]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/evp_extra_test.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
EVP_PKEY_paramgen_init: fix return check
[thirdparty/openssl.git] / test / evp_extra_test.c
1 /*
2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
34 #include "testutil.h"
35 #include "internal/nelem.h"
36 #include "internal/sizes.h"
37 #include "crypto/evp.h"
38 #include "../e_os.h" /* strcasecmp */
39
40 static OSSL_LIB_CTX *testctx = NULL;
41 static char *testpropq = NULL;
42
43 static OSSL_PROVIDER *nullprov = NULL;
44 static OSSL_PROVIDER *deflprov = NULL;
45 static OSSL_PROVIDER *lgcyprov = NULL;
46
47 /*
48 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
49 * should never use this key anywhere but in an example.
50 */
51 static const unsigned char kExampleRSAKeyDER[] = {
52 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
53 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
54 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
55 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
56 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
57 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
58 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
59 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
60 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
61 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
62 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
63 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
64 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
65 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
66 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
67 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
68 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
69 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
70 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
71 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
72 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
73 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
74 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
75 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
76 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
77 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
78 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
79 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
80 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
81 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
82 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
83 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
84 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
85 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
86 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
87 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
88 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
89 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
90 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
91 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
92 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
93 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
94 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
95 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
96 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
97 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
98 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
99 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
100 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
101 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
102 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
103 };
104
105 /*
106 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
107 * should never use this key anywhere but in an example.
108 */
109 #ifndef OPENSSL_NO_DSA
110 static const unsigned char kExampleDSAKeyDER[] = {
111 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
112 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
113 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
114 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
115 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
116 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
117 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
118 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
119 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
120 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
121 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
122 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
123 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
124 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
125 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
126 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
127 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
128 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
129 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
130 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
131 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
132 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
133 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
134 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
135 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
136 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
137 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
138 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
139 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
140 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
141 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
142 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
143 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
144 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
145 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
146 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
147 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
148 0x40, 0x48
149 };
150 #endif
151
152 /*
153 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
154 * components are not correct.
155 */
156 static const unsigned char kExampleBadRSAKeyDER[] = {
157 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
158 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
159 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
160 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
161 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
162 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
163 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
164 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
165 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
166 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
167 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
168 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
169 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
170 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
171 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
172 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
173 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
174 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
175 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
176 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
177 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
178 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
179 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
180 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
181 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
182 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
183 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
184 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
185 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
186 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
187 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
188 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
189 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
190 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
191 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
192 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
193 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
194 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
195 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
196 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
197 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
198 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
199 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
200 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
201 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
202 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
203 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
204 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
205 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
206 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
207 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
208 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
209 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
210 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
211 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
212 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
213 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
214 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
215 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
216 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
217 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
218 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
219 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
220 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
221 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
222 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
223 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
224 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
225 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
226 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
227 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
228 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
229 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
230 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
231 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
232 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
233 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
234 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
235 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
236 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
237 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
238 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
239 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
240 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
241 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
242 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
243 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
244 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
245 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
246 };
247
248 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
249
250 static const unsigned char kSignature[] = {
251 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
252 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
253 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
254 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
255 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
256 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
257 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
258 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
259 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
260 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
261 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
262 };
263
264 /*
265 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
266 * PrivateKeyInfo.
267 */
268 static const unsigned char kExampleRSAKeyPKCS8[] = {
269 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
270 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
271 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
272 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
273 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
274 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
275 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
276 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
277 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
278 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
279 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
280 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
281 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
282 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
283 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
284 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
285 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
286 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
287 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
288 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
289 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
290 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
291 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
292 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
293 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
294 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
295 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
296 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
297 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
298 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
299 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
300 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
301 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
302 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
303 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
304 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
305 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
306 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
307 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
308 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
309 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
310 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
311 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
312 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
313 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
314 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
315 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
316 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
317 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
318 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
319 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
320 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
321 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
322 };
323
324 #ifndef OPENSSL_NO_EC
325 /*
326 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
327 * structure.
328 */
329 static const unsigned char kExampleECKeyDER[] = {
330 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
331 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
332 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
333 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
334 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
335 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
336 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
337 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
338 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
339 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
340 0xc1,
341 };
342
343 /*
344 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
345 * structure. The private key is equal to the order and will fail to import
346 */
347 static const unsigned char kExampleBadECKeyDER[] = {
348 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
349 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
350 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
351 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
352 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
353 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
354 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
355 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
356 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
357 };
358
359 /* prime256v1 */
360 static const unsigned char kExampleECPubKeyDER[] = {
361 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
362 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
363 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
364 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
365 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
366 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
367 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
368 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
369 };
370
371 /*
372 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
373 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
374 */
375 static const unsigned char kExampleBadECPubKeyDER[] = {
376 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
377 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
378 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
379 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
380 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
381 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
382 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
383 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
384 };
385
386 static const unsigned char pExampleECParamDER[] = {
387 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
388 };
389
390 static const unsigned char kExampleED25519KeyDER[] = {
391 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
392 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
393 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
394 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
395 };
396
397 static const unsigned char kExampleED25519PubKeyDER[] = {
398 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
399 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
400 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
401 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
402 };
403
404 # ifndef OPENSSL_NO_DEPRECATED_3_0
405 static const unsigned char kExampleX25519KeyDER[] = {
406 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
407 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
408 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
409 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
410 };
411 # endif
412 #endif
413
414 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
415 #ifndef OPENSSL_NO_DEPRECATED_3_0
416 # ifndef OPENSSL_NO_DH
417 static const unsigned char kExampleDHKeyDER[] = {
418 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
419 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
420 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
421 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
422 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
423 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
424 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
425 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
426 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
427 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
428 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
429 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
430 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
431 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
432 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
433 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
434 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
435 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
436 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
437 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
438 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
439 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
440 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
441 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
442 0x2e, 0x87, 0x2a, 0x0b, 0x7a
443 };
444 # endif
445 #endif
446
447 static const unsigned char kCFBDefaultKey[] = {
448 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
449 0x09, 0xCF, 0x4F, 0x3C
450 };
451
452 static const unsigned char kGCMDefaultKey[32] = { 0 };
453
454 static const unsigned char kGCMResetKey[] = {
455 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
456 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
457 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
458 };
459
460 static const unsigned char iCFBIV[] = {
461 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
462 0x0C, 0x0D, 0x0E, 0x0F
463 };
464
465 static const unsigned char iGCMDefaultIV[12] = { 0 };
466
467 static const unsigned char iGCMResetIV1[] = {
468 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
469 };
470
471 static const unsigned char iGCMResetIV2[] = {
472 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
473 };
474
475 static const unsigned char cfbPlaintext[] = {
476 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
477 0x73, 0x93, 0x17, 0x2A
478 };
479
480 static const unsigned char gcmDefaultPlaintext[16] = { 0 };
481
482 static const unsigned char gcmResetPlaintext[] = {
483 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
484 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
485 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
486 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
487 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
488 };
489
490 static const unsigned char cfbCiphertext[] = {
491 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
492 0xE8, 0x3C, 0xFB, 0x4A
493 };
494
495 static const unsigned char gcmDefaultCiphertext[] = {
496 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
497 0xba, 0xf3, 0x9d, 0x18
498 };
499
500 static const unsigned char gcmResetCiphertext1[] = {
501 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
502 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
503 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
504 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
505 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
506 };
507
508 static const unsigned char gcmResetCiphertext2[] = {
509 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
510 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
511 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
512 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
513 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
514 };
515
516 static const unsigned char gcmAAD[] = {
517 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
518 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
519 };
520
521 static const unsigned char gcmDefaultTag[] = {
522 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
523 0xd4, 0x8a, 0xb9, 0x19
524 };
525
526 static const unsigned char gcmResetTag1[] = {
527 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
528 0xfe, 0x2e, 0xa8, 0xf2
529 };
530
531 static const unsigned char gcmResetTag2[] = {
532 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
533 0xbb, 0x2d, 0x55, 0x1b
534 };
535
536 typedef struct APK_DATA_st {
537 const unsigned char *kder;
538 size_t size;
539 const char *keytype;
540 int evptype;
541 int check;
542 int pub_check;
543 int param_check;
544 int type; /* 0 for private, 1 for public, 2 for params */
545 } APK_DATA;
546
547 static APK_DATA keydata[] = {
548 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
549 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
550 #ifndef OPENSSL_NO_EC
551 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
552 #endif
553 };
554
555 static APK_DATA keycheckdata[] = {
556 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
557 0},
558 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
559 0, 1, 1, 0},
560 #ifndef OPENSSL_NO_EC
561 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
562 /* group is also associated in our pub key */
563 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
564 1, 1},
565 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
566 2},
567 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
568 EVP_PKEY_ED25519, 1, 1, 1, 0},
569 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
570 EVP_PKEY_ED25519, 0, 1, 1, 1},
571 #endif
572 };
573
574 static EVP_PKEY *load_example_key(const char *keytype,
575 const unsigned char *data, size_t data_len)
576 {
577 const unsigned char **pdata = &data;
578 EVP_PKEY *pkey = NULL;
579 OSSL_DECODER_CTX *dctx =
580 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
581 testctx, testpropq);
582
583 /* |pkey| will be NULL on error */
584 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
585 OSSL_DECODER_CTX_free(dctx);
586 return pkey;
587 }
588
589 static EVP_PKEY *load_example_rsa_key(void)
590 {
591 return load_example_key("RSA", kExampleRSAKeyDER,
592 sizeof(kExampleRSAKeyDER));
593 }
594
595 #ifndef OPENSSL_NO_DSA
596 static EVP_PKEY *load_example_dsa_key(void)
597 {
598 return load_example_key("DSA", kExampleDSAKeyDER,
599 sizeof(kExampleDSAKeyDER));
600 }
601 #endif
602
603 #ifndef OPENSSL_NO_EC
604 static EVP_PKEY *load_example_ec_key(void)
605 {
606 return load_example_key("EC", kExampleECKeyDER,
607 sizeof(kExampleECKeyDER));
608 }
609 #endif
610
611 #ifndef OPENSSL_NO_DEPRECATED_3_0
612 # ifndef OPENSSL_NO_DH
613 static EVP_PKEY *load_example_dh_key(void)
614 {
615 return load_example_key("DH", kExampleDHKeyDER,
616 sizeof(kExampleDHKeyDER));
617 }
618 # endif
619
620 # ifndef OPENSSL_NO_EC
621 static EVP_PKEY *load_example_ed25519_key(void)
622 {
623 return load_example_key("ED25519", kExampleED25519KeyDER,
624 sizeof(kExampleED25519KeyDER));
625 }
626
627 static EVP_PKEY *load_example_x25519_key(void)
628 {
629 return load_example_key("X25519", kExampleX25519KeyDER,
630 sizeof(kExampleX25519KeyDER));
631 }
632 # endif
633 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
634
635 static EVP_PKEY *load_example_hmac_key(void)
636 {
637 EVP_PKEY *pkey = NULL;
638 unsigned char key[] = {
639 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
640 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
641 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
642 };
643
644 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
645 NULL, key, sizeof(key));
646 if (!TEST_ptr(pkey))
647 return NULL;
648
649 return pkey;
650 }
651
652 static int test_EVP_set_default_properties(void)
653 {
654 OSSL_LIB_CTX *ctx;
655 EVP_MD *md = NULL;
656 int res = 0;
657
658 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
659 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
660 goto err;
661 EVP_MD_free(md);
662 md = NULL;
663
664 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
665 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
666 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
667 goto err;
668 EVP_MD_free(md);
669 md = NULL;
670
671 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
672 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
673 goto err;
674 res = 1;
675 err:
676 EVP_MD_free(md);
677 OSSL_LIB_CTX_free(ctx);
678 return res;
679 }
680
681 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
682 static int test_fromdata(char *keytype, int selection, OSSL_PARAM *params)
683 {
684 EVP_PKEY_CTX *pctx = NULL;
685 EVP_PKEY *pkey = NULL;
686 int testresult = 0;
687 int ret;
688 BIO *bio = BIO_new(BIO_s_mem());
689
690 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
691 goto err;
692 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
693 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
694 params), 0))
695 goto err;
696
697 if (!TEST_ptr(pkey))
698 goto err;
699
700 /* Check we can use the resulting key */
701 ret = PEM_write_bio_PUBKEY(bio, pkey);
702 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
703 if (!TEST_true(ret))
704 goto err;
705 } else {
706 if (!TEST_false(ret))
707 goto err;
708 }
709 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
710 testctx, NULL);
711 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
712 if (!TEST_true(ret))
713 goto err;
714 } else {
715 if (!TEST_false(ret))
716 goto err;
717 }
718
719 testresult = 1;
720 err:
721 EVP_PKEY_free(pkey);
722 EVP_PKEY_CTX_free(pctx);
723 BIO_free(bio);
724
725 return testresult;
726 }
727 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
728
729 /*
730 * Test combinations of private, public, missing and private + public key
731 * params to ensure they are all accepted
732 */
733 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
734 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
735 {
736 OSSL_PARAM_BLD *bld = NULL;
737 OSSL_PARAM *params = NULL;
738 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
739 int ret = 0;
740
741 /*
742 * Setup the parameters for our pkey object. For our purposes they don't
743 * have to actually be *valid* parameters. We just need to set something.
