VirtualBox

source: vbox/trunk/src/libs/openssl-3.1.0/test/evp_extra_test.c@ 99507

最後變更 在這個檔案從99507是 99366,由 vboxsync 提交於 2 年 前

openssl-3.1.0: Applied and adjusted our OpenSSL changes to 3.0.7. bugref:10418
檔案大小: 161.5 KB
 
1/*
2 * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/* We need to use some deprecated APIs */
11#define OPENSSL_SUPPRESS_DEPRECATED
12
13#include <stdio.h>
14#include <stdlib.h>
15#include <string.h>
16#include <openssl/bio.h>
17#include <openssl/conf.h>
18#include <openssl/crypto.h>
19#include <openssl/err.h>
20#include <openssl/evp.h>
21#include <openssl/x509.h>
22#include <openssl/pem.h>
23#include <openssl/kdf.h>
24#include <openssl/provider.h>
25#include <openssl/core_names.h>
26#include <openssl/params.h>
27#include <openssl/param_build.h>
28#include <openssl/dsa.h>
29#include <openssl/dh.h>
30#include <openssl/aes.h>
31#include <openssl/decoder.h>
32#include <openssl/rsa.h>
33#include <openssl/engine.h>
34#include <openssl/proverr.h>
35#include "testutil.h"
36#include "internal/nelem.h"
37#include "internal/sizes.h"
38#include "crypto/evp.h"
39
40static OSSL_LIB_CTX *testctx = NULL;
41static char *testpropq = NULL;
42
43static OSSL_PROVIDER *nullprov = NULL;
44static OSSL_PROVIDER *deflprov = NULL;
45static OSSL_PROVIDER *lgcyprov = NULL;
46
47/*
48 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
49 * should never use this key anywhere but in an example.
50 */
51static const unsigned char kExampleRSAKeyDER[] = {
52 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
53 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
54 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
55 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
56 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
57 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
58 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
59 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
60 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
61 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
62 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
63 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
64 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
65 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
66 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
67 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
68 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
69 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
70 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
71 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
72 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
73 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
74 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
75 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
76 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
77 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
78 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
79 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
80 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
81 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
82 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
83 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
84 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
85 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
86 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
87 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
88 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
89 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
90 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
91 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
92 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
93 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
94 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
95 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
96 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
97 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
98 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
99 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
100 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
101 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
102 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
103};
104
105/*
106* kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
107 * should never use this key anywhere but in an example.
108 */
109#ifndef OPENSSL_NO_DSA
110static const unsigned char kExampleDSAKeyDER[] = {
111 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
112 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
113 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
114 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
115 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
116 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
117 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
118 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
119 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
120 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
121 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
122 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
123 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
124 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
125 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
126 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
127 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
128 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
129 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
130 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
131 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
132 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
133 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
134 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
135 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
136 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
137 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
138 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
139 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
140 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
141 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
142 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
143 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
144 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
145 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
146 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
147 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
148 0x40, 0x48
149};
150#endif
151
152/*
153 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
154 * components are not correct.
155 */
156static const unsigned char kExampleBadRSAKeyDER[] = {
157 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
158 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
159 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
160 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
161 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
162 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
163 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
164 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
165 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
166 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
167 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
168 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
169 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
170 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
171 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
172 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
173 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
174 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
175 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
176 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
177 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
178 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
179 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
180 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
181 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
182 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
183 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
184 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
185 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
186 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
187 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
188 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
189 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
190 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
191 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
192 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
193 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
194 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
195 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
196 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
197 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
198 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
199 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
200 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
201 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
202 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
203 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
204 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
205 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
206 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
207 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
208 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
209 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
210 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
211 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
212 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
213 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
214 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
215 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
216 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
217 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
218 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
219 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
220 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
221 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
222 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
223 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
224 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
225 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
226 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
227 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
228 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
229 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
230 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
231 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
232 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
233 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
234 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
235 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
236 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
237 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
238 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
239 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
240 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
241 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
242 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
243 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
244 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
245 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
246};
247
248/*
249 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All
250 * values are 0.
251 */
252static const unsigned char kExampleBad2RSAKeyDER[] = {
253 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
254 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
255 0x01, 0x00, 0x02, 0x01, 0x00
256};
257
258static const unsigned char kMsg[] = { 1, 2, 3, 4 };
259
260static const unsigned char kSignature[] = {
261 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
262 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
263 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
264 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
265 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
266 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
267 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
268 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
269 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
270 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
271 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
272};
273
274/*
275 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
276 * PrivateKeyInfo.
277 */
278static const unsigned char kExampleRSAKeyPKCS8[] = {
279 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
280 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
281 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
282 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
283 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
284 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
285 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
286 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
287 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
288 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
289 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
290 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
291 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
292 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
293 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
294 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
295 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
296 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
297 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
298 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
299 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
300 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
301 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
302 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
303 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
304 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
305 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
306 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
307 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
308 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
309 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
310 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
311 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
312 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
313 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
314 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
315 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
316 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
317 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
318 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
319 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
320 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
321 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
322 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
323 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
324 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
325 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
326 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
327 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
328 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
329 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
330 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
331 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
332};
333
334#ifndef OPENSSL_NO_EC
335/*
336 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
337 * structure.
338 */
339static const unsigned char kExampleECKeyDER[] = {
340 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
341 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
342 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
343 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
344 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
345 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
346 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
347 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
348 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
349 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
350 0xc1,
351};
352
353/*
354 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
355 * structure. The private key is equal to the order and will fail to import
356 */
357static const unsigned char kExampleBadECKeyDER[] = {
358 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
359 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
360 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
361 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
362 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
363 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
364 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
365 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
366 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
367};
368
369/* prime256v1 */
370static const unsigned char kExampleECPubKeyDER[] = {
371 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
372 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
373 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
374 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
375 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
376 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
377 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
378 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
379};
380
381/*
382 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
383 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
384 */
385static const unsigned char kExampleBadECPubKeyDER[] = {
386 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
387 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
388 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
389 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
390 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
391 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
392 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
393 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
394};
395
396static const unsigned char pExampleECParamDER[] = {
397 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
398};
399
400static const unsigned char kExampleED25519KeyDER[] = {
401 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
402 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
403 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
404 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
405};
406
407static const unsigned char kExampleED25519PubKeyDER[] = {
408 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
409 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
410 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
411 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
412};
413
414# ifndef OPENSSL_NO_DEPRECATED_3_0
415static const unsigned char kExampleX25519KeyDER[] = {
416 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
417 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
418 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
419 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
420};
421# endif
422#endif
423
424/* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
425#ifndef OPENSSL_NO_DEPRECATED_3_0
426# ifndef OPENSSL_NO_DH
427static const unsigned char kExampleDHKeyDER[] = {
428 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
429 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
430 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
431 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
432 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
433 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
434 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
435 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
436 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
437 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
438 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
439 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
440 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
441 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
442 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
443 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
444 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
445 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
446 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
447 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
448 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
449 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
450 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
451 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
452 0x2e, 0x87, 0x2a, 0x0b, 0x7a
453};
454# endif
455#endif
456
457static const unsigned char kCFBDefaultKey[] = {
458 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
459 0x09, 0xCF, 0x4F, 0x3C
460};
461
462static const unsigned char kGCMDefaultKey[32] = { 0 };
463
464static const unsigned char kGCMResetKey[] = {
465 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
466 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
467 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
468};
469
470static const unsigned char iCFBIV[] = {
471 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
472 0x0C, 0x0D, 0x0E, 0x0F
473};
474
475static const unsigned char iGCMDefaultIV[12] = { 0 };
476
477static const unsigned char iGCMResetIV1[] = {
478 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
479};
480
481static const unsigned char iGCMResetIV2[] = {
482 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
483};
484
485static const unsigned char cfbPlaintext[] = {
486 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
487 0x73, 0x93, 0x17, 0x2A
488};
489
490static const unsigned char gcmDefaultPlaintext[16] = { 0 };
491
492static const unsigned char gcmResetPlaintext[] = {
493 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
494 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
495 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
496 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
497 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
498};
499
500static const unsigned char cfbCiphertext[] = {
501 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
502 0xE8, 0x3C, 0xFB, 0x4A
503};
504
505static const unsigned char gcmDefaultCiphertext[] = {
506 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
507 0xba, 0xf3, 0x9d, 0x18
508};
509
510static const unsigned char gcmResetCiphertext1[] = {
511 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
512 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
513 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
514 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
515 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
516};
517
518static const unsigned char gcmResetCiphertext2[] = {
519 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
520 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
521 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
522 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
523 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
524};
525
526static const unsigned char gcmAAD[] = {
527 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
528 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
529};
530
531static const unsigned char gcmDefaultTag[] = {
532 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
533 0xd4, 0x8a, 0xb9, 0x19
534};
535
536static const unsigned char gcmResetTag1[] = {
537 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
538 0xfe, 0x2e, 0xa8, 0xf2
539};
540
541static const unsigned char gcmResetTag2[] = {
542 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
543 0xbb, 0x2d, 0x55, 0x1b
544};
545
546typedef struct APK_DATA_st {
547 const unsigned char *kder;
548 size_t size;
549 const char *keytype;
550 int evptype;
551 int check;
552 int pub_check;
553 int param_check;
554 int type; /* 0 for private, 1 for public, 2 for params */
555} APK_DATA;
556
557static APK_DATA keydata[] = {
558 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
559 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
560#ifndef OPENSSL_NO_EC
561 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
562#endif
563};
564
565static APK_DATA keycheckdata[] = {
566 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
567 0},
568 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
569 0, 1, 1, 0},
570 {kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA,
571 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0},
572#ifndef OPENSSL_NO_EC
573 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
574 /* group is also associated in our pub key */
575 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
576 1, 1},
577 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
578 2},
579 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
580 EVP_PKEY_ED25519, 1, 1, 1, 0},
581 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
582 EVP_PKEY_ED25519, 0, 1, 1, 1},
583#endif
584};
585
586static EVP_PKEY *load_example_key(const char *keytype,
587 const unsigned char *data, size_t data_len)
588{
589 const unsigned char **pdata = &data;
590 EVP_PKEY *pkey = NULL;
591 OSSL_DECODER_CTX *dctx =
592 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
593 testctx, testpropq);
594
595 /* |pkey| will be NULL on error */
596 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
597 OSSL_DECODER_CTX_free(dctx);
598 return pkey;
599}
600
601static EVP_PKEY *load_example_rsa_key(void)
602{
603 return load_example_key("RSA", kExampleRSAKeyDER,
604 sizeof(kExampleRSAKeyDER));
605}
606
607#ifndef OPENSSL_NO_DSA
608static EVP_PKEY *load_example_dsa_key(void)
609{
610 return load_example_key("DSA", kExampleDSAKeyDER,
611 sizeof(kExampleDSAKeyDER));
612}
613#endif
614
615#ifndef OPENSSL_NO_EC
616static EVP_PKEY *load_example_ec_key(void)
617{
618 return load_example_key("EC", kExampleECKeyDER,
619 sizeof(kExampleECKeyDER));
620}
621#endif
622
623#ifndef OPENSSL_NO_DEPRECATED_3_0
624# ifndef OPENSSL_NO_DH
625static EVP_PKEY *load_example_dh_key(void)
626{
627 return load_example_key("DH", kExampleDHKeyDER,
628 sizeof(kExampleDHKeyDER));
629}
630# endif
631
632# ifndef OPENSSL_NO_EC
633static EVP_PKEY *load_example_ed25519_key(void)
634{
635 return load_example_key("ED25519", kExampleED25519KeyDER,
636 sizeof(kExampleED25519KeyDER));
637}
638
639static EVP_PKEY *load_example_x25519_key(void)
640{
641 return load_example_key("X25519", kExampleX25519KeyDER,
642 sizeof(kExampleX25519KeyDER));
643}
644# endif
645#endif /* OPENSSL_NO_DEPRECATED_3_0 */
646
647static EVP_PKEY *load_example_hmac_key(void)
648{
649 EVP_PKEY *pkey = NULL;
650 unsigned char key[] = {
651 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
652 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
653 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
654 };
655
656 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
657 NULL, key, sizeof(key));
658 if (!TEST_ptr(pkey))
659 return NULL;
660
661 return pkey;
662}
663
664static int test_EVP_set_default_properties(void)
665{
666 OSSL_LIB_CTX *ctx;
667 EVP_MD *md = NULL;
668 int res = 0;
669
670 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
671 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
672 goto err;
673 EVP_MD_free(md);
674 md = NULL;
675
676 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
677 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
678 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
679 goto err;
680 EVP_MD_free(md);
681 md = NULL;
682
683 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
684 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
685 goto err;
686 res = 1;
687err:
688 EVP_MD_free(md);
689 OSSL_LIB_CTX_free(ctx);
690 return res;
691}
692
693#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
694static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
695{
696 EVP_PKEY_CTX *pctx = NULL;
697 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL;
698
699 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
700 goto err;
701 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
702 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
703 params), 0))
704 goto err;
705
706 if (!TEST_ptr(tmp_pkey))
707 goto err;
708
709 pkey = tmp_pkey;
710 tmp_pkey = NULL;
711 err:
712 EVP_PKEY_free(tmp_pkey);
713 EVP_PKEY_CTX_free(pctx);
714 return pkey;
715}
716
717static int test_selection(EVP_PKEY *pkey, int selection)
718{
719 int testresult = 0;
720 int ret;
721 BIO *bio = BIO_new(BIO_s_mem());
722
723 ret = PEM_write_bio_PUBKEY(bio, pkey);
724 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
725 if (!TEST_true(ret))
726 goto err;
727 } else {
728 if (!TEST_false(ret))
729 goto err;
730 }
731 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
732 testctx, NULL);
733 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
734 if (!TEST_true(ret))
735 goto err;
736 } else {
737 if (!TEST_false(ret))
738 goto err;
739 }
740
741 testresult = 1;
742 err:
743 BIO_free(bio);
744
745 return testresult;
746}
747#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
748
749/*
750 * Test combinations of private, public, missing and private + public key
751 * params to ensure they are all accepted
752 */
753#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
754static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
755{
756 OSSL_PARAM_BLD *bld = NULL;
757 OSSL_PARAM *params = NULL;
758 EVP_PKEY *just_params = NULL;
759 EVP_PKEY *params_and_priv = NULL;
760 EVP_PKEY *params_and_pub = NULL;
761 EVP_PKEY *params_and_keypair = NULL;
762 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
763 int ret = 0;
764
765 /*
766 * Setup the parameters for our pkey object. For our purposes they don't
767 * have to actually be *valid* parameters. We just need to set something.
