
+ if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
goto out;
} else {
/*
if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
|| !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
- || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
- sizeof(kSignature))))
+ || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
+ sizeof(kSignature)), 0))
goto out;
/* test with reinitialization */
if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
|| !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
- || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
- sizeof(kSignature))))
+ || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
+ sizeof(kSignature)), 0))
goto out;
ret = 1;
return ret;
}
+#ifndef OPENSSL_NO_SIPHASH
+/* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
+static int test_siphash_digestsign(void)
+{
+ unsigned char key[16];
+ unsigned char buf[8], digest[8];
+ unsigned char expected[8] = {
+ 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
+ };
+ EVP_PKEY *pkey = NULL;
+ EVP_MD_CTX *mdctx = NULL;
+ EVP_PKEY_CTX *ctx = NULL;
+ int ret = 0;
+ size_t len = 8;
+
+ if (nullprov != NULL)
+ return TEST_skip("Test does not support a non-default library context");
+
+ memset(buf, 0, 8);
+ memset(key, 1, 16);
+ if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
+ key, 16)))
+ goto out;
+
+ if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
+ goto out;
+
+ if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
+ goto out;
+ if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
+ EVP_PKEY_CTRL_SET_DIGEST_SIZE,
+ 8, NULL), 1))
+ goto out;
+ /* reinitialize */
+ if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
+ goto out;
+ if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
+ goto out;
+ if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
+ goto out;
+ if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
+ goto out;
+
+ ret = 1;
+ out:
+ EVP_PKEY_free(pkey);
+ EVP_MD_CTX_free(mdctx);
+ return ret;
+}
+#endif
+
/*
* Test corner cases of EVP_DigestInit/Update/Final API call behavior.
*/
return ret;
}
+static int test_EVP_md_null(void)
+{
+ int ret = 0;
+ EVP_MD_CTX *md_ctx = NULL;
+ const EVP_MD *md_null = EVP_md_null();
+ unsigned char md_value[EVP_MAX_MD_SIZE];
+ unsigned int md_len = sizeof(md_value);
+
+ if (nullprov != NULL)
+ return TEST_skip("Test does not support a non-default library context");
+
+ if (!TEST_ptr(md_null)
+ || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
+ goto out;
+
+ if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
+ || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
+ || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
+ goto out;
+
+ if (!TEST_uint_eq(md_len, 0))
+ goto out;
+
+ ret = 1;
+ out:
+ EVP_MD_CTX_free(md_ctx);
+ return ret;
+}
+
static int test_d2i_AutoPrivateKey(int i)
{
int ret = 0;
return 0;
for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
- if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
+ if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
*enc = ec_encodings[i].encoding;
break;
}
/* Create key parameters */
if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
- || !TEST_true(EVP_PKEY_paramgen_init(pctx))
- || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
- || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
+ || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
+ || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0)
+ || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0)
|| !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))
|| !TEST_ptr(params))
goto done;
/* Create key */
if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
- || !TEST_true(EVP_PKEY_keygen_init(kctx))
+ || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
|| !TEST_true(EVP_PKEY_keygen(kctx, &key))
|| !TEST_ptr(key))
goto done;
}
#endif
-#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
+#if !defined(OPENSSL_NO_SM2)
static int test_EVP_SM2_verify(void)
{
if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
goto done;
- if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
+ if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
goto done;
rc = 1;
if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
goto done;
- if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
+ if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0))
goto done;
if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
pkeyparams, testpropq)))
goto done;
- if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
+ if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0))
goto done;
if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
goto done;
- if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
+ if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
+ goto done;
+
+ /*
+ * Try verify again with non-matching 0 length id but ensure that it can
+ * be set on the context and overrides the previous value.