744 */
745 if (!TEST_ptr(p = BN_new())
746 || !TEST_ptr(q = BN_new())
747 || !TEST_ptr(g = BN_new())
748 || !TEST_ptr(pub = BN_new())
749 || !TEST_ptr(priv = BN_new()))
750 goto err;
751
752 /* Test !priv and !pub */
753 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
754 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
755 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
756 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
757 goto err;
758 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
759 goto err;
760
761 if (!test_fromdata(keytype, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, params))
762 goto err;
763 OSSL_PARAM_free(params);
764 params = NULL;
765 OSSL_PARAM_BLD_free(bld);
766
767 /* Test priv and !pub */
768 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
769 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
770 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
771 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
772 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
773 priv)))
774 goto err;
775 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
776 goto err;
777
778 if (!test_fromdata(keytype, OSSL_KEYMGMT_SELECT_PRIVATE_KEY, params))
779 goto err;
780 OSSL_PARAM_free(params);
781 params = NULL;
782 OSSL_PARAM_BLD_free(bld);
783
784 /* Test !priv and pub */
785 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
786 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
787 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
788 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
789 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
790 pub)))
791 goto err;
792 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
793 goto err;
794
795 if (!test_fromdata(keytype, OSSL_KEYMGMT_SELECT_PUBLIC_KEY, params))
796 goto err;
797 OSSL_PARAM_free(params);
798 params = NULL;
799 OSSL_PARAM_BLD_free(bld);
800
801 /* Test priv and pub */
802 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
803 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
804 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
805 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
806 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
807 pub))
808 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
809 priv)))
810 goto err;
811 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
812 goto err;
813
814 if (!test_fromdata(keytype, EVP_PKEY_KEYPAIR, params))
815 goto err;
816
817 ret = 1;
818 err:
819 OSSL_PARAM_free(params);
820 OSSL_PARAM_BLD_free(bld);
821 BN_free(p);
822 BN_free(q);
823 BN_free(g);
824 BN_free(pub);
825 BN_free(priv);
826
827 return ret;
828 }
829 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
830
831 /*
832 * Test combinations of private, public, missing and private + public key
833 * params to ensure they are all accepted for EC keys
834 */
835 #ifndef OPENSSL_NO_EC
836 static unsigned char ec_priv[] = {
837 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
838 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
839 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
840 };
841 static unsigned char ec_pub[] = {
842 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
843 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
844 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
845 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
846 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
847 0x08, 0x09, 0xb8, 0xdb, 0x03
848 };
849
850 static int test_EC_priv_pub(void)
851 {
852 OSSL_PARAM_BLD *bld = NULL;
853 OSSL_PARAM *params = NULL;
854 BIGNUM *priv = NULL;
855 int ret = 0;
856
857 /*
858 * Setup the parameters for our pkey object. For our purposes they don't
859 * have to actually be *valid* parameters. We just need to set something.
860 */
861 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
862 goto err;
863
864 /* Test !priv and !pub */
865 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
866 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
867 OSSL_PKEY_PARAM_GROUP_NAME,
868 "P-256", 0)))
869 goto err;
870 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
871 goto err;
872
873 if (!test_fromdata("EC", OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, params))
874 goto err;
875 OSSL_PARAM_free(params);
876 params = NULL;
877 OSSL_PARAM_BLD_free(bld);
878
879 /* Test priv and !pub */
880 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
881 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
882 OSSL_PKEY_PARAM_GROUP_NAME,
883 "P-256", 0))
884 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
885 priv)))
886 goto err;
887 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
888 goto err;
889
890 /*
891 * We indicate only parameters here. The "EVP_PKEY_fromdata" call will do
892 * the private key anyway, but the subsequent PEM_write_bio_PrivateKey_ex
893 * call is expected to fail because PEM_write_bio_PrivateKey_ex does not
894 * support exporting a private EC key without a corresponding public key
895 */
896 if (!test_fromdata("EC", OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, params))
897 goto err;
898 OSSL_PARAM_free(params);
899 params = NULL;
900 OSSL_PARAM_BLD_free(bld);
901
902 /* Test !priv and pub */
903 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
904 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
905 OSSL_PKEY_PARAM_GROUP_NAME,
906 "P-256", 0))
907 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
908 OSSL_PKEY_PARAM_PUB_KEY,
909 ec_pub, sizeof(ec_pub))))
910 goto err;
911 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
912 goto err;
913
914 if (!test_fromdata("EC", OSSL_KEYMGMT_SELECT_PUBLIC_KEY, params))
915 goto err;
916 OSSL_PARAM_free(params);
917 params = NULL;
918 OSSL_PARAM_BLD_free(bld);
919
920 /* Test priv and pub */
921 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
922 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
923 OSSL_PKEY_PARAM_GROUP_NAME,
924 "P-256", 0))
925 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
926 OSSL_PKEY_PARAM_PUB_KEY,
927 ec_pub, sizeof(ec_pub)))
928 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
929 priv)))
930 goto err;
931 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
932 goto err;
933
934 if (!test_fromdata("EC", EVP_PKEY_KEYPAIR, params))
935 goto err;
936
937 ret = 1;
938 err:
939 OSSL_PARAM_free(params);
940 OSSL_PARAM_BLD_free(bld);
941 BN_free(priv);
942
943 return ret;
944 }
945
946 /* Test that using a legacy EC key with only a private key in it works */
947 # ifndef OPENSSL_NO_DEPRECATED_3_0
948 static int test_EC_priv_only_legacy(void)
949 {
950 BIGNUM *priv = NULL;
951 int ret = 0;
952 EC_KEY *eckey = NULL;
953 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
954 EVP_MD_CTX *ctx = NULL;
955
956 /* Create the low level EC_KEY */
957 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
958 goto err;
959
960 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
961 if (!TEST_ptr(eckey))
962 goto err;
963
964 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
965 goto err;
966
967 pkey = EVP_PKEY_new();
968 if (!TEST_ptr(pkey))
969 goto err;
970
971 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
972 goto err;
973 eckey = NULL;
974
975 while (dup_pk == NULL) {
976 ret = 0;
977 ctx = EVP_MD_CTX_new();
978 if (!TEST_ptr(ctx))
979 goto err;
980
981 /*
982 * The EVP_DigestSignInit function should create the key on the
983 * provider side which is sufficient for this test.
984 */
985 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
986 testpropq, pkey, NULL)))
987 goto err;
988 EVP_MD_CTX_free(ctx);
989 ctx = NULL;
990
991 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
992 goto err;
993 /* EVP_PKEY_eq() returns -2 with missing public keys */
994 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
995 EVP_PKEY_free(pkey);
996 pkey = dup_pk;
997 if (!ret)
998 goto err;
999 }
1000
1001 err:
1002 EVP_MD_CTX_free(ctx);
1003 EVP_PKEY_free(pkey);
1004 EC_KEY_free(eckey);
1005 BN_free(priv);
1006
1007 return ret;
1008 }
1009 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
1010 #endif /* OPENSSL_NO_EC */
1011
1012 static int test_EVP_PKEY_sign(int tst)
1013 {
1014 int ret = 0;
1015 EVP_PKEY *pkey = NULL;
1016 unsigned char *sig = NULL;
1017 size_t sig_len = 0, shortsig_len = 1;
1018 EVP_PKEY_CTX *ctx = NULL;
1019 unsigned char tbs[] = {
1020 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1021 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1022 };
1023
1024 if (tst == 0) {
1025 if (!TEST_ptr(pkey = load_example_rsa_key()))
1026 goto out;
1027 } else if (tst == 1) {
1028 #ifndef OPENSSL_NO_DSA
1029 if (!TEST_ptr(pkey = load_example_dsa_key()))
1030 goto out;
1031 #else
1032 ret = 1;
1033 goto out;
1034 #endif
1035 } else {
1036 #ifndef OPENSSL_NO_EC
1037 if (!TEST_ptr(pkey = load_example_ec_key()))
1038 goto out;
1039 #else
1040 ret = 1;
1041 goto out;
1042 #endif
1043 }
1044
1045 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1046 if (!TEST_ptr(ctx)
1047 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1048 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1049 sizeof(tbs)), 0))
1050 goto out;
1051 sig = OPENSSL_malloc(sig_len);
1052 if (!TEST_ptr(sig)
1053 /* Test sending a signature buffer that is too short is rejected */
1054 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1055 sizeof(tbs)), 0)
1056 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1057 0)
1058 /* Test the signature round-trips */
1059 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1060 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1061 0))
1062 goto out;
1063
1064 ret = 1;
1065 out:
1066 EVP_PKEY_CTX_free(ctx);
1067 OPENSSL_free(sig);
1068 EVP_PKEY_free(pkey);
1069 return ret;
1070 }
1071
1072 /*
1073 * n = 0 => test using legacy cipher
1074 * n = 1 => test using fetched cipher
1075 */
1076 static int test_EVP_Enveloped(int n)
1077 {
1078 int ret = 0;
1079 EVP_CIPHER_CTX *ctx = NULL;
1080 EVP_PKEY *keypair = NULL;
1081 unsigned char *kek = NULL;
1082 unsigned char iv[EVP_MAX_IV_LENGTH];
1083 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1084 int len, kek_len, ciphertext_len, plaintext_len;
1085 unsigned char ciphertext[32], plaintext[16];
1086 EVP_CIPHER *type = NULL;
1087
1088 if (nullprov != NULL)
1089 return TEST_skip("Test does not support a non-default library context");
1090
1091 if (n == 0)
1092 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1093 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1094 testpropq)))
1095 goto err;
1096
1097 if (!TEST_ptr(keypair = load_example_rsa_key())
1098 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
1099 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1100 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1101 &keypair, 1))
1102 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1103 msg, sizeof(msg)))
1104 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1105 &len)))
1106 goto err;
1107
1108 ciphertext_len += len;
1109
1110 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1111 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1112 ciphertext, ciphertext_len))
1113 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1114 goto err;
1115
1116 plaintext_len += len;
1117 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1118 goto err;
1119
1120 ret = 1;
1121 err:
1122 if (n != 0)
1123 EVP_CIPHER_free(type);
1124 OPENSSL_free(kek);
1125 EVP_PKEY_free(keypair);
1126 EVP_CIPHER_CTX_free(ctx);
1127 return ret;
1128 }
1129
1130 /*
1131 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1132 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1133 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1134 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1135 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1136 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1137 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1138 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1139 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1140 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1141 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1142 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1143 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1144 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1145 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1146 * Test 15-29: Same as above with reinitialization
1147 */
1148 static int test_EVP_DigestSignInit(int tst)
1149 {
1150 int ret = 0;
1151 EVP_PKEY *pkey = NULL;
1152 unsigned char *sig = NULL, *sig2 = NULL;
1153 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
1154 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1155 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1156 BIO *mdbio = NULL, *membio = NULL;
1157 size_t written;
1158 const EVP_MD *md;
1159 EVP_MD *mdexp = NULL;
1160 int reinit = 0;
1161
1162 if (nullprov != NULL)
1163 return TEST_skip("Test does not support a non-default library context");
1164
1165 if (tst >= 15) {
1166 reinit = 1;
1167 tst -= 15;
1168 }
1169
1170 if (tst >= 6 && tst <= 8) {
1171 membio = BIO_new(BIO_s_mem());
1172 mdbio = BIO_new(BIO_f_md());
1173 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1174 goto out;
1175 BIO_push(mdbio, membio);
1176 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1177 goto out;
1178 } else {
1179 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1180 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1181 goto out;
1182 }
1183
1184 if (tst % 3 == 0) {
1185 if (!TEST_ptr(pkey = load_example_rsa_key()))
1186 goto out;
1187 } else if (tst % 3 == 1) {
1188 #ifndef OPENSSL_NO_DSA
1189 if (!TEST_ptr(pkey = load_example_dsa_key()))
1190 goto out;
1191 #else
1192 ret = 1;
1193 goto out;
1194 #endif
1195 } else {
1196 if (!TEST_ptr(pkey = load_example_hmac_key()))
1197 goto out;
1198 }
1199
1200 if (tst >= 3 && tst <= 5)
1201 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1202 else
1203 md = EVP_sha256();
1204
1205 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1206 goto out;
1207
1208 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
1209 goto out;
1210
1211 if (tst >= 6 && tst <= 8) {
1212 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1213 goto out;
1214 } else if (tst < 6) {
1215 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1216 goto out;
1217 }
1218
1219 if (tst >= 9) {
1220 /* Determine the size of the signature. */
1221 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1222 sizeof(kMsg)))
1223 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1224 goto out;
1225 if (tst <= 11) {
1226 /* Test that supply a short sig buffer fails */
1227 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1228 sizeof(kMsg))))
1229 goto out;
1230 /*
1231 * We end here because once EVP_DigestSign() has failed you should
1232 * not call it again without re-initing the ctx
1233 */
1234 ret = 1;
1235 goto out;
1236 }
1237 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1238 sizeof(kMsg))))
1239 goto out;
1240 } else {
1241 /* Determine the size of the signature. */
1242 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1243 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1244 /*
1245 * Trying to create a signature with a deliberately short
1246 * buffer should fail.
1247 */
1248 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1249 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1250 goto out;
1251 }
1252
1253 /*
1254 * Ensure that the signature round-trips (Verification isn't supported for
1255 * HMAC via EVP_DigestVerify*)
1256 */
1257 if (tst % 3 != 2) {
1258 if (tst >= 6 && tst <= 8) {
1259 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1260 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1261 goto out;
1262 }
1263
1264 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1265 NULL, pkey)))
1266 goto out;
1267
1268 if (tst >= 6 && tst <= 8) {
1269 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1270 goto out;
1271 } else {
1272 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1273 sizeof(kMsg))))
1274 goto out;
1275 }
1276 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1277 goto out;
1278
1279 /* Multiple calls to EVP_DigestVerifyFinal should work */
1280 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1281 goto out;
1282 } else {
1283 /*
1284 * For HMAC a doubled call to DigestSignFinal should produce the same
1285 * value as finalization should not happen.