768 */
769 if (!TEST_ptr(p = BN_new())
770 || !TEST_ptr(q = BN_new())
771 || !TEST_ptr(g = BN_new())
772 || !TEST_ptr(pub = BN_new())
773 || !TEST_ptr(priv = BN_new()))
774 goto err;
775
776 /* Test !priv and !pub */
777 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
778 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
779 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
780 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
781 goto err;
782 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
783 || !TEST_ptr(just_params = make_key_fromdata(keytype, params)))
784 goto err;
785
786 OSSL_PARAM_free(params);
787 OSSL_PARAM_BLD_free(bld);
788 params = NULL;
789 bld = NULL;
790
791 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
792 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
793 goto err;
794
795 /* Test priv and !pub */
796 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
797 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
798 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
799 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
800 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
801 priv)))
802 goto err;
803 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
804 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params)))
805 goto err;
806
807 OSSL_PARAM_free(params);
808 OSSL_PARAM_BLD_free(bld);
809 params = NULL;
810 bld = NULL;
811
812 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
813 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
814 goto err;
815
816 /* Test !priv and pub */
817 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
818 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
819 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
820 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
821 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
822 pub)))
823 goto err;
824 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
825 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params)))
826 goto err;
827
828 OSSL_PARAM_free(params);
829 OSSL_PARAM_BLD_free(bld);
830 params = NULL;
831 bld = NULL;
832
833 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
834 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
835 goto err;
836
837 /* Test priv and pub */
838 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
839 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
840 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
841 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
842 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
843 pub))
844 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
845 priv)))
846 goto err;
847 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
848 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params)))
849 goto err;
850
851 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
852 goto err;
853
854 ret = 1;
855 err:
856 OSSL_PARAM_free(params);
857 OSSL_PARAM_BLD_free(bld);
858 EVP_PKEY_free(just_params);
859 EVP_PKEY_free(params_and_priv);
860 EVP_PKEY_free(params_and_pub);
861 EVP_PKEY_free(params_and_keypair);
862 BN_free(p);
863 BN_free(q);
864 BN_free(g);
865 BN_free(pub);
866 BN_free(priv);
867
868 return ret;
869}
870#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
871
872/*
873 * Test combinations of private, public, missing and private + public key
874 * params to ensure they are all accepted for EC keys
875 */
876#ifndef OPENSSL_NO_EC
877static unsigned char ec_priv[] = {
878 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
879 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
880 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
881};
882static unsigned char ec_pub[] = {
883 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
884 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
885 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
886 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
887 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
888 0x08, 0x09, 0xb8, 0xdb, 0x03
889};
890
891static int test_EC_priv_pub(void)
892{
893 OSSL_PARAM_BLD *bld = NULL;
894 OSSL_PARAM *params = NULL;
895 EVP_PKEY *just_params = NULL;
896 EVP_PKEY *params_and_priv = NULL;
897 EVP_PKEY *params_and_pub = NULL;
898 EVP_PKEY *params_and_keypair = NULL;
899 BIGNUM *priv = NULL;
900 int ret = 0;
901 unsigned char *encoded = NULL;
902
903 /*
904 * Setup the parameters for our pkey object. For our purposes they don't
905 * have to actually be *valid* parameters. We just need to set something.
906 */
907 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
908 goto err;
909
910 /* Test !priv and !pub */
911 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
912 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
913 OSSL_PKEY_PARAM_GROUP_NAME,
914 "P-256", 0)))
915 goto err;
916 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
917 || !TEST_ptr(just_params = make_key_fromdata("EC", params)))
918 goto err;
919
920 OSSL_PARAM_free(params);
921 OSSL_PARAM_BLD_free(bld);
922 params = NULL;
923 bld = NULL;
924
925 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
926 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
927 goto err;
928
929 /* Test priv and !pub */
930 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
931 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
932 OSSL_PKEY_PARAM_GROUP_NAME,
933 "P-256", 0))
934 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
935 priv)))
936 goto err;
937 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
938 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params)))
939 goto err;
940
941 OSSL_PARAM_free(params);
942 OSSL_PARAM_BLD_free(bld);
943 params = NULL;
944 bld = NULL;
945
946 /*
947 * We indicate only parameters here, in spite of having built a key that
948 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
949 * expected to fail because it does not support exporting a private EC
950 * key without a corresponding public key
951 */
952 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
953 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
954 goto err;
955
956 /* Test !priv and pub */
957 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
958 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
959 OSSL_PKEY_PARAM_GROUP_NAME,
960 "P-256", 0))
961 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
962 OSSL_PKEY_PARAM_PUB_KEY,
963 ec_pub, sizeof(ec_pub))))
964 goto err;
965 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
966 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params)))
967 goto err;
968
969 OSSL_PARAM_free(params);
970 OSSL_PARAM_BLD_free(bld);
971 params = NULL;
972 bld = NULL;
973
974 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
975 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
976 goto err;
977
978 /* Test priv and pub */
979 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
980 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
981 OSSL_PKEY_PARAM_GROUP_NAME,
982 "P-256", 0))
983 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
984 OSSL_PKEY_PARAM_PUB_KEY,
985 ec_pub, sizeof(ec_pub)))
986 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
987 priv)))
988 goto err;
989 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
990 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params)))
991 goto err;
992
993 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
994 goto err;
995
996 /* Try key equality */
997 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0)
998 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub),
999 0)
1000 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv),
1001 0)
1002 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair),
1003 0)
1004 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0)
1005 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0)
1006 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0)
1007 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0))
1008 goto err;
1009
1010 /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */
1011 if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0))
1012 goto err;
1013 OPENSSL_free(encoded);
1014 encoded = NULL;
1015 if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) {
1016 OPENSSL_free(encoded);
1017 encoded = NULL;
1018 goto err;
1019 }
1020
1021 ret = 1;
1022 err:
1023 OSSL_PARAM_free(params);
1024 OSSL_PARAM_BLD_free(bld);
1025 EVP_PKEY_free(just_params);
1026 EVP_PKEY_free(params_and_priv);
1027 EVP_PKEY_free(params_and_pub);
1028 EVP_PKEY_free(params_and_keypair);
1029 BN_free(priv);
1030
1031 return ret;
1032}
1033
1034/* Test that using a legacy EC key with only a private key in it works */
1035# ifndef OPENSSL_NO_DEPRECATED_3_0
1036static int test_EC_priv_only_legacy(void)
1037{
1038 BIGNUM *priv = NULL;
1039 int ret = 0;
1040 EC_KEY *eckey = NULL;
1041 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
1042 EVP_MD_CTX *ctx = NULL;
1043
1044 /* Create the low level EC_KEY */
1045 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1046 goto err;
1047
1048 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1049 if (!TEST_ptr(eckey))
1050 goto err;
1051
1052 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1053 goto err;
1054
1055 pkey = EVP_PKEY_new();
1056 if (!TEST_ptr(pkey))
1057 goto err;
1058
1059 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1060 goto err;
1061 eckey = NULL;
1062
1063 while (dup_pk == NULL) {
1064 ret = 0;
1065 ctx = EVP_MD_CTX_new();
1066 if (!TEST_ptr(ctx))
1067 goto err;
1068
1069 /*
1070 * The EVP_DigestSignInit function should create the key on the
1071 * provider side which is sufficient for this test.
1072 */
1073 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
1074 testpropq, pkey, NULL)))
1075 goto err;
1076 EVP_MD_CTX_free(ctx);
1077 ctx = NULL;
1078
1079 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
1080 goto err;
1081 /* EVP_PKEY_eq() returns -2 with missing public keys */
1082 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
1083 EVP_PKEY_free(pkey);
1084 pkey = dup_pk;
1085 if (!ret)
1086 goto err;
1087 }
1088
1089 err:
1090 EVP_MD_CTX_free(ctx);
1091 EVP_PKEY_free(pkey);
1092 EC_KEY_free(eckey);
1093 BN_free(priv);
1094
1095 return ret;
1096}
1097# endif /* OPENSSL_NO_DEPRECATED_3_0 */
1098#endif /* OPENSSL_NO_EC */
1099
1100static int test_EVP_PKEY_sign(int tst)
1101{
1102 int ret = 0;
1103 EVP_PKEY *pkey = NULL;
1104 unsigned char *sig = NULL;
1105 size_t sig_len = 0, shortsig_len = 1;
1106 EVP_PKEY_CTX *ctx = NULL;
1107 unsigned char tbs[] = {
1108 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1109 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1110 };
1111
1112 if (tst == 0 ) {
1113 if (!TEST_ptr(pkey = load_example_rsa_key()))
1114 goto out;
1115 } else if (tst == 1) {
1116#ifndef OPENSSL_NO_DSA
1117 if (!TEST_ptr(pkey = load_example_dsa_key()))
1118 goto out;
1119#else
1120 ret = 1;
1121 goto out;
1122#endif
1123 } else {
1124#ifndef OPENSSL_NO_EC
1125 if (!TEST_ptr(pkey = load_example_ec_key()))
1126 goto out;
1127#else
1128 ret = 1;
1129 goto out;
1130#endif
1131 }
1132
1133 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1134 if (!TEST_ptr(ctx)
1135 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1136 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1137 sizeof(tbs)), 0))
1138 goto out;
1139 sig = OPENSSL_malloc(sig_len);
1140 if (!TEST_ptr(sig)
1141 /* Test sending a signature buffer that is too short is rejected */
1142 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1143 sizeof(tbs)), 0)
1144 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1145 0)
1146 /* Test the signature round-trips */
1147 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1148 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1149 0))
1150 goto out;
1151
1152 ret = 1;
1153 out:
1154 EVP_PKEY_CTX_free(ctx);
1155 OPENSSL_free(sig);
1156 EVP_PKEY_free(pkey);
1157 return ret;
1158}
1159
1160/*
1161 * n = 0 => test using legacy cipher
1162 * n = 1 => test using fetched cipher
1163 */
1164static int test_EVP_Enveloped(int n)
1165{
1166 int ret = 0;
1167 EVP_CIPHER_CTX *ctx = NULL;
1168 EVP_PKEY *keypair = NULL;
1169 unsigned char *kek = NULL;
1170 unsigned char iv[EVP_MAX_IV_LENGTH];
1171 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1172 int len, kek_len, ciphertext_len, plaintext_len;
1173 unsigned char ciphertext[32], plaintext[16];
1174 EVP_CIPHER *type = NULL;
1175
1176 if (nullprov != NULL)
1177 return TEST_skip("Test does not support a non-default library context");
1178
1179 if (n == 0)
1180 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1181 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1182 testpropq)))
1183 goto err;
1184
1185 if (!TEST_ptr(keypair = load_example_rsa_key())
1186 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
1187 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1188 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1189 &keypair, 1))
1190 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1191 msg, sizeof(msg)))
1192 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1193 &len)))
1194 goto err;
1195
1196 ciphertext_len += len;
1197
1198 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1199 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1200 ciphertext, ciphertext_len))
1201 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1202 goto err;
1203
1204 plaintext_len += len;
1205 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1206 goto err;
1207
1208 ret = 1;
1209err:
1210 if (n != 0)
1211 EVP_CIPHER_free(type);
1212 OPENSSL_free(kek);
1213 EVP_PKEY_free(keypair);
1214 EVP_CIPHER_CTX_free(ctx);
1215 return ret;
1216}
1217
1218/*
1219 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1220 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1221 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1222 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1223 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1224 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1225 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1226 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1227 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1228 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1229 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1230 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1231 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1232 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1233 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1234 * Test 15-29: Same as above with reinitialization
1235 */
1236static int test_EVP_DigestSignInit(int tst)
1237{
1238 int ret = 0;
1239 EVP_PKEY *pkey = NULL;
1240 unsigned char *sig = NULL, *sig2 = NULL;
1241 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
1242 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1243 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1244 BIO *mdbio = NULL, *membio = NULL;
1245 size_t written;
1246 const EVP_MD *md;
1247 EVP_MD *mdexp = NULL;
1248 int reinit = 0;
1249
1250 if (nullprov != NULL)
1251 return TEST_skip("Test does not support a non-default library context");
1252
1253 if (tst >= 15) {
1254 reinit = 1;
1255 tst -= 15;
1256 }
1257
1258 if (tst >= 6 && tst <= 8) {
1259 membio = BIO_new(BIO_s_mem());
1260 mdbio = BIO_new(BIO_f_md());
1261 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1262 goto out;
1263 BIO_push(mdbio, membio);
1264 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1265 goto out;
1266 } else {
1267 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1268 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1269 goto out;
1270 }
1271
1272 if (tst % 3 == 0) {
1273 if (!TEST_ptr(pkey = load_example_rsa_key()))
1274 goto out;
1275 } else if (tst % 3 == 1) {
1276#ifndef OPENSSL_NO_DSA
1277 if (!TEST_ptr(pkey = load_example_dsa_key()))
1278 goto out;
1279#else
1280 ret = 1;
1281 goto out;
1282#endif
1283 } else {
1284 if (!TEST_ptr(pkey = load_example_hmac_key()))
1285 goto out;
1286 }
1287
1288 if (tst >= 3 && tst <= 5)
1289 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1290 else
1291 md = EVP_sha256();
1292
1293 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1294 goto out;
1295
1296 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
1297 goto out;
1298
1299 if (tst >= 6 && tst <= 8) {
1300 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1301 goto out;
1302 } else if (tst < 6) {
1303 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1304 goto out;
1305 }
1306
1307 if (tst >= 9) {
1308 /* Determine the size of the signature. */
1309 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1310 sizeof(kMsg)))
1311 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1312 goto out;
1313 if (tst <= 11) {
1314 /* Test that supply a short sig buffer fails */
1315 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1316 sizeof(kMsg))))
1317 goto out;
1318 /*
1319 * We end here because once EVP_DigestSign() has failed you should
1320 * not call it again without re-initing the ctx
1321 */
1322 ret = 1;
1323 goto out;
1324 }
1325 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1326 sizeof(kMsg))))
1327 goto out;
1328 } else {
1329 /* Determine the size of the signature. */
1330 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1331 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1332 /*
1333 * Trying to create a signature with a deliberately short
1334 * buffer should fail.
1335 */
1336 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1337 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1338 goto out;
1339 }
1340
1341 /*
1342 * Ensure that the signature round-trips (Verification isn't supported for
1343 * HMAC via EVP_DigestVerify*)
1344 */
1345 if (tst % 3 != 2) {
1346 if (tst >= 6 && tst <= 8) {
1347 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1348 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1349 goto out;
1350 }
1351
1352 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1353 NULL, pkey)))
1354 goto out;
1355
1356 if (tst >= 6 && tst <= 8) {
1357 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1358 goto out;
1359 } else {
1360 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1361 sizeof(kMsg))))
1362 goto out;
1363 }
1364 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1365 goto out;
1366
1367 /* Multiple calls to EVP_DigestVerifyFinal should work */
1368 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1369 goto out;
1370 } else {
1371 /*
1372 * For HMAC a doubled call to DigestSignFinal should produce the same
1373 * value as finalization should not happen.