+ */
+
+ if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
+ pkey)))
+ goto done;
+
+ if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0))
+ goto done;
+
+ if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
+ goto done;
+
+ if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
goto done;
/* now check encryption/decryption */
if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
goto done;
- if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
- ctext_len)))
+ if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
+ ctext_len), 0))
goto done;
if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
return ret;
}
+static int test_RSA_OAEP_set_get_params(void)
+{
+ int ret = 0;
+ EVP_PKEY *key = NULL;
+ EVP_PKEY_CTX *key_ctx = NULL;
+
+ if (nullprov != NULL)
+ return TEST_skip("Test does not support a non-default library context");
+
+ if (!TEST_ptr(key = load_example_rsa_key())
+ || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(0, key, 0)))
+ goto err;
+
+ {
+ int padding = RSA_PKCS1_OAEP_PADDING;
+ OSSL_PARAM params[4];
+
+ params[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE, &padding);
+ params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
+ OSSL_DIGEST_NAME_SHA2_256, 0);
+ params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
+ OSSL_DIGEST_NAME_SHA1, 0);
+ params[3] = OSSL_PARAM_construct_end();
+
+ if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params),0))
+ goto err;
+ }
+ {
+ OSSL_PARAM params[3];
+ char oaepmd[30] = { '\0' };
+ char mgf1md[30] = { '\0' };
+
+ params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
+ oaepmd, sizeof(oaepmd));
+ params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
+ mgf1md, sizeof(mgf1md));
+ params[2] = OSSL_PARAM_construct_end();
+
+ if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx, params)))
+ goto err;
+
+ if (!TEST_str_eq(oaepmd, OSSL_DIGEST_NAME_SHA2_256)
+ || !TEST_str_eq(mgf1md, OSSL_DIGEST_NAME_SHA1))
+ goto err;
+ }
+
+ ret = 1;
+
+ err:
+ EVP_PKEY_free(key);
+ EVP_PKEY_CTX_free(key_ctx);
+
+ return ret;
+}
+
#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
static int test_decrypt_null_chunks(void)
{
/*
* We check for certain algos in the null provider.
- * If an algo is expected to have a provider keymgmt, contructing an
+ * If an algo is expected to have a provider keymgmt, constructing an
* EVP_PKEY_CTX is expected to fail (return NULL).
- * Otherwise, if it's expected to have legacy support, contructing an
+ * Otherwise, if it's expected to have legacy support, constructing an
* EVP_PKEY_CTX is expected to succeed (return non-NULL).
*/
switch (tst) {
}
#endif
+#ifndef OPENSSL_NO_BF
+static int test_evp_bf_default_keylen(int idx)
+{
+ int ret = 0;
+ static const char *algos[4] = {
+ "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb"
+ };
+ int ivlen[4] = { 0, 8, 8, 8 };
+ EVP_CIPHER *cipher = NULL;
+
+ if (lgcyprov == NULL)
+ return TEST_skip("Test requires legacy provider to be loaded");
+
+ if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq))
+ || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16)
+ || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx]))
+ goto err;
+
+ ret = 1;
+err:
+ EVP_CIPHER_free(cipher);
+ return ret;
+}
+#endif
+
#ifndef OPENSSL_NO_EC
static int ecpub_nids[] = {
NID_brainpoolP256r1, NID_X9_62_prime256v1,
ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
if (!TEST_ptr(ctx)
- || !TEST_true(EVP_PKEY_keygen_init(ctx))
- || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid))
+ || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
+ || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0)
|| !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
goto done;
len = i2d_PublicKey(pkey, NULL);
md = EVP_MD_fetch(testctx, "sha256", testpropq);
ret = TEST_ptr(md)
- && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", testpropq)))
- && TEST_true(EVP_PKEY_keygen_init(ctx))
+ && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq)))
+ && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
&& TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
- && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
+ && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0)
&& TEST_true(EVP_PKEY_keygen(ctx, &pkey));
EVP_MD_free(md);
return ret;
}
+static int test_EVP_rsa_pss_set_saltlen(void)
+{
+ int ret = 0;
+ EVP_PKEY *pkey = NULL;
+ EVP_PKEY_CTX *pkey_ctx = NULL;
+ EVP_MD *sha256 = NULL;
+ EVP_MD_CTX *sha256_ctx = NULL;
+ int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
+ const int test_value = 32;
+
+ ret = TEST_ptr(pkey = load_example_rsa_key())
+ && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
+ && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
+ && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
+ && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
+ && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0)
+ && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0)
+ && TEST_int_eq(saltlen, test_value);
+
+ EVP_MD_CTX_free(sha256_ctx);
+ EVP_PKEY_free(pkey);
+ EVP_MD_free(sha256);
+
+ return ret;
+}
+
static int success = 1;
static void md_names(const char *name, void *vctx)
{
int res = 0;
if (t->ivlen != 0) {
- if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL)))
+ if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0))
goto err;
}
if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
}
if (t->finalenc == 0 && t->tag != NULL) {
/* Set expected tag */
- if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
- t->taglen, (void *)t->tag))) {
+ if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
+ t->taglen, (void *)t->tag), 0)) {
errmsg = "SET_TAG";
goto err;
}
goto err;
}
if (t->finalenc != 0 && t->tag != NULL) {
- if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
+ if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
errmsg = "GET_TAG";
goto err;
}
errmsg = "ENC_INIT";
goto err;
}
- if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL))) {
+ if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) {
errmsg = "SET_IVLEN1";
goto err;
}
errmsg = "WRONG_RESULT1";
goto err;
}
- if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
+ if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
errmsg = "GET_TAG1";
goto err;
}
goto err;
}
/* Now reinit */
- if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL))) {
+ if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) {
errmsg = "SET_IVLEN2";
goto err;
}
errmsg = "WRONG_RESULT2";
goto err;
}
- if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
+ if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
errmsg = "GET_TAG2";
goto err;
}
return testresult;
}
+typedef struct {
+ int data;
+} custom_dgst_ctx;
+
+static int custom_md_init_called = 0;
+static int custom_md_cleanup_called = 0;
+
+static int custom_md_init(EVP_MD_CTX *ctx)
+{
+ custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
+
+ if (p == NULL)
+ return 0;
+
+ custom_md_init_called++;
+ return 1;
+}
+
+static int custom_md_cleanup(EVP_MD_CTX *ctx)
+{
+ custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
+
+ if (p == NULL)
+ /* Nothing to do */
+ return 1;
+
+ custom_md_cleanup_called++;
+ return 1;
+}
+
+static int test_custom_md_meth(void)
+{
+ EVP_MD_CTX *mdctx = NULL;
+ EVP_MD *tmp = NULL;
+ char mess[] = "Test Message\n";
+ unsigned char md_value[EVP_MAX_MD_SIZE];
+ unsigned int md_len;
+ int testresult = 0;
+ int nid;
+
+ /*
+ * We are testing deprecated functions. We don't support a non-default
+ * library context in this test.
+ */
+ if (testctx != NULL)
+ return TEST_skip("Non-default libctx");
+
+ custom_md_init_called = custom_md_cleanup_called = 0;
+
+ nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
+ if (!TEST_int_ne(nid, NID_undef))
+ goto err;
+ tmp = EVP_MD_meth_new(nid, NID_undef);
+ if (!TEST_ptr(tmp))
+ goto err;
+
+ if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init))
+ || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup))
+ || !TEST_true(EVP_MD_meth_set_app_datasize(tmp,
+ sizeof(custom_dgst_ctx))))
+ goto err;
+
+ mdctx = EVP_MD_CTX_new();
+ if (!TEST_ptr(mdctx)
+ /*
+ * Initing our custom md and then initing another md should
+ * result in the init and cleanup functions of the custom md
+ * being called.
+ */
+ || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL))
+ || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
+ || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess)))
+ || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len))
+ || !TEST_int_eq(custom_md_init_called, 1)
+ || !TEST_int_eq(custom_md_cleanup_called, 1))
+ goto err;
+
+ testresult = 1;
+ err:
+ EVP_MD_CTX_free(mdctx);
+ EVP_MD_meth_free(tmp);
+ return testresult;
+}
+
+typedef struct {
+ int data;
+} custom_ciph_ctx;
+
+static int custom_ciph_init_called = 0;
+static int custom_ciph_cleanup_called = 0;
+
+static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
+
+ if (p == NULL)
+ return 0;
+
+ custom_ciph_init_called++;
+ return 1;
+}
+
+static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx)
+{
+ custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
+
+ if (p == NULL)
+ /* Nothing to do */
+ return 1;
+
+ custom_ciph_cleanup_called++;
+ return 1;
+}
+
+static int test_custom_ciph_meth(void)
+{
+ EVP_CIPHER_CTX *ciphctx = NULL;
+ EVP_CIPHER *tmp = NULL;
+ int testresult = 0;
+ int nid;
+
+ /*
+ * We are testing deprecated functions. We don't support a non-default
+ * library context in this test.
+ */
+ if (testctx != NULL)
+ return TEST_skip("Non-default libctx");
+
+ custom_ciph_init_called = custom_ciph_cleanup_called = 0;
+
+ nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph");
+ if (!TEST_int_ne(nid, NID_undef))
+ goto err;
+ tmp = EVP_CIPHER_meth_new(nid, 16, 16);
+ if (!TEST_ptr(tmp))
+ goto err;
+
+ if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init))
+ || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT))
+ || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup))
+ || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp,
+ sizeof(custom_ciph_ctx))))
+ goto err;
+
+ ciphctx = EVP_CIPHER_CTX_new();
+ if (!TEST_ptr(ciphctx)
+ /*
+ * Initing our custom cipher and then initing another cipher
+ * should result in the init and cleanup functions of the custom
+ * cipher being called.
+ */
+ || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1))
+ || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL,
+ NULL, NULL, 1))
+ || !TEST_int_eq(custom_ciph_init_called, 1)
+ || !TEST_int_eq(custom_ciph_cleanup_called, 1))
+ goto err;
+
+ testresult = 1;
+ err:
+ EVP_CIPHER_CTX_free(ciphctx);
+ EVP_CIPHER_meth_free(tmp);
+ return testresult;
+}
+
# ifndef OPENSSL_NO_DYNAMIC_ENGINE
/* Test we can create a signature keys with an associated ENGINE */
static int test_signatures_with_engine(int tst)
# endif /* OPENSSL_NO_DYNAMIC_ENGINE */
#endif /* OPENSSL_NO_DEPRECATED_3_0 */
+static int ecxnids[] = {
+ NID_X25519,
+ NID_X448,
+ NID_ED25519,
+ NID_ED448
+};
+
+/* Test that creating ECX keys with a short private key fails as expected */
+static int test_ecx_short_keys(int tst)
+{
+ unsigned char ecxkeydata = 1;
+ EVP_PKEY *pkey;
+
+
+ pkey = EVP_PKEY_new_raw_private_key(ecxnids[tst], NULL, &ecxkeydata, 1);
+ if (!TEST_ptr_null(pkey)) {
+ EVP_PKEY_free(pkey);
+ return 0;
+ }
+ return 1;
+}
+
typedef enum OPTION_choice {
OPT_ERR = -1,
OPT_EOF = 0,
ADD_TEST(test_EVP_set_default_properties);
ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
ADD_TEST(test_EVP_DigestVerifyInit);
+#ifndef OPENSSL_NO_SIPHASH
+ ADD_TEST(test_siphash_digestsign);
+#endif
ADD_TEST(test_EVP_Digest);
+ ADD_TEST(test_EVP_md_null);
ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
ADD_ALL_TESTS(test_EVP_Enveloped, 2);
ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
#ifndef OPENSSL_NO_EC
ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
#endif
-#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
+#if !defined(OPENSSL_NO_SM2)
ADD_TEST(test_EVP_SM2);
ADD_TEST(test_EVP_SM2_verify);
#endif
ADD_TEST(test_DSA_priv_pub);
#endif
ADD_TEST(test_RSA_get_set_params);
+ ADD_TEST(test_RSA_OAEP_set_get_params);
#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
ADD_TEST(test_decrypt_null_chunks);
#endif
ADD_ALL_TESTS(test_evp_iv_aes, 12);
#ifndef OPENSSL_NO_DES
ADD_ALL_TESTS(test_evp_iv_des, 6);
+#endif
+#ifndef OPENSSL_NO_BF
+ ADD_ALL_TESTS(test_evp_bf_default_keylen, 4);
#endif
ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
+ ADD_TEST(test_EVP_rsa_pss_set_saltlen);
#ifndef OPENSSL_NO_EC
ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
#endif
#ifndef OPENSSL_NO_DEPRECATED_3_0
ADD_ALL_TESTS(test_custom_pmeth, 12);
ADD_TEST(test_evp_md_cipher_meth);
+ ADD_TEST(test_custom_md_meth);
+ ADD_TEST(test_custom_ciph_meth);
# ifndef OPENSSL_NO_DYNAMIC_ENGINE
/* Tests only support the default libctx */
# endif
#endif
+ ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
+
return 1;
}