1286 */
1287 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1288 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1289 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1290 goto out;
1291
1292 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1293 goto out;
1294 }
1295
1296 ret = 1;
1297
1298 out:
1299 BIO_free(membio);
1300 BIO_free(mdbio);
1301 EVP_MD_CTX_free(a_md_ctx);
1302 EVP_MD_CTX_free(a_md_ctx_verify);
1303 EVP_PKEY_free(pkey);
1304 OPENSSL_free(sig);
1305 OPENSSL_free(sig2);
1306 EVP_MD_free(mdexp);
1307
1308 return ret;
1309 }
1310
1311 static int test_EVP_DigestVerifyInit(void)
1312 {
1313 int ret = 0;
1314 EVP_PKEY *pkey = NULL;
1315 EVP_MD_CTX *md_ctx = NULL;
1316
1317 if (nullprov != NULL)
1318 return TEST_skip("Test does not support a non-default library context");
1319
1320 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1321 || !TEST_ptr(pkey = load_example_rsa_key()))
1322 goto out;
1323
1324 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1325 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1326 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1327 sizeof(kSignature)), 0))
1328 goto out;
1329
1330 /* test with reinitialization */
1331 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
1332 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1333 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1334 sizeof(kSignature)), 0))
1335 goto out;
1336 ret = 1;
1337
1338 out:
1339 EVP_MD_CTX_free(md_ctx);
1340 EVP_PKEY_free(pkey);
1341 return ret;
1342 }
1343
1344 #ifndef OPENSSL_NO_SIPHASH
1345 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
1346 static int test_siphash_digestsign(void)
1347 {
1348 unsigned char key[16];
1349 unsigned char buf[8], digest[8];
1350 unsigned char expected[8] = {
1351 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1352 };
1353 EVP_PKEY *pkey = NULL;
1354 EVP_MD_CTX *mdctx = NULL;
1355 EVP_PKEY_CTX *ctx = NULL;
1356 int ret = 0;
1357 size_t len = 8;
1358
1359 if (nullprov != NULL)
1360 return TEST_skip("Test does not support a non-default library context");
1361
1362 memset(buf, 0, 8);
1363 memset(key, 1, 16);
1364 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
1365 key, 16)))
1366 goto out;
1367
1368 if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
1369 goto out;
1370
1371 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
1372 goto out;
1373 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
1374 EVP_PKEY_CTRL_SET_DIGEST_SIZE,
1375 8, NULL), 1))
1376 goto out;
1377 /* reinitialize */
1378 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
1379 goto out;
1380 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
1381 goto out;
1382 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
1383 goto out;
1384 if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
1385 goto out;
1386
1387 ret = 1;
1388 out:
1389 EVP_PKEY_free(pkey);
1390 EVP_MD_CTX_free(mdctx);
1391 return ret;
1392 }
1393 #endif
1394
1395 /*
1396 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1397 */
1398 static int test_EVP_Digest(void)
1399 {
1400 int ret = 0;
1401 EVP_MD_CTX *md_ctx = NULL;
1402 unsigned char md[EVP_MAX_MD_SIZE];
1403 EVP_MD *sha256 = NULL;
1404 EVP_MD *shake256 = NULL;
1405
1406 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1407 goto out;
1408
1409 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1410 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1411 goto out;
1412
1413 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1414 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1415 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1416 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1417 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1418 goto out;
1419
1420 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1421 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1422 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1423 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1424 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1425 /*
1426 * EVP_DigestInit_ex with NULL type should work on
1427 * pre-initialized context.
1428 */
1429 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1430 goto out;
1431
1432 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1433 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1434 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1435 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1436 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1437 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1438 goto out;
1439 ret = 1;
1440
1441 out:
1442 EVP_MD_CTX_free(md_ctx);
1443 EVP_MD_free(sha256);
1444 EVP_MD_free(shake256);
1445 return ret;
1446 }
1447
1448 static int test_EVP_md_null(void)
1449 {
1450 int ret = 0;
1451 EVP_MD_CTX *md_ctx = NULL;
1452 const EVP_MD *md_null = EVP_md_null();
1453 unsigned char md_value[EVP_MAX_MD_SIZE];
1454 unsigned int md_len = sizeof(md_value);
1455
1456 if (nullprov != NULL)
1457 return TEST_skip("Test does not support a non-default library context");
1458
1459 if (!TEST_ptr(md_null)
1460 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1461 goto out;
1462
1463 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
1464 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
1465 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
1466 goto out;
1467
1468 if (!TEST_uint_eq(md_len, 0))
1469 goto out;
1470
1471 ret = 1;
1472 out:
1473 EVP_MD_CTX_free(md_ctx);
1474 return ret;
1475 }
1476
1477 static int test_d2i_AutoPrivateKey(int i)
1478 {
1479 int ret = 0;
1480 const unsigned char *p;
1481 EVP_PKEY *pkey = NULL;
1482 const APK_DATA *ak = &keydata[i];
1483 const unsigned char *input = ak->kder;
1484 size_t input_len = ak->size;
1485 int expected_id = ak->evptype;
1486
1487 p = input;
1488 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1489 || !TEST_ptr_eq(p, input + input_len)
1490 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
1491 goto done;
1492
1493 ret = 1;
1494
1495 done:
1496 EVP_PKEY_free(pkey);
1497 return ret;
1498 }
1499
1500 #ifndef OPENSSL_NO_EC
1501
1502 static const unsigned char ec_public_sect163k1_validxy[] = {
1503 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1504 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1505 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1506 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1507 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1508 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1509 };
1510
1511 static const unsigned char ec_public_sect163k1_badx[] = {
1512 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1513 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1514 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1515 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1516 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1517 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1518 };
1519
1520 static const unsigned char ec_public_sect163k1_bady[] = {
1521 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1522 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1523 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1524 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1525 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1526 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1527 };
1528
1529 static struct ec_der_pub_keys_st {
1530 const unsigned char *der;
1531 size_t len;
1532 int valid;
1533 } ec_der_pub_keys[] = {
1534 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1535 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1536 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1537 };
1538
1539 /*
1540 * Tests the range of the decoded EC char2 public point.
1541 * See ec_GF2m_simple_oct2point().
1542 */
1543 static int test_invalide_ec_char2_pub_range_decode(int id)
1544 {
1545 int ret = 0;
1546 EVP_PKEY *pkey;
1547
1548 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1549 ec_der_pub_keys[id].len);
1550
1551 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1552 || TEST_ptr_null(pkey);
1553 EVP_PKEY_free(pkey);
1554 return ret;
1555 }
1556
1557 /* Tests loading a bad key in PKCS8 format */
1558 static int test_EVP_PKCS82PKEY(void)
1559 {
1560 int ret = 0;
1561 const unsigned char *derp = kExampleBadECKeyDER;
1562 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1563 EVP_PKEY *pkey = NULL;
1564
1565 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1566 sizeof(kExampleBadECKeyDER))))
1567 goto done;
1568
1569 if (!TEST_ptr_eq(derp,
1570 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1571 goto done;
1572
1573 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1574 goto done;
1575
1576 ret = 1;
1577
1578 done:
1579 PKCS8_PRIV_KEY_INFO_free(p8inf);
1580 EVP_PKEY_free(pkey);
1581
1582 return ret;
1583 }
1584
1585 #endif
1586 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1587 {
1588 EVP_PKEY *pkey = NULL;
1589 EVP_PKEY *pkey2 = NULL;
1590 BIO *membio = NULL;
1591 char *membuf = NULL;
1592 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1593 int ok = 0;
1594
1595 if (testctx != NULL)
1596 /* test not supported with non-default context */
1597 return 1;
1598
1599 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1600 || !TEST_ptr(pkey = load_example_rsa_key())
1601 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1602 NULL, 0, NULL, NULL),
1603 0)
1604 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1605 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1606 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
1607 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1608 goto done;
1609 }
1610
1611 ok = 1;
1612 done:
1613 EVP_PKEY_free(pkey);
1614 EVP_PKEY_free(pkey2);
1615 PKCS8_PRIV_KEY_INFO_free(p8inf);
1616 BIO_free_all(membio);
1617 return ok;
1618 }
1619
1620 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1621 static int test_privatekey_to_pkcs8(void)
1622 {
1623 EVP_PKEY *pkey = NULL;
1624 BIO *membio = NULL;
1625 char *membuf = NULL;
1626 long membuf_len = 0;
1627 int ok = 0;
1628
1629 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1630 || !TEST_ptr(pkey = load_example_rsa_key())
1631 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1632 NULL, 0, NULL, NULL),
1633 0)
1634 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1635 || !TEST_ptr(membuf)
1636 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1637 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1638 /*
1639 * We try to write PEM as well, just to see that it doesn't err, but
1640 * assume that the result is correct.
1641 */
1642 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1643 NULL, 0, NULL, NULL),
1644 0))
1645 goto done;
1646
1647 ok = 1;
1648 done:
1649 EVP_PKEY_free(pkey);
1650 BIO_free_all(membio);
1651 return ok;
1652 }
1653
1654 #ifndef OPENSSL_NO_EC
1655 static const struct {
1656 int encoding;
1657 const char *encoding_name;
1658 } ec_encodings[] = {
1659 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1660 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1661 };
1662
1663 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1664 {
1665 const OSSL_PARAM *p;
1666 const char *enc_name = NULL;
1667 int *enc = arg;
1668 size_t i;
1669
1670 *enc = -1;
1671
1672 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1673 OSSL_PKEY_PARAM_EC_ENCODING))
1674 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1675 return 0;
1676
1677 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1678 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1679 *enc = ec_encodings[i].encoding;
1680 break;
1681 }
1682 }
1683
1684 return (*enc != -1);
1685 }
1686
1687 static int test_EC_keygen_with_enc(int idx)
1688 {
1689 EVP_PKEY *params = NULL, *key = NULL;
1690 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1691 int enc;
1692 int ret = 0;
1693
1694 enc = ec_encodings[idx].encoding;
1695
1696 /* Create key parameters */
1697 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1698 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
1699 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
1700 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1701 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
1702 || !TEST_ptr(params))
1703 goto done;
1704
1705 /* Create key */
1706 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1707 || !TEST_true(EVP_PKEY_keygen_init(kctx))
1708 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1709 || !TEST_ptr(key))
1710 goto done;
1711
1712 /* Check that the encoding got all the way into the key */
1713 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1714 ec_export_get_encoding_cb, &enc))
1715 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1716 goto done;
1717
1718 ret = 1;
1719 done:
1720 EVP_PKEY_free(key);
1721 EVP_PKEY_free(params);
1722 EVP_PKEY_CTX_free(kctx);
1723 EVP_PKEY_CTX_free(pctx);
1724 return ret;
1725 }
1726 #endif
1727
1728 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1729
1730 static int test_EVP_SM2_verify(void)
1731 {
1732 const char *pubkey =
1733 "-----BEGIN PUBLIC KEY-----\n"
1734 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1735 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1736 "-----END PUBLIC KEY-----\n";
1737
1738 const char *msg = "message digest";
1739 const char *id = "ALICE123@YAHOO.COM";
1740
1741 const uint8_t signature[] = {
1742 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1743 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1744 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1745 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1746 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1747 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1748 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1749 };
1750
1751 int rc = 0;
1752 BIO *bio = NULL;
1753 EVP_PKEY *pkey = NULL;
1754 EVP_MD_CTX *mctx = NULL;
1755 EVP_PKEY_CTX *pctx = NULL;
1756 EVP_MD *sm3 = NULL;
1757
1758 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1759 if (!TEST_true(bio != NULL))
1760 goto done;
1761
1762 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
1763 if (!TEST_true(pkey != NULL))
1764 goto done;
1765
1766 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1767 goto done;
1768
1769 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1770 goto done;
1771
1772 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1773 goto done;
1774
1775 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1776
1777 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1778 goto done;
1779
1780 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
1781 goto done;
1782
1783 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1784 goto done;
1785
1786 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1787 goto done;
1788
1789 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
1790 goto done;
1791 rc = 1;
1792
1793 done:
1794 BIO_free(bio);
1795 EVP_PKEY_free(pkey);
1796 EVP_PKEY_CTX_free(pctx);
1797 EVP_MD_CTX_free(mctx);
1798 EVP_MD_free(sm3);
1799 return rc;
1800 }
1801
1802 static int test_EVP_SM2(void)
1803 {
1804 int ret = 0;
1805 EVP_PKEY *pkey = NULL;
1806 EVP_PKEY *pkeyparams = NULL;
1807 EVP_PKEY_CTX *pctx = NULL;
1808 EVP_PKEY_CTX *kctx = NULL;
1809 EVP_PKEY_CTX *sctx = NULL;
1810 size_t sig_len = 0;
1811 unsigned char *sig = NULL;
1812 EVP_MD_CTX *md_ctx = NULL;
1813 EVP_MD_CTX *md_ctx_verify = NULL;
1814 EVP_PKEY_CTX *cctx = NULL;
1815 EVP_MD *check_md = NULL;
1816
1817 uint8_t ciphertext[128];
1818 size_t ctext_len = sizeof(ciphertext);
1819
1820 uint8_t plaintext[8];
1821 size_t ptext_len = sizeof(plaintext);
1822
1823 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1824
1825 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1826 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1827 int i;
1828 char mdname[OSSL_MAX_NAME_SIZE];
1829
1830 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
1831 "SM2", testpropq)))
1832 goto done;
1833
1834 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1835 goto done;
1836
1837 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1838 goto done;
1839
1840 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1841 goto done;
1842
1843 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1844 pkeyparams, testpropq)))
1845 goto done;
1846
1847 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1848 goto done;
1849
1850 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1851 goto done;
1852
1853 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1854 goto done;
1855
1856 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1857 goto done;
1858
1859 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1860 goto done;
1861
1862 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1863 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1864
1865 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
1866 goto done;
1867
1868 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
1869 goto done;
1870
1871 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1872 goto done;
1873
1874 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1875 goto done;
1876
1877 /* Determine the size of the signature. */
1878 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1879 goto done;
1880
1881 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1882 goto done;
1883
1884 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1885 goto done;
1886
1887 /* Ensure that the signature round-trips. */
1888
1889 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1890 pkey)))
1891 goto done;
1892
1893 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1894 goto done;
1895
1896 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1897 goto done;
1898
1899 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1900 goto done;
1901
1902 /* now check encryption/decryption */
1903
1904 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1905 mdname, sizeof(mdname));
1906 for (i = 0; i < 2; i++) {
1907 const char *mdnames[] = {
1908 #ifndef OPENSSL_NO_SM3
1909 "SM3",
1910 #else
1911 NULL,
1912 #endif
1913 "SHA2-256" };
1914 EVP_PKEY_CTX_free(cctx);
1915
1916 if (mdnames[i] == NULL)
1917 continue;
1918
1919 sparams[0] =
1920 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1921 (char *)mdnames[i], 0);
1922
1923 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1924 pkey, testpropq)))
1925 goto done;
1926
1927 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1928 goto done;
1929
1930 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1931 goto done;
1932
1933 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1934 sizeof(kMsg))))
1935 goto done;
1936
1937 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1938 goto done;
1939
1940 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1941 goto done;
1942
1943 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1944 ctext_len)))
1945 goto done;
1946
1947 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1948 goto done;
1949
1950 /*
1951 * Test we're still using the digest we think we are.