1374 */
1375 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1376 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1377 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1378 goto out;
1379
1380 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1381 goto out;
1382 }
1383
1384 ret = 1;
1385
1386 out:
1387 BIO_free(membio);
1388 BIO_free(mdbio);
1389 EVP_MD_CTX_free(a_md_ctx);
1390 EVP_MD_CTX_free(a_md_ctx_verify);
1391 EVP_PKEY_free(pkey);
1392 OPENSSL_free(sig);
1393 OPENSSL_free(sig2);
1394 EVP_MD_free(mdexp);
1395
1396 return ret;
1397}
1398
1399static int test_EVP_DigestVerifyInit(void)
1400{
1401 int ret = 0;
1402 EVP_PKEY *pkey = NULL;
1403 EVP_MD_CTX *md_ctx = NULL;
1404
1405 if (nullprov != NULL)
1406 return TEST_skip("Test does not support a non-default library context");
1407
1408 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1409 || !TEST_ptr(pkey = load_example_rsa_key()))
1410 goto out;
1411
1412 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1413 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1414 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1415 sizeof(kSignature)), 0))
1416 goto out;
1417
1418 /* test with reinitialization */
1419 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
1420 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1421 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1422 sizeof(kSignature)), 0))
1423 goto out;
1424 ret = 1;
1425
1426 out:
1427 EVP_MD_CTX_free(md_ctx);
1428 EVP_PKEY_free(pkey);
1429 return ret;
1430}
1431
1432#ifndef OPENSSL_NO_SIPHASH
1433/* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
1434static int test_siphash_digestsign(void)
1435{
1436 unsigned char key[16];
1437 unsigned char buf[8], digest[8];
1438 unsigned char expected[8] = {
1439 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1440 };
1441 EVP_PKEY *pkey = NULL;
1442 EVP_MD_CTX *mdctx = NULL;
1443 EVP_PKEY_CTX *ctx = NULL;
1444 int ret = 0;
1445 size_t len = 8;
1446
1447 if (nullprov != NULL)
1448 return TEST_skip("Test does not support a non-default library context");
1449
1450 memset(buf, 0, 8);
1451 memset(key, 1, 16);
1452 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
1453 key, 16)))
1454 goto out;
1455
1456 if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
1457 goto out;
1458
1459 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
1460 goto out;
1461 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
1462 EVP_PKEY_CTRL_SET_DIGEST_SIZE,
1463 8, NULL), 1))
1464 goto out;
1465 /* reinitialize */
1466 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
1467 goto out;
1468 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
1469 goto out;
1470 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
1471 goto out;
1472 if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
1473 goto out;
1474
1475 ret = 1;
1476 out:
1477 EVP_PKEY_free(pkey);
1478 EVP_MD_CTX_free(mdctx);
1479 return ret;
1480}
1481#endif
1482
1483/*
1484 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1485 */
1486static int test_EVP_Digest(void)
1487{
1488 int ret = 0;
1489 EVP_MD_CTX *md_ctx = NULL;
1490 unsigned char md[EVP_MAX_MD_SIZE];
1491 EVP_MD *sha256 = NULL;
1492 EVP_MD *shake256 = NULL;
1493
1494 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1495 goto out;
1496
1497 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1498 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1499 goto out;
1500
1501 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1502 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1503 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1504 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1505 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1506 goto out;
1507
1508 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1509 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1510 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1511 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1512 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1513 /*
1514 * EVP_DigestInit_ex with NULL type should work on
1515 * pre-initialized context.
1516 */
1517 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1518 goto out;
1519
1520 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1521 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1522 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1523 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1524 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1525 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1526 goto out;
1527 ret = 1;
1528
1529 out:
1530 EVP_MD_CTX_free(md_ctx);
1531 EVP_MD_free(sha256);
1532 EVP_MD_free(shake256);
1533 return ret;
1534}
1535
1536static int test_EVP_md_null(void)
1537{
1538 int ret = 0;
1539 EVP_MD_CTX *md_ctx = NULL;
1540 const EVP_MD *md_null = EVP_md_null();
1541 unsigned char md_value[EVP_MAX_MD_SIZE];
1542 unsigned int md_len = sizeof(md_value);
1543
1544 if (nullprov != NULL)
1545 return TEST_skip("Test does not support a non-default library context");
1546
1547 if (!TEST_ptr(md_null)
1548 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1549 goto out;
1550
1551 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
1552 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
1553 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
1554 goto out;
1555
1556 if (!TEST_uint_eq(md_len, 0))
1557 goto out;
1558
1559 ret = 1;
1560 out:
1561 EVP_MD_CTX_free(md_ctx);
1562 return ret;
1563}
1564
1565static int test_d2i_AutoPrivateKey(int i)
1566{
1567 int ret = 0;
1568 const unsigned char *p;
1569 EVP_PKEY *pkey = NULL;
1570 const APK_DATA *ak = &keydata[i];
1571 const unsigned char *input = ak->kder;
1572 size_t input_len = ak->size;
1573 int expected_id = ak->evptype;
1574
1575 p = input;
1576 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1577 || !TEST_ptr_eq(p, input + input_len)
1578 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
1579 goto done;
1580
1581 ret = 1;
1582
1583 done:
1584 EVP_PKEY_free(pkey);
1585 return ret;
1586}
1587
1588#ifndef OPENSSL_NO_EC
1589
1590static const unsigned char ec_public_sect163k1_validxy[] = {
1591 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1592 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1593 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1594 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1595 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1596 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1597};
1598
1599static const unsigned char ec_public_sect163k1_badx[] = {
1600 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1601 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1602 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1603 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1604 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1605 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1606};
1607
1608static const unsigned char ec_public_sect163k1_bady[] = {
1609 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1610 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1611 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1612 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1613 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1614 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1615};
1616
1617static struct ec_der_pub_keys_st {
1618 const unsigned char *der;
1619 size_t len;
1620 int valid;
1621} ec_der_pub_keys[] = {
1622 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1623 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1624 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1625};
1626
1627/*
1628 * Tests the range of the decoded EC char2 public point.
1629 * See ec_GF2m_simple_oct2point().
1630 */
1631static int test_invalide_ec_char2_pub_range_decode(int id)
1632{
1633 int ret = 0;
1634 EVP_PKEY *pkey;
1635
1636 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1637 ec_der_pub_keys[id].len);
1638
1639 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1640 || TEST_ptr_null(pkey);
1641 EVP_PKEY_free(pkey);
1642 return ret;
1643}
1644
1645/* Tests loading a bad key in PKCS8 format */
1646static int test_EVP_PKCS82PKEY(void)
1647{
1648 int ret = 0;
1649 const unsigned char *derp = kExampleBadECKeyDER;
1650 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1651 EVP_PKEY *pkey = NULL;
1652
1653 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1654 sizeof(kExampleBadECKeyDER))))
1655 goto done;
1656
1657 if (!TEST_ptr_eq(derp,
1658 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1659 goto done;
1660
1661 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1662 goto done;
1663
1664 ret = 1;
1665
1666 done:
1667 PKCS8_PRIV_KEY_INFO_free(p8inf);
1668 EVP_PKEY_free(pkey);
1669
1670 return ret;
1671}
1672
1673#endif
1674static int test_EVP_PKCS82PKEY_wrong_tag(void)
1675{
1676 EVP_PKEY *pkey = NULL;
1677 EVP_PKEY *pkey2 = NULL;
1678 BIO *membio = NULL;
1679 char *membuf = NULL;
1680 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1681 int ok = 0;
1682
1683 if (testctx != NULL)
1684 /* test not supported with non-default context */
1685 return 1;
1686
1687 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1688 || !TEST_ptr(pkey = load_example_rsa_key())
1689 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1690 NULL, 0, NULL, NULL),
1691 0)
1692 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1693 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1694 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
1695 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1696 goto done;
1697 }
1698
1699 ok = 1;
1700 done:
1701 EVP_PKEY_free(pkey);
1702 EVP_PKEY_free(pkey2);
1703 PKCS8_PRIV_KEY_INFO_free(p8inf);
1704 BIO_free_all(membio);
1705 return ok;
1706}
1707
1708/* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1709static int test_privatekey_to_pkcs8(void)
1710{
1711 EVP_PKEY *pkey = NULL;
1712 BIO *membio = NULL;
1713 char *membuf = NULL;
1714 long membuf_len = 0;
1715 int ok = 0;
1716
1717 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1718 || !TEST_ptr(pkey = load_example_rsa_key())
1719 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1720 NULL, 0, NULL, NULL),
1721 0)
1722 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1723 || !TEST_ptr(membuf)
1724 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1725 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1726 /*
1727 * We try to write PEM as well, just to see that it doesn't err, but
1728 * assume that the result is correct.
1729 */
1730 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1731 NULL, 0, NULL, NULL),
1732 0))
1733 goto done;
1734
1735 ok = 1;
1736 done:
1737 EVP_PKEY_free(pkey);
1738 BIO_free_all(membio);
1739 return ok;
1740}
1741
1742#ifndef OPENSSL_NO_EC
1743static const struct {
1744 int encoding;
1745 const char *encoding_name;
1746} ec_encodings[] = {
1747 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1748 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1749};
1750
1751static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1752{
1753 const OSSL_PARAM *p;
1754 const char *enc_name = NULL;
1755 int *enc = arg;
1756 size_t i;
1757
1758 *enc = -1;
1759
1760 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1761 OSSL_PKEY_PARAM_EC_ENCODING))
1762 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1763 return 0;
1764
1765 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1766 if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1767 *enc = ec_encodings[i].encoding;
1768 break;
1769 }
1770 }
1771
1772 return (*enc != -1);
1773}
1774
1775static int test_EC_keygen_with_enc(int idx)
1776{
1777 EVP_PKEY *params = NULL, *key = NULL;
1778 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1779 int enc;
1780 int ret = 0;
1781
1782 enc = ec_encodings[idx].encoding;
1783
1784 /* Create key parameters */
1785 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1786 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
1787 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0)
1788 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0)
1789 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
1790 || !TEST_ptr(params))
1791 goto done;
1792
1793 /* Create key */
1794 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1795 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1796 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1797 || !TEST_ptr(key))
1798 goto done;
1799
1800 /* Check that the encoding got all the way into the key */
1801 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1802 ec_export_get_encoding_cb, &enc))
1803 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1804 goto done;
1805
1806 ret = 1;
1807 done:
1808 EVP_PKEY_free(key);
1809 EVP_PKEY_free(params);
1810 EVP_PKEY_CTX_free(kctx);
1811 EVP_PKEY_CTX_free(pctx);
1812 return ret;
1813}
1814#endif
1815
1816#if !defined(OPENSSL_NO_SM2)
1817
1818static int test_EVP_SM2_verify(void)
1819{
1820 const char *pubkey =
1821 "-----BEGIN PUBLIC KEY-----\n"
1822 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1823 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1824 "-----END PUBLIC KEY-----\n";
1825
1826 const char *msg = "message digest";
1827 const char *id = "[email protected]";
1828
1829 const uint8_t signature[] = {
1830 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1831 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1832 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1833 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1834 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1835 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1836 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1837 };
1838
1839 int rc = 0;
1840 BIO *bio = NULL;
1841 EVP_PKEY *pkey = NULL;
1842 EVP_MD_CTX *mctx = NULL;
1843 EVP_PKEY_CTX *pctx = NULL;
1844 EVP_MD *sm3 = NULL;
1845
1846 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1847 if (!TEST_true(bio != NULL))
1848 goto done;
1849
1850 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
1851 if (!TEST_true(pkey != NULL))
1852 goto done;
1853
1854 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1855 goto done;
1856
1857 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1858 goto done;
1859
1860 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1861 goto done;
1862
1863 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1864
1865 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1866 goto done;
1867
1868 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
1869 goto done;
1870
1871 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1872 goto done;
1873
1874 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1875 goto done;
1876
1877 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
1878 goto done;
1879 rc = 1;
1880
1881 done:
1882 BIO_free(bio);
1883 EVP_PKEY_free(pkey);
1884 EVP_PKEY_CTX_free(pctx);
1885 EVP_MD_CTX_free(mctx);
1886 EVP_MD_free(sm3);
1887 return rc;
1888}
1889
1890static int test_EVP_SM2(void)
1891{
1892 int ret = 0;
1893 EVP_PKEY *pkey = NULL;
1894 EVP_PKEY *pkeyparams = NULL;
1895 EVP_PKEY_CTX *pctx = NULL;
1896 EVP_PKEY_CTX *kctx = NULL;
1897 EVP_PKEY_CTX *sctx = NULL;
1898 size_t sig_len = 0;
1899 unsigned char *sig = NULL;
1900 EVP_MD_CTX *md_ctx = NULL;
1901 EVP_MD_CTX *md_ctx_verify = NULL;
1902 EVP_PKEY_CTX *cctx = NULL;
1903 EVP_MD *check_md = NULL;
1904
1905 uint8_t ciphertext[128];
1906 size_t ctext_len = sizeof(ciphertext);
1907
1908 uint8_t plaintext[8];
1909 size_t ptext_len = sizeof(plaintext);
1910
1911 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1912
1913 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1914 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1915 int i;
1916 char mdname[OSSL_MAX_NAME_SIZE];
1917
1918 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
1919 "SM2", testpropq)))
1920 goto done;
1921
1922 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1923 goto done;
1924
1925 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0))
1926 goto done;
1927
1928 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1929 goto done;
1930
1931 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1932 pkeyparams, testpropq)))
1933 goto done;
1934
1935 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0))
1936 goto done;
1937
1938 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1939 goto done;
1940
1941 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1942 goto done;
1943
1944 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1945 goto done;
1946
1947 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1948 goto done;
1949
1950 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1951 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1952
1953 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
1954 goto done;
1955
1956 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
1957 goto done;
1958
1959 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1960 goto done;
1961
1962 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1963 goto done;
1964
1965 /* Determine the size of the signature. */
1966 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1967 goto done;
1968
1969 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1970 goto done;
1971
1972 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1973 goto done;
1974
1975 /* Ensure that the signature round-trips. */
1976
1977 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1978 pkey)))
1979 goto done;
1980
1981 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1982 goto done;
1983
1984 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1985 goto done;
1986
1987 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1988 goto done;
1989
1990 /*
1991 * Try verify again with non-matching 0 length id but ensure that it can
1992 * be set on the context and overrides the previous value.
1993 */
1994
1995 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1996 pkey)))
1997 goto done;
1998
1999 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0))
2000 goto done;
2001
2002 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2003 goto done;
2004
2005 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2006 goto done;
2007
2008 /* now check encryption/decryption */
2009
2010 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2011 mdname, sizeof(mdname));
2012 for (i = 0; i < 2; i++) {
2013 const char *mdnames[] = {
2014#ifndef OPENSSL_NO_SM3
2015 "SM3",
2016#else
2017 NULL,
2018#endif
2019 "SHA2-256" };
2020 EVP_PKEY_CTX_free(cctx);
2021
2022 if (mdnames[i] == NULL)
2023 continue;
2024
2025 sparams[0] =
2026 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2027 (char *)mdnames[i], 0);
2028
2029 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2030 pkey, testpropq)))
2031 goto done;
2032
2033 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
2034 goto done;
2035
2036 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2037 goto done;
2038
2039 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
2040 sizeof(kMsg))))
2041 goto done;
2042
2043 if (!TEST_int_gt(EVP_PKEY_decrypt_init(cctx), 0))
2044 goto done;
2045
2046 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2047 goto done;
2048
2049 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
2050 ctext_len), 0))
2051 goto done;
2052
2053 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
2054 goto done;
2055
2056 /*
2057 * Test we're still using the digest we think we are.
2058 * Because of aliases, the easiest is to fetch the digest and
2059 * check the name with EVP_MD_is_a().
2060 */
2061 EVP_MD_free(check_md);
2062 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
2063 goto done;
2064 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
2065 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
2066 goto done;
2067 }
2068
2069 if (!TEST_true(ptext_len == sizeof(kMsg)))
2070 goto done;
2071
2072 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
2073 goto done;
2074 }
2075
2076 ret = 1;
2077done:
2078 EVP_PKEY_CTX_free(pctx);
2079 EVP_PKEY_CTX_free(kctx);
2080 EVP_PKEY_CTX_free(sctx);
2081 EVP_PKEY_CTX_free(cctx);
2082 EVP_PKEY_free(pkey);
2083 EVP_PKEY_free(pkeyparams);
2084 EVP_MD_CTX_free(md_ctx);
2085 EVP_MD_CTX_free(md_ctx_verify);
2086 EVP_MD_free(check_md);
2087 OPENSSL_free(sig);
2088 return ret;
2089}
2090
2091#endif
2092
2093static struct keys_st {
2094 int type;
2095 char *priv;
2096 char *pub;
2097} keys[] = {
2098 {
2099 EVP_PKEY_HMAC, "0123456789", NULL
2100 },
2101 {
2102 EVP_PKEY_HMAC, "", NULL
2103#ifndef OPENSSL_NO_POLY1305
2104 }, {
2105 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
2106#endif
2107#ifndef OPENSSL_NO_SIPHASH
2108 }, {
2109 EVP_PKEY_SIPHASH, "0123456789012345", NULL
2110#endif
2111 },
2112#ifndef OPENSSL_NO_EC
2113 {
2114 EVP_PKEY_X25519, "01234567890123456789012345678901",
2115 "abcdefghijklmnopqrstuvwxyzabcdef"
2116 }, {
2117 EVP_PKEY_ED25519, "01234567890123456789012345678901",
2118 "abcdefghijklmnopqrstuvwxyzabcdef"
2119 }, {
2120 EVP_PKEY_X448,
2121 "01234567890123456789012345678901234567890123456789012345",
2122 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2123 }, {
2124 EVP_PKEY_ED448,
2125 "012345678901234567890123456789012345678901234567890123456",
2126 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2127 }
2128#endif
2129};
2130
2131static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
2132{
2133 int ret = 0;
2134 unsigned char buf[80];
2135 unsigned char *in;
2136 size_t inlen, len = 0, shortlen = 1;
2137 EVP_PKEY *pkey;
2138
2139 /* Check if this algorithm supports public keys */
2140 if (pub && keys[tst].pub == NULL)
2141 return 1;
2142
2143 memset(buf, 0, sizeof(buf));
2144
2145 if (pub) {
2146#ifndef OPENSSL_NO_EC
2147 inlen = strlen(keys[tst].pub);
2148 in = (unsigned char *)keys[tst].pub;
2149 if (uselibctx) {
2150 pkey = EVP_PKEY_new_raw_public_key_ex(
2151 testctx,
2152 OBJ_nid2sn(keys[tst].type),
2153 NULL,
2154 in,
2155 inlen);
2156 } else {
2157 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
2158 NULL,
2159 in,
2160 inlen);
2161 }
2162#else
2163 return 1;
2164#endif
2165 } else {
2166 inlen = strlen(keys[tst].priv);
2167 in = (unsigned char *)keys[tst].priv;
2168 if (uselibctx) {
2169 pkey = EVP_PKEY_new_raw_private_key_ex(
2170 testctx, OBJ_nid2sn(keys[tst].type),
2171 NULL,
2172 in,
2173 inlen);
2174 } else {
2175 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
2176 NULL,
2177 in,
2178 inlen);
2179 }
2180 }
2181
2182 if (!TEST_ptr(pkey)
2183 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
2184 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
2185 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
2186 || !TEST_true(len == inlen))
2187 goto done;
2188 if (tst != 1) {
2189 /*
2190 * Test that supplying a buffer that is too small fails. Doesn't apply
2191 * to HMAC with a zero length key
2192 */
2193 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
2194 &shortlen)))
2195 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
2196 &shortlen))))
2197 goto done;
2198 }
2199 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
2200 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
2201 || !TEST_mem_eq(in, inlen, buf, len))
2202 goto done;
2203
2204 ret = 1;
2205 done:
2206 EVP_PKEY_free(pkey);
2207 return ret;
2208}
2209
2210static int test_set_get_raw_keys(int tst)
2211{
2212 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
2213 && test_set_get_raw_keys_int(tst, 0, 1)
2214 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
2215 && test_set_get_raw_keys_int(tst, 1, 1);
2216}
2217
2218#ifndef OPENSSL_NO_DEPRECATED_3_0
2219static int pkey_custom_check(EVP_PKEY *pkey)
2220{
2221 return 0xbeef;
2222}
2223
2224static int pkey_custom_pub_check(EVP_PKEY *pkey)
2225{
2226 return 0xbeef;
2227}
2228
2229static int pkey_custom_param_check(EVP_PKEY *pkey)
2230{
2231 return 0xbeef;
2232}
2233
2234static EVP_PKEY_METHOD *custom_pmeth;
2235#endif
2236
2237static int test_EVP_PKEY_check(int i)
2238{
2239 int ret = 0;
2240 EVP_PKEY *pkey = NULL;
2241 EVP_PKEY_CTX *ctx = NULL;
2242#ifndef OPENSSL_NO_DEPRECATED_3_0
2243 EVP_PKEY_CTX *ctx2 = NULL;
2244#endif
2245 const APK_DATA *ak = &keycheckdata[i];
2246 const unsigned char *input = ak->kder;
2247 size_t input_len = ak->size;
2248 int expected_id = ak->evptype;
2249 int expected_check = ak->check;
2250 int expected_pub_check = ak->pub_check;
2251 int expected_param_check = ak->param_check;
2252 int type = ak->type;
2253
2254 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
2255 goto done;
2256 if (type == 0
2257 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2258 goto done;
2259
2260 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2261 goto done;
2262
2263 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
2264 goto done;
2265
2266 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
2267 goto done;
2268
2269 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
2270 goto done;
2271
2272#ifndef OPENSSL_NO_DEPRECATED_3_0
2273 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
2274 /* assign the pkey directly, as an internal test */
2275 EVP_PKEY_up_ref(pkey);
2276 ctx2->pkey = pkey;
2277
2278 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
2279 goto done;
2280
2281 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
2282 goto done;
2283
2284 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
2285 goto done;
2286#endif
2287
2288 ret = 1;
2289
2290 done:
2291 EVP_PKEY_CTX_free(ctx);
2292#ifndef OPENSSL_NO_DEPRECATED_3_0
2293 EVP_PKEY_CTX_free(ctx2);
2294#endif
2295 EVP_PKEY_free(pkey);
2296 return ret;
2297}
2298
2299#ifndef OPENSSL_NO_CMAC
2300static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
2301{
2302 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
2303 const char msg[] = "Hello World";
2304 size_t maclen = AES_BLOCK_SIZE;
2305 int ret = 1;
2306
2307 if (!TEST_ptr(mdctx)
2308 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
2309 testpropq, pkey, NULL))
2310 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
2311 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
2312 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
2313 ret = 0;
2314
2315 EVP_MD_CTX_free(mdctx);
2316
2317 return ret;
2318}
2319static int test_CMAC_keygen(void)
2320{
2321 static unsigned char key[] = {
2322 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2323 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2324 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2325 };
2326 EVP_PKEY_CTX *kctx = NULL;
2327 int ret = 0;
2328 EVP_PKEY *pkey = NULL;
2329 unsigned char mac[AES_BLOCK_SIZE];
2330# if !defined(OPENSSL_NO_DEPRECATED_3_0)
2331 unsigned char mac2[AES_BLOCK_SIZE];
2332# endif
2333
2334 if (nullprov != NULL)
2335 return TEST_skip("Test does not support a non-default library context");
2336
2337 /*
2338 * This is a legacy method for CMACs, but should still work.
2339 * This verifies that it works without an ENGINE.
2340 */
2341 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2342
2343 /* Test a CMAC key created using the "generated" method */
2344 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2345 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2346 EVP_PKEY_CTRL_CIPHER,
2347 0, (void *)EVP_aes_256_cbc()), 0)
2348 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2349 EVP_PKEY_CTRL_SET_MAC_KEY,
2350 sizeof(key), (void *)key), 0)
2351 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2352 || !TEST_ptr(pkey)
2353 || !TEST_true(get_cmac_val(pkey, mac)))
2354 goto done;
2355
2356# if !defined(OPENSSL_NO_DEPRECATED_3_0)
2357 EVP_PKEY_free(pkey);
2358
2359 /*
2360 * Test a CMAC key using the direct method, and compare with the mac
2361 * created above.
2362 */
2363 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_cbc());
2364 if (!TEST_ptr(pkey)
2365 || !TEST_true(get_cmac_val(pkey, mac2))
2366 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
2367 goto done;
2368# endif
2369
2370 ret = 1;
2371
2372 done:
2373 EVP_PKEY_free(pkey);
2374 EVP_PKEY_CTX_free(kctx);
2375 return ret;
2376}
2377#endif
2378
2379static int test_HKDF(void)
2380{
2381 EVP_PKEY_CTX *pctx;
2382 unsigned char out[20];
2383 size_t outlen;
2384 int i, ret = 0;
2385 unsigned char salt[] = "0123456789";
2386 unsigned char key[] = "012345678901234567890123456789";
2387 unsigned char info[] = "infostring";
2388 const unsigned char expected[] = {
2389 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2390 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2391 };
2392 size_t expectedlen = sizeof(expected);
2393
2394 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2395 goto done;
2396
2397 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2398 for (i = 0; i < 2; i++) {
2399 outlen = sizeof(out);
2400 memset(out, 0, outlen);
2401
2402 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2403 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2404 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2405 sizeof(salt) - 1), 0)
2406 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2407 sizeof(key) - 1), 0)
2408 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2409 sizeof(info) - 1), 0)
2410 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2411 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2412 goto done;
2413 }
2414
2415 ret = 1;
2416
2417 done:
2418 EVP_PKEY_CTX_free(pctx);
2419
2420 return ret;
2421}
2422
2423static int test_emptyikm_HKDF(void)
2424{
2425 EVP_PKEY_CTX *pctx;
2426 unsigned char out[20];
2427 size_t outlen;
2428 int ret = 0;
2429 unsigned char salt[] = "9876543210";
2430 unsigned char key[] = "";
2431 unsigned char info[] = "stringinfo";
2432 const unsigned char expected[] = {
2433 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2434 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2435 };
2436 size_t expectedlen = sizeof(expected);
2437
2438 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2439 goto done;
2440
2441 outlen = sizeof(out);
2442 memset(out, 0, outlen);
2443
2444 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2445 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2446 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2447 sizeof(salt) - 1), 0)
2448 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2449 sizeof(key) - 1), 0)
2450 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2451 sizeof(info) - 1), 0)
2452 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2453 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2454 goto done;
2455
2456 ret = 1;
2457
2458 done:
2459 EVP_PKEY_CTX_free(pctx);
2460
2461 return ret;
2462}
2463
2464#ifndef OPENSSL_NO_EC
2465static int test_X509_PUBKEY_inplace(void)
2466{
2467 int ret = 0;
2468 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
2469 const unsigned char *p = kExampleECPubKeyDER;
2470 size_t input_len = sizeof(kExampleECPubKeyDER);
2471
2472 if (!TEST_ptr(xp))
2473 goto done;
2474 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
2475 goto done;
2476
2477 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2478 goto done;
2479
2480 p = kExampleBadECPubKeyDER;
2481 input_len = sizeof(kExampleBadECPubKeyDER);
2482
2483 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2484 goto done;
2485
2486 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2487 goto done;
2488
2489 ret = 1;
2490
2491 done:
2492 X509_PUBKEY_free(xp);
2493 return ret;
2494}
2495
2496static int test_X509_PUBKEY_dup(void)
2497{
2498 int ret = 0;
2499 X509_PUBKEY *xp = NULL, *xq = NULL;
2500 const unsigned char *p = kExampleECPubKeyDER;
2501 size_t input_len = sizeof(kExampleECPubKeyDER);
2502
2503 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2504 if (!TEST_ptr(xp)
2505 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
2506 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2507 || !TEST_ptr_ne(xp, xq))
2508 goto done;
2509
2510 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2511 || !TEST_ptr(X509_PUBKEY_get0(xp))
2512 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
2513 goto done;
2514
2515 X509_PUBKEY_free(xq);
2516 xq = NULL;
2517 p = kExampleBadECPubKeyDER;
2518 input_len = sizeof(kExampleBadECPubKeyDER);
2519
2520 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2521 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2522 goto done;
2523
2524 X509_PUBKEY_free(xp);
2525 xp = NULL;
2526 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2527 goto done;
2528
2529 ret = 1;
2530
2531 done:
2532 X509_PUBKEY_free(xp);
2533 X509_PUBKEY_free(xq);
2534 return ret;
2535}
2536#endif /* OPENSSL_NO_EC */
2537
2538/* Test getting and setting parameters on an EVP_PKEY_CTX */
2539static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
2540{
2541 EVP_MD_CTX *mdctx = NULL;
2542 EVP_PKEY_CTX *ctx = NULL;
2543 const OSSL_PARAM *params;
2544 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
2545 int ret = 0;
2546 const EVP_MD *md;
2547 char mdname[OSSL_MAX_NAME_SIZE];
2548 char ssl3ms[48];
2549
2550 /* Initialise a sign operation */
2551 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
2552 if (!TEST_ptr(ctx)
2553 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
2554 goto err;
2555
2556 /*
2557 * We should be able to query the parameters now.
2558 */
2559 params = EVP_PKEY_CTX_settable_params(ctx);
2560 if (!TEST_ptr(params)
2561 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2562 OSSL_SIGNATURE_PARAM_DIGEST)))
2563 goto err;
2564
2565 params = EVP_PKEY_CTX_gettable_params(ctx);
2566 if (!TEST_ptr(params)
2567 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2568 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
2569 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2570 OSSL_SIGNATURE_PARAM_DIGEST)))
2571 goto err;
2572
2573 /*
2574 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2575 * EVP_PKEY_CTX_get_params()
2576 */
2577 strcpy(mdname, "SHA512");
2578 param_md = param;
2579 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2580 mdname, 0);
2581 *param++ = OSSL_PARAM_construct_end();
2582
2583 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2584 goto err;
2585
2586 mdname[0] = '\0';
2587 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2588 mdname, sizeof(mdname));
2589 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
2590 || !TEST_str_eq(mdname, "SHA512"))
2591 goto err;
2592
2593 /*
2594 * Test the TEST_PKEY_CTX_set_signature_md() and
2595 * TEST_PKEY_CTX_get_signature_md() functions
2596 */
2597 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2598 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2599 || !TEST_ptr_eq(md, EVP_sha256()))
2600 goto err;
2601
2602 /*
2603 * Test getting MD parameters via an associated EVP_PKEY_CTX
2604 */
2605 mdctx = EVP_MD_CTX_new();
2606 if (!TEST_ptr(mdctx)
2607 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2608 pkey, NULL)))
2609 goto err;
2610
2611 /*
2612 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2613 * able to obtain the digest's settable parameters from the provider.
2614 */
2615 params = EVP_MD_CTX_settable_params(mdctx);
2616 if (!TEST_ptr(params)
2617 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2618 /* The final key should be NULL */
2619 || !TEST_ptr_null(params[1].key))
2620 goto err;
2621
2622 param = ourparams;
2623 memset(ssl3ms, 0, sizeof(ssl3ms));
2624 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2625 ssl3ms, sizeof(ssl3ms));
2626 *param++ = OSSL_PARAM_construct_end();
2627
2628 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2629 goto err;
2630
2631 ret = 1;
2632
2633 err:
2634 EVP_MD_CTX_free(mdctx);
2635 EVP_PKEY_CTX_free(ctx);
2636
2637 return ret;
2638}
2639
2640#ifndef OPENSSL_NO_DSA
2641static int test_DSA_get_set_params(void)
2642{
2643 OSSL_PARAM_BLD *bld = NULL;
2644 OSSL_PARAM *params = NULL;
2645 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2646 EVP_PKEY_CTX *pctx = NULL;
2647 EVP_PKEY *pkey = NULL;
2648 int ret = 0;
2649
2650 /*
2651 * Setup the parameters for our DSA object. For our purposes they don't
2652 * have to actually be *valid* parameters. We just need to set something.