1952 * Because of aliases, the easiest is to fetch the digest and
1953 * check the name with EVP_MD_is_a().
1954 */
1955 EVP_MD_free(check_md);
1956 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
1957 goto done;
1958 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
1959 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
1960 goto done;
1961 }
1962
1963 if (!TEST_true(ptext_len == sizeof(kMsg)))
1964 goto done;
1965
1966 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1967 goto done;
1968 }
1969
1970 ret = 1;
1971 done:
1972 EVP_PKEY_CTX_free(pctx);
1973 EVP_PKEY_CTX_free(kctx);
1974 EVP_PKEY_CTX_free(sctx);
1975 EVP_PKEY_CTX_free(cctx);
1976 EVP_PKEY_free(pkey);
1977 EVP_PKEY_free(pkeyparams);
1978 EVP_MD_CTX_free(md_ctx);
1979 EVP_MD_CTX_free(md_ctx_verify);
1980 EVP_MD_free(check_md);
1981 OPENSSL_free(sig);
1982 return ret;
1983 }
1984
1985 #endif
1986
1987 static struct keys_st {
1988 int type;
1989 char *priv;
1990 char *pub;
1991 } keys[] = {
1992 {
1993 EVP_PKEY_HMAC, "0123456789", NULL
1994 },
1995 {
1996 EVP_PKEY_HMAC, "", NULL
1997 #ifndef OPENSSL_NO_POLY1305
1998 }, {
1999 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
2000 #endif
2001 #ifndef OPENSSL_NO_SIPHASH
2002 }, {
2003 EVP_PKEY_SIPHASH, "0123456789012345", NULL
2004 #endif
2005 },
2006 #ifndef OPENSSL_NO_EC
2007 {
2008 EVP_PKEY_X25519, "01234567890123456789012345678901",
2009 "abcdefghijklmnopqrstuvwxyzabcdef"
2010 }, {
2011 EVP_PKEY_ED25519, "01234567890123456789012345678901",
2012 "abcdefghijklmnopqrstuvwxyzabcdef"
2013 }, {
2014 EVP_PKEY_X448,
2015 "01234567890123456789012345678901234567890123456789012345",
2016 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2017 }, {
2018 EVP_PKEY_ED448,
2019 "012345678901234567890123456789012345678901234567890123456",
2020 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2021 }
2022 #endif
2023 };
2024
2025 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
2026 {
2027 int ret = 0;
2028 unsigned char buf[80];
2029 unsigned char *in;
2030 size_t inlen, len = 0, shortlen = 1;
2031 EVP_PKEY *pkey;
2032
2033 /* Check if this algorithm supports public keys */
2034 if (pub && keys[tst].pub == NULL)
2035 return 1;
2036
2037 memset(buf, 0, sizeof(buf));
2038
2039 if (pub) {
2040 #ifndef OPENSSL_NO_EC
2041 inlen = strlen(keys[tst].pub);
2042 in = (unsigned char *)keys[tst].pub;
2043 if (uselibctx) {
2044 pkey = EVP_PKEY_new_raw_public_key_ex(
2045 testctx,
2046 OBJ_nid2sn(keys[tst].type),
2047 NULL,
2048 in,
2049 inlen);
2050 } else {
2051 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
2052 NULL,
2053 in,
2054 inlen);
2055 }
2056 #else
2057 return 1;
2058 #endif
2059 } else {
2060 inlen = strlen(keys[tst].priv);
2061 in = (unsigned char *)keys[tst].priv;
2062 if (uselibctx) {
2063 pkey = EVP_PKEY_new_raw_private_key_ex(
2064 testctx, OBJ_nid2sn(keys[tst].type),
2065 NULL,
2066 in,
2067 inlen);
2068 } else {
2069 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
2070 NULL,
2071 in,
2072 inlen);
2073 }
2074 }
2075
2076 if (!TEST_ptr(pkey)
2077 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
2078 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
2079 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
2080 || !TEST_true(len == inlen))
2081 goto done;
2082 if (tst != 1) {
2083 /*
2084 * Test that supplying a buffer that is too small fails. Doesn't apply
2085 * to HMAC with a zero length key
2086 */
2087 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
2088 &shortlen)))
2089 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
2090 &shortlen))))
2091 goto done;
2092 }
2093 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
2094 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
2095 || !TEST_mem_eq(in, inlen, buf, len))
2096 goto done;
2097
2098 ret = 1;
2099 done:
2100 EVP_PKEY_free(pkey);
2101 return ret;
2102 }
2103
2104 static int test_set_get_raw_keys(int tst)
2105 {
2106 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
2107 && test_set_get_raw_keys_int(tst, 0, 1)
2108 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
2109 && test_set_get_raw_keys_int(tst, 1, 1);
2110 }
2111
2112 #ifndef OPENSSL_NO_DEPRECATED_3_0
2113 static int pkey_custom_check(EVP_PKEY *pkey)
2114 {
2115 return 0xbeef;
2116 }
2117
2118 static int pkey_custom_pub_check(EVP_PKEY *pkey)
2119 {
2120 return 0xbeef;
2121 }
2122
2123 static int pkey_custom_param_check(EVP_PKEY *pkey)
2124 {
2125 return 0xbeef;
2126 }
2127
2128 static EVP_PKEY_METHOD *custom_pmeth;
2129 #endif
2130
2131 static int test_EVP_PKEY_check(int i)
2132 {
2133 int ret = 0;
2134 EVP_PKEY *pkey = NULL;
2135 EVP_PKEY_CTX *ctx = NULL;
2136 #ifndef OPENSSL_NO_DEPRECATED_3_0
2137 EVP_PKEY_CTX *ctx2 = NULL;
2138 #endif
2139 const APK_DATA *ak = &keycheckdata[i];
2140 const unsigned char *input = ak->kder;
2141 size_t input_len = ak->size;
2142 int expected_id = ak->evptype;
2143 int expected_check = ak->check;
2144 int expected_pub_check = ak->pub_check;
2145 int expected_param_check = ak->param_check;
2146 int type = ak->type;
2147
2148 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
2149 goto done;
2150 if (type == 0
2151 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2152 goto done;
2153
2154 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2155 goto done;
2156
2157 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
2158 goto done;
2159
2160 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
2161 goto done;
2162
2163 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
2164 goto done;
2165
2166 #ifndef OPENSSL_NO_DEPRECATED_3_0
2167 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
2168 /* assign the pkey directly, as an internal test */
2169 EVP_PKEY_up_ref(pkey);
2170 ctx2->pkey = pkey;
2171
2172 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
2173 goto done;
2174
2175 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
2176 goto done;
2177
2178 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
2179 goto done;
2180 #endif
2181
2182 ret = 1;
2183
2184 done:
2185 EVP_PKEY_CTX_free(ctx);
2186 #ifndef OPENSSL_NO_DEPRECATED_3_0
2187 EVP_PKEY_CTX_free(ctx2);
2188 #endif
2189 EVP_PKEY_free(pkey);
2190 return ret;
2191 }
2192
2193 #ifndef OPENSSL_NO_CMAC
2194 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
2195 {
2196 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
2197 const char msg[] = "Hello World";
2198 size_t maclen = AES_BLOCK_SIZE;
2199 int ret = 1;
2200
2201 if (!TEST_ptr(mdctx)
2202 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
2203 testpropq, pkey, NULL))
2204 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
2205 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
2206 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
2207 ret = 0;
2208
2209 EVP_MD_CTX_free(mdctx);
2210
2211 return ret;
2212 }
2213 static int test_CMAC_keygen(void)
2214 {
2215 static unsigned char key[] = {
2216 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2217 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2218 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2219 };
2220 EVP_PKEY_CTX *kctx = NULL;
2221 int ret = 0;
2222 EVP_PKEY *pkey = NULL;
2223 unsigned char mac[AES_BLOCK_SIZE];
2224 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2225 unsigned char mac2[AES_BLOCK_SIZE];
2226 # endif
2227
2228 if (nullprov != NULL)
2229 return TEST_skip("Test does not support a non-default library context");
2230
2231 /*
2232 * This is a legacy method for CMACs, but should still work.
2233 * This verifies that it works without an ENGINE.
2234 */
2235 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2236
2237 /* Test a CMAC key created using the "generated" method */
2238 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2239 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2240 EVP_PKEY_CTRL_CIPHER,
2241 0, (void *)EVP_aes_256_ecb()), 0)
2242 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2243 EVP_PKEY_CTRL_SET_MAC_KEY,
2244 sizeof(key), (void *)key), 0)
2245 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2246 || !TEST_ptr(pkey)
2247 || !TEST_true(get_cmac_val(pkey, mac)))
2248 goto done;
2249
2250 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2251 EVP_PKEY_free(pkey);
2252
2253 /*
2254 * Test a CMAC key using the direct method, and compare with the mac
2255 * created above.
2256 */
2257 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
2258 if (!TEST_ptr(pkey)
2259 || !TEST_true(get_cmac_val(pkey, mac2))
2260 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
2261 goto done;
2262 # endif
2263
2264 ret = 1;
2265
2266 done:
2267 EVP_PKEY_free(pkey);
2268 EVP_PKEY_CTX_free(kctx);
2269 return ret;
2270 }
2271 #endif
2272
2273 static int test_HKDF(void)
2274 {
2275 EVP_PKEY_CTX *pctx;
2276 unsigned char out[20];
2277 size_t outlen;
2278 int i, ret = 0;
2279 unsigned char salt[] = "0123456789";
2280 unsigned char key[] = "012345678901234567890123456789";
2281 unsigned char info[] = "infostring";
2282 const unsigned char expected[] = {
2283 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2284 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2285 };
2286 size_t expectedlen = sizeof(expected);
2287
2288 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2289 goto done;
2290
2291 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2292 for (i = 0; i < 2; i++) {
2293 outlen = sizeof(out);
2294 memset(out, 0, outlen);
2295
2296 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2297 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2298 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2299 sizeof(salt) - 1), 0)
2300 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2301 sizeof(key) - 1), 0)
2302 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2303 sizeof(info) - 1), 0)
2304 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2305 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2306 goto done;
2307 }
2308
2309 ret = 1;
2310
2311 done:
2312 EVP_PKEY_CTX_free(pctx);
2313
2314 return ret;
2315 }
2316
2317 static int test_emptyikm_HKDF(void)
2318 {
2319 EVP_PKEY_CTX *pctx;
2320 unsigned char out[20];
2321 size_t outlen;
2322 int ret = 0;
2323 unsigned char salt[] = "9876543210";
2324 unsigned char key[] = "";
2325 unsigned char info[] = "stringinfo";
2326 const unsigned char expected[] = {
2327 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2328 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2329 };
2330 size_t expectedlen = sizeof(expected);
2331
2332 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2333 goto done;
2334
2335 outlen = sizeof(out);
2336 memset(out, 0, outlen);
2337
2338 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2339 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2340 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2341 sizeof(salt) - 1), 0)
2342 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2343 sizeof(key) - 1), 0)
2344 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2345 sizeof(info) - 1), 0)
2346 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2347 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2348 goto done;
2349
2350 ret = 1;
2351
2352 done:
2353 EVP_PKEY_CTX_free(pctx);
2354
2355 return ret;
2356 }
2357
2358 #ifndef OPENSSL_NO_EC
2359 static int test_X509_PUBKEY_inplace(void)
2360 {
2361 int ret = 0;
2362 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
2363 const unsigned char *p = kExampleECPubKeyDER;
2364 size_t input_len = sizeof(kExampleECPubKeyDER);
2365
2366 if (!TEST_ptr(xp))
2367 goto done;
2368 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
2369 goto done;
2370
2371 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2372 goto done;
2373
2374 p = kExampleBadECPubKeyDER;
2375 input_len = sizeof(kExampleBadECPubKeyDER);
2376
2377 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2378 goto done;
2379
2380 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2381 goto done;
2382
2383 ret = 1;
2384
2385 done:
2386 X509_PUBKEY_free(xp);
2387 return ret;
2388 }
2389
2390 static int test_X509_PUBKEY_dup(void)
2391 {
2392 int ret = 0;
2393 X509_PUBKEY *xp = NULL, *xq = NULL;
2394 const unsigned char *p = kExampleECPubKeyDER;
2395 size_t input_len = sizeof(kExampleECPubKeyDER);
2396
2397 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2398 if (!TEST_ptr(xp)
2399 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
2400 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2401 || !TEST_ptr_ne(xp, xq))
2402 goto done;
2403
2404 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2405 || !TEST_ptr(X509_PUBKEY_get0(xp))
2406 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
2407 goto done;
2408
2409 X509_PUBKEY_free(xq);
2410 xq = NULL;
2411 p = kExampleBadECPubKeyDER;
2412 input_len = sizeof(kExampleBadECPubKeyDER);
2413
2414 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2415 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2416 goto done;
2417
2418 X509_PUBKEY_free(xp);
2419 xp = NULL;
2420 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2421 goto done;
2422
2423 ret = 1;
2424
2425 done:
2426 X509_PUBKEY_free(xp);
2427 X509_PUBKEY_free(xq);
2428 return ret;
2429 }
2430 #endif /* OPENSSL_NO_EC */
2431
2432 /* Test getting and setting parameters on an EVP_PKEY_CTX */
2433 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
2434 {
2435 EVP_MD_CTX *mdctx = NULL;
2436 EVP_PKEY_CTX *ctx = NULL;
2437 const OSSL_PARAM *params;
2438 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
2439 int ret = 0;
2440 const EVP_MD *md;
2441 char mdname[OSSL_MAX_NAME_SIZE];
2442 char ssl3ms[48];
2443
2444 /* Initialise a sign operation */
2445 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
2446 if (!TEST_ptr(ctx)
2447 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
2448 goto err;
2449
2450 /*
2451 * We should be able to query the parameters now.