2653 */
2654 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2655 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2656 || !TEST_ptr(p = BN_new())
2657 || !TEST_ptr(q = BN_new())
2658 || !TEST_ptr(g = BN_new())
2659 || !TEST_ptr(pub = BN_new())
2660 || !TEST_ptr(priv = BN_new()))
2661 goto err;
2662 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2663 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2664 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2665 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2666 pub))
2667 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2668 priv)))
2669 goto err;
2670 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2671 goto err;
2672
2673 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2674 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2675 params), 0))
2676 goto err;
2677
2678 if (!TEST_ptr(pkey))
2679 goto err;
2680
2681 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2682
2683 err:
2684 EVP_PKEY_free(pkey);
2685 EVP_PKEY_CTX_free(pctx);
2686 OSSL_PARAM_free(params);
2687 OSSL_PARAM_BLD_free(bld);
2688 BN_free(p);
2689 BN_free(q);
2690 BN_free(g);
2691 BN_free(pub);
2692 BN_free(priv);
2693
2694 return ret;
2695}
2696
2697/*
2698 * Test combinations of private, public, missing and private + public key
2699 * params to ensure they are all accepted
2700 */
2701static int test_DSA_priv_pub(void)
2702{
2703 return test_EVP_PKEY_ffc_priv_pub("DSA");
2704}
2705
2706#endif /* !OPENSSL_NO_DSA */
2707
2708static int test_RSA_get_set_params(void)
2709{
2710 OSSL_PARAM_BLD *bld = NULL;
2711 OSSL_PARAM *params = NULL;
2712 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2713 EVP_PKEY_CTX *pctx = NULL;
2714 EVP_PKEY *pkey = NULL;
2715 int ret = 0;
2716
2717 /*
2718 * Setup the parameters for our RSA object. For our purposes they don't
2719 * have to actually be *valid* parameters. We just need to set something.
2720 */
2721 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2722 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2723 || !TEST_ptr(n = BN_new())
2724 || !TEST_ptr(e = BN_new())
2725 || !TEST_ptr(d = BN_new()))
2726 goto err;
2727 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2728 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2729 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2730 goto err;
2731 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2732 goto err;
2733
2734 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2735 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2736 params), 0))
2737 goto err;
2738
2739 if (!TEST_ptr(pkey))
2740 goto err;
2741
2742 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2743
2744 err:
2745 EVP_PKEY_free(pkey);
2746 EVP_PKEY_CTX_free(pctx);
2747 OSSL_PARAM_free(params);
2748 OSSL_PARAM_BLD_free(bld);
2749 BN_free(n);
2750 BN_free(e);
2751 BN_free(d);
2752
2753 return ret;
2754}
2755
2756static int test_RSA_OAEP_set_get_params(void)
2757{
2758 int ret = 0;
2759 EVP_PKEY *key = NULL;
2760 EVP_PKEY_CTX *key_ctx = NULL;
2761
2762 if (nullprov != NULL)
2763 return TEST_skip("Test does not support a non-default library context");
2764
2765 if (!TEST_ptr(key = load_example_rsa_key())
2766 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(0, key, 0)))
2767 goto err;
2768
2769 {
2770 int padding = RSA_PKCS1_OAEP_PADDING;
2771 OSSL_PARAM params[4];
2772
2773 params[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE, &padding);
2774 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
2775 OSSL_DIGEST_NAME_SHA2_256, 0);
2776 params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
2777 OSSL_DIGEST_NAME_SHA1, 0);
2778 params[3] = OSSL_PARAM_construct_end();
2779
2780 if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params),0))
2781 goto err;
2782 }
2783 {
2784 OSSL_PARAM params[3];
2785 char oaepmd[30] = { '\0' };
2786 char mgf1md[30] = { '\0' };
2787
2788 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
2789 oaepmd, sizeof(oaepmd));
2790 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
2791 mgf1md, sizeof(mgf1md));
2792 params[2] = OSSL_PARAM_construct_end();
2793
2794 if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx, params)))
2795 goto err;
2796
2797 if (!TEST_str_eq(oaepmd, OSSL_DIGEST_NAME_SHA2_256)
2798 || !TEST_str_eq(mgf1md, OSSL_DIGEST_NAME_SHA1))
2799 goto err;
2800 }
2801
2802 ret = 1;
2803
2804 err:
2805 EVP_PKEY_free(key);
2806 EVP_PKEY_CTX_free(key_ctx);
2807
2808 return ret;
2809}
2810
2811#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2812static int test_decrypt_null_chunks(void)
2813{
2814 EVP_CIPHER_CTX* ctx = NULL;
2815 EVP_CIPHER *cipher = NULL;
2816 const unsigned char key[32] = {
2817 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2818 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2819 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2820 };
2821 unsigned char iv[12] = {
2822 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2823 };
2824 unsigned char msg[] = "It was the best of times, it was the worst of times";
2825 unsigned char ciphertext[80];
2826 unsigned char plaintext[80];
2827 /* We initialise tmp to a non zero value on purpose */
2828 int ctlen, ptlen, tmp = 99;
2829 int ret = 0;
2830 const int enc_offset = 10, dec_offset = 20;
2831
2832 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2833 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2834 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
2835 key, iv))
2836 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2837 enc_offset))
2838 /* Deliberate add a zero length update */
2839 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2840 0))
2841 || !TEST_int_eq(tmp, 0)
2842 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2843 msg + enc_offset,
2844 sizeof(msg) - enc_offset))
2845 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2846 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2847 || !TEST_int_eq(tmp, 0))
2848 goto err;
2849
2850 /* Deliberately initialise tmp to a non zero value */
2851 tmp = 99;
2852 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
2853 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2854 dec_offset))
2855 /*
2856 * Deliberately add a zero length update. We also deliberately do
2857 * this at a different offset than for encryption.
2858 */
2859 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2860 0))
2861 || !TEST_int_eq(tmp, 0)
2862 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2863 ciphertext + dec_offset,
2864 ctlen - dec_offset))
2865 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2866 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2867 || !TEST_int_eq(tmp, 0)
2868 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2869 goto err;
2870
2871 ret = 1;
2872 err:
2873 EVP_CIPHER_CTX_free(ctx);
2874 EVP_CIPHER_free(cipher);
2875 return ret;
2876}
2877#endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2878
2879#ifndef OPENSSL_NO_DH
2880/*
2881 * Test combinations of private, public, missing and private + public key
2882 * params to ensure they are all accepted
2883 */
2884static int test_DH_priv_pub(void)
2885{
2886 return test_EVP_PKEY_ffc_priv_pub("DH");
2887}
2888
2889# ifndef OPENSSL_NO_DEPRECATED_3_0
2890static int test_EVP_PKEY_set1_DH(void)
2891{
2892 DH *x942dh = NULL, *noqdh = NULL;
2893 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
2894 int ret = 0;
2895 BIGNUM *p, *g = NULL;
2896 BIGNUM *pubkey = NULL;
2897 unsigned char pub[2048 / 8];
2898 size_t len = 0;
2899
2900 if (!TEST_ptr(p = BN_new())
2901 || !TEST_ptr(g = BN_new())
2902 || !TEST_ptr(pubkey = BN_new())
2903 || !TEST_true(BN_set_word(p, 9999))
2904 || !TEST_true(BN_set_word(g, 2))
2905 || !TEST_true(BN_set_word(pubkey, 4321))
2906 || !TEST_ptr(noqdh = DH_new())
2907 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
2908 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
2909 || !TEST_ptr(pubkey = BN_new())
2910 || !TEST_true(BN_set_word(pubkey, 4321)))
2911 goto err;
2912 p = g = NULL;
2913
2914 x942dh = DH_get_2048_256();
2915 pkey1 = EVP_PKEY_new();
2916 pkey2 = EVP_PKEY_new();
2917 if (!TEST_ptr(x942dh)
2918 || !TEST_ptr(noqdh)
2919 || !TEST_ptr(pkey1)
2920 || !TEST_ptr(pkey2)
2921 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
2922 goto err;
2923 pubkey = NULL;
2924
2925 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2926 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
2927 goto err;
2928
2929 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
2930 &pubkey))
2931 || !TEST_ptr(pubkey))
2932 goto err;
2933
2934 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
2935 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
2936 goto err;
2937
2938 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
2939 OSSL_PKEY_PARAM_PUB_KEY,
2940 pub, sizeof(pub), &len))
2941 || !TEST_size_t_ne(len, 0))
2942 goto err;
2943
2944 ret = 1;
2945 err:
2946 BN_free(p);
2947 BN_free(g);
2948 BN_free(pubkey);
2949 EVP_PKEY_free(pkey1);
2950 EVP_PKEY_free(pkey2);
2951 DH_free(x942dh);
2952 DH_free(noqdh);
2953
2954 return ret;
2955}
2956# endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2957#endif /* !OPENSSL_NO_DH */
2958
2959/*
2960 * We test what happens with an empty template. For the sake of this test,
2961 * the template must be ignored, and we know that's the case for RSA keys
2962 * (this might arguably be a misfeature, but that's what we currently do,
2963 * even in provider code, since that's how the legacy RSA implementation
2964 * does things)
2965 */
2966static int test_keygen_with_empty_template(int n)
2967{
2968 EVP_PKEY_CTX *ctx = NULL;
2969 EVP_PKEY *pkey = NULL;
2970 EVP_PKEY *tkey = NULL;
2971 int ret = 0;
2972
2973 if (nullprov != NULL)
2974 return TEST_skip("Test does not support a non-default library context");
2975
2976 switch (n) {
2977 case 0:
2978 /* We do test with no template at all as well */
2979 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2980 goto err;
2981 break;
2982 case 1:
2983 /* Here we create an empty RSA key that serves as our template */
2984 if (!TEST_ptr(tkey = EVP_PKEY_new())
2985 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2986 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2987 goto err;
2988 break;
2989 }
2990
2991 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2992 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2993 goto err;
2994
2995 ret = 1;
2996 err:
2997 EVP_PKEY_CTX_free(ctx);
2998 EVP_PKEY_free(pkey);
2999 EVP_PKEY_free(tkey);
3000 return ret;
3001}
3002
3003/*
3004 * Test that we fail if we attempt to use an algorithm that is not available
3005 * in the current library context (unless we are using an algorithm that
3006 * should be made available via legacy codepaths).
3007 *
3008 * 0: RSA
3009 * 1: SM2
3010 */
3011static int test_pkey_ctx_fail_without_provider(int tst)
3012{
3013 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
3014 OSSL_PROVIDER *tmpnullprov = NULL;
3015 EVP_PKEY_CTX *pctx = NULL;
3016 const char *keytype = NULL;
3017 int expect_null = 0;
3018 int ret = 0;
3019
3020 if (!TEST_ptr(tmpctx))
3021 goto err;
3022
3023 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
3024 if (!TEST_ptr(tmpnullprov))
3025 goto err;
3026
3027 /*
3028 * We check for certain algos in the null provider.
3029 * If an algo is expected to have a provider keymgmt, constructing an
3030 * EVP_PKEY_CTX is expected to fail (return NULL).
3031 * Otherwise, if it's expected to have legacy support, constructing an
3032 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
3033 */
3034 switch (tst) {
3035 case 0:
3036 keytype = "RSA";
3037 expect_null = 1;
3038 break;
3039 case 1:
3040 keytype = "SM2";
3041 expect_null = 1;
3042#ifdef OPENSSL_NO_EC
3043 TEST_info("EC disable, skipping SM2 check...");
3044 goto end;
3045#endif
3046#ifdef OPENSSL_NO_SM2
3047 TEST_info("SM2 disable, skipping SM2 check...");
3048 goto end;
3049#endif
3050 break;
3051 default:
3052 TEST_error("No test for case %d", tst);
3053 goto err;
3054 }
3055
3056 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
3057 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
3058 goto err;
3059
3060#if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
3061 end:
3062#endif
3063 ret = 1;
3064
3065 err:
3066 EVP_PKEY_CTX_free(pctx);
3067 OSSL_PROVIDER_unload(tmpnullprov);
3068 OSSL_LIB_CTX_free(tmpctx);
3069 return ret;
3070}
3071
3072static int test_rand_agglomeration(void)
3073{
3074 EVP_RAND *rand;
3075 EVP_RAND_CTX *ctx;
3076 OSSL_PARAM params[3], *p = params;
3077 int res;
3078 unsigned int step = 7;
3079 static unsigned char seed[] = "It does not matter how slowly you go "
3080 "as long as you do not stop.";
3081 unsigned char out[sizeof(seed)];
3082
3083 if (!TEST_int_ne(sizeof(seed) % step, 0)
3084 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
3085 return 0;
3086 ctx = EVP_RAND_CTX_new(rand, NULL);
3087 EVP_RAND_free(rand);
3088 if (!TEST_ptr(ctx))
3089 return 0;
3090
3091 memset(out, 0, sizeof(out));
3092 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
3093 seed, sizeof(seed));
3094 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
3095 *p = OSSL_PARAM_construct_end();
3096 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
3097 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
3098 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
3099 EVP_RAND_CTX_free(ctx);
3100 return res;
3101}
3102
3103/*
3104 * Test that we correctly return the original or "running" IV after
3105 * an encryption operation.
3106 * Run multiple times for some different relevant algorithms/modes.
3107 */
3108static int test_evp_iv_aes(int idx)
3109{
3110 int ret = 0;
3111 EVP_CIPHER_CTX *ctx = NULL;
3112 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
3113 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
3114 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
3115 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
3116 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
3117 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3118 9, 10, 11, 12, 13, 14, 15, 16 };
3119 unsigned char ciphertext[32], oiv[16], iv[16];
3120 unsigned char *ref_iv;
3121 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
3122 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
3123
3124 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
3125 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
3126 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
3127 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
3128 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3129 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3130 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
3131#ifndef OPENSSL_NO_OCB
3132 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3133 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3134#endif
3135 int len = sizeof(ciphertext);
3136 size_t ivlen, ref_len;
3137 const EVP_CIPHER *type = NULL;
3138 int iv_reset = 0;
3139
3140 if (nullprov != NULL && idx < 6)
3141 return TEST_skip("Test does not support a non-default library context");
3142
3143 switch(idx) {
3144 case 0:
3145 type = EVP_aes_128_cbc();
3146 /* FALLTHROUGH */
3147 case 6:
3148 type = (type != NULL) ? type :
3149 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
3150 ref_iv = cbc_state;
3151 ref_len = sizeof(cbc_state);
3152 iv_reset = 1;
3153 break;
3154 case 1:
3155 type = EVP_aes_128_ofb();
3156 /* FALLTHROUGH */
3157 case 7:
3158 type = (type != NULL) ? type :
3159 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
3160 ref_iv = ofb_state;
3161 ref_len = sizeof(ofb_state);
3162 iv_reset = 1;
3163 break;
3164 case 2:
3165 type = EVP_aes_128_cfb();
3166 /* FALLTHROUGH */
3167 case 8:
3168 type = (type != NULL) ? type :
3169 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
3170 ref_iv = cfb_state;
3171 ref_len = sizeof(cfb_state);
3172 iv_reset = 1;
3173 break;
3174 case 3:
3175 type = EVP_aes_128_gcm();
3176 /* FALLTHROUGH */
3177 case 9:
3178 type = (type != NULL) ? type :
3179 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
3180 ref_iv = gcm_state;
3181 ref_len = sizeof(gcm_state);
3182 break;
3183 case 4:
3184 type = EVP_aes_128_ccm();
3185 /* FALLTHROUGH */
3186 case 10:
3187 type = (type != NULL) ? type :
3188 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
3189 ref_iv = ccm_state;
3190 ref_len = sizeof(ccm_state);
3191 break;
3192#ifdef OPENSSL_NO_OCB
3193 case 5:
3194 case 11:
3195 return 1;
3196#else
3197 case 5:
3198 type = EVP_aes_128_ocb();
3199 /* FALLTHROUGH */
3200 case 11:
3201 type = (type != NULL) ? type :
3202 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
3203 ref_iv = ocb_state;
3204 ref_len = sizeof(ocb_state);
3205 break;
3206#endif
3207 default:
3208 return 0;
3209 }
3210
3211 if (!TEST_ptr(type)
3212 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3213 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3214 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3215 (int)sizeof(msg)))
3216 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3217 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3218 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3219 goto err;
3220 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3221 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3222 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3223 goto err;
3224
3225 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3226 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3227 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3228 goto err;
3229 if (iv_reset) {
3230 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3231 goto err;
3232 } else {
3233 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
3234 goto err;
3235 }
3236
3237 ret = 1;
3238err:
3239 EVP_CIPHER_CTX_free(ctx);
3240 if (idx >= 6)
3241 EVP_CIPHER_free((EVP_CIPHER *)type);
3242 return ret;
3243}
3244
3245#ifndef OPENSSL_NO_DES
3246static int test_evp_iv_des(int idx)
3247{
3248 int ret = 0;
3249 EVP_CIPHER_CTX *ctx = NULL;
3250 static const unsigned char key[24] = {
3251 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3252 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3253 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3254 };
3255 static const unsigned char init_iv[8] = {
3256 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3257 };
3258 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3259 9, 10, 11, 12, 13, 14, 15, 16 };
3260 unsigned char ciphertext[32], oiv[8], iv[8];
3261 unsigned const char *ref_iv;
3262 static const unsigned char cbc_state_des[8] = {
3263 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3264 };
3265 static const unsigned char cbc_state_3des[8] = {
3266 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3267 };
3268 static const unsigned char ofb_state_des[8] = {
3269 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3270 };
3271 static const unsigned char ofb_state_3des[8] = {
3272 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3273 };
3274 static const unsigned char cfb_state_des[8] = {
3275 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3276 };
3277 static const unsigned char cfb_state_3des[8] = {
3278 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3279 };
3280 int len = sizeof(ciphertext);
3281 size_t ivlen, ref_len;
3282 EVP_CIPHER *type = NULL;
3283
3284 if (lgcyprov == NULL && idx < 3)
3285 return TEST_skip("Test requires legacy provider to be loaded");
3286
3287 switch(idx) {
3288 case 0:
3289 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
3290 ref_iv = cbc_state_des;
3291 ref_len = sizeof(cbc_state_des);
3292 break;
3293 case 1:
3294 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
3295 ref_iv = ofb_state_des;
3296 ref_len = sizeof(ofb_state_des);
3297 break;
3298 case 2:
3299 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
3300 ref_iv = cfb_state_des;
3301 ref_len = sizeof(cfb_state_des);
3302 break;
3303 case 3:
3304 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
3305 ref_iv = cbc_state_3des;
3306 ref_len = sizeof(cbc_state_3des);
3307 break;
3308 case 4:
3309 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
3310 ref_iv = ofb_state_3des;
3311 ref_len = sizeof(ofb_state_3des);
3312 break;
3313 case 5:
3314 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
3315 ref_iv = cfb_state_3des;
3316 ref_len = sizeof(cfb_state_3des);
3317 break;
3318 default:
3319 return 0;
3320 }
3321
3322 if (!TEST_ptr(type)
3323 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3324 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3325 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3326 (int)sizeof(msg)))
3327 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3328 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3329 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3330 goto err;
3331 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3332 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3333 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3334 goto err;
3335
3336 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3337 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3338 goto err;
3339 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3340 goto err;
3341
3342 ret = 1;
3343err:
3344 EVP_CIPHER_CTX_free(ctx);
3345 EVP_CIPHER_free(type);
3346 return ret;
3347}
3348#endif
3349
3350#ifndef OPENSSL_NO_BF
3351static int test_evp_bf_default_keylen(int idx)
3352{
3353 int ret = 0;
3354 static const char *algos[4] = {
3355 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb"
3356 };
3357 int ivlen[4] = { 0, 8, 8, 8 };
3358 EVP_CIPHER *cipher = NULL;
3359
3360 if (lgcyprov == NULL)
3361 return TEST_skip("Test requires legacy provider to be loaded");
3362
3363 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq))
3364 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16)
3365 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx]))
3366 goto err;
3367
3368 ret = 1;
3369err:
3370 EVP_CIPHER_free(cipher);
3371 return ret;
3372}
3373#endif
3374
3375#ifndef OPENSSL_NO_EC
3376static int ecpub_nids[] = {
3377 NID_brainpoolP256r1, NID_X9_62_prime256v1,
3378 NID_secp384r1, NID_secp521r1,
3379# ifndef OPENSSL_NO_EC2M
3380 NID_sect233k1, NID_sect233r1, NID_sect283r1,
3381 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
3382# endif
3383 NID_brainpoolP384r1, NID_brainpoolP512r1
3384};
3385
3386static int test_ecpub(int idx)
3387{
3388 int ret = 0, len, savelen;
3389 int nid;
3390 unsigned char buf[1024];
3391 unsigned char *p;
3392 EVP_PKEY *pkey = NULL;
3393 EVP_PKEY_CTX *ctx = NULL;
3394# ifndef OPENSSL_NO_DEPRECATED_3_0
3395 const unsigned char *q;
3396 EVP_PKEY *pkey2 = NULL;
3397 EC_KEY *ec = NULL;
3398# endif
3399
3400 if (nullprov != NULL)
3401 return TEST_skip("Test does not support a non-default library context");
3402
3403 nid = ecpub_nids[idx];
3404
3405 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
3406 if (!TEST_ptr(ctx)
3407 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3408 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0)
3409 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
3410 goto done;
3411 len = i2d_PublicKey(pkey, NULL);
3412 savelen = len;
3413 if (!TEST_int_ge(len, 1)
3414 || !TEST_int_lt(len, 1024))
3415 goto done;
3416 p = buf;
3417 len = i2d_PublicKey(pkey, &p);
3418 if (!TEST_int_ge(len, 1)
3419 || !TEST_int_eq(len, savelen))
3420 goto done;
3421
3422# ifndef OPENSSL_NO_DEPRECATED_3_0
3423 /* Now try to decode the just-created DER. */
3424 q = buf;
3425 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
3426 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
3427 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
3428 goto done;
3429 /* EC_KEY ownership transferred */
3430 ec = NULL;
3431 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
3432 goto done;
3433 /* The keys should match. */
3434 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
3435 goto done;
3436# endif
3437
3438 ret = 1;
3439
3440 done:
3441 EVP_PKEY_CTX_free(ctx);
3442 EVP_PKEY_free(pkey);
3443# ifndef OPENSSL_NO_DEPRECATED_3_0
3444 EVP_PKEY_free(pkey2);
3445 EC_KEY_free(ec);
3446# endif
3447 return ret;
3448}
3449#endif
3450
3451static int test_EVP_rsa_pss_with_keygen_bits(void)
3452{
3453 int ret = 0;
3454 EVP_PKEY_CTX *ctx = NULL;
3455 EVP_PKEY *pkey = NULL;
3456 EVP_MD *md;
3457
3458 md = EVP_MD_fetch(testctx, "sha256", testpropq);
3459 ret = TEST_ptr(md)
3460 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq)))
3461 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3462 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
3463 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0)
3464 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
3465
3466 EVP_MD_free(md);
3467 EVP_PKEY_free(pkey);
3468 EVP_PKEY_CTX_free(ctx);
3469 return ret;
3470}
3471
3472static int test_EVP_rsa_pss_set_saltlen(void)
3473{
3474 int ret = 0;
3475 EVP_PKEY *pkey = NULL;
3476 EVP_PKEY_CTX *pkey_ctx = NULL;
3477 EVP_MD *sha256 = NULL;
3478 EVP_MD_CTX *sha256_ctx = NULL;
3479 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
3480 const int test_value = 32;
3481
3482 ret = TEST_ptr(pkey = load_example_rsa_key())
3483 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
3484 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
3485 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
3486 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
3487 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0)
3488 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0)
3489 && TEST_int_eq(saltlen, test_value);
3490
3491 EVP_MD_CTX_free(sha256_ctx);
3492 EVP_PKEY_free(pkey);
3493 EVP_MD_free(sha256);
3494
3495 return ret;
3496}
3497
3498static int success = 1;
3499static void md_names(const char *name, void *vctx)
3500{
3501 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
3502 /* Force a namemap update */
3503 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
3504
3505 if (!TEST_ptr(aes128))
3506 success = 0;
3507
3508 EVP_CIPHER_free(aes128);
3509}
3510
3511/*
3512 * Test that changing the namemap in a user callback works in a names_do_all
3513 * function.
3514 */
3515static int test_names_do_all(void)
3516{
3517 /* We use a custom libctx so that we know the state of the namemap */
3518 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
3519 EVP_MD *sha256 = NULL;
3520 int testresult = 0;
3521
3522 if (!TEST_ptr(ctx))
3523 goto err;
3524
3525 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
3526 if (!TEST_ptr(sha256))
3527 goto err;
3528
3529 /*
3530 * We loop through all the names for a given digest. This should still work
3531 * even if the namemap changes part way through.
3532 */
3533 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
3534 goto err;
3535
3536 if (!TEST_true(success))
3537 goto err;
3538
3539 testresult = 1;
3540 err:
3541 EVP_MD_free(sha256);
3542 OSSL_LIB_CTX_free(ctx);
3543 return testresult;
3544}
3545
3546typedef struct {
3547 const char *cipher;
3548 const unsigned char *key;
3549 const unsigned char *iv;
3550 const unsigned char *input;
3551 const unsigned char *expected;
3552 const unsigned char *tag;
3553 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3554 size_t inlen;
3555 size_t expectedlen;
3556 size_t taglen;
3557 int keyfirst;
3558 int initenc;
3559 int finalenc;
3560} EVP_INIT_TEST_st;
3561
3562static const EVP_INIT_TEST_st evp_init_tests[] = {
3563 {
3564 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3565 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3566 0, 1, 0, 1
3567 },
3568 {
3569 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3570 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3571 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3572 sizeof(gcmDefaultTag), 1, 0, 1
3573 },
3574 {
3575 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3576 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3577 0, 0, 0, 1
3578 },
3579 {
3580 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3581 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3582 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3583 sizeof(gcmDefaultTag), 0, 0, 1
3584 },
3585 {
3586 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3587 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3588 0, 1, 1, 0
3589 },
3590 {
3591 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3592 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3593 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3594 sizeof(gcmDefaultTag), 1, 1, 0
3595 },
3596 {
3597 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3598 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3599 0, 0, 1, 0
3600 },
3601 {
3602 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3603 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3604 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3605 sizeof(gcmDefaultTag), 0, 1, 0
3606 }
3607};
3608
3609static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
3610{
3611 int res = 0;
3612
3613 if (t->ivlen != 0) {
3614 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0))
3615 goto err;
3616 }
3617 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
3618 goto err;
3619 res = 1;
3620 err:
3621 return res;
3622}
3623
3624/*
3625 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3626 * arguments are given one at a time and a final adjustment to the enc
3627 * parameter sets the correct operation.
3628 */
3629static int test_evp_init_seq(int idx)
3630{
3631 int outlen1, outlen2;
3632 int testresult = 0;
3633 unsigned char outbuf[1024];
3634 unsigned char tag[16];
3635 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
3636 EVP_CIPHER_CTX *ctx = NULL;
3637 EVP_CIPHER *type = NULL;
3638 size_t taglen = sizeof(tag);
3639 char *errmsg = NULL;
3640
3641 ctx = EVP_CIPHER_CTX_new();
3642 if (ctx == NULL) {
3643 errmsg = "CTX_ALLOC";
3644 goto err;
3645 }
3646 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
3647 errmsg = "CIPHER_FETCH";
3648 goto err;
3649 }
3650 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
3651 errmsg = "EMPTY_ENC_INIT";
3652 goto err;
3653 }
3654 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3655 errmsg = "PADDING";
3656 goto err;
3657 }
3658 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3659 errmsg = "KEY_INIT (before iv)";
3660 goto err;
3661 }
3662 if (!evp_init_seq_set_iv(ctx, t)) {
3663 errmsg = "IV_INIT";
3664 goto err;
3665 }
3666 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3667 errmsg = "KEY_INIT (after iv)";
3668 goto err;
3669 }
3670 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
3671 errmsg = "FINAL_ENC_INIT";
3672 goto err;
3673 }
3674 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3675 errmsg = "CIPHER_UPDATE";
3676 goto err;
3677 }
3678 if (t->finalenc == 0 && t->tag != NULL) {
3679 /* Set expected tag */
3680 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
3681 t->taglen, (void *)t->tag), 0)) {
3682 errmsg = "SET_TAG";
3683 goto err;
3684 }
3685 }
3686 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3687 errmsg = "CIPHER_FINAL";
3688 goto err;
3689 }
3690 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3691 errmsg = "WRONG_RESULT";
3692 goto err;
3693 }
3694 if (t->finalenc != 0 && t->tag != NULL) {
3695 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
3696 errmsg = "GET_TAG";
3697 goto err;
3698 }
3699 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
3700 errmsg = "TAG_ERROR";
3701 goto err;
3702 }
3703 }
3704 testresult = 1;
3705 err:
3706 if (errmsg != NULL)
3707 TEST_info("evp_init_test %d: %s", idx, errmsg);
3708 EVP_CIPHER_CTX_free(ctx);
3709 EVP_CIPHER_free(type);
3710 return testresult;
3711}
3712
3713typedef struct {
3714 const unsigned char *input;
3715 const unsigned char *expected;
3716 size_t inlen;
3717 size_t expectedlen;
3718 int enc;
3719} EVP_RESET_TEST_st;
3720
3721static const EVP_RESET_TEST_st evp_reset_tests[] = {
3722 {
3723 cfbPlaintext, cfbCiphertext,
3724 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
3725 },
3726 {
3727 cfbCiphertext, cfbPlaintext,
3728 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
3729 }
3730};
3731
3732/*
3733 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3734 * been used.