2452 */
2453 params = EVP_PKEY_CTX_settable_params(ctx);
2454 if (!TEST_ptr(params)
2455 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2456 OSSL_SIGNATURE_PARAM_DIGEST)))
2457 goto err;
2458
2459 params = EVP_PKEY_CTX_gettable_params(ctx);
2460 if (!TEST_ptr(params)
2461 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2462 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
2463 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2464 OSSL_SIGNATURE_PARAM_DIGEST)))
2465 goto err;
2466
2467 /*
2468 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2469 * EVP_PKEY_CTX_get_params()
2470 */
2471 strcpy(mdname, "SHA512");
2472 param_md = param;
2473 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2474 mdname, 0);
2475 *param++ = OSSL_PARAM_construct_end();
2476
2477 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2478 goto err;
2479
2480 mdname[0] = '\0';
2481 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2482 mdname, sizeof(mdname));
2483 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
2484 || !TEST_str_eq(mdname, "SHA512"))
2485 goto err;
2486
2487 /*
2488 * Test the TEST_PKEY_CTX_set_signature_md() and
2489 * TEST_PKEY_CTX_get_signature_md() functions
2490 */
2491 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2492 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2493 || !TEST_ptr_eq(md, EVP_sha256()))
2494 goto err;
2495
2496 /*
2497 * Test getting MD parameters via an associated EVP_PKEY_CTX
2498 */
2499 mdctx = EVP_MD_CTX_new();
2500 if (!TEST_ptr(mdctx)
2501 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2502 pkey, NULL)))
2503 goto err;
2504
2505 /*
2506 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2507 * able to obtain the digest's settable parameters from the provider.
2508 */
2509 params = EVP_MD_CTX_settable_params(mdctx);
2510 if (!TEST_ptr(params)
2511 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2512 /* The final key should be NULL */
2513 || !TEST_ptr_null(params[1].key))
2514 goto err;
2515
2516 param = ourparams;
2517 memset(ssl3ms, 0, sizeof(ssl3ms));
2518 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2519 ssl3ms, sizeof(ssl3ms));
2520 *param++ = OSSL_PARAM_construct_end();
2521
2522 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2523 goto err;
2524
2525 ret = 1;
2526
2527 err:
2528 EVP_MD_CTX_free(mdctx);
2529 EVP_PKEY_CTX_free(ctx);
2530
2531 return ret;
2532 }
2533
2534 #ifndef OPENSSL_NO_DSA
2535 static int test_DSA_get_set_params(void)
2536 {
2537 OSSL_PARAM_BLD *bld = NULL;
2538 OSSL_PARAM *params = NULL;
2539 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2540 EVP_PKEY_CTX *pctx = NULL;
2541 EVP_PKEY *pkey = NULL;
2542 int ret = 0;
2543
2544 /*
2545 * Setup the parameters for our DSA object. For our purposes they don't
2546 * have to actually be *valid* parameters. We just need to set something.
2547 */
2548 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2549 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2550 || !TEST_ptr(p = BN_new())
2551 || !TEST_ptr(q = BN_new())
2552 || !TEST_ptr(g = BN_new())
2553 || !TEST_ptr(pub = BN_new())
2554 || !TEST_ptr(priv = BN_new()))
2555 goto err;
2556 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2557 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2558 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2559 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2560 pub))
2561 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2562 priv)))
2563 goto err;
2564 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2565 goto err;
2566
2567 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2568 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2569 params), 0))
2570 goto err;
2571
2572 if (!TEST_ptr(pkey))
2573 goto err;
2574
2575 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2576
2577 err:
2578 EVP_PKEY_free(pkey);
2579 EVP_PKEY_CTX_free(pctx);
2580 OSSL_PARAM_free(params);
2581 OSSL_PARAM_BLD_free(bld);
2582 BN_free(p);
2583 BN_free(q);
2584 BN_free(g);
2585 BN_free(pub);
2586 BN_free(priv);
2587
2588 return ret;
2589 }
2590
2591 /*
2592 * Test combinations of private, public, missing and private + public key
2593 * params to ensure they are all accepted
2594 */
2595 static int test_DSA_priv_pub(void)
2596 {
2597 return test_EVP_PKEY_ffc_priv_pub("DSA");
2598 }
2599
2600 #endif /* !OPENSSL_NO_DSA */
2601
2602 static int test_RSA_get_set_params(void)
2603 {
2604 OSSL_PARAM_BLD *bld = NULL;
2605 OSSL_PARAM *params = NULL;
2606 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2607 EVP_PKEY_CTX *pctx = NULL;
2608 EVP_PKEY *pkey = NULL;
2609 int ret = 0;
2610
2611 /*
2612 * Setup the parameters for our RSA object. For our purposes they don't
2613 * have to actually be *valid* parameters. We just need to set something.
2614 */
2615 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2616 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2617 || !TEST_ptr(n = BN_new())
2618 || !TEST_ptr(e = BN_new())
2619 || !TEST_ptr(d = BN_new()))
2620 goto err;
2621 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2622 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2623 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2624 goto err;
2625 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2626 goto err;
2627
2628 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2629 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2630 params), 0))
2631 goto err;
2632
2633 if (!TEST_ptr(pkey))
2634 goto err;
2635
2636 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2637
2638 err:
2639 EVP_PKEY_free(pkey);
2640 EVP_PKEY_CTX_free(pctx);
2641 OSSL_PARAM_free(params);
2642 OSSL_PARAM_BLD_free(bld);
2643 BN_free(n);
2644 BN_free(e);
2645 BN_free(d);
2646
2647 return ret;
2648 }
2649
2650 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2651 static int test_decrypt_null_chunks(void)
2652 {
2653 EVP_CIPHER_CTX* ctx = NULL;
2654 EVP_CIPHER *cipher = NULL;
2655 const unsigned char key[32] = {
2656 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2657 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2658 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2659 };
2660 unsigned char iv[12] = {
2661 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2662 };
2663 unsigned char msg[] = "It was the best of times, it was the worst of times";
2664 unsigned char ciphertext[80];
2665 unsigned char plaintext[80];
2666 /* We initialise tmp to a non zero value on purpose */
2667 int ctlen, ptlen, tmp = 99;
2668 int ret = 0;
2669 const int enc_offset = 10, dec_offset = 20;
2670
2671 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2672 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2673 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
2674 key, iv))
2675 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2676 enc_offset))
2677 /* Deliberate add a zero length update */
2678 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2679 0))
2680 || !TEST_int_eq(tmp, 0)
2681 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2682 msg + enc_offset,
2683 sizeof(msg) - enc_offset))
2684 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2685 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2686 || !TEST_int_eq(tmp, 0))
2687 goto err;
2688
2689 /* Deliberately initialise tmp to a non zero value */
2690 tmp = 99;
2691 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
2692 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2693 dec_offset))
2694 /*
2695 * Deliberately add a zero length update. We also deliberately do
2696 * this at a different offset than for encryption.
2697 */
2698 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2699 0))
2700 || !TEST_int_eq(tmp, 0)
2701 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2702 ciphertext + dec_offset,
2703 ctlen - dec_offset))
2704 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2705 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2706 || !TEST_int_eq(tmp, 0)
2707 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2708 goto err;
2709
2710 ret = 1;
2711 err:
2712 EVP_CIPHER_CTX_free(ctx);
2713 EVP_CIPHER_free(cipher);
2714 return ret;
2715 }
2716 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2717
2718 #ifndef OPENSSL_NO_DH
2719 /*
2720 * Test combinations of private, public, missing and private + public key
2721 * params to ensure they are all accepted
2722 */
2723 static int test_DH_priv_pub(void)
2724 {
2725 return test_EVP_PKEY_ffc_priv_pub("DH");
2726 }
2727
2728 # ifndef OPENSSL_NO_DEPRECATED_3_0
2729 static int test_EVP_PKEY_set1_DH(void)
2730 {
2731 DH *x942dh = NULL, *noqdh = NULL;
2732 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
2733 int ret = 0;
2734 BIGNUM *p, *g = NULL;
2735 BIGNUM *pubkey = NULL;
2736 unsigned char pub[2048 / 8];
2737 size_t len = 0;
2738
2739 if (!TEST_ptr(p = BN_new())
2740 || !TEST_ptr(g = BN_new())
2741 || !TEST_ptr(pubkey = BN_new())
2742 || !TEST_true(BN_set_word(p, 9999))
2743 || !TEST_true(BN_set_word(g, 2))
2744 || !TEST_true(BN_set_word(pubkey, 4321))
2745 || !TEST_ptr(noqdh = DH_new())
2746 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
2747 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
2748 || !TEST_ptr(pubkey = BN_new())
2749 || !TEST_true(BN_set_word(pubkey, 4321)))
2750 goto err;
2751 p = g = NULL;
2752
2753 x942dh = DH_get_2048_256();
2754 pkey1 = EVP_PKEY_new();
2755 pkey2 = EVP_PKEY_new();
2756 if (!TEST_ptr(x942dh)
2757 || !TEST_ptr(noqdh)
2758 || !TEST_ptr(pkey1)
2759 || !TEST_ptr(pkey2)
2760 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
2761 goto err;
2762 pubkey = NULL;
2763
2764 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2765 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
2766 goto err;
2767
2768 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
2769 &pubkey))
2770 || !TEST_ptr(pubkey))
2771 goto err;
2772
2773 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
2774 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
2775 goto err;
2776
2777 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
2778 OSSL_PKEY_PARAM_PUB_KEY,
2779 pub, sizeof(pub), &len))
2780 || !TEST_size_t_ne(len, 0))
2781 goto err;
2782
2783 ret = 1;
2784 err:
2785 BN_free(p);
2786 BN_free(g);
2787 BN_free(pubkey);
2788 EVP_PKEY_free(pkey1);
2789 EVP_PKEY_free(pkey2);
2790 DH_free(x942dh);
2791 DH_free(noqdh);
2792
2793 return ret;
2794 }
2795 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2796 #endif /* !OPENSSL_NO_DH */
2797
2798 /*
2799 * We test what happens with an empty template. For the sake of this test,
2800 * the template must be ignored, and we know that's the case for RSA keys
2801 * (this might arguably be a misfeature, but that's what we currently do,
2802 * even in provider code, since that's how the legacy RSA implementation
2803 * does things)
2804 */
2805 static int test_keygen_with_empty_template(int n)
2806 {
2807 EVP_PKEY_CTX *ctx = NULL;
2808 EVP_PKEY *pkey = NULL;
2809 EVP_PKEY *tkey = NULL;
2810 int ret = 0;
2811
2812 if (nullprov != NULL)
2813 return TEST_skip("Test does not support a non-default library context");
2814
2815 switch (n) {
2816 case 0:
2817 /* We do test with no template at all as well */
2818 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2819 goto err;
2820 break;
2821 case 1:
2822 /* Here we create an empty RSA key that serves as our template */
2823 if (!TEST_ptr(tkey = EVP_PKEY_new())
2824 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2825 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2826 goto err;
2827 break;
2828 }
2829
2830 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2831 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2832 goto err;
2833
2834 ret = 1;
2835 err:
2836 EVP_PKEY_CTX_free(ctx);
2837 EVP_PKEY_free(pkey);
2838 EVP_PKEY_free(tkey);
2839 return ret;
2840 }
2841
2842 /*
2843 * Test that we fail if we attempt to use an algorithm that is not available
2844 * in the current library context (unless we are using an algorithm that
2845 * should be made available via legacy codepaths).
2846 *
2847 * 0: RSA
2848 * 1: SM2
2849 */
2850 static int test_pkey_ctx_fail_without_provider(int tst)
2851 {
2852 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
2853 OSSL_PROVIDER *tmpnullprov = NULL;
2854 EVP_PKEY_CTX *pctx = NULL;
2855 const char *keytype = NULL;
2856 int expect_null = 0;
2857 int ret = 0;
2858
2859 if (!TEST_ptr(tmpctx))
2860 goto err;
2861
2862 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
2863 if (!TEST_ptr(tmpnullprov))
2864 goto err;
2865
2866 /*
2867 * We check for certain algos in the null provider.
2868 * If an algo is expected to have a provider keymgmt, contructing an
2869 * EVP_PKEY_CTX is expected to fail (return NULL).
2870 * Otherwise, if it's expected to have legacy support, contructing an
2871 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2872 */
2873 switch (tst) {
2874 case 0:
2875 keytype = "RSA";
2876 expect_null = 1;
2877 break;
2878 case 1:
2879 keytype = "SM2";
2880 expect_null = 1;
2881 #ifdef OPENSSL_NO_EC
2882 TEST_info("EC disable, skipping SM2 check...");
2883 goto end;
2884 #endif
2885 #ifdef OPENSSL_NO_SM2
2886 TEST_info("SM2 disable, skipping SM2 check...");
2887 goto end;
2888 #endif
2889 break;
2890 default:
2891 TEST_error("No test for case %d", tst);
2892 goto err;
2893 }
2894
2895 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2896 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
2897 goto err;
2898
2899 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2900 end:
2901 #endif
2902 ret = 1;
2903
2904 err:
2905 EVP_PKEY_CTX_free(pctx);
2906 OSSL_PROVIDER_unload(tmpnullprov);
2907 OSSL_LIB_CTX_free(tmpctx);
2908 return ret;
2909 }
2910
2911 static int test_rand_agglomeration(void)
2912 {
2913 EVP_RAND *rand;
2914 EVP_RAND_CTX *ctx;
2915 OSSL_PARAM params[3], *p = params;
2916 int res;
2917 unsigned int step = 7;
2918 static unsigned char seed[] = "It does not matter how slowly you go "
2919 "as long as you do not stop.";
2920 unsigned char out[sizeof(seed)];
2921
2922 if (!TEST_int_ne(sizeof(seed) % step, 0)
2923 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
2924 return 0;
2925 ctx = EVP_RAND_CTX_new(rand, NULL);
2926 EVP_RAND_free(rand);
2927 if (!TEST_ptr(ctx))
2928 return 0;
2929
2930 memset(out, 0, sizeof(out));
2931 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2932 seed, sizeof(seed));
2933 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
2934 *p = OSSL_PARAM_construct_end();
2935 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
2936 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
2937 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
2938 EVP_RAND_CTX_free(ctx);
2939 return res;
2940 }
2941
2942 /*
2943 * Test that we correctly return the original or "running" IV after
2944 * an encryption operation.
2945 * Run multiple times for some different relevant algorithms/modes.
2946 */
2947 static int test_evp_iv_aes(int idx)
2948 {
2949 int ret = 0;
2950 EVP_CIPHER_CTX *ctx = NULL;
2951 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2952 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2953 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
2954 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2955 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2956 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2957 9, 10, 11, 12, 13, 14, 15, 16 };
2958 unsigned char ciphertext[32], oiv[16], iv[16];
2959 unsigned char *ref_iv;
2960 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2961 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2962
2963 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2964 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2965 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
2966 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
2967 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2968 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2969 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2970 #ifndef OPENSSL_NO_OCB
2971 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2972 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2973 #endif
2974 int len = sizeof(ciphertext);
2975 size_t ivlen, ref_len;
2976 const EVP_CIPHER *type = NULL;
2977 int iv_reset = 0;
2978
2979 if (nullprov != NULL && idx < 6)
2980 return TEST_skip("Test does not support a non-default library context");
2981
2982 switch (idx) {
2983 case 0:
2984 type = EVP_aes_128_cbc();
2985 /* FALLTHROUGH */
2986 case 6:
2987 type = (type != NULL) ? type :
2988 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
2989 ref_iv = cbc_state;
2990 ref_len = sizeof(cbc_state);
2991 iv_reset = 1;
2992 break;
2993 case 1:
2994 type = EVP_aes_128_ofb();
2995 /* FALLTHROUGH */
2996 case 7:
2997 type = (type != NULL) ? type :
2998 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
2999 ref_iv = ofb_state;
3000 ref_len = sizeof(ofb_state);
3001 iv_reset = 1;
3002 break;
3003 case 2:
3004 type = EVP_aes_128_cfb();
3005 /* FALLTHROUGH */
3006 case 8:
3007 type = (type != NULL) ? type :
3008 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
3009 ref_iv = cfb_state;
3010 ref_len = sizeof(cfb_state);
3011 iv_reset = 1;
3012 break;
3013 case 3:
3014 type = EVP_aes_128_gcm();
3015 /* FALLTHROUGH */
3016 case 9:
3017 type = (type != NULL) ? type :
3018 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
3019 ref_iv = gcm_state;
3020 ref_len = sizeof(gcm_state);
3021 break;
3022 case 4:
3023 type = EVP_aes_128_ccm();
3024 /* FALLTHROUGH */
3025 case 10:
3026 type = (type != NULL) ? type :
3027 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
3028 ref_iv = ccm_state;
3029 ref_len = sizeof(ccm_state);
3030 break;
3031 #ifdef OPENSSL_NO_OCB
3032 case 5:
3033 case 11:
3034 return 1;
3035 #else
3036 case 5:
3037 type = EVP_aes_128_ocb();
3038 /* FALLTHROUGH */
3039 case 11:
3040 type = (type != NULL) ? type :
3041 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
3042 ref_iv = ocb_state;
3043 ref_len = sizeof(ocb_state);
3044 break;
3045 #endif
3046 default:
3047 return 0;
3048 }
3049
3050 if (!TEST_ptr(type)
3051 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3052 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3053 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3054 (int)sizeof(msg)))
3055 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3056 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3057 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3058 goto err;
3059 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3060 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3061 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3062 goto err;
3063
3064 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3065 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3066 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3067 goto err;
3068 if (iv_reset) {
3069 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3070 goto err;
3071 } else {
3072 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
3073 goto err;
3074 }
3075
3076 ret = 1;
3077 err:
3078 EVP_CIPHER_CTX_free(ctx);
3079 if (idx >= 6)
3080 EVP_CIPHER_free((EVP_CIPHER *)type);
3081 return ret;
3082 }
3083
3084 #ifndef OPENSSL_NO_DES
3085 static int test_evp_iv_des(int idx)
3086 {
3087 int ret = 0;
3088 EVP_CIPHER_CTX *ctx = NULL;
3089 static const unsigned char key[24] = {
3090 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3091 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3092 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3093 };
3094 static const unsigned char init_iv[8] = {
3095 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3096 };
3097 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3098 9, 10, 11, 12, 13, 14, 15, 16 };
3099 unsigned char ciphertext[32], oiv[8], iv[8];
3100 unsigned const char *ref_iv;
3101 static const unsigned char cbc_state_des[8] = {
3102 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3103 };
3104 static const unsigned char cbc_state_3des[8] = {
3105 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3106 };
3107 static const unsigned char ofb_state_des[8] = {
3108 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3109 };
3110 static const unsigned char ofb_state_3des[8] = {
3111 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3112 };
3113 static const unsigned char cfb_state_des[8] = {
3114 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3115 };
3116 static const unsigned char cfb_state_3des[8] = {
3117 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3118 };
3119 int len = sizeof(ciphertext);
3120 size_t ivlen, ref_len;
3121 EVP_CIPHER *type = NULL;
3122
3123 if (lgcyprov == NULL && idx < 3)
3124 return TEST_skip("Test requires legacy provider to be loaded");
3125
3126 switch (idx) {
3127 case 0:
3128 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
3129 ref_iv = cbc_state_des;
3130 ref_len = sizeof(cbc_state_des);
3131 break;
3132 case 1:
3133 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
3134 ref_iv = ofb_state_des;
3135 ref_len = sizeof(ofb_state_des);
3136 break;
3137 case 2:
3138 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
3139 ref_iv = cfb_state_des;
3140 ref_len = sizeof(cfb_state_des);
3141 break;
3142 case 3:
3143 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
3144 ref_iv = cbc_state_3des;
3145 ref_len = sizeof(cbc_state_3des);
3146 break;
3147 case 4:
3148 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
3149 ref_iv = ofb_state_3des;
3150 ref_len = sizeof(ofb_state_3des);
3151 break;
3152 case 5:
3153 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
3154 ref_iv = cfb_state_3des;
3155 ref_len = sizeof(cfb_state_3des);
3156 break;
3157 default:
3158 return 0;
3159 }
3160
3161 if (!TEST_ptr(type)
3162 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3163 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3164 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3165 (int)sizeof(msg)))
3166 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3167 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3168 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3169 goto err;
3170 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3171 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3172 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3173 goto err;
3174
3175 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3176 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3177 goto err;
3178 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3179 goto err;
3180
3181 ret = 1;
3182 err:
3183 EVP_CIPHER_CTX_free(ctx);
3184 EVP_CIPHER_free(type);
3185 return ret;
3186 }
3187 #endif
3188
3189 #ifndef OPENSSL_NO_EC
3190 static int ecpub_nids[] = {
3191 NID_brainpoolP256r1, NID_X9_62_prime256v1,
3192 NID_secp384r1, NID_secp521r1,
3193 # ifndef OPENSSL_NO_EC2M
3194 NID_sect233k1, NID_sect233r1, NID_sect283r1,
3195 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
3196 # endif
3197 NID_brainpoolP384r1, NID_brainpoolP512r1
3198 };
3199
3200 static int test_ecpub(int idx)
3201 {
3202 int ret = 0, len, savelen;
3203 int nid;
3204 unsigned char buf[1024];
3205 unsigned char *p;
3206 EVP_PKEY *pkey = NULL;
3207 EVP_PKEY_CTX *ctx = NULL;
3208 # ifndef OPENSSL_NO_DEPRECATED_3_0
3209 const unsigned char *q;
3210 EVP_PKEY *pkey2 = NULL;
3211 EC_KEY *ec = NULL;
3212 # endif
3213
3214 if (nullprov != NULL)
3215 return TEST_skip("Test does not support a non-default library context");
3216
3217 nid = ecpub_nids[idx];
3218
3219 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
3220 if (!TEST_ptr(ctx)
3221 || !TEST_true(EVP_PKEY_keygen_init(ctx))
3222 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid))
3223 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
3224 goto done;
3225 len = i2d_PublicKey(pkey, NULL);
3226 savelen = len;
3227 if (!TEST_int_ge(len, 1)
3228 || !TEST_int_lt(len, 1024))
3229 goto done;
3230 p = buf;
3231 len = i2d_PublicKey(pkey, &p);
3232 if (!TEST_int_ge(len, 1)
3233 || !TEST_int_eq(len, savelen))
3234 goto done;
3235
3236 # ifndef OPENSSL_NO_DEPRECATED_3_0
3237 /* Now try to decode the just-created DER. */
3238 q = buf;
3239 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
3240 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
3241 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
3242 goto done;
3243 /* EC_KEY ownership transferred */
3244 ec = NULL;
3245 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
3246 goto done;
3247 /* The keys should match. */
3248 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
3249 goto done;
3250 # endif
3251
3252 ret = 1;
3253
3254 done:
3255 EVP_PKEY_CTX_free(ctx);
3256 EVP_PKEY_free(pkey);
3257 # ifndef OPENSSL_NO_DEPRECATED_3_0
3258 EVP_PKEY_free(pkey2);
3259 EC_KEY_free(ec);
3260 # endif
3261 return ret;
3262 }
3263 #endif
3264
3265 static int test_EVP_rsa_pss_with_keygen_bits(void)
3266 {
3267 int ret = 0;
3268 EVP_PKEY_CTX *ctx = NULL;
3269 EVP_PKEY *pkey = NULL;
3270 EVP_MD *md;
3271
3272 md = EVP_MD_fetch(testctx, "sha256", testpropq);
3273 ret = TEST_ptr(md)
3274 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", testpropq)))
3275 && TEST_true(EVP_PKEY_keygen_init(ctx))
3276 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
3277 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
3278 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
3279
3280 EVP_MD_free(md);
3281 EVP_PKEY_free(pkey);
3282 EVP_PKEY_CTX_free(ctx);
3283 return ret;
3284 }
3285
3286 static int success = 1;
3287 static void md_names(const char *name, void *vctx)
3288 {
3289 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
3290 /* Force a namemap update */
3291 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
3292
3293 if (!TEST_ptr(aes128))
3294 success = 0;
3295
3296 EVP_CIPHER_free(aes128);
3297 }
3298
3299 /*
3300 * Test that changing the namemap in a user callback works in a names_do_all
3301 * function.
3302 */
3303 static int test_names_do_all(void)
3304 {
3305 /* We use a custom libctx so that we know the state of the namemap */
3306 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
3307 EVP_MD *sha256 = NULL;
3308 int testresult = 0;
3309
3310 if (!TEST_ptr(ctx))
3311 goto err;
3312
3313 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
3314 if (!TEST_ptr(sha256))
3315 goto err;
3316
3317 /*
3318 * We loop through all the names for a given digest. This should still work
3319 * even if the namemap changes part way through.
3320 */
3321 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
3322 goto err;
3323
3324 if (!TEST_true(success))
3325 goto err;
3326
3327 testresult = 1;
3328 err:
3329 EVP_MD_free(sha256);
3330 OSSL_LIB_CTX_free(ctx);
3331 return testresult;
3332 }
3333
3334 typedef struct {
3335 const char *cipher;
3336 const unsigned char *key;
3337 const unsigned char *iv;
3338 const unsigned char *input;
3339 const unsigned char *expected;
3340 const unsigned char *tag;
3341 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3342 size_t inlen;
3343 size_t expectedlen;
3344 size_t taglen;
3345 int keyfirst;
3346 int initenc;
3347 int finalenc;
3348 } EVP_INIT_TEST_st;
3349
3350 static const EVP_INIT_TEST_st evp_init_tests[] = {
3351 {
3352 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3353 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3354 0, 1, 0, 1
3355 },
3356 {
3357 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3358 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3359 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3360 sizeof(gcmDefaultTag), 1, 0, 1
3361 },
3362 {
3363 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3364 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3365 0, 0, 0, 1
3366 },
3367 {
3368 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3369 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3370 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3371 sizeof(gcmDefaultTag), 0, 0, 1
3372 },
3373 {
3374 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3375 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3376 0, 1, 1, 0
3377 },
3378 {
3379 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3380 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3381 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3382 sizeof(gcmDefaultTag), 1, 1, 0
3383 },
3384 {
3385 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3386 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3387 0, 0, 1, 0
3388 },
3389 {
3390 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3391 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3392 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3393 sizeof(gcmDefaultTag), 0, 1, 0
3394 }
3395 };
3396
3397 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
3398 {
3399 int res = 0;
3400
3401 if (t->ivlen != 0) {
3402 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL)))
3403 goto err;
3404 }
3405 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
3406 goto err;
3407 res = 1;
3408 err:
3409 return res;
3410 }
3411
3412 /*
3413 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3414 * arguments are given one at a time and a final adjustment to the enc
3415 * parameter sets the correct operation.
3416 */
3417 static int test_evp_init_seq(int idx)
3418 {
3419 int outlen1, outlen2;
3420 int testresult = 0;
3421 unsigned char outbuf[1024];
3422 unsigned char tag[16];
3423 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
3424 EVP_CIPHER_CTX *ctx = NULL;
3425 EVP_CIPHER *type = NULL;
3426 size_t taglen = sizeof(tag);
3427 char *errmsg = NULL;
3428
3429 ctx = EVP_CIPHER_CTX_new();
3430 if (ctx == NULL) {
3431 errmsg = "CTX_ALLOC";
3432 goto err;
3433 }
3434 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
3435 errmsg = "CIPHER_FETCH";
3436 goto err;
3437 }
3438 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
3439 errmsg = "EMPTY_ENC_INIT";
3440 goto err;
3441 }
3442 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3443 errmsg = "PADDING";
3444 goto err;
3445 }
3446 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3447 errmsg = "KEY_INIT (before iv)";
3448 goto err;
3449 }
3450 if (!evp_init_seq_set_iv(ctx, t)) {
3451 errmsg = "IV_INIT";
3452 goto err;
3453 }
3454 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3455 errmsg = "KEY_INIT (after iv)";
3456 goto err;
3457 }
3458 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
3459 errmsg = "FINAL_ENC_INIT";
3460 goto err;
3461 }
3462 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3463 errmsg = "CIPHER_UPDATE";
3464 goto err;
3465 }
3466 if (t->finalenc == 0 && t->tag != NULL) {
3467 /* Set expected tag */
3468 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
3469 t->taglen, (void *)t->tag))) {
3470 errmsg = "SET_TAG";
3471 goto err;
3472 }
3473 }
3474 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3475 errmsg = "CIPHER_FINAL";
3476 goto err;
3477 }
3478 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3479 errmsg = "WRONG_RESULT";
3480 goto err;
3481 }
3482 if (t->finalenc != 0 && t->tag != NULL) {
3483 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3484 errmsg = "GET_TAG";
3485 goto err;
3486 }
3487 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
3488 errmsg = "TAG_ERROR";
3489 goto err;
3490 }
3491 }
3492 testresult = 1;
3493 err:
3494 if (errmsg != NULL)
3495 TEST_info("evp_init_test %d: %s", idx, errmsg);
3496 EVP_CIPHER_CTX_free(ctx);
3497 EVP_CIPHER_free(type);
3498 return testresult;
3499 }
3500
3501 typedef struct {
3502 const unsigned char *input;
3503 const unsigned char *expected;
3504 size_t inlen;
3505 size_t expectedlen;
3506 int enc;
3507 } EVP_RESET_TEST_st;
3508
3509 static const EVP_RESET_TEST_st evp_reset_tests[] = {
3510 {
3511 cfbPlaintext, cfbCiphertext,
3512 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
3513 },
3514 {
3515 cfbCiphertext, cfbPlaintext,
3516 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
3517 }
3518 };
3519
3520 /*
3521 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3522 * been used.
3523 */
3524 static int test_evp_reset(int idx)
3525 {
3526 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
3527 int outlen1, outlen2;
3528 int testresult = 0;
3529 unsigned char outbuf[1024];
3530 EVP_CIPHER_CTX *ctx = NULL;
3531 EVP_CIPHER *type = NULL;
3532 char *errmsg = NULL;
3533
3534 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3535 errmsg = "CTX_ALLOC";
3536 goto err;
3537 }
3538 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
3539 errmsg = "CIPHER_FETCH";
3540 goto err;
3541 }
3542 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3543 errmsg = "CIPHER_INIT";
3544 goto err;
3545 }
3546 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3547 errmsg = "PADDING";
3548 goto err;
3549 }
3550 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3551 errmsg = "CIPHER_UPDATE";
3552 goto err;
3553 }
3554 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3555 errmsg = "CIPHER_FINAL";
3556 goto err;
3557 }
3558 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3559 errmsg = "WRONG_RESULT";
3560 goto err;
3561 }
3562 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
3563 errmsg = "CIPHER_REINIT";
3564 goto err;
3565 }
3566 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3567 errmsg = "CIPHER_UPDATE (reinit)";
3568 goto err;
3569 }
3570 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3571 errmsg = "CIPHER_FINAL (reinit)";
3572 goto err;
3573 }
3574 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3575 errmsg = "WRONG_RESULT (reinit)";
3576 goto err;
3577 }
3578 testresult = 1;
3579 err:
3580 if (errmsg != NULL)
3581 TEST_info("test_evp_reset %d: %s", idx, errmsg);
3582 EVP_CIPHER_CTX_free(ctx);
3583 EVP_CIPHER_free(type);
3584 return testresult;
3585 }
3586
3587 typedef struct {
3588 const char *cipher;
3589 int enc;
3590 } EVP_UPDATED_IV_TEST_st;
3591
3592 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
3593 {
3594 "aes-128-cfb", 1
3595 },
3596 {
3597 "aes-128-cfb", 0
3598 },
3599 {
3600 "aes-128-cfb1", 1
3601 },
3602 {
3603 "aes-128-cfb1", 0
3604 },
3605 {
3606 "aes-128-cfb8", 1
3607 },
3608 {
3609 "aes-128-cfb8", 0
3610 },
3611 {
3612 "aes-128-ofb", 1
3613 },
3614 {
3615 "aes-128-ofb", 0
3616 },
3617 {
3618 "aes-128-ctr", 1
3619 },
3620 {
3621 "aes-128-ctr", 0
3622 },
3623 {
3624 "aes-128-cbc", 1
3625 },
3626 {
3627 "aes-128-cbc", 0
3628 }
3629 };
3630
3631 /*
3632 * Test that the IV in the context is updated during a crypto operation for CFB
3633 * and OFB.
3634 */
3635 static int test_evp_updated_iv(int idx)
3636 {
3637 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
3638 int outlen1, outlen2;
3639 int testresult = 0;
3640 unsigned char outbuf[1024];
3641 EVP_CIPHER_CTX *ctx = NULL;
3642 EVP_CIPHER *type = NULL;
3643 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
3644 int iv_len;
3645 char *errmsg = NULL;
3646
3647 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3648 errmsg = "CTX_ALLOC";
3649 goto err;
3650 }
3651 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
3652 TEST_info("cipher %s not supported, skipping", t->cipher);
3653 goto ok;
3654 }
3655
3656 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3657 errmsg = "CIPHER_INIT";
3658 goto err;
3659 }
3660 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3661 errmsg = "PADDING";
3662 goto err;
3663 }
3664 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
3665 errmsg = "CIPHER_UPDATE";
3666 goto err;
3667 }
3668 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
3669 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
3670 goto err;
3671 }
3672 if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) {
3673 errmsg = "CIPHER_CTX_GET_IV_LEN";
3674 goto err;
3675 }
3676 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
3677 errmsg = "IV_NOT_UPDATED";
3678 goto err;
3679 }
3680 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3681 errmsg = "CIPHER_FINAL";
3682 goto err;
3683 }
3684 ok:
3685 testresult = 1;
3686 err:
3687 if (errmsg != NULL)
3688 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
3689 EVP_CIPHER_CTX_free(ctx);
3690 EVP_CIPHER_free(type);
3691 return testresult;
3692 }
3693
3694 typedef struct {
3695 const unsigned char *iv1;
3696 const unsigned char *iv2;
3697 const unsigned char *expected1;
3698 const unsigned char *expected2;
3699 const unsigned char *tag1;
3700 const unsigned char *tag2;
3701 size_t ivlen1;
3702 size_t ivlen2;
3703 size_t expectedlen1;
3704 size_t expectedlen2;
3705 } TEST_GCM_IV_REINIT_st;
3706
3707 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
3708 {
3709 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
3710 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
3711 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
3712 },
3713 {
3714 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
3715 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
3716 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
3717 }
3718 };
3719
3720 static int test_gcm_reinit(int idx)
3721 {
3722 int outlen1, outlen2, outlen3;
3723 int testresult = 0;
3724 unsigned char outbuf[1024];
3725 unsigned char tag[16];
3726 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
3727 EVP_CIPHER_CTX *ctx = NULL;
3728 EVP_CIPHER *type = NULL;
3729 size_t taglen = sizeof(tag);
3730 char *errmsg = NULL;
3731
3732 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3733 errmsg = "CTX_ALLOC";
3734 goto err;
3735 }
3736 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
3737 errmsg = "CIPHER_FETCH";
3738 goto err;
3739 }
3740 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
3741 errmsg = "ENC_INIT";
3742 goto err;
3743 }
3744 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL))) {
3745 errmsg = "SET_IVLEN1";
3746 goto err;
3747 }
3748 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
3749 errmsg = "SET_IV1";
3750 goto err;
3751 }
3752 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3753 errmsg = "AAD1";
3754 goto err;
3755 }
3756 EVP_CIPHER_CTX_set_padding(ctx, 0);
3757 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3758 sizeof(gcmResetPlaintext)))) {
3759 errmsg = "CIPHER_UPDATE1";
3760 goto err;
3761 }
3762 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3763 errmsg = "CIPHER_FINAL1";
3764 goto err;
3765 }
3766 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
3767 errmsg = "WRONG_RESULT1";
3768 goto err;
3769 }
3770 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3771 errmsg = "GET_TAG1";
3772 goto err;
3773 }
3774 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
3775 errmsg = "TAG_ERROR1";
3776 goto err;
3777 }
3778 /* Now reinit */
3779 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL))) {
3780 errmsg = "SET_IVLEN2";
3781 goto err;
3782 }
3783 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
3784 errmsg = "SET_IV2";
3785 goto err;
3786 }
3787 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3788 errmsg = "AAD2";
3789 goto err;
3790 }
3791 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3792 sizeof(gcmResetPlaintext)))) {
3793 errmsg = "CIPHER_UPDATE2";
3794 goto err;
3795 }
3796 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3797 errmsg = "CIPHER_FINAL2";
3798 goto err;
3799 }
3800 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
3801 errmsg = "WRONG_RESULT2";
3802 goto err;
3803 }
3804 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3805 errmsg = "GET_TAG2";
3806 goto err;
3807 }
3808 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
3809 errmsg = "TAG_ERROR2";
3810 goto err;
3811 }
3812 testresult = 1;
3813 err:
3814 if (errmsg != NULL)
3815 TEST_info("evp_init_test %d: %s", idx, errmsg);
3816 EVP_CIPHER_CTX_free(ctx);
3817 EVP_CIPHER_free(type);
3818 return testresult;
3819 }
3820
3821 #ifndef OPENSSL_NO_DEPRECATED_3_0
3822 static EVP_PKEY_METHOD *custom_pmeth = NULL;
3823 static const EVP_PKEY_METHOD *orig_pmeth = NULL;
3824
3825 # define EVP_PKEY_CTRL_MY_COMMAND 9999
3826
3827 static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
3828 {
3829 int (*pinit)(EVP_PKEY_CTX *ctx);
3830
3831 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
3832 return pinit(ctx);
3833 }
3834
3835 static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
3836 {
3837 void (*pcleanup)(EVP_PKEY_CTX *ctx);
3838
3839 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
3840 pcleanup(ctx);
3841 }
3842
3843 static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
3844 size_t *outlen, const unsigned char *in,
3845 size_t inlen)
3846 {
3847 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
3848 const unsigned char *tbs, size_t tbslen);
3849
3850 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
3851 return psign(ctx, out, outlen, in, inlen);
3852 }
3853
3854 static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
3855 size_t *siglen, const unsigned char *tbs,
3856 size_t tbslen)
3857 {
3858 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
3859 const unsigned char *tbs, size_t tbslen);
3860
3861 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
3862 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
3863 }
3864
3865 static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
3866 size_t *keylen)
3867 {
3868 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
3869
3870 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
3871 return pderive(ctx, key, keylen);
3872 }
3873
3874 static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
3875 {
3876 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
3877
3878 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
3879 return pcopy(dst, src);
3880 }
3881
3882 static int ctrl_called;
3883
3884 static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
3885 {
3886 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
3887
3888 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
3889
3890 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
3891 ctrl_called = 1;
3892 return 1;
3893 }
3894
3895 return pctrl(ctx, type, p1, p2);
3896 }
3897
3898 static int test_custom_pmeth(int idx)
3899 {
3900 EVP_PKEY_CTX *pctx = NULL;
3901 EVP_MD_CTX *ctx = NULL;
3902 EVP_PKEY *pkey = NULL;
3903 int id, orig_id, orig_flags;
3904 int testresult = 0;
3905 size_t reslen;
3906 unsigned char *res = NULL;
3907 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
3908 const EVP_MD *md = EVP_sha256();
3909 int doderive = 0;
3910
3911 ctrl_called = 0;
3912
3913 /* We call deprecated APIs so this test doesn't support a custom libctx */
3914 if (testctx != NULL)
3915 return 1;
3916
3917 switch (idx) {
3918 case 0:
3919 case 6:
3920 id = EVP_PKEY_RSA;
3921 pkey = load_example_rsa_key();
3922 break;
3923 case 1:
3924 case 7:
3925 # ifndef OPENSSL_NO_DSA
3926 id = EVP_PKEY_DSA;
3927 pkey = load_example_dsa_key();
3928 break;
3929 # else
3930 return 1;
3931 # endif
3932 case 2:
3933 case 8:
3934 # ifndef OPENSSL_NO_EC
3935 id = EVP_PKEY_EC;
3936 pkey = load_example_ec_key();
3937 break;
3938 # else
3939 return 1;
3940 # endif
3941 case 3:
3942 case 9:
3943 # ifndef OPENSSL_NO_EC
3944 id = EVP_PKEY_ED25519;
3945 md = NULL;
3946 pkey = load_example_ed25519_key();
3947 break;
3948 # else
3949 return 1;
3950 # endif
3951 case 4:
3952 case 10:
3953 # ifndef OPENSSL_NO_DH
3954 id = EVP_PKEY_DH;
3955 doderive = 1;
3956 pkey = load_example_dh_key();
3957 break;
3958 # else
3959 return 1;
3960 # endif
3961 case 5:
3962 case 11:
3963 # ifndef OPENSSL_NO_EC
3964 id = EVP_PKEY_X25519;
3965 doderive = 1;
3966 pkey = load_example_x25519_key();
3967 break;
3968 # else
3969 return 1;
3970 # endif
3971 default:
3972 TEST_error("Should not happen");
3973 goto err;
3974 }
3975
3976 if (!TEST_ptr(pkey))
3977 goto err;
3978
3979 if (idx < 6) {
3980 if (!TEST_true(evp_pkey_is_provided(pkey)))
3981 goto err;
3982 } else {
3983 EVP_PKEY *tmp = pkey;
3984
3985 /* Convert to a legacy key */
3986 pkey = EVP_PKEY_new();
3987 if (!TEST_ptr(pkey)) {
3988 pkey = tmp;
3989 goto err;
3990 }
3991 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
3992 EVP_PKEY_free(tmp);
3993 goto err;
3994 }
3995 EVP_PKEY_free(tmp);
3996 if (!TEST_true(evp_pkey_is_legacy(pkey)))
3997 goto err;
3998 }
3999
4000 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
4001 || !TEST_ptr(pkey))
4002 goto err;
4003
4004 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
4005 if (!TEST_int_eq(orig_id, id)
4006 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
4007 goto err;
4008
4009 if (id == EVP_PKEY_ED25519) {
4010 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
4011 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
4012 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
4013 } else {
4014 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
4015 }
4016 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
4017 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
4018 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
4019 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
4020 }
4021 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
4022 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
4023 goto err;
4024
4025 if (doderive) {
4026 pctx = EVP_PKEY_CTX_new(pkey, NULL);
4027 if (!TEST_ptr(pctx)
4028 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
4029 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4030 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4031 1)
4032 || !TEST_int_eq(ctrl_called, 1)
4033 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
4034 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
4035 || !TEST_ptr(res = OPENSSL_malloc(reslen))
4036 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
4037 goto err;
4038 } else {
4039 ctx = EVP_MD_CTX_new();
4040 reslen = EVP_PKEY_size(pkey);
4041 res = OPENSSL_malloc(reslen);
4042 if (!TEST_ptr(ctx)
4043 || !TEST_ptr(res)
4044 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
4045 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4046 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4047 1)
4048 || !TEST_int_eq(ctrl_called, 1))
4049 goto err;
4050
4051 if (id == EVP_PKEY_ED25519) {
4052 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
4053 goto err;
4054 } else {
4055 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
4056 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
4057 goto err;
4058 }
4059 }
4060
4061 testresult = 1;
4062 err:
4063 OPENSSL_free(res);
4064 EVP_MD_CTX_free(ctx);
4065 if (doderive)
4066 EVP_PKEY_CTX_free(pctx);
4067 EVP_PKEY_free(pkey);
4068 EVP_PKEY_meth_remove(custom_pmeth);
4069 EVP_PKEY_meth_free(custom_pmeth);
4070 custom_pmeth = NULL;
4071 return testresult;
4072 }
4073
4074 static int test_evp_md_cipher_meth(void)
4075 {
4076 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
4077 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
4078 int testresult = 0;
4079
4080 if (!TEST_ptr(md) || !TEST_ptr(ciph))
4081 goto err;
4082
4083 testresult = 1;
4084
4085 err:
4086 EVP_MD_meth_free(md);
4087 EVP_CIPHER_meth_free(ciph);
4088
4089 return testresult;
4090 }
4091
4092 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4093 /* Test we can create a signature keys with an associated ENGINE */
4094 static int test_signatures_with_engine(int tst)
4095 {
4096 ENGINE *e;
4097 const char *engine_id = "dasync";
4098 EVP_PKEY *pkey = NULL;
4099 const unsigned char badcmackey[] = { 0x00, 0x01 };
4100 const unsigned char cmackey[] = {
4101 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4102 0x0c, 0x0d, 0x0e, 0x0f
4103 };
4104 const unsigned char ed25519key[] = {
4105 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4106 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4107 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
4108 };
4109 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4110 int testresult = 0;
4111 EVP_MD_CTX *ctx = NULL;
4112 unsigned char *mac = NULL;
4113 size_t maclen = 0;
4114 int ret;
4115
4116 # ifdef OPENSSL_NO_CMAC
4117 /* Skip CMAC tests in a no-cmac build */
4118 if (tst <= 1)
4119 return 1;
4120 # endif
4121
4122 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4123 return 0;
4124
4125 if (!TEST_true(ENGINE_init(e))) {
4126 ENGINE_free(e);
4127 return 0;
4128 }
4129
4130 switch (tst) {
4131 case 0:
4132 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
4133 EVP_aes_128_cbc());
4134 break;
4135 case 1:
4136 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
4137 EVP_aes_128_cbc());
4138 break;
4139 case 2:
4140 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
4141 sizeof(ed25519key));
4142 break;
4143 default:
4144 TEST_error("Invalid test case");
4145 goto err;
4146 }
4147 if (!TEST_ptr(pkey))
4148 goto err;
4149
4150 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
4151 goto err;
4152
4153 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
4154 pkey);
4155 if (tst == 0) {
4156 if (!TEST_true(ret))
4157 goto err;
4158
4159 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
4160 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
4161 goto err;
4162
4163 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
4164 goto err;
4165
4166 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
4167 goto err;
4168 } else {
4169 /* We used a bad key. We expect a failure here */
4170 if (!TEST_false(ret))
4171 goto err;
4172 }
4173
4174 testresult = 1;
4175 err:
4176 EVP_MD_CTX_free(ctx);
4177 OPENSSL_free(mac);
4178 EVP_PKEY_free(pkey);
4179 ENGINE_finish(e);
4180 ENGINE_free(e);
4181
4182 return testresult;
4183 }
4184
4185 static int test_cipher_with_engine(void)
4186 {
4187 ENGINE *e;
4188 const char *engine_id = "dasync";
4189 const unsigned char keyiv[] = {
4190 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4191 0x0c, 0x0d, 0x0e, 0x0f
4192 };
4193 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4194 int testresult = 0;
4195 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
4196 unsigned char buf[AES_BLOCK_SIZE];
4197 int len = 0;
4198
4199 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4200 return 0;
4201
4202 if (!TEST_true(ENGINE_init(e))) {
4203 ENGINE_free(e);
4204 return 0;
4205 }
4206
4207 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4208 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
4209 goto err;
4210
4211 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
4212 goto err;
4213
4214 /* Copy the ctx, and complete the operation with the new ctx */
4215 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
4216 goto err;
4217
4218 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
4219 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
4220 goto err;
4221
4222 testresult = 1;
4223 err:
4224 EVP_CIPHER_CTX_free(ctx);
4225 EVP_CIPHER_CTX_free(ctx2);
4226 ENGINE_finish(e);
4227 ENGINE_free(e);
4228
4229 return testresult;
4230 }
4231 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
4232 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
4233
4234 static int ecxnids[] = {
4235 NID_X25519,
4236 NID_X448,
4237 NID_ED25519,
4238 NID_ED448
4239 };
4240
4241 /* Test that creating ECX keys with a short private key fails as expected */
4242 static int test_ecx_short_keys(int tst)
4243 {
4244 unsigned char ecxkeydata = 1;
4245 EVP_PKEY *pkey;
4246
4247
4248 pkey = EVP_PKEY_new_raw_private_key(ecxnids[tst], NULL, &ecxkeydata, 1);
4249 if (!TEST_ptr_null(pkey)) {
4250 EVP_PKEY_free(pkey);
4251 return 0;
4252 }
4253 return 1;
4254 }
4255
4256 typedef enum OPTION_choice {
4257 OPT_ERR = -1,
4258 OPT_EOF = 0,
4259 OPT_CONTEXT,
4260 OPT_TEST_ENUM
4261 } OPTION_CHOICE;
4262
4263 const OPTIONS *test_get_options(void)
4264 {
4265 static const OPTIONS options[] = {
4266 OPT_TEST_OPTIONS_DEFAULT_USAGE,
4267 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
4268 { NULL }
4269 };
4270 return options;
4271 }
4272
4273 int setup_tests(void)
4274 {
4275 OPTION_CHOICE o;
4276
4277 while ((o = opt_next()) != OPT_EOF) {
4278 switch (o) {
4279 case OPT_CONTEXT:
4280 /* Set up an alternate library context */
4281 testctx = OSSL_LIB_CTX_new();
4282 if (!TEST_ptr(testctx))
4283 return 0;
4284 /* Swap the libctx to test non-default context only */
4285 nullprov = OSSL_PROVIDER_load(NULL, "null");
4286 deflprov = OSSL_PROVIDER_load(testctx, "default");
4287 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
4288 break;
4289 case OPT_TEST_CASES:
4290 break;
4291 default:
4292 return 0;
4293 }
4294 }
4295
4296 ADD_TEST(test_EVP_set_default_properties);
4297 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
4298 ADD_TEST(test_EVP_DigestVerifyInit);
4299 #ifndef OPENSSL_NO_SIPHASH
4300 ADD_TEST(test_siphash_digestsign);
4301 #endif
4302 ADD_TEST(test_EVP_Digest);
4303 ADD_TEST(test_EVP_md_null);
4304 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
4305 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
4306 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
4307 ADD_TEST(test_privatekey_to_pkcs8);
4308 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
4309 #ifndef OPENSSL_NO_EC
4310 ADD_TEST(test_EVP_PKCS82PKEY);
4311 #endif
4312 #ifndef OPENSSL_NO_EC
4313 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
4314 #endif
4315 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
4316 ADD_TEST(test_EVP_SM2);
4317 ADD_TEST(test_EVP_SM2_verify);
4318 #endif
4319 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
4320 #ifndef OPENSSL_NO_DEPRECATED_3_0
4321 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
4322 if (!TEST_ptr(custom_pmeth))
4323 return 0;
4324 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
4325 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
4326 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
4327 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
4328 return 0;
4329 #endif
4330 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
4331 #ifndef OPENSSL_NO_CMAC
4332 ADD_TEST(test_CMAC_keygen);
4333 #endif
4334 ADD_TEST(test_HKDF);
4335 ADD_TEST(test_emptyikm_HKDF);
4336 #ifndef OPENSSL_NO_EC
4337 ADD_TEST(test_X509_PUBKEY_inplace);
4338 ADD_TEST(test_X509_PUBKEY_dup);
4339 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
4340 OSSL_NELEM(ec_der_pub_keys));
4341 #endif
4342 #ifndef OPENSSL_NO_DSA
4343 ADD_TEST(test_DSA_get_set_params);
4344 ADD_TEST(test_DSA_priv_pub);
4345 #endif
4346 ADD_TEST(test_RSA_get_set_params);
4347 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
4348 ADD_TEST(test_decrypt_null_chunks);
4349 #endif
4350 #ifndef OPENSSL_NO_DH
4351 ADD_TEST(test_DH_priv_pub);
4352 # ifndef OPENSSL_NO_DEPRECATED_3_0
4353 ADD_TEST(test_EVP_PKEY_set1_DH);
4354 # endif
4355 #endif
4356 #ifndef OPENSSL_NO_EC
4357 ADD_TEST(test_EC_priv_pub);
4358 # ifndef OPENSSL_NO_DEPRECATED_3_0
4359 ADD_TEST(test_EC_priv_only_legacy);
4360 # endif
4361 #endif
4362 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
4363 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
4364
4365 ADD_TEST(test_rand_agglomeration);
4366 ADD_ALL_TESTS(test_evp_iv_aes, 12);
4367 #ifndef OPENSSL_NO_DES
4368 ADD_ALL_TESTS(test_evp_iv_des, 6);
4369 #endif
4370 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
4371 #ifndef OPENSSL_NO_EC
4372 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
4373 #endif
4374
4375 ADD_TEST(test_names_do_all);
4376
4377 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
4378 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
4379 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
4380 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
4381
4382 #ifndef OPENSSL_NO_DEPRECATED_3_0
4383 ADD_ALL_TESTS(test_custom_pmeth, 12);
4384 ADD_TEST(test_evp_md_cipher_meth);
4385
4386 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4387 /* Tests only support the default libctx */
4388 if (testctx == NULL) {
4389 # ifndef OPENSSL_NO_EC
4390 ADD_ALL_TESTS(test_signatures_with_engine, 3);
4391 # else
4392 ADD_ALL_TESTS(test_signatures_with_engine, 2);
4393 # endif
4394 ADD_TEST(test_cipher_with_engine);
4395 }
4396 # endif
4397 #endif
4398
4399 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
4400
4401 return 1;
4402 }
4403
4404 void cleanup_tests(void)
4405 {
4406 OSSL_PROVIDER_unload(nullprov);
4407 OSSL_PROVIDER_unload(deflprov);
4408 OSSL_PROVIDER_unload(lgcyprov);
4409 OSSL_LIB_CTX_free(testctx);
4410 }
A mirror of the official openssl repository