3735 */
3736static int test_evp_reset(int idx)
3737{
3738 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
3739 int outlen1, outlen2;
3740 int testresult = 0;
3741 unsigned char outbuf[1024];
3742 EVP_CIPHER_CTX *ctx = NULL;
3743 EVP_CIPHER *type = NULL;
3744 char *errmsg = NULL;
3745
3746 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3747 errmsg = "CTX_ALLOC";
3748 goto err;
3749 }
3750 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
3751 errmsg = "CIPHER_FETCH";
3752 goto err;
3753 }
3754 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3755 errmsg = "CIPHER_INIT";
3756 goto err;
3757 }
3758 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3759 errmsg = "PADDING";
3760 goto err;
3761 }
3762 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3763 errmsg = "CIPHER_UPDATE";
3764 goto err;
3765 }
3766 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3767 errmsg = "CIPHER_FINAL";
3768 goto err;
3769 }
3770 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3771 errmsg = "WRONG_RESULT";
3772 goto err;
3773 }
3774 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
3775 errmsg = "CIPHER_REINIT";
3776 goto err;
3777 }
3778 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3779 errmsg = "CIPHER_UPDATE (reinit)";
3780 goto err;
3781 }
3782 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3783 errmsg = "CIPHER_FINAL (reinit)";
3784 goto err;
3785 }
3786 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3787 errmsg = "WRONG_RESULT (reinit)";
3788 goto err;
3789 }
3790 testresult = 1;
3791 err:
3792 if (errmsg != NULL)
3793 TEST_info("test_evp_reset %d: %s", idx, errmsg);
3794 EVP_CIPHER_CTX_free(ctx);
3795 EVP_CIPHER_free(type);
3796 return testresult;
3797}
3798
3799typedef struct {
3800 const char *cipher;
3801 int enc;
3802} EVP_UPDATED_IV_TEST_st;
3803
3804static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
3805 {
3806 "aes-128-cfb", 1
3807 },
3808 {
3809 "aes-128-cfb", 0
3810 },
3811 {
3812 "aes-128-cfb1", 1
3813 },
3814 {
3815 "aes-128-cfb1", 0
3816 },
3817 {
3818 "aes-128-cfb8", 1
3819 },
3820 {
3821 "aes-128-cfb8", 0
3822 },
3823 {
3824 "aes-128-ofb", 1
3825 },
3826 {
3827 "aes-128-ofb", 0
3828 },
3829 {
3830 "aes-128-ctr", 1
3831 },
3832 {
3833 "aes-128-ctr", 0
3834 },
3835 {
3836 "aes-128-cbc", 1
3837 },
3838 {
3839 "aes-128-cbc", 0
3840 }
3841};
3842
3843/*
3844 * Test that the IV in the context is updated during a crypto operation for CFB
3845 * and OFB.
3846 */
3847static int test_evp_updated_iv(int idx)
3848{
3849 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
3850 int outlen1, outlen2;
3851 int testresult = 0;
3852 unsigned char outbuf[1024];
3853 EVP_CIPHER_CTX *ctx = NULL;
3854 EVP_CIPHER *type = NULL;
3855 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
3856 int iv_len;
3857 char *errmsg = NULL;
3858
3859 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3860 errmsg = "CTX_ALLOC";
3861 goto err;
3862 }
3863 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
3864 TEST_info("cipher %s not supported, skipping", t->cipher);
3865 goto ok;
3866 }
3867
3868 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3869 errmsg = "CIPHER_INIT";
3870 goto err;
3871 }
3872 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3873 errmsg = "PADDING";
3874 goto err;
3875 }
3876 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
3877 errmsg = "CIPHER_UPDATE";
3878 goto err;
3879 }
3880 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
3881 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
3882 goto err;
3883 }
3884 if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) {
3885 errmsg = "CIPHER_CTX_GET_IV_LEN";
3886 goto err;
3887 }
3888 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
3889 errmsg = "IV_NOT_UPDATED";
3890 goto err;
3891 }
3892 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3893 errmsg = "CIPHER_FINAL";
3894 goto err;
3895 }
3896 ok:
3897 testresult = 1;
3898 err:
3899 if (errmsg != NULL)
3900 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
3901 EVP_CIPHER_CTX_free(ctx);
3902 EVP_CIPHER_free(type);
3903 return testresult;
3904}
3905
3906typedef struct {
3907 const unsigned char *iv1;
3908 const unsigned char *iv2;
3909 const unsigned char *expected1;
3910 const unsigned char *expected2;
3911 const unsigned char *tag1;
3912 const unsigned char *tag2;
3913 size_t ivlen1;
3914 size_t ivlen2;
3915 size_t expectedlen1;
3916 size_t expectedlen2;
3917} TEST_GCM_IV_REINIT_st;
3918
3919static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
3920 {
3921 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
3922 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
3923 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
3924 },
3925 {
3926 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
3927 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
3928 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
3929 }
3930};
3931
3932static int test_gcm_reinit(int idx)
3933{
3934 int outlen1, outlen2, outlen3;
3935 int testresult = 0;
3936 unsigned char outbuf[1024];
3937 unsigned char tag[16];
3938 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
3939 EVP_CIPHER_CTX *ctx = NULL;
3940 EVP_CIPHER *type = NULL;
3941 size_t taglen = sizeof(tag);
3942 char *errmsg = NULL;
3943
3944 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3945 errmsg = "CTX_ALLOC";
3946 goto err;
3947 }
3948 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
3949 errmsg = "CIPHER_FETCH";
3950 goto err;
3951 }
3952 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
3953 errmsg = "ENC_INIT";
3954 goto err;
3955 }
3956 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) {
3957 errmsg = "SET_IVLEN1";
3958 goto err;
3959 }
3960 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
3961 errmsg = "SET_IV1";
3962 goto err;
3963 }
3964 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3965 errmsg = "AAD1";
3966 goto err;
3967 }
3968 EVP_CIPHER_CTX_set_padding(ctx, 0);
3969 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3970 sizeof(gcmResetPlaintext)))) {
3971 errmsg = "CIPHER_UPDATE1";
3972 goto err;
3973 }
3974 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3975 errmsg = "CIPHER_FINAL1";
3976 goto err;
3977 }
3978 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
3979 errmsg = "WRONG_RESULT1";
3980 goto err;
3981 }
3982 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
3983 errmsg = "GET_TAG1";
3984 goto err;
3985 }
3986 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
3987 errmsg = "TAG_ERROR1";
3988 goto err;
3989 }
3990 /* Now reinit */
3991 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) {
3992 errmsg = "SET_IVLEN2";
3993 goto err;
3994 }
3995 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
3996 errmsg = "SET_IV2";
3997 goto err;
3998 }
3999 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
4000 errmsg = "AAD2";
4001 goto err;
4002 }
4003 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
4004 sizeof(gcmResetPlaintext)))) {
4005 errmsg = "CIPHER_UPDATE2";
4006 goto err;
4007 }
4008 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4009 errmsg = "CIPHER_FINAL2";
4010 goto err;
4011 }
4012 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
4013 errmsg = "WRONG_RESULT2";
4014 goto err;
4015 }
4016 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4017 errmsg = "GET_TAG2";
4018 goto err;
4019 }
4020 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
4021 errmsg = "TAG_ERROR2";
4022 goto err;
4023 }
4024 testresult = 1;
4025 err:
4026 if (errmsg != NULL)
4027 TEST_info("evp_init_test %d: %s", idx, errmsg);
4028 EVP_CIPHER_CTX_free(ctx);
4029 EVP_CIPHER_free(type);
4030 return testresult;
4031}
4032
4033#ifndef OPENSSL_NO_DEPRECATED_3_0
4034static EVP_PKEY_METHOD *custom_pmeth = NULL;
4035static const EVP_PKEY_METHOD *orig_pmeth = NULL;
4036
4037# define EVP_PKEY_CTRL_MY_COMMAND 9999
4038
4039static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
4040{
4041 int (*pinit)(EVP_PKEY_CTX *ctx);
4042
4043 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
4044 return pinit(ctx);
4045}
4046
4047static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
4048{
4049 void (*pcleanup)(EVP_PKEY_CTX *ctx);
4050
4051 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
4052 pcleanup(ctx);
4053}
4054
4055static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
4056 size_t *outlen, const unsigned char *in,
4057 size_t inlen)
4058{
4059 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
4060 const unsigned char *tbs, size_t tbslen);
4061
4062 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
4063 return psign(ctx, out, outlen, in, inlen);
4064}
4065
4066static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
4067 size_t *siglen, const unsigned char *tbs,
4068 size_t tbslen)
4069{
4070 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
4071 const unsigned char *tbs, size_t tbslen);
4072
4073 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
4074 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
4075}
4076
4077static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
4078 size_t *keylen)
4079{
4080 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
4081
4082 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
4083 return pderive(ctx, key, keylen);
4084}
4085
4086static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
4087{
4088 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
4089
4090 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
4091 return pcopy(dst, src);
4092}
4093
4094static int ctrl_called;
4095
4096static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
4097{
4098 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
4099
4100 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
4101
4102 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
4103 ctrl_called = 1;
4104 return 1;
4105 }
4106
4107 return pctrl(ctx, type, p1, p2);
4108}
4109
4110static int test_custom_pmeth(int idx)
4111{
4112 EVP_PKEY_CTX *pctx = NULL;
4113 EVP_MD_CTX *ctx = NULL;
4114 EVP_PKEY *pkey = NULL;
4115 int id, orig_id, orig_flags;
4116 int testresult = 0;
4117 size_t reslen;
4118 unsigned char *res = NULL;
4119 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
4120 const EVP_MD *md = EVP_sha256();
4121 int doderive = 0;
4122
4123 ctrl_called = 0;
4124
4125 /* We call deprecated APIs so this test doesn't support a custom libctx */
4126 if (testctx != NULL)
4127 return 1;
4128
4129 switch(idx) {
4130 case 0:
4131 case 6:
4132 id = EVP_PKEY_RSA;
4133 pkey = load_example_rsa_key();
4134 break;
4135 case 1:
4136 case 7:
4137# ifndef OPENSSL_NO_DSA
4138 id = EVP_PKEY_DSA;
4139 pkey = load_example_dsa_key();
4140 break;
4141# else
4142 return 1;
4143# endif
4144 case 2:
4145 case 8:
4146# ifndef OPENSSL_NO_EC
4147 id = EVP_PKEY_EC;
4148 pkey = load_example_ec_key();
4149 break;
4150# else
4151 return 1;
4152# endif
4153 case 3:
4154 case 9:
4155# ifndef OPENSSL_NO_EC
4156 id = EVP_PKEY_ED25519;
4157 md = NULL;
4158 pkey = load_example_ed25519_key();
4159 break;
4160# else
4161 return 1;
4162# endif
4163 case 4:
4164 case 10:
4165# ifndef OPENSSL_NO_DH
4166 id = EVP_PKEY_DH;
4167 doderive = 1;
4168 pkey = load_example_dh_key();
4169 break;
4170# else
4171 return 1;
4172# endif
4173 case 5:
4174 case 11:
4175# ifndef OPENSSL_NO_EC
4176 id = EVP_PKEY_X25519;
4177 doderive = 1;
4178 pkey = load_example_x25519_key();
4179 break;
4180# else
4181 return 1;
4182# endif
4183 default:
4184 TEST_error("Should not happen");
4185 goto err;
4186 }
4187
4188 if (!TEST_ptr(pkey))
4189 goto err;
4190
4191 if (idx < 6) {
4192 if (!TEST_true(evp_pkey_is_provided(pkey)))
4193 goto err;
4194 } else {
4195 EVP_PKEY *tmp = pkey;
4196
4197 /* Convert to a legacy key */
4198 pkey = EVP_PKEY_new();
4199 if (!TEST_ptr(pkey)) {
4200 pkey = tmp;
4201 goto err;
4202 }
4203 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
4204 EVP_PKEY_free(tmp);
4205 goto err;
4206 }
4207 EVP_PKEY_free(tmp);
4208 if (!TEST_true(evp_pkey_is_legacy(pkey)))
4209 goto err;
4210 }
4211
4212 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
4213 || !TEST_ptr(pkey))
4214 goto err;
4215
4216 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
4217 if (!TEST_int_eq(orig_id, id)
4218 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
4219 goto err;
4220
4221 if (id == EVP_PKEY_ED25519) {
4222 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
4223 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
4224 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
4225 } else {
4226 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
4227 }
4228 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
4229 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
4230 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
4231 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
4232 }
4233 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
4234 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
4235 goto err;
4236
4237 if (doderive) {
4238 pctx = EVP_PKEY_CTX_new(pkey, NULL);
4239 if (!TEST_ptr(pctx)
4240 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
4241 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4242 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4243 1)
4244 || !TEST_int_eq(ctrl_called, 1)
4245 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
4246 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
4247 || !TEST_ptr(res = OPENSSL_malloc(reslen))
4248 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
4249 goto err;
4250 } else {
4251 ctx = EVP_MD_CTX_new();
4252 reslen = EVP_PKEY_size(pkey);
4253 res = OPENSSL_malloc(reslen);
4254 if (!TEST_ptr(ctx)
4255 || !TEST_ptr(res)
4256 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
4257 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4258 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4259 1)
4260 || !TEST_int_eq(ctrl_called, 1))
4261 goto err;
4262
4263 if (id == EVP_PKEY_ED25519) {
4264 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
4265 goto err;
4266 } else {
4267 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
4268 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
4269 goto err;
4270 }
4271 }
4272
4273 testresult = 1;
4274 err:
4275 OPENSSL_free(res);
4276 EVP_MD_CTX_free(ctx);
4277 if (doderive)
4278 EVP_PKEY_CTX_free(pctx);
4279 EVP_PKEY_free(pkey);
4280 EVP_PKEY_meth_remove(custom_pmeth);
4281 EVP_PKEY_meth_free(custom_pmeth);
4282 custom_pmeth = NULL;
4283 return testresult;
4284}
4285
4286static int test_evp_md_cipher_meth(void)
4287{
4288 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
4289 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
4290 int testresult = 0;
4291
4292 if (!TEST_ptr(md) || !TEST_ptr(ciph))
4293 goto err;
4294
4295 testresult = 1;
4296
4297 err:
4298 EVP_MD_meth_free(md);
4299 EVP_CIPHER_meth_free(ciph);
4300
4301 return testresult;
4302}
4303
4304typedef struct {
4305 int data;
4306} custom_dgst_ctx;
4307
4308static int custom_md_init_called = 0;
4309static int custom_md_cleanup_called = 0;
4310
4311static int custom_md_init(EVP_MD_CTX *ctx)
4312{
4313 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4314
4315 if (p == NULL)
4316 return 0;
4317
4318 custom_md_init_called++;
4319 return 1;
4320}
4321
4322static int custom_md_cleanup(EVP_MD_CTX *ctx)
4323{
4324 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4325
4326 if (p == NULL)
4327 /* Nothing to do */
4328 return 1;
4329
4330 custom_md_cleanup_called++;
4331 return 1;
4332}
4333
4334static int test_custom_md_meth(void)
4335{
4336 EVP_MD_CTX *mdctx = NULL;
4337 EVP_MD *tmp = NULL;
4338 char mess[] = "Test Message\n";
4339 unsigned char md_value[EVP_MAX_MD_SIZE];
4340 unsigned int md_len;
4341 int testresult = 0;
4342 int nid;
4343
4344 /*
4345 * We are testing deprecated functions. We don't support a non-default
4346 * library context in this test.
4347 */
4348 if (testctx != NULL)
4349 return TEST_skip("Non-default libctx");
4350
4351 custom_md_init_called = custom_md_cleanup_called = 0;
4352
4353 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
4354 if (!TEST_int_ne(nid, NID_undef))
4355 goto err;
4356 tmp = EVP_MD_meth_new(nid, NID_undef);
4357 if (!TEST_ptr(tmp))
4358 goto err;
4359
4360 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init))
4361 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup))
4362 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp,
4363 sizeof(custom_dgst_ctx))))
4364 goto err;
4365
4366 mdctx = EVP_MD_CTX_new();
4367 if (!TEST_ptr(mdctx)
4368 /*
4369 * Initing our custom md and then initing another md should
4370 * result in the init and cleanup functions of the custom md
4371 * being called.
4372 */
4373 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL))
4374 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
4375 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess)))
4376 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len))
4377 || !TEST_int_eq(custom_md_init_called, 1)
4378 || !TEST_int_eq(custom_md_cleanup_called, 1))
4379 goto err;
4380
4381 testresult = 1;
4382 err:
4383 EVP_MD_CTX_free(mdctx);
4384 EVP_MD_meth_free(tmp);
4385 return testresult;
4386}
4387
4388typedef struct {
4389 int data;
4390} custom_ciph_ctx;
4391
4392static int custom_ciph_init_called = 0;
4393static int custom_ciph_cleanup_called = 0;
4394
4395static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
4396 const unsigned char *iv, int enc)
4397{
4398 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
4399
4400 if (p == NULL)
4401 return 0;
4402
4403 custom_ciph_init_called++;
4404 return 1;
4405}
4406
4407static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx)
4408{
4409 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
4410
4411 if (p == NULL)
4412 /* Nothing to do */
4413 return 1;
4414
4415 custom_ciph_cleanup_called++;
4416 return 1;
4417}
4418
4419static int test_custom_ciph_meth(void)
4420{
4421 EVP_CIPHER_CTX *ciphctx = NULL;
4422 EVP_CIPHER *tmp = NULL;
4423 int testresult = 0;
4424 int nid;
4425
4426 /*
4427 * We are testing deprecated functions. We don't support a non-default
4428 * library context in this test.
4429 */
4430 if (testctx != NULL)
4431 return TEST_skip("Non-default libctx");
4432
4433 custom_ciph_init_called = custom_ciph_cleanup_called = 0;
4434
4435 nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph");
4436 if (!TEST_int_ne(nid, NID_undef))
4437 goto err;
4438 tmp = EVP_CIPHER_meth_new(nid, 16, 16);
4439 if (!TEST_ptr(tmp))
4440 goto err;
4441
4442 if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init))
4443 || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT))
4444 || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup))
4445 || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp,
4446 sizeof(custom_ciph_ctx))))
4447 goto err;
4448
4449 ciphctx = EVP_CIPHER_CTX_new();
4450 if (!TEST_ptr(ciphctx)
4451 /*
4452 * Initing our custom cipher and then initing another cipher
4453 * should result in the init and cleanup functions of the custom
4454 * cipher being called.
4455 */
4456 || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1))
4457 || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL,
4458 NULL, NULL, 1))
4459 || !TEST_int_eq(custom_ciph_init_called, 1)
4460 || !TEST_int_eq(custom_ciph_cleanup_called, 1))
4461 goto err;
4462
4463 testresult = 1;
4464 err:
4465 EVP_CIPHER_CTX_free(ciphctx);
4466 EVP_CIPHER_meth_free(tmp);
4467 return testresult;
4468}
4469
4470# ifndef OPENSSL_NO_DYNAMIC_ENGINE
4471/* Test we can create a signature keys with an associated ENGINE */
4472static int test_signatures_with_engine(int tst)
4473{
4474 ENGINE *e;
4475 const char *engine_id = "dasync";
4476 EVP_PKEY *pkey = NULL;
4477 const unsigned char badcmackey[] = { 0x00, 0x01 };
4478 const unsigned char cmackey[] = {
4479 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4480 0x0c, 0x0d, 0x0e, 0x0f
4481 };
4482 const unsigned char ed25519key[] = {
4483 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4484 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4485 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
4486 };
4487 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4488 int testresult = 0;
4489 EVP_MD_CTX *ctx = NULL;
4490 unsigned char *mac = NULL;
4491 size_t maclen = 0;
4492 int ret;
4493
4494# ifdef OPENSSL_NO_CMAC
4495 /* Skip CMAC tests in a no-cmac build */
4496 if (tst <= 1)
4497 return 1;
4498# endif
4499
4500 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4501 return 0;
4502
4503 if (!TEST_true(ENGINE_init(e))) {
4504 ENGINE_free(e);
4505 return 0;
4506 }
4507
4508 switch (tst) {
4509 case 0:
4510 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
4511 EVP_aes_128_cbc());
4512 break;
4513 case 1:
4514 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
4515 EVP_aes_128_cbc());
4516 break;
4517 case 2:
4518 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
4519 sizeof(ed25519key));
4520 break;
4521 default:
4522 TEST_error("Invalid test case");
4523 goto err;
4524 }
4525 if (!TEST_ptr(pkey))
4526 goto err;
4527
4528 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
4529 goto err;
4530
4531 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
4532 pkey);
4533 if (tst == 0) {
4534 if (!TEST_true(ret))
4535 goto err;
4536
4537 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
4538 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
4539 goto err;
4540
4541 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
4542 goto err;
4543
4544 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
4545 goto err;
4546 } else {
4547 /* We used a bad key. We expect a failure here */
4548 if (!TEST_false(ret))
4549 goto err;
4550 }
4551
4552 testresult = 1;
4553 err:
4554 EVP_MD_CTX_free(ctx);
4555 OPENSSL_free(mac);
4556 EVP_PKEY_free(pkey);
4557 ENGINE_finish(e);
4558 ENGINE_free(e);
4559
4560 return testresult;
4561}
4562
4563static int test_cipher_with_engine(void)
4564{
4565 ENGINE *e;
4566 const char *engine_id = "dasync";
4567 const unsigned char keyiv[] = {
4568 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4569 0x0c, 0x0d, 0x0e, 0x0f
4570 };
4571 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4572 int testresult = 0;
4573 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
4574 unsigned char buf[AES_BLOCK_SIZE];
4575 int len = 0;
4576
4577 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4578 return 0;
4579
4580 if (!TEST_true(ENGINE_init(e))) {
4581 ENGINE_free(e);
4582 return 0;
4583 }
4584
4585 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4586 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
4587 goto err;
4588
4589 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
4590 goto err;
4591
4592 /* Copy the ctx, and complete the operation with the new ctx */
4593 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
4594 goto err;
4595
4596 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
4597 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
4598 goto err;
4599
4600 testresult = 1;
4601 err:
4602 EVP_CIPHER_CTX_free(ctx);
4603 EVP_CIPHER_CTX_free(ctx2);
4604 ENGINE_finish(e);
4605 ENGINE_free(e);
4606
4607 return testresult;
4608}
4609# endif /* OPENSSL_NO_DYNAMIC_ENGINE */
4610#endif /* OPENSSL_NO_DEPRECATED_3_0 */
4611
4612static int ecxnids[] = {
4613 NID_X25519,
4614 NID_X448,
4615 NID_ED25519,
4616 NID_ED448
4617};
4618
4619/* Test that creating ECX keys with a short private key fails as expected */
4620static int test_ecx_short_keys(int tst)
4621{
4622 unsigned char ecxkeydata = 1;
4623 EVP_PKEY *pkey;
4624
4625
4626 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, OBJ_nid2sn(ecxnids[tst]),
4627 NULL, &ecxkeydata, 1);
4628 if (!TEST_ptr_null(pkey)) {
4629 EVP_PKEY_free(pkey);
4630 return 0;
4631 }
4632
4633 return 1;
4634}
4635
4636typedef enum OPTION_choice {
4637 OPT_ERR = -1,
4638 OPT_EOF = 0,
4639 OPT_CONTEXT,
4640 OPT_TEST_ENUM
4641} OPTION_CHOICE;
4642
4643const OPTIONS *test_get_options(void)
4644{
4645 static const OPTIONS options[] = {
4646 OPT_TEST_OPTIONS_DEFAULT_USAGE,
4647 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
4648 { NULL }
4649 };
4650 return options;
4651}
4652
4653#ifndef OPENSSL_NO_EC
4654/* Test that trying to sign with a public key errors out gracefully */
4655static int test_ecx_not_private_key(int tst)
4656{
4657 EVP_PKEY *pkey = NULL;
4658
4659 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4660 int testresult = 0;
4661 EVP_MD_CTX *ctx = NULL;
4662 unsigned char *mac = NULL;
4663 size_t maclen = 0;
4664 unsigned char *pubkey;
4665 size_t pubkeylen;
4666
4667 switch (keys[tst].type) {
4668 case NID_X25519:
4669 case NID_X448:
4670 return TEST_skip("signing not supported for X25519/X448");
4671 }
4672
4673 /* Check if this algorithm supports public keys */
4674 if (keys[tst].pub == NULL)
4675 return TEST_skip("no public key present");
4676
4677 pubkey = (unsigned char *)keys[tst].pub;
4678 pubkeylen = strlen(keys[tst].pub);
4679
4680 pkey = EVP_PKEY_new_raw_public_key_ex(testctx, OBJ_nid2sn(keys[tst].type),
4681 NULL, pubkey, pubkeylen);
4682 if (!TEST_ptr(pkey))
4683 goto err;
4684
4685 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
4686 goto err;
4687
4688 if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey) != 1)
4689 goto check_err;
4690
4691 if (EVP_DigestSign(ctx, NULL, &maclen, msg, sizeof(msg)) != 1)
4692 goto check_err;
4693
4694 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
4695 goto err;
4696
4697 if (!TEST_int_eq(EVP_DigestSign(ctx, mac, &maclen, msg, sizeof(msg)), 0))
4698 goto err;
4699
4700 check_err:
4701 /*
4702 * Currently only EVP_DigestSign will throw PROV_R_NOT_A_PRIVATE_KEY,
4703 * but we relax the check to allow error also thrown by
4704 * EVP_DigestSignInit and EVP_DigestSign.
4705 */
4706 if (ERR_GET_REASON(ERR_peek_error()) == PROV_R_NOT_A_PRIVATE_KEY) {
4707 testresult = 1;
4708 ERR_clear_error();
4709 }
4710
4711 err:
4712 EVP_MD_CTX_free(ctx);
4713 OPENSSL_free(mac);
4714 EVP_PKEY_free(pkey);
4715
4716 return testresult;
4717}
4718#endif /* OPENSSL_NO_EC */
4719
4720int setup_tests(void)
4721{
4722 OPTION_CHOICE o;
4723
4724 while ((o = opt_next()) != OPT_EOF) {
4725 switch (o) {
4726 case OPT_CONTEXT:
4727 /* Set up an alternate library context */
4728 testctx = OSSL_LIB_CTX_new();
4729 if (!TEST_ptr(testctx))
4730 return 0;
4731 /* Swap the libctx to test non-default context only */
4732 nullprov = OSSL_PROVIDER_load(NULL, "null");
4733 deflprov = OSSL_PROVIDER_load(testctx, "default");
4734#ifndef OPENSSL_SYS_TANDEM
4735 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
4736#endif
4737 break;
4738 case OPT_TEST_CASES:
4739 break;
4740 default:
4741 return 0;
4742 }
4743 }
4744
4745 ADD_TEST(test_EVP_set_default_properties);
4746 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
4747 ADD_TEST(test_EVP_DigestVerifyInit);
4748#ifndef OPENSSL_NO_SIPHASH
4749 ADD_TEST(test_siphash_digestsign);
4750#endif
4751 ADD_TEST(test_EVP_Digest);
4752 ADD_TEST(test_EVP_md_null);
4753 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
4754 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
4755 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
4756 ADD_TEST(test_privatekey_to_pkcs8);
4757 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
4758#ifndef OPENSSL_NO_EC
4759 ADD_TEST(test_EVP_PKCS82PKEY);
4760#endif
4761#ifndef OPENSSL_NO_EC
4762 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
4763#endif
4764#if !defined(OPENSSL_NO_SM2)
4765 ADD_TEST(test_EVP_SM2);
4766 ADD_TEST(test_EVP_SM2_verify);
4767#endif
4768 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
4769#ifndef OPENSSL_NO_DEPRECATED_3_0
4770 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
4771 if (!TEST_ptr(custom_pmeth))
4772 return 0;
4773 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
4774 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
4775 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
4776 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
4777 return 0;
4778#endif
4779 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
4780#ifndef OPENSSL_NO_CMAC
4781 ADD_TEST(test_CMAC_keygen);
4782#endif
4783 ADD_TEST(test_HKDF);
4784 ADD_TEST(test_emptyikm_HKDF);
4785#ifndef OPENSSL_NO_EC
4786 ADD_TEST(test_X509_PUBKEY_inplace);
4787 ADD_TEST(test_X509_PUBKEY_dup);
4788 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
4789 OSSL_NELEM(ec_der_pub_keys));
4790#endif
4791#ifndef OPENSSL_NO_DSA
4792 ADD_TEST(test_DSA_get_set_params);
4793 ADD_TEST(test_DSA_priv_pub);
4794#endif
4795 ADD_TEST(test_RSA_get_set_params);
4796 ADD_TEST(test_RSA_OAEP_set_get_params);
4797#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
4798 ADD_TEST(test_decrypt_null_chunks);
4799#endif
4800#ifndef OPENSSL_NO_DH
4801 ADD_TEST(test_DH_priv_pub);
4802# ifndef OPENSSL_NO_DEPRECATED_3_0
4803 ADD_TEST(test_EVP_PKEY_set1_DH);
4804# endif
4805#endif
4806#ifndef OPENSSL_NO_EC
4807 ADD_TEST(test_EC_priv_pub);
4808# ifndef OPENSSL_NO_DEPRECATED_3_0
4809 ADD_TEST(test_EC_priv_only_legacy);
4810# endif
4811#endif
4812 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
4813 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
4814
4815 ADD_TEST(test_rand_agglomeration);
4816 ADD_ALL_TESTS(test_evp_iv_aes, 12);
4817#ifndef OPENSSL_NO_DES
4818 ADD_ALL_TESTS(test_evp_iv_des, 6);
4819#endif
4820#ifndef OPENSSL_NO_BF
4821 ADD_ALL_TESTS(test_evp_bf_default_keylen, 4);
4822#endif
4823 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
4824 ADD_TEST(test_EVP_rsa_pss_set_saltlen);
4825#ifndef OPENSSL_NO_EC
4826 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
4827#endif
4828
4829 ADD_TEST(test_names_do_all);
4830
4831 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
4832 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
4833 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
4834 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
4835
4836#ifndef OPENSSL_NO_DEPRECATED_3_0
4837 ADD_ALL_TESTS(test_custom_pmeth, 12);
4838 ADD_TEST(test_evp_md_cipher_meth);
4839 ADD_TEST(test_custom_md_meth);
4840 ADD_TEST(test_custom_ciph_meth);
4841
4842# ifndef OPENSSL_NO_DYNAMIC_ENGINE
4843 /* Tests only support the default libctx */
4844 if (testctx == NULL) {
4845# ifndef OPENSSL_NO_EC
4846 ADD_ALL_TESTS(test_signatures_with_engine, 3);
4847# else
4848 ADD_ALL_TESTS(test_signatures_with_engine, 2);
4849# endif
4850 ADD_TEST(test_cipher_with_engine);
4851 }
4852# endif
4853#endif
4854
4855 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
4856
4857#ifndef OPENSSL_NO_EC
4858 ADD_ALL_TESTS(test_ecx_not_private_key, OSSL_NELEM(keys));
4859#endif
4860
4861 return 1;
4862}
4863
4864void cleanup_tests(void)
4865{
4866 OSSL_PROVIDER_unload(nullprov);
4867 OSSL_PROVIDER_unload(deflprov);
4868#ifndef OPENSSL_SYS_TANDEM
4869 OSSL_PROVIDER_unload(lgcyprov);
4870#endif
4871 OSSL_LIB_CTX_free(testctx);
4872}
注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette