VirtualBox

source: vbox/trunk/src/libs/openssl-3.0.7/test/evp_extra_test.c@ 97673

最後變更 在這個檔案從97673是 97372,由 vboxsync 提交於 2 年 前

libs: Switch to openssl-3.0.7, bugref:10317
檔案大小: 159.4 KB
 
1/*
2 * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/* We need to use some deprecated APIs */
11#define OPENSSL_SUPPRESS_DEPRECATED
12
13#include <stdio.h>
14#include <stdlib.h>
15#include <string.h>
16#include <openssl/bio.h>
17#include <openssl/conf.h>
18#include <openssl/crypto.h>
19#include <openssl/err.h>
20#include <openssl/evp.h>
21#include <openssl/x509.h>
22#include <openssl/pem.h>
23#include <openssl/kdf.h>
24#include <openssl/provider.h>
25#include <openssl/core_names.h>
26#include <openssl/params.h>
27#include <openssl/param_build.h>
28#include <openssl/dsa.h>
29#include <openssl/dh.h>
30#include <openssl/aes.h>
31#include <openssl/decoder.h>
32#include <openssl/rsa.h>
33#include <openssl/engine.h>
34#include "testutil.h"
35#include "internal/nelem.h"
36#include "internal/sizes.h"
37#include "crypto/evp.h"
38
39static OSSL_LIB_CTX *testctx = NULL;
40static char *testpropq = NULL;
41
42static OSSL_PROVIDER *nullprov = NULL;
43static OSSL_PROVIDER *deflprov = NULL;
44static OSSL_PROVIDER *lgcyprov = NULL;
45
46/*
47 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
48 * should never use this key anywhere but in an example.
49 */
50static const unsigned char kExampleRSAKeyDER[] = {
51 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
52 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
53 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
54 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
55 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
56 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
57 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
58 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
59 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
60 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
61 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
62 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
63 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
64 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
65 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
66 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
67 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
68 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
69 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
70 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
71 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
72 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
73 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
74 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
75 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
76 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
77 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
78 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
79 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
80 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
81 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
82 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
83 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
84 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
85 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
86 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
87 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
88 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
89 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
90 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
91 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
92 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
93 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
94 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
95 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
96 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
97 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
98 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
99 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
100 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
101 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
102};
103
104/*
105* kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
106 * should never use this key anywhere but in an example.
107 */
108#ifndef OPENSSL_NO_DSA
109static const unsigned char kExampleDSAKeyDER[] = {
110 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
111 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
112 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
113 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
114 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
115 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
116 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
117 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
118 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
119 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
120 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
121 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
122 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
123 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
124 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
125 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
126 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
127 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
128 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
129 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
130 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
131 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
132 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
133 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
134 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
135 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
136 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
137 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
138 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
139 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
140 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
141 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
142 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
143 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
144 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
145 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
146 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
147 0x40, 0x48
148};
149#endif
150
151/*
152 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
153 * components are not correct.
154 */
155static const unsigned char kExampleBadRSAKeyDER[] = {
156 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
157 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
158 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
159 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
160 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
161 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
162 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
163 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
164 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
165 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
166 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
167 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
168 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
169 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
170 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
171 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
172 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
173 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
174 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
175 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
176 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
177 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
178 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
179 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
180 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
181 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
182 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
183 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
184 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
185 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
186 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
187 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
188 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
189 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
190 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
191 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
192 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
193 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
194 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
195 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
196 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
197 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
198 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
199 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
200 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
201 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
202 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
203 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
204 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
205 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
206 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
207 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
208 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
209 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
210 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
211 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
212 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
213 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
214 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
215 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
216 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
217 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
218 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
219 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
220 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
221 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
222 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
223 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
224 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
225 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
226 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
227 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
228 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
229 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
230 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
231 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
232 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
233 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
234 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
235 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
236 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
237 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
238 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
239 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
240 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
241 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
242 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
243 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
244 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
245};
246
247/*
248 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All
249 * values are 0.
250 */
251static const unsigned char kExampleBad2RSAKeyDER[] = {
252 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
253 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
254 0x01, 0x00, 0x02, 0x01, 0x00
255};
256
257static const unsigned char kMsg[] = { 1, 2, 3, 4 };
258
259static const unsigned char kSignature[] = {
260 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
261 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
262 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
263 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
264 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
265 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
266 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
267 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
268 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
269 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
270 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
271};
272
273/*
274 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
275 * PrivateKeyInfo.
276 */
277static const unsigned char kExampleRSAKeyPKCS8[] = {
278 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
279 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
280 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
281 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
282 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
283 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
284 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
285 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
286 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
287 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
288 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
289 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
290 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
291 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
292 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
293 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
294 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
295 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
296 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
297 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
298 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
299 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
300 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
301 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
302 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
303 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
304 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
305 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
306 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
307 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
308 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
309 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
310 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
311 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
312 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
313 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
314 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
315 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
316 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
317 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
318 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
319 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
320 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
321 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
322 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
323 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
324 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
325 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
326 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
327 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
328 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
329 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
330 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
331};
332
333#ifndef OPENSSL_NO_EC
334/*
335 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
336 * structure.
337 */
338static const unsigned char kExampleECKeyDER[] = {
339 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
340 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
341 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
342 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
343 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
344 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
345 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
346 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
347 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
348 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
349 0xc1,
350};
351
352/*
353 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
354 * structure. The private key is equal to the order and will fail to import
355 */
356static const unsigned char kExampleBadECKeyDER[] = {
357 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
358 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
359 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
360 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
361 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
362 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
363 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
364 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
365 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
366};
367
368/* prime256v1 */
369static const unsigned char kExampleECPubKeyDER[] = {
370 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
371 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
372 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
373 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
374 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
375 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
376 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
377 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
378};
379
380/*
381 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
382 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
383 */
384static const unsigned char kExampleBadECPubKeyDER[] = {
385 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
386 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
387 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
388 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
389 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
390 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
391 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
392 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
393};
394
395static const unsigned char pExampleECParamDER[] = {
396 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
397};
398
399static const unsigned char kExampleED25519KeyDER[] = {
400 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
401 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
402 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
403 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
404};
405
406static const unsigned char kExampleED25519PubKeyDER[] = {
407 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
408 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
409 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
410 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
411};
412
413# ifndef OPENSSL_NO_DEPRECATED_3_0
414static const unsigned char kExampleX25519KeyDER[] = {
415 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
416 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
417 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
418 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
419};
420# endif
421#endif
422
423/* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
424#ifndef OPENSSL_NO_DEPRECATED_3_0
425# ifndef OPENSSL_NO_DH
426static const unsigned char kExampleDHKeyDER[] = {
427 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
428 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
429 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
430 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
431 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
432 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
433 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
434 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
435 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
436 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
437 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
438 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
439 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
440 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
441 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
442 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
443 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
444 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
445 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
446 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
447 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
448 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
449 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
450 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
451 0x2e, 0x87, 0x2a, 0x0b, 0x7a
452};
453# endif
454#endif
455
456static const unsigned char kCFBDefaultKey[] = {
457 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
458 0x09, 0xCF, 0x4F, 0x3C
459};
460
461static const unsigned char kGCMDefaultKey[32] = { 0 };
462
463static const unsigned char kGCMResetKey[] = {
464 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
465 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
466 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
467};
468
469static const unsigned char iCFBIV[] = {
470 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
471 0x0C, 0x0D, 0x0E, 0x0F
472};
473
474static const unsigned char iGCMDefaultIV[12] = { 0 };
475
476static const unsigned char iGCMResetIV1[] = {
477 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
478};
479
480static const unsigned char iGCMResetIV2[] = {
481 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
482};
483
484static const unsigned char cfbPlaintext[] = {
485 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
486 0x73, 0x93, 0x17, 0x2A
487};
488
489static const unsigned char gcmDefaultPlaintext[16] = { 0 };
490
491static const unsigned char gcmResetPlaintext[] = {
492 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
493 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
494 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
495 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
496 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
497};
498
499static const unsigned char cfbCiphertext[] = {
500 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
501 0xE8, 0x3C, 0xFB, 0x4A
502};
503
504static const unsigned char gcmDefaultCiphertext[] = {
505 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
506 0xba, 0xf3, 0x9d, 0x18
507};
508
509static const unsigned char gcmResetCiphertext1[] = {
510 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
511 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
512 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
513 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
514 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
515};
516
517static const unsigned char gcmResetCiphertext2[] = {
518 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
519 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
520 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
521 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
522 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
523};
524
525static const unsigned char gcmAAD[] = {
526 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
527 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
528};
529
530static const unsigned char gcmDefaultTag[] = {
531 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
532 0xd4, 0x8a, 0xb9, 0x19
533};
534
535static const unsigned char gcmResetTag1[] = {
536 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
537 0xfe, 0x2e, 0xa8, 0xf2
538};
539
540static const unsigned char gcmResetTag2[] = {
541 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
542 0xbb, 0x2d, 0x55, 0x1b
543};
544
545typedef struct APK_DATA_st {
546 const unsigned char *kder;
547 size_t size;
548 const char *keytype;
549 int evptype;
550 int check;
551 int pub_check;
552 int param_check;
553 int type; /* 0 for private, 1 for public, 2 for params */
554} APK_DATA;
555
556static APK_DATA keydata[] = {
557 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
558 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
559#ifndef OPENSSL_NO_EC
560 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
561#endif
562};
563
564static APK_DATA keycheckdata[] = {
565 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
566 0},
567 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
568 0, 1, 1, 0},
569 {kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA,
570 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0},
571#ifndef OPENSSL_NO_EC
572 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
573 /* group is also associated in our pub key */
574 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
575 1, 1},
576 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
577 2},
578 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
579 EVP_PKEY_ED25519, 1, 1, 1, 0},
580 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
581 EVP_PKEY_ED25519, 0, 1, 1, 1},
582#endif
583};
584
585static EVP_PKEY *load_example_key(const char *keytype,
586 const unsigned char *data, size_t data_len)
587{
588 const unsigned char **pdata = &data;
589 EVP_PKEY *pkey = NULL;
590 OSSL_DECODER_CTX *dctx =
591 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
592 testctx, testpropq);
593
594 /* |pkey| will be NULL on error */
595 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
596 OSSL_DECODER_CTX_free(dctx);
597 return pkey;
598}
599
600static EVP_PKEY *load_example_rsa_key(void)
601{
602 return load_example_key("RSA", kExampleRSAKeyDER,
603 sizeof(kExampleRSAKeyDER));
604}
605
606#ifndef OPENSSL_NO_DSA
607static EVP_PKEY *load_example_dsa_key(void)
608{
609 return load_example_key("DSA", kExampleDSAKeyDER,
610 sizeof(kExampleDSAKeyDER));
611}
612#endif
613
614#ifndef OPENSSL_NO_EC
615static EVP_PKEY *load_example_ec_key(void)
616{
617 return load_example_key("EC", kExampleECKeyDER,
618 sizeof(kExampleECKeyDER));
619}
620#endif
621
622#ifndef OPENSSL_NO_DEPRECATED_3_0
623# ifndef OPENSSL_NO_DH
624static EVP_PKEY *load_example_dh_key(void)
625{
626 return load_example_key("DH", kExampleDHKeyDER,
627 sizeof(kExampleDHKeyDER));
628}
629# endif
630
631# ifndef OPENSSL_NO_EC
632static EVP_PKEY *load_example_ed25519_key(void)
633{
634 return load_example_key("ED25519", kExampleED25519KeyDER,
635 sizeof(kExampleED25519KeyDER));
636}
637
638static EVP_PKEY *load_example_x25519_key(void)
639{
640 return load_example_key("X25519", kExampleX25519KeyDER,
641 sizeof(kExampleX25519KeyDER));
642}
643# endif
644#endif /* OPENSSL_NO_DEPRECATED_3_0 */
645
646static EVP_PKEY *load_example_hmac_key(void)
647{
648 EVP_PKEY *pkey = NULL;
649 unsigned char key[] = {
650 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
651 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
652 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
653 };
654
655 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
656 NULL, key, sizeof(key));
657 if (!TEST_ptr(pkey))
658 return NULL;
659
660 return pkey;
661}
662
663static int test_EVP_set_default_properties(void)
664{
665 OSSL_LIB_CTX *ctx;
666 EVP_MD *md = NULL;
667 int res = 0;
668
669 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
670 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
671 goto err;
672 EVP_MD_free(md);
673 md = NULL;
674
675 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
676 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
677 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
678 goto err;
679 EVP_MD_free(md);
680 md = NULL;
681
682 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
683 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
684 goto err;
685 res = 1;
686err:
687 EVP_MD_free(md);
688 OSSL_LIB_CTX_free(ctx);
689 return res;
690}
691
692#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
693static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
694{
695 EVP_PKEY_CTX *pctx = NULL;
696 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL;
697
698 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
699 goto err;
700 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
701 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
702 params), 0))
703 goto err;
704
705 if (!TEST_ptr(tmp_pkey))
706 goto err;
707
708 pkey = tmp_pkey;
709 tmp_pkey = NULL;
710 err:
711 EVP_PKEY_free(tmp_pkey);
712 EVP_PKEY_CTX_free(pctx);
713 return pkey;
714}
715
716static int test_selection(EVP_PKEY *pkey, int selection)
717{
718 int testresult = 0;
719 int ret;
720 BIO *bio = BIO_new(BIO_s_mem());
721
722 ret = PEM_write_bio_PUBKEY(bio, pkey);
723 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
724 if (!TEST_true(ret))
725 goto err;
726 } else {
727 if (!TEST_false(ret))
728 goto err;
729 }
730 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
731 testctx, NULL);
732 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
733 if (!TEST_true(ret))
734 goto err;
735 } else {
736 if (!TEST_false(ret))
737 goto err;
738 }
739
740 testresult = 1;
741 err:
742 BIO_free(bio);
743
744 return testresult;
745}
746#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
747
748/*
749 * Test combinations of private, public, missing and private + public key
750 * params to ensure they are all accepted
751 */
752#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
753static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
754{
755 OSSL_PARAM_BLD *bld = NULL;
756 OSSL_PARAM *params = NULL;
757 EVP_PKEY *just_params = NULL;
758 EVP_PKEY *params_and_priv = NULL;
759 EVP_PKEY *params_and_pub = NULL;
760 EVP_PKEY *params_and_keypair = NULL;
761 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
762 int ret = 0;
763
764 /*
765 * Setup the parameters for our pkey object. For our purposes they don't
766 * have to actually be *valid* parameters. We just need to set something.
767 */
768 if (!TEST_ptr(p = BN_new())
769 || !TEST_ptr(q = BN_new())
770 || !TEST_ptr(g = BN_new())
771 || !TEST_ptr(pub = BN_new())
772 || !TEST_ptr(priv = BN_new()))
773 goto err;
774
775 /* Test !priv and !pub */
776 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
777 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
778 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
779 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
780 goto err;
781 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
782 || !TEST_ptr(just_params = make_key_fromdata(keytype, params)))
783 goto err;
784
785 OSSL_PARAM_free(params);
786 OSSL_PARAM_BLD_free(bld);
787 params = NULL;
788 bld = NULL;
789
790 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
791 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
792 goto err;
793
794 /* Test priv and !pub */
795 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
796 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
797 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
798 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
799 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
800 priv)))
801 goto err;
802 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
803 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params)))
804 goto err;
805
806 OSSL_PARAM_free(params);
807 OSSL_PARAM_BLD_free(bld);
808 params = NULL;
809 bld = NULL;
810
811 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
812 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
813 goto err;
814
815 /* Test !priv and pub */
816 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
817 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
818 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
819 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
820 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
821 pub)))
822 goto err;
823 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
824 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params)))
825 goto err;
826
827 OSSL_PARAM_free(params);
828 OSSL_PARAM_BLD_free(bld);
829 params = NULL;
830 bld = NULL;
831
832 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
833 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
834 goto err;
835
836 /* Test priv and pub */
837 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
838 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
839 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
840 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
841 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
842 pub))
843 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
844 priv)))
845 goto err;
846 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
847 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params)))
848 goto err;
849
850 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
851 goto err;
852
853 ret = 1;
854 err:
855 OSSL_PARAM_free(params);
856 OSSL_PARAM_BLD_free(bld);
857 EVP_PKEY_free(just_params);
858 EVP_PKEY_free(params_and_priv);
859 EVP_PKEY_free(params_and_pub);
860 EVP_PKEY_free(params_and_keypair);
861 BN_free(p);
862 BN_free(q);
863 BN_free(g);
864 BN_free(pub);
865 BN_free(priv);
866
867 return ret;
868}
869#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
870
871/*
872 * Test combinations of private, public, missing and private + public key
873 * params to ensure they are all accepted for EC keys
874 */
875#ifndef OPENSSL_NO_EC
876static unsigned char ec_priv[] = {
877 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
878 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
879 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
880};
881static unsigned char ec_pub[] = {
882 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
883 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
884 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
885 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
886 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
887 0x08, 0x09, 0xb8, 0xdb, 0x03
888};
889
890static int test_EC_priv_pub(void)
891{
892 OSSL_PARAM_BLD *bld = NULL;
893 OSSL_PARAM *params = NULL;
894 EVP_PKEY *just_params = NULL;
895 EVP_PKEY *params_and_priv = NULL;
896 EVP_PKEY *params_and_pub = NULL;
897 EVP_PKEY *params_and_keypair = NULL;
898 BIGNUM *priv = NULL;
899 int ret = 0;
900 unsigned char *encoded = NULL;
901
902 /*
903 * Setup the parameters for our pkey object. For our purposes they don't
904 * have to actually be *valid* parameters. We just need to set something.
905 */
906 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
907 goto err;
908
909 /* Test !priv and !pub */
910 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
911 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
912 OSSL_PKEY_PARAM_GROUP_NAME,
913 "P-256", 0)))
914 goto err;
915 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
916 || !TEST_ptr(just_params = make_key_fromdata("EC", params)))
917 goto err;
918
919 OSSL_PARAM_free(params);
920 OSSL_PARAM_BLD_free(bld);
921 params = NULL;
922 bld = NULL;
923
924 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
925 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
926 goto err;
927
928 /* Test priv and !pub */
929 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
930 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
931 OSSL_PKEY_PARAM_GROUP_NAME,
932 "P-256", 0))
933 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
934 priv)))
935 goto err;
936 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
937 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params)))
938 goto err;
939
940 OSSL_PARAM_free(params);
941 OSSL_PARAM_BLD_free(bld);
942 params = NULL;
943 bld = NULL;
944
945 /*
946 * We indicate only parameters here, in spite of having built a key that
947 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
948 * expected to fail because it does not support exporting a private EC
949 * key without a corresponding public key
950 */
951 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
952 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
953 goto err;
954
955 /* Test !priv and pub */
956 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
957 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
958 OSSL_PKEY_PARAM_GROUP_NAME,
959 "P-256", 0))
960 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
961 OSSL_PKEY_PARAM_PUB_KEY,
962 ec_pub, sizeof(ec_pub))))
963 goto err;
964 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
965 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params)))
966 goto err;
967
968 OSSL_PARAM_free(params);
969 OSSL_PARAM_BLD_free(bld);
970 params = NULL;
971 bld = NULL;
972
973 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
974 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
975 goto err;
976
977 /* Test priv and pub */
978 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
979 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
980 OSSL_PKEY_PARAM_GROUP_NAME,
981 "P-256", 0))
982 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
983 OSSL_PKEY_PARAM_PUB_KEY,
984 ec_pub, sizeof(ec_pub)))
985 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
986 priv)))
987 goto err;
988 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
989 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params)))
990 goto err;
991
992 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
993 goto err;
994
995 /* Try key equality */
996 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0)
997 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub),
998 0)
999 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv),
1000 0)
1001 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair),
1002 0)
1003 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0)
1004 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0)
1005 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0)
1006 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0))
1007 goto err;
1008
1009 /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */
1010 if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0))
1011 goto err;
1012 OPENSSL_free(encoded);
1013 encoded = NULL;
1014 if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) {
1015 OPENSSL_free(encoded);
1016 encoded = NULL;
1017 goto err;
1018 }
1019
1020 ret = 1;
1021 err:
1022 OSSL_PARAM_free(params);
1023 OSSL_PARAM_BLD_free(bld);
1024 EVP_PKEY_free(just_params);
1025 EVP_PKEY_free(params_and_priv);
1026 EVP_PKEY_free(params_and_pub);
1027 EVP_PKEY_free(params_and_keypair);
1028 BN_free(priv);
1029
1030 return ret;
1031}
1032
1033/* Test that using a legacy EC key with only a private key in it works */
1034# ifndef OPENSSL_NO_DEPRECATED_3_0
1035static int test_EC_priv_only_legacy(void)
1036{
1037 BIGNUM *priv = NULL;
1038 int ret = 0;
1039 EC_KEY *eckey = NULL;
1040 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
1041 EVP_MD_CTX *ctx = NULL;
1042
1043 /* Create the low level EC_KEY */
1044 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1045 goto err;
1046
1047 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1048 if (!TEST_ptr(eckey))
1049 goto err;
1050
1051 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1052 goto err;
1053
1054 pkey = EVP_PKEY_new();
1055 if (!TEST_ptr(pkey))
1056 goto err;
1057
1058 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1059 goto err;
1060 eckey = NULL;
1061
1062 while (dup_pk == NULL) {
1063 ret = 0;
1064 ctx = EVP_MD_CTX_new();
1065 if (!TEST_ptr(ctx))
1066 goto err;
1067
1068 /*
1069 * The EVP_DigestSignInit function should create the key on the
1070 * provider side which is sufficient for this test.
1071 */
1072 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
1073 testpropq, pkey, NULL)))
1074 goto err;
1075 EVP_MD_CTX_free(ctx);
1076 ctx = NULL;
1077
1078 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
1079 goto err;
1080 /* EVP_PKEY_eq() returns -2 with missing public keys */
1081 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
1082 EVP_PKEY_free(pkey);
1083 pkey = dup_pk;
1084 if (!ret)
1085 goto err;
1086 }
1087
1088 err:
1089 EVP_MD_CTX_free(ctx);
1090 EVP_PKEY_free(pkey);
1091 EC_KEY_free(eckey);
1092 BN_free(priv);
1093
1094 return ret;
1095}
1096# endif /* OPENSSL_NO_DEPRECATED_3_0 */
1097#endif /* OPENSSL_NO_EC */
1098
1099static int test_EVP_PKEY_sign(int tst)
1100{
1101 int ret = 0;
1102 EVP_PKEY *pkey = NULL;
1103 unsigned char *sig = NULL;
1104 size_t sig_len = 0, shortsig_len = 1;
1105 EVP_PKEY_CTX *ctx = NULL;
1106 unsigned char tbs[] = {
1107 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1108 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1109 };
1110
1111 if (tst == 0 ) {
1112 if (!TEST_ptr(pkey = load_example_rsa_key()))
1113 goto out;
1114 } else if (tst == 1) {
1115#ifndef OPENSSL_NO_DSA
1116 if (!TEST_ptr(pkey = load_example_dsa_key()))
1117 goto out;
1118#else
1119 ret = 1;
1120 goto out;
1121#endif
1122 } else {
1123#ifndef OPENSSL_NO_EC
1124 if (!TEST_ptr(pkey = load_example_ec_key()))
1125 goto out;
1126#else
1127 ret = 1;
1128 goto out;
1129#endif
1130 }
1131
1132 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1133 if (!TEST_ptr(ctx)
1134 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1135 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1136 sizeof(tbs)), 0))
1137 goto out;
1138 sig = OPENSSL_malloc(sig_len);
1139 if (!TEST_ptr(sig)
1140 /* Test sending a signature buffer that is too short is rejected */
1141 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1142 sizeof(tbs)), 0)
1143 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1144 0)
1145 /* Test the signature round-trips */
1146 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1147 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1148 0))
1149 goto out;
1150
1151 ret = 1;
1152 out:
1153 EVP_PKEY_CTX_free(ctx);
1154 OPENSSL_free(sig);
1155 EVP_PKEY_free(pkey);
1156 return ret;
1157}
1158
1159/*
1160 * n = 0 => test using legacy cipher
1161 * n = 1 => test using fetched cipher
1162 */
1163static int test_EVP_Enveloped(int n)
1164{
1165 int ret = 0;
1166 EVP_CIPHER_CTX *ctx = NULL;
1167 EVP_PKEY *keypair = NULL;
1168 unsigned char *kek = NULL;
1169 unsigned char iv[EVP_MAX_IV_LENGTH];
1170 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1171 int len, kek_len, ciphertext_len, plaintext_len;
1172 unsigned char ciphertext[32], plaintext[16];
1173 EVP_CIPHER *type = NULL;
1174
1175 if (nullprov != NULL)
1176 return TEST_skip("Test does not support a non-default library context");
1177
1178 if (n == 0)
1179 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1180 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1181 testpropq)))
1182 goto err;
1183
1184 if (!TEST_ptr(keypair = load_example_rsa_key())
1185 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
1186 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1187 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1188 &keypair, 1))
1189 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1190 msg, sizeof(msg)))
1191 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1192 &len)))
1193 goto err;
1194
1195 ciphertext_len += len;
1196
1197 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1198 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1199 ciphertext, ciphertext_len))
1200 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1201 goto err;
1202
1203 plaintext_len += len;
1204 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1205 goto err;
1206
1207 ret = 1;
1208err:
1209 if (n != 0)
1210 EVP_CIPHER_free(type);
1211 OPENSSL_free(kek);
1212 EVP_PKEY_free(keypair);
1213 EVP_CIPHER_CTX_free(ctx);
1214 return ret;
1215}
1216
1217/*
1218 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1219 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1220 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1221 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1222 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1223 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1224 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1225 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1226 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1227 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1228 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1229 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1230 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1231 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1232 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1233 * Test 15-29: Same as above with reinitialization
1234 */
1235static int test_EVP_DigestSignInit(int tst)
1236{
1237 int ret = 0;
1238 EVP_PKEY *pkey = NULL;
1239 unsigned char *sig = NULL, *sig2 = NULL;
1240 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
1241 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1242 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1243 BIO *mdbio = NULL, *membio = NULL;
1244 size_t written;
1245 const EVP_MD *md;
1246 EVP_MD *mdexp = NULL;
1247 int reinit = 0;
1248
1249 if (nullprov != NULL)
1250 return TEST_skip("Test does not support a non-default library context");
1251
1252 if (tst >= 15) {
1253 reinit = 1;
1254 tst -= 15;
1255 }
1256
1257 if (tst >= 6 && tst <= 8) {
1258 membio = BIO_new(BIO_s_mem());
1259 mdbio = BIO_new(BIO_f_md());
1260 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1261 goto out;
1262 BIO_push(mdbio, membio);
1263 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1264 goto out;
1265 } else {
1266 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1267 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1268 goto out;
1269 }
1270
1271 if (tst % 3 == 0) {
1272 if (!TEST_ptr(pkey = load_example_rsa_key()))
1273 goto out;
1274 } else if (tst % 3 == 1) {
1275#ifndef OPENSSL_NO_DSA
1276 if (!TEST_ptr(pkey = load_example_dsa_key()))
1277 goto out;
1278#else
1279 ret = 1;
1280 goto out;
1281#endif
1282 } else {
1283 if (!TEST_ptr(pkey = load_example_hmac_key()))
1284 goto out;
1285 }
1286
1287 if (tst >= 3 && tst <= 5)
1288 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1289 else
1290 md = EVP_sha256();
1291
1292 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1293 goto out;
1294
1295 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
1296 goto out;
1297
1298 if (tst >= 6 && tst <= 8) {
1299 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1300 goto out;
1301 } else if (tst < 6) {
1302 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1303 goto out;
1304 }
1305
1306 if (tst >= 9) {
1307 /* Determine the size of the signature. */
1308 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1309 sizeof(kMsg)))
1310 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1311 goto out;
1312 if (tst <= 11) {
1313 /* Test that supply a short sig buffer fails */
1314 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1315 sizeof(kMsg))))
1316 goto out;
1317 /*
1318 * We end here because once EVP_DigestSign() has failed you should
1319 * not call it again without re-initing the ctx
1320 */
1321 ret = 1;
1322 goto out;
1323 }
1324 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1325 sizeof(kMsg))))
1326 goto out;
1327 } else {
1328 /* Determine the size of the signature. */
1329 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1330 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1331 /*
1332 * Trying to create a signature with a deliberately short
1333 * buffer should fail.
1334 */
1335 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1336 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1337 goto out;
1338 }
1339
1340 /*
1341 * Ensure that the signature round-trips (Verification isn't supported for
1342 * HMAC via EVP_DigestVerify*)
1343 */
1344 if (tst % 3 != 2) {
1345 if (tst >= 6 && tst <= 8) {
1346 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1347 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1348 goto out;
1349 }
1350
1351 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1352 NULL, pkey)))
1353 goto out;
1354
1355 if (tst >= 6 && tst <= 8) {
1356 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1357 goto out;
1358 } else {
1359 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1360 sizeof(kMsg))))
1361 goto out;
1362 }
1363 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1364 goto out;
1365
1366 /* Multiple calls to EVP_DigestVerifyFinal should work */
1367 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1368 goto out;
1369 } else {
1370 /*
1371 * For HMAC a doubled call to DigestSignFinal should produce the same
1372 * value as finalization should not happen.
1373 */
1374 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1375 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1376 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1377 goto out;
1378
1379 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1380 goto out;
1381 }
1382
1383 ret = 1;
1384
1385 out:
1386 BIO_free(membio);
1387 BIO_free(mdbio);
1388 EVP_MD_CTX_free(a_md_ctx);
1389 EVP_MD_CTX_free(a_md_ctx_verify);
1390 EVP_PKEY_free(pkey);
1391 OPENSSL_free(sig);
1392 OPENSSL_free(sig2);
1393 EVP_MD_free(mdexp);
1394
1395 return ret;
1396}
1397
1398static int test_EVP_DigestVerifyInit(void)
1399{
1400 int ret = 0;
1401 EVP_PKEY *pkey = NULL;
1402 EVP_MD_CTX *md_ctx = NULL;
1403
1404 if (nullprov != NULL)
1405 return TEST_skip("Test does not support a non-default library context");
1406
1407 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1408 || !TEST_ptr(pkey = load_example_rsa_key()))
1409 goto out;
1410
1411 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1412 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1413 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1414 sizeof(kSignature)), 0))
1415 goto out;
1416
1417 /* test with reinitialization */
1418 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
1419 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1420 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1421 sizeof(kSignature)), 0))
1422 goto out;
1423 ret = 1;
1424
1425 out:
1426 EVP_MD_CTX_free(md_ctx);
1427 EVP_PKEY_free(pkey);
1428 return ret;
1429}
1430
1431#ifndef OPENSSL_NO_SIPHASH
1432/* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
1433static int test_siphash_digestsign(void)
1434{
1435 unsigned char key[16];
1436 unsigned char buf[8], digest[8];
1437 unsigned char expected[8] = {
1438 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1439 };
1440 EVP_PKEY *pkey = NULL;
1441 EVP_MD_CTX *mdctx = NULL;
1442 EVP_PKEY_CTX *ctx = NULL;
1443 int ret = 0;
1444 size_t len = 8;
1445
1446 if (nullprov != NULL)
1447 return TEST_skip("Test does not support a non-default library context");
1448
1449 memset(buf, 0, 8);
1450 memset(key, 1, 16);
1451 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
1452 key, 16)))
1453 goto out;
1454
1455 if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
1456 goto out;
1457
1458 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
1459 goto out;
1460 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
1461 EVP_PKEY_CTRL_SET_DIGEST_SIZE,
1462 8, NULL), 1))
1463 goto out;
1464 /* reinitialize */
1465 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
1466 goto out;
1467 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
1468 goto out;
1469 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
1470 goto out;
1471 if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
1472 goto out;
1473
1474 ret = 1;
1475 out:
1476 EVP_PKEY_free(pkey);
1477 EVP_MD_CTX_free(mdctx);
1478 return ret;
1479}
1480#endif
1481
1482/*
1483 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1484 */
1485static int test_EVP_Digest(void)
1486{
1487 int ret = 0;
1488 EVP_MD_CTX *md_ctx = NULL;
1489 unsigned char md[EVP_MAX_MD_SIZE];
1490 EVP_MD *sha256 = NULL;
1491 EVP_MD *shake256 = NULL;
1492
1493 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1494 goto out;
1495
1496 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1497 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1498 goto out;
1499
1500 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1501 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1502 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1503 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1504 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1505 goto out;
1506
1507 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1508 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1509 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1510 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1511 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1512 /*
1513 * EVP_DigestInit_ex with NULL type should work on
1514 * pre-initialized context.
1515 */
1516 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1517 goto out;
1518
1519 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1520 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1521 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1522 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1523 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1524 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1525 goto out;
1526 ret = 1;
1527
1528 out:
1529 EVP_MD_CTX_free(md_ctx);
1530 EVP_MD_free(sha256);
1531 EVP_MD_free(shake256);
1532 return ret;
1533}
1534
1535static int test_EVP_md_null(void)
1536{
1537 int ret = 0;
1538 EVP_MD_CTX *md_ctx = NULL;
1539 const EVP_MD *md_null = EVP_md_null();
1540 unsigned char md_value[EVP_MAX_MD_SIZE];
1541 unsigned int md_len = sizeof(md_value);
1542
1543 if (nullprov != NULL)
1544 return TEST_skip("Test does not support a non-default library context");
1545
1546 if (!TEST_ptr(md_null)
1547 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1548 goto out;
1549
1550 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
1551 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
1552 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
1553 goto out;
1554
1555 if (!TEST_uint_eq(md_len, 0))
1556 goto out;
1557
1558 ret = 1;
1559 out:
1560 EVP_MD_CTX_free(md_ctx);
1561 return ret;
1562}
1563
1564static int test_d2i_AutoPrivateKey(int i)
1565{
1566 int ret = 0;
1567 const unsigned char *p;
1568 EVP_PKEY *pkey = NULL;
1569 const APK_DATA *ak = &keydata[i];
1570 const unsigned char *input = ak->kder;
1571 size_t input_len = ak->size;
1572 int expected_id = ak->evptype;
1573
1574 p = input;
1575 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1576 || !TEST_ptr_eq(p, input + input_len)
1577 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
1578 goto done;
1579
1580 ret = 1;
1581
1582 done:
1583 EVP_PKEY_free(pkey);
1584 return ret;
1585}
1586
1587#ifndef OPENSSL_NO_EC
1588
1589static const unsigned char ec_public_sect163k1_validxy[] = {
1590 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1591 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1592 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1593 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1594 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1595 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1596};
1597
1598static const unsigned char ec_public_sect163k1_badx[] = {
1599 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1600 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1601 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1602 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1603 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1604 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1605};
1606
1607static const unsigned char ec_public_sect163k1_bady[] = {
1608 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1609 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1610 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1611 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1612 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1613 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1614};
1615
1616static struct ec_der_pub_keys_st {
1617 const unsigned char *der;
1618 size_t len;
1619 int valid;
1620} ec_der_pub_keys[] = {
1621 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1622 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1623 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1624};
1625
1626/*
1627 * Tests the range of the decoded EC char2 public point.
1628 * See ec_GF2m_simple_oct2point().
1629 */
1630static int test_invalide_ec_char2_pub_range_decode(int id)
1631{
1632 int ret = 0;
1633 EVP_PKEY *pkey;
1634
1635 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1636 ec_der_pub_keys[id].len);
1637
1638 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1639 || TEST_ptr_null(pkey);
1640 EVP_PKEY_free(pkey);
1641 return ret;
1642}
1643
1644/* Tests loading a bad key in PKCS8 format */
1645static int test_EVP_PKCS82PKEY(void)
1646{
1647 int ret = 0;
1648 const unsigned char *derp = kExampleBadECKeyDER;
1649 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1650 EVP_PKEY *pkey = NULL;
1651
1652 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1653 sizeof(kExampleBadECKeyDER))))
1654 goto done;
1655
1656 if (!TEST_ptr_eq(derp,
1657 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1658 goto done;
1659
1660 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1661 goto done;
1662
1663 ret = 1;
1664
1665 done:
1666 PKCS8_PRIV_KEY_INFO_free(p8inf);
1667 EVP_PKEY_free(pkey);
1668
1669 return ret;
1670}
1671
1672#endif
1673static int test_EVP_PKCS82PKEY_wrong_tag(void)
1674{
1675 EVP_PKEY *pkey = NULL;
1676 EVP_PKEY *pkey2 = NULL;
1677 BIO *membio = NULL;
1678 char *membuf = NULL;
1679 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1680 int ok = 0;
1681
1682 if (testctx != NULL)
1683 /* test not supported with non-default context */
1684 return 1;
1685
1686 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1687 || !TEST_ptr(pkey = load_example_rsa_key())
1688 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1689 NULL, 0, NULL, NULL),
1690 0)
1691 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1692 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1693 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
1694 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1695 goto done;
1696 }
1697
1698 ok = 1;
1699 done:
1700 EVP_PKEY_free(pkey);
1701 EVP_PKEY_free(pkey2);
1702 PKCS8_PRIV_KEY_INFO_free(p8inf);
1703 BIO_free_all(membio);
1704 return ok;
1705}
1706
1707/* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1708static int test_privatekey_to_pkcs8(void)
1709{
1710 EVP_PKEY *pkey = NULL;
1711 BIO *membio = NULL;
1712 char *membuf = NULL;
1713 long membuf_len = 0;
1714 int ok = 0;
1715
1716 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1717 || !TEST_ptr(pkey = load_example_rsa_key())
1718 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1719 NULL, 0, NULL, NULL),
1720 0)
1721 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1722 || !TEST_ptr(membuf)
1723 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1724 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1725 /*
1726 * We try to write PEM as well, just to see that it doesn't err, but
1727 * assume that the result is correct.
1728 */
1729 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1730 NULL, 0, NULL, NULL),
1731 0))
1732 goto done;
1733
1734 ok = 1;
1735 done:
1736 EVP_PKEY_free(pkey);
1737 BIO_free_all(membio);
1738 return ok;
1739}
1740
1741#ifndef OPENSSL_NO_EC
1742static const struct {
1743 int encoding;
1744 const char *encoding_name;
1745} ec_encodings[] = {
1746 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1747 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1748};
1749
1750static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1751{
1752 const OSSL_PARAM *p;
1753 const char *enc_name = NULL;
1754 int *enc = arg;
1755 size_t i;
1756
1757 *enc = -1;
1758
1759 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1760 OSSL_PKEY_PARAM_EC_ENCODING))
1761 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1762 return 0;
1763
1764 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1765 if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1766 *enc = ec_encodings[i].encoding;
1767 break;
1768 }
1769 }
1770
1771 return (*enc != -1);
1772}
1773
1774static int test_EC_keygen_with_enc(int idx)
1775{
1776 EVP_PKEY *params = NULL, *key = NULL;
1777 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1778 int enc;
1779 int ret = 0;
1780
1781 enc = ec_encodings[idx].encoding;
1782
1783 /* Create key parameters */
1784 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1785 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
1786 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0)
1787 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0)
1788 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
1789 || !TEST_ptr(params))
1790 goto done;
1791
1792 /* Create key */
1793 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1794 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1795 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1796 || !TEST_ptr(key))
1797 goto done;
1798
1799 /* Check that the encoding got all the way into the key */
1800 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1801 ec_export_get_encoding_cb, &enc))
1802 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1803 goto done;
1804
1805 ret = 1;
1806 done:
1807 EVP_PKEY_free(key);
1808 EVP_PKEY_free(params);
1809 EVP_PKEY_CTX_free(kctx);
1810 EVP_PKEY_CTX_free(pctx);
1811 return ret;
1812}
1813#endif
1814
1815#if !defined(OPENSSL_NO_SM2)
1816
1817static int test_EVP_SM2_verify(void)
1818{
1819 const char *pubkey =
1820 "-----BEGIN PUBLIC KEY-----\n"
1821 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1822 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1823 "-----END PUBLIC KEY-----\n";
1824
1825 const char *msg = "message digest";
1826 const char *id = "[email protected]";
1827
1828 const uint8_t signature[] = {
1829 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1830 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1831 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1832 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1833 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1834 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1835 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1836 };
1837
1838 int rc = 0;
1839 BIO *bio = NULL;
1840 EVP_PKEY *pkey = NULL;
1841 EVP_MD_CTX *mctx = NULL;
1842 EVP_PKEY_CTX *pctx = NULL;
1843 EVP_MD *sm3 = NULL;
1844
1845 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1846 if (!TEST_true(bio != NULL))
1847 goto done;
1848
1849 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
1850 if (!TEST_true(pkey != NULL))
1851 goto done;
1852
1853 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1854 goto done;
1855
1856 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1857 goto done;
1858
1859 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1860 goto done;
1861
1862 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1863
1864 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1865 goto done;
1866
1867 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
1868 goto done;
1869
1870 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1871 goto done;
1872
1873 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1874 goto done;
1875
1876 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
1877 goto done;
1878 rc = 1;
1879
1880 done:
1881 BIO_free(bio);
1882 EVP_PKEY_free(pkey);
1883 EVP_PKEY_CTX_free(pctx);
1884 EVP_MD_CTX_free(mctx);
1885 EVP_MD_free(sm3);
1886 return rc;
1887}
1888
1889static int test_EVP_SM2(void)
1890{
1891 int ret = 0;
1892 EVP_PKEY *pkey = NULL;
1893 EVP_PKEY *pkeyparams = NULL;
1894 EVP_PKEY_CTX *pctx = NULL;
1895 EVP_PKEY_CTX *kctx = NULL;
1896 EVP_PKEY_CTX *sctx = NULL;
1897 size_t sig_len = 0;
1898 unsigned char *sig = NULL;
1899 EVP_MD_CTX *md_ctx = NULL;
1900 EVP_MD_CTX *md_ctx_verify = NULL;
1901 EVP_PKEY_CTX *cctx = NULL;
1902 EVP_MD *check_md = NULL;
1903
1904 uint8_t ciphertext[128];
1905 size_t ctext_len = sizeof(ciphertext);
1906
1907 uint8_t plaintext[8];
1908 size_t ptext_len = sizeof(plaintext);
1909
1910 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1911
1912 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1913 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1914 int i;
1915 char mdname[OSSL_MAX_NAME_SIZE];
1916
1917 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
1918 "SM2", testpropq)))
1919 goto done;
1920
1921 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1922 goto done;
1923
1924 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0))
1925 goto done;
1926
1927 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1928 goto done;
1929
1930 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1931 pkeyparams, testpropq)))
1932 goto done;
1933
1934 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0))
1935 goto done;
1936
1937 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1938 goto done;
1939
1940 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1941 goto done;
1942
1943 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1944 goto done;
1945
1946 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1947 goto done;
1948
1949 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1950 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1951
1952 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
1953 goto done;
1954
1955 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
1956 goto done;
1957
1958 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1959 goto done;
1960
1961 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1962 goto done;
1963
1964 /* Determine the size of the signature. */
1965 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1966 goto done;
1967
1968 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1969 goto done;
1970
1971 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1972 goto done;
1973
1974 /* Ensure that the signature round-trips. */
1975
1976 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1977 pkey)))
1978 goto done;
1979
1980 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1981 goto done;
1982
1983 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1984 goto done;
1985
1986 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1987 goto done;
1988
1989 /*
1990 * Try verify again with non-matching 0 length id but ensure that it can
1991 * be set on the context and overrides the previous value.
1992 */
1993
1994 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1995 pkey)))
1996 goto done;
1997
1998 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0))
1999 goto done;
2000
2001 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2002 goto done;
2003
2004 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2005 goto done;
2006
2007 /* now check encryption/decryption */
2008
2009 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2010 mdname, sizeof(mdname));
2011 for (i = 0; i < 2; i++) {
2012 const char *mdnames[] = {
2013#ifndef OPENSSL_NO_SM3
2014 "SM3",
2015#else
2016 NULL,
2017#endif
2018 "SHA2-256" };
2019 EVP_PKEY_CTX_free(cctx);
2020
2021 if (mdnames[i] == NULL)
2022 continue;
2023
2024 sparams[0] =
2025 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2026 (char *)mdnames[i], 0);
2027
2028 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2029 pkey, testpropq)))
2030 goto done;
2031
2032 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
2033 goto done;
2034
2035 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2036 goto done;
2037
2038 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
2039 sizeof(kMsg))))
2040 goto done;
2041
2042 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
2043 goto done;
2044
2045 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2046 goto done;
2047
2048 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
2049 ctext_len), 0))
2050 goto done;
2051
2052 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
2053 goto done;
2054
2055 /*
2056 * Test we're still using the digest we think we are.
2057 * Because of aliases, the easiest is to fetch the digest and
2058 * check the name with EVP_MD_is_a().
2059 */
2060 EVP_MD_free(check_md);
2061 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
2062 goto done;
2063 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
2064 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
2065 goto done;
2066 }
2067
2068 if (!TEST_true(ptext_len == sizeof(kMsg)))
2069 goto done;
2070
2071 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
2072 goto done;
2073 }
2074
2075 ret = 1;
2076done:
2077 EVP_PKEY_CTX_free(pctx);
2078 EVP_PKEY_CTX_free(kctx);
2079 EVP_PKEY_CTX_free(sctx);
2080 EVP_PKEY_CTX_free(cctx);
2081 EVP_PKEY_free(pkey);
2082 EVP_PKEY_free(pkeyparams);
2083 EVP_MD_CTX_free(md_ctx);
2084 EVP_MD_CTX_free(md_ctx_verify);
2085 EVP_MD_free(check_md);
2086 OPENSSL_free(sig);
2087 return ret;
2088}
2089
2090#endif
2091
2092static struct keys_st {
2093 int type;
2094 char *priv;
2095 char *pub;
2096} keys[] = {
2097 {
2098 EVP_PKEY_HMAC, "0123456789", NULL
2099 },
2100 {
2101 EVP_PKEY_HMAC, "", NULL
2102#ifndef OPENSSL_NO_POLY1305
2103 }, {
2104 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
2105#endif
2106#ifndef OPENSSL_NO_SIPHASH
2107 }, {
2108 EVP_PKEY_SIPHASH, "0123456789012345", NULL
2109#endif
2110 },
2111#ifndef OPENSSL_NO_EC
2112 {
2113 EVP_PKEY_X25519, "01234567890123456789012345678901",
2114 "abcdefghijklmnopqrstuvwxyzabcdef"
2115 }, {
2116 EVP_PKEY_ED25519, "01234567890123456789012345678901",
2117 "abcdefghijklmnopqrstuvwxyzabcdef"
2118 }, {
2119 EVP_PKEY_X448,
2120 "01234567890123456789012345678901234567890123456789012345",
2121 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2122 }, {
2123 EVP_PKEY_ED448,
2124 "012345678901234567890123456789012345678901234567890123456",
2125 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2126 }
2127#endif
2128};
2129
2130static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
2131{
2132 int ret = 0;
2133 unsigned char buf[80];
2134 unsigned char *in;
2135 size_t inlen, len = 0, shortlen = 1;
2136 EVP_PKEY *pkey;
2137
2138 /* Check if this algorithm supports public keys */
2139 if (pub && keys[tst].pub == NULL)
2140 return 1;
2141
2142 memset(buf, 0, sizeof(buf));
2143
2144 if (pub) {
2145#ifndef OPENSSL_NO_EC
2146 inlen = strlen(keys[tst].pub);
2147 in = (unsigned char *)keys[tst].pub;
2148 if (uselibctx) {
2149 pkey = EVP_PKEY_new_raw_public_key_ex(
2150 testctx,
2151 OBJ_nid2sn(keys[tst].type),
2152 NULL,
2153 in,
2154 inlen);
2155 } else {
2156 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
2157 NULL,
2158 in,
2159 inlen);
2160 }
2161#else
2162 return 1;
2163#endif
2164 } else {
2165 inlen = strlen(keys[tst].priv);
2166 in = (unsigned char *)keys[tst].priv;
2167 if (uselibctx) {
2168 pkey = EVP_PKEY_new_raw_private_key_ex(
2169 testctx, OBJ_nid2sn(keys[tst].type),
2170 NULL,
2171 in,
2172 inlen);
2173 } else {
2174 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
2175 NULL,
2176 in,
2177 inlen);
2178 }
2179 }
2180
2181 if (!TEST_ptr(pkey)
2182 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
2183 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
2184 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
2185 || !TEST_true(len == inlen))
2186 goto done;
2187 if (tst != 1) {
2188 /*
2189 * Test that supplying a buffer that is too small fails. Doesn't apply
2190 * to HMAC with a zero length key
2191 */
2192 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
2193 &shortlen)))
2194 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
2195 &shortlen))))
2196 goto done;
2197 }
2198 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
2199 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
2200 || !TEST_mem_eq(in, inlen, buf, len))
2201 goto done;
2202
2203 ret = 1;
2204 done:
2205 EVP_PKEY_free(pkey);
2206 return ret;
2207}
2208
2209static int test_set_get_raw_keys(int tst)
2210{
2211 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
2212 && test_set_get_raw_keys_int(tst, 0, 1)
2213 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
2214 && test_set_get_raw_keys_int(tst, 1, 1);
2215}
2216
2217#ifndef OPENSSL_NO_DEPRECATED_3_0
2218static int pkey_custom_check(EVP_PKEY *pkey)
2219{
2220 return 0xbeef;
2221}
2222
2223static int pkey_custom_pub_check(EVP_PKEY *pkey)
2224{
2225 return 0xbeef;
2226}
2227
2228static int pkey_custom_param_check(EVP_PKEY *pkey)
2229{
2230 return 0xbeef;
2231}
2232
2233static EVP_PKEY_METHOD *custom_pmeth;
2234#endif
2235
2236static int test_EVP_PKEY_check(int i)
2237{
2238 int ret = 0;
2239 EVP_PKEY *pkey = NULL;
2240 EVP_PKEY_CTX *ctx = NULL;
2241#ifndef OPENSSL_NO_DEPRECATED_3_0
2242 EVP_PKEY_CTX *ctx2 = NULL;
2243#endif
2244 const APK_DATA *ak = &keycheckdata[i];
2245 const unsigned char *input = ak->kder;
2246 size_t input_len = ak->size;
2247 int expected_id = ak->evptype;
2248 int expected_check = ak->check;
2249 int expected_pub_check = ak->pub_check;
2250 int expected_param_check = ak->param_check;
2251 int type = ak->type;
2252
2253 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
2254 goto done;
2255 if (type == 0
2256 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2257 goto done;
2258
2259 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2260 goto done;
2261
2262 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
2263 goto done;
2264
2265 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
2266 goto done;
2267
2268 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
2269 goto done;
2270
2271#ifndef OPENSSL_NO_DEPRECATED_3_0
2272 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
2273 /* assign the pkey directly, as an internal test */
2274 EVP_PKEY_up_ref(pkey);
2275 ctx2->pkey = pkey;
2276
2277 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
2278 goto done;
2279
2280 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
2281 goto done;
2282
2283 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
2284 goto done;
2285#endif
2286
2287 ret = 1;
2288
2289 done:
2290 EVP_PKEY_CTX_free(ctx);
2291#ifndef OPENSSL_NO_DEPRECATED_3_0
2292 EVP_PKEY_CTX_free(ctx2);
2293#endif
2294 EVP_PKEY_free(pkey);
2295 return ret;
2296}
2297
2298#ifndef OPENSSL_NO_CMAC
2299static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
2300{
2301 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
2302 const char msg[] = "Hello World";
2303 size_t maclen = AES_BLOCK_SIZE;
2304 int ret = 1;
2305
2306 if (!TEST_ptr(mdctx)
2307 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
2308 testpropq, pkey, NULL))
2309 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
2310 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
2311 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
2312 ret = 0;
2313
2314 EVP_MD_CTX_free(mdctx);
2315
2316 return ret;
2317}
2318static int test_CMAC_keygen(void)
2319{
2320 static unsigned char key[] = {
2321 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2322 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2323 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2324 };
2325 EVP_PKEY_CTX *kctx = NULL;
2326 int ret = 0;
2327 EVP_PKEY *pkey = NULL;
2328 unsigned char mac[AES_BLOCK_SIZE];
2329# if !defined(OPENSSL_NO_DEPRECATED_3_0)
2330 unsigned char mac2[AES_BLOCK_SIZE];
2331# endif
2332
2333 if (nullprov != NULL)
2334 return TEST_skip("Test does not support a non-default library context");
2335
2336 /*
2337 * This is a legacy method for CMACs, but should still work.
2338 * This verifies that it works without an ENGINE.
2339 */
2340 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2341
2342 /* Test a CMAC key created using the "generated" method */
2343 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2344 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2345 EVP_PKEY_CTRL_CIPHER,
2346 0, (void *)EVP_aes_256_ecb()), 0)
2347 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2348 EVP_PKEY_CTRL_SET_MAC_KEY,
2349 sizeof(key), (void *)key), 0)
2350 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2351 || !TEST_ptr(pkey)
2352 || !TEST_true(get_cmac_val(pkey, mac)))
2353 goto done;
2354
2355# if !defined(OPENSSL_NO_DEPRECATED_3_0)
2356 EVP_PKEY_free(pkey);
2357
2358 /*
2359 * Test a CMAC key using the direct method, and compare with the mac
2360 * created above.
2361 */
2362 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
2363 if (!TEST_ptr(pkey)
2364 || !TEST_true(get_cmac_val(pkey, mac2))
2365 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
2366 goto done;
2367# endif
2368
2369 ret = 1;
2370
2371 done:
2372 EVP_PKEY_free(pkey);
2373 EVP_PKEY_CTX_free(kctx);
2374 return ret;
2375}
2376#endif
2377
2378static int test_HKDF(void)
2379{
2380 EVP_PKEY_CTX *pctx;
2381 unsigned char out[20];
2382 size_t outlen;
2383 int i, ret = 0;
2384 unsigned char salt[] = "0123456789";
2385 unsigned char key[] = "012345678901234567890123456789";
2386 unsigned char info[] = "infostring";
2387 const unsigned char expected[] = {
2388 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2389 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2390 };
2391 size_t expectedlen = sizeof(expected);
2392
2393 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2394 goto done;
2395
2396 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2397 for (i = 0; i < 2; i++) {
2398 outlen = sizeof(out);
2399 memset(out, 0, outlen);
2400
2401 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2402 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2403 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2404 sizeof(salt) - 1), 0)
2405 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2406 sizeof(key) - 1), 0)
2407 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2408 sizeof(info) - 1), 0)
2409 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2410 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2411 goto done;
2412 }
2413
2414 ret = 1;
2415
2416 done:
2417 EVP_PKEY_CTX_free(pctx);
2418
2419 return ret;
2420}
2421
2422static int test_emptyikm_HKDF(void)
2423{
2424 EVP_PKEY_CTX *pctx;
2425 unsigned char out[20];
2426 size_t outlen;
2427 int ret = 0;
2428 unsigned char salt[] = "9876543210";
2429 unsigned char key[] = "";
2430 unsigned char info[] = "stringinfo";
2431 const unsigned char expected[] = {
2432 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2433 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2434 };
2435 size_t expectedlen = sizeof(expected);
2436
2437 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2438 goto done;
2439
2440 outlen = sizeof(out);
2441 memset(out, 0, outlen);
2442
2443 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2444 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2445 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2446 sizeof(salt) - 1), 0)
2447 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2448 sizeof(key) - 1), 0)
2449 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2450 sizeof(info) - 1), 0)
2451 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2452 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2453 goto done;
2454
2455 ret = 1;
2456
2457 done:
2458 EVP_PKEY_CTX_free(pctx);
2459
2460 return ret;
2461}
2462
2463#ifndef OPENSSL_NO_EC
2464static int test_X509_PUBKEY_inplace(void)
2465{
2466 int ret = 0;
2467 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
2468 const unsigned char *p = kExampleECPubKeyDER;
2469 size_t input_len = sizeof(kExampleECPubKeyDER);
2470
2471 if (!TEST_ptr(xp))
2472 goto done;
2473 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
2474 goto done;
2475
2476 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2477 goto done;
2478
2479 p = kExampleBadECPubKeyDER;
2480 input_len = sizeof(kExampleBadECPubKeyDER);
2481
2482 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2483 goto done;
2484
2485 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2486 goto done;
2487
2488 ret = 1;
2489
2490 done:
2491 X509_PUBKEY_free(xp);
2492 return ret;
2493}
2494
2495static int test_X509_PUBKEY_dup(void)
2496{
2497 int ret = 0;
2498 X509_PUBKEY *xp = NULL, *xq = NULL;
2499 const unsigned char *p = kExampleECPubKeyDER;
2500 size_t input_len = sizeof(kExampleECPubKeyDER);
2501
2502 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2503 if (!TEST_ptr(xp)
2504 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
2505 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2506 || !TEST_ptr_ne(xp, xq))
2507 goto done;
2508
2509 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2510 || !TEST_ptr(X509_PUBKEY_get0(xp))
2511 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
2512 goto done;
2513
2514 X509_PUBKEY_free(xq);
2515 xq = NULL;
2516 p = kExampleBadECPubKeyDER;
2517 input_len = sizeof(kExampleBadECPubKeyDER);
2518
2519 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2520 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2521 goto done;
2522
2523 X509_PUBKEY_free(xp);
2524 xp = NULL;
2525 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2526 goto done;
2527
2528 ret = 1;
2529
2530 done:
2531 X509_PUBKEY_free(xp);
2532 X509_PUBKEY_free(xq);
2533 return ret;
2534}
2535#endif /* OPENSSL_NO_EC */
2536
2537/* Test getting and setting parameters on an EVP_PKEY_CTX */
2538static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
2539{
2540 EVP_MD_CTX *mdctx = NULL;
2541 EVP_PKEY_CTX *ctx = NULL;
2542 const OSSL_PARAM *params;
2543 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
2544 int ret = 0;
2545 const EVP_MD *md;
2546 char mdname[OSSL_MAX_NAME_SIZE];
2547 char ssl3ms[48];
2548
2549 /* Initialise a sign operation */
2550 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
2551 if (!TEST_ptr(ctx)
2552 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
2553 goto err;
2554
2555 /*
2556 * We should be able to query the parameters now.
2557 */
2558 params = EVP_PKEY_CTX_settable_params(ctx);
2559 if (!TEST_ptr(params)
2560 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2561 OSSL_SIGNATURE_PARAM_DIGEST)))
2562 goto err;
2563
2564 params = EVP_PKEY_CTX_gettable_params(ctx);
2565 if (!TEST_ptr(params)
2566 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2567 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
2568 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2569 OSSL_SIGNATURE_PARAM_DIGEST)))
2570 goto err;
2571
2572 /*
2573 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2574 * EVP_PKEY_CTX_get_params()
2575 */
2576 strcpy(mdname, "SHA512");
2577 param_md = param;
2578 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2579 mdname, 0);
2580 *param++ = OSSL_PARAM_construct_end();
2581
2582 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2583 goto err;
2584
2585 mdname[0] = '\0';
2586 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2587 mdname, sizeof(mdname));
2588 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
2589 || !TEST_str_eq(mdname, "SHA512"))
2590 goto err;
2591
2592 /*
2593 * Test the TEST_PKEY_CTX_set_signature_md() and
2594 * TEST_PKEY_CTX_get_signature_md() functions
2595 */
2596 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2597 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2598 || !TEST_ptr_eq(md, EVP_sha256()))
2599 goto err;
2600
2601 /*
2602 * Test getting MD parameters via an associated EVP_PKEY_CTX
2603 */
2604 mdctx = EVP_MD_CTX_new();
2605 if (!TEST_ptr(mdctx)
2606 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2607 pkey, NULL)))
2608 goto err;
2609
2610 /*
2611 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2612 * able to obtain the digest's settable parameters from the provider.
2613 */
2614 params = EVP_MD_CTX_settable_params(mdctx);
2615 if (!TEST_ptr(params)
2616 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2617 /* The final key should be NULL */
2618 || !TEST_ptr_null(params[1].key))
2619 goto err;
2620
2621 param = ourparams;
2622 memset(ssl3ms, 0, sizeof(ssl3ms));
2623 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2624 ssl3ms, sizeof(ssl3ms));
2625 *param++ = OSSL_PARAM_construct_end();
2626
2627 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2628 goto err;
2629
2630 ret = 1;
2631
2632 err:
2633 EVP_MD_CTX_free(mdctx);
2634 EVP_PKEY_CTX_free(ctx);
2635
2636 return ret;
2637}
2638
2639#ifndef OPENSSL_NO_DSA
2640static int test_DSA_get_set_params(void)
2641{
2642 OSSL_PARAM_BLD *bld = NULL;
2643 OSSL_PARAM *params = NULL;
2644 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2645 EVP_PKEY_CTX *pctx = NULL;
2646 EVP_PKEY *pkey = NULL;
2647 int ret = 0;
2648
2649 /*
2650 * Setup the parameters for our DSA object. For our purposes they don't
2651 * have to actually be *valid* parameters. We just need to set something.
2652 */
2653 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2654 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2655 || !TEST_ptr(p = BN_new())
2656 || !TEST_ptr(q = BN_new())
2657 || !TEST_ptr(g = BN_new())
2658 || !TEST_ptr(pub = BN_new())
2659 || !TEST_ptr(priv = BN_new()))
2660 goto err;
2661 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2662 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2663 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2664 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2665 pub))
2666 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2667 priv)))
2668 goto err;
2669 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2670 goto err;
2671
2672 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2673 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2674 params), 0))
2675 goto err;
2676
2677 if (!TEST_ptr(pkey))
2678 goto err;
2679
2680 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2681
2682 err:
2683 EVP_PKEY_free(pkey);
2684 EVP_PKEY_CTX_free(pctx);
2685 OSSL_PARAM_free(params);
2686 OSSL_PARAM_BLD_free(bld);
2687 BN_free(p);
2688 BN_free(q);
2689 BN_free(g);
2690 BN_free(pub);
2691 BN_free(priv);
2692
2693 return ret;
2694}
2695
2696/*
2697 * Test combinations of private, public, missing and private + public key
2698 * params to ensure they are all accepted
2699 */
2700static int test_DSA_priv_pub(void)
2701{
2702 return test_EVP_PKEY_ffc_priv_pub("DSA");
2703}
2704
2705#endif /* !OPENSSL_NO_DSA */
2706
2707static int test_RSA_get_set_params(void)
2708{
2709 OSSL_PARAM_BLD *bld = NULL;
2710 OSSL_PARAM *params = NULL;
2711 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2712 EVP_PKEY_CTX *pctx = NULL;
2713 EVP_PKEY *pkey = NULL;
2714 int ret = 0;
2715
2716 /*
2717 * Setup the parameters for our RSA object. For our purposes they don't
2718 * have to actually be *valid* parameters. We just need to set something.
2719 */
2720 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2721 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2722 || !TEST_ptr(n = BN_new())
2723 || !TEST_ptr(e = BN_new())
2724 || !TEST_ptr(d = BN_new()))
2725 goto err;
2726 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2727 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2728 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2729 goto err;
2730 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2731 goto err;
2732
2733 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2734 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2735 params), 0))
2736 goto err;
2737
2738 if (!TEST_ptr(pkey))
2739 goto err;
2740
2741 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2742
2743 err:
2744 EVP_PKEY_free(pkey);
2745 EVP_PKEY_CTX_free(pctx);
2746 OSSL_PARAM_free(params);
2747 OSSL_PARAM_BLD_free(bld);
2748 BN_free(n);
2749 BN_free(e);
2750 BN_free(d);
2751
2752 return ret;
2753}
2754
2755static int test_RSA_OAEP_set_get_params(void)
2756{
2757 int ret = 0;
2758 EVP_PKEY *key = NULL;
2759 EVP_PKEY_CTX *key_ctx = NULL;
2760
2761 if (nullprov != NULL)
2762 return TEST_skip("Test does not support a non-default library context");
2763
2764 if (!TEST_ptr(key = load_example_rsa_key())
2765 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(0, key, 0)))
2766 goto err;
2767
2768 {
2769 int padding = RSA_PKCS1_OAEP_PADDING;
2770 OSSL_PARAM params[4];
2771
2772 params[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE, &padding);
2773 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
2774 OSSL_DIGEST_NAME_SHA2_256, 0);
2775 params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
2776 OSSL_DIGEST_NAME_SHA1, 0);
2777 params[3] = OSSL_PARAM_construct_end();
2778
2779 if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params),0))
2780 goto err;
2781 }
2782 {
2783 OSSL_PARAM params[3];
2784 char oaepmd[30] = { '\0' };
2785 char mgf1md[30] = { '\0' };
2786
2787 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
2788 oaepmd, sizeof(oaepmd));
2789 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
2790 mgf1md, sizeof(mgf1md));
2791 params[2] = OSSL_PARAM_construct_end();
2792
2793 if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx, params)))
2794 goto err;
2795
2796 if (!TEST_str_eq(oaepmd, OSSL_DIGEST_NAME_SHA2_256)
2797 || !TEST_str_eq(mgf1md, OSSL_DIGEST_NAME_SHA1))
2798 goto err;
2799 }
2800
2801 ret = 1;
2802
2803 err:
2804 EVP_PKEY_free(key);
2805 EVP_PKEY_CTX_free(key_ctx);
2806
2807 return ret;
2808}
2809
2810#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2811static int test_decrypt_null_chunks(void)
2812{
2813 EVP_CIPHER_CTX* ctx = NULL;
2814 EVP_CIPHER *cipher = NULL;
2815 const unsigned char key[32] = {
2816 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2817 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2818 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2819 };
2820 unsigned char iv[12] = {
2821 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2822 };
2823 unsigned char msg[] = "It was the best of times, it was the worst of times";
2824 unsigned char ciphertext[80];
2825 unsigned char plaintext[80];
2826 /* We initialise tmp to a non zero value on purpose */
2827 int ctlen, ptlen, tmp = 99;
2828 int ret = 0;
2829 const int enc_offset = 10, dec_offset = 20;
2830
2831 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2832 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2833 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
2834 key, iv))
2835 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2836 enc_offset))
2837 /* Deliberate add a zero length update */
2838 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2839 0))
2840 || !TEST_int_eq(tmp, 0)
2841 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2842 msg + enc_offset,
2843 sizeof(msg) - enc_offset))
2844 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2845 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2846 || !TEST_int_eq(tmp, 0))
2847 goto err;
2848
2849 /* Deliberately initialise tmp to a non zero value */
2850 tmp = 99;
2851 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
2852 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2853 dec_offset))
2854 /*
2855 * Deliberately add a zero length update. We also deliberately do
2856 * this at a different offset than for encryption.
2857 */
2858 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2859 0))
2860 || !TEST_int_eq(tmp, 0)
2861 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2862 ciphertext + dec_offset,
2863 ctlen - dec_offset))
2864 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2865 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2866 || !TEST_int_eq(tmp, 0)
2867 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2868 goto err;
2869
2870 ret = 1;
2871 err:
2872 EVP_CIPHER_CTX_free(ctx);
2873 EVP_CIPHER_free(cipher);
2874 return ret;
2875}
2876#endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2877
2878#ifndef OPENSSL_NO_DH
2879/*
2880 * Test combinations of private, public, missing and private + public key
2881 * params to ensure they are all accepted
2882 */
2883static int test_DH_priv_pub(void)
2884{
2885 return test_EVP_PKEY_ffc_priv_pub("DH");
2886}
2887
2888# ifndef OPENSSL_NO_DEPRECATED_3_0
2889static int test_EVP_PKEY_set1_DH(void)
2890{
2891 DH *x942dh = NULL, *noqdh = NULL;
2892 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
2893 int ret = 0;
2894 BIGNUM *p, *g = NULL;
2895 BIGNUM *pubkey = NULL;
2896 unsigned char pub[2048 / 8];
2897 size_t len = 0;
2898
2899 if (!TEST_ptr(p = BN_new())
2900 || !TEST_ptr(g = BN_new())
2901 || !TEST_ptr(pubkey = BN_new())
2902 || !TEST_true(BN_set_word(p, 9999))
2903 || !TEST_true(BN_set_word(g, 2))
2904 || !TEST_true(BN_set_word(pubkey, 4321))
2905 || !TEST_ptr(noqdh = DH_new())
2906 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
2907 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
2908 || !TEST_ptr(pubkey = BN_new())
2909 || !TEST_true(BN_set_word(pubkey, 4321)))
2910 goto err;
2911 p = g = NULL;
2912
2913 x942dh = DH_get_2048_256();
2914 pkey1 = EVP_PKEY_new();
2915 pkey2 = EVP_PKEY_new();
2916 if (!TEST_ptr(x942dh)
2917 || !TEST_ptr(noqdh)
2918 || !TEST_ptr(pkey1)
2919 || !TEST_ptr(pkey2)
2920 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
2921 goto err;
2922 pubkey = NULL;
2923
2924 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2925 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
2926 goto err;
2927
2928 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
2929 &pubkey))
2930 || !TEST_ptr(pubkey))
2931 goto err;
2932
2933 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
2934 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
2935 goto err;
2936
2937 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
2938 OSSL_PKEY_PARAM_PUB_KEY,
2939 pub, sizeof(pub), &len))
2940 || !TEST_size_t_ne(len, 0))
2941 goto err;
2942
2943 ret = 1;
2944 err:
2945 BN_free(p);
2946 BN_free(g);
2947 BN_free(pubkey);
2948 EVP_PKEY_free(pkey1);
2949 EVP_PKEY_free(pkey2);
2950 DH_free(x942dh);
2951 DH_free(noqdh);
2952
2953 return ret;
2954}
2955# endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2956#endif /* !OPENSSL_NO_DH */
2957
2958/*
2959 * We test what happens with an empty template. For the sake of this test,
2960 * the template must be ignored, and we know that's the case for RSA keys
2961 * (this might arguably be a misfeature, but that's what we currently do,
2962 * even in provider code, since that's how the legacy RSA implementation
2963 * does things)
2964 */
2965static int test_keygen_with_empty_template(int n)
2966{
2967 EVP_PKEY_CTX *ctx = NULL;
2968 EVP_PKEY *pkey = NULL;
2969 EVP_PKEY *tkey = NULL;
2970 int ret = 0;
2971
2972 if (nullprov != NULL)
2973 return TEST_skip("Test does not support a non-default library context");
2974
2975 switch (n) {
2976 case 0:
2977 /* We do test with no template at all as well */
2978 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2979 goto err;
2980 break;
2981 case 1:
2982 /* Here we create an empty RSA key that serves as our template */
2983 if (!TEST_ptr(tkey = EVP_PKEY_new())
2984 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2985 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2986 goto err;
2987 break;
2988 }
2989
2990 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2991 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2992 goto err;
2993
2994 ret = 1;
2995 err:
2996 EVP_PKEY_CTX_free(ctx);
2997 EVP_PKEY_free(pkey);
2998 EVP_PKEY_free(tkey);
2999 return ret;
3000}
3001
3002/*
3003 * Test that we fail if we attempt to use an algorithm that is not available
3004 * in the current library context (unless we are using an algorithm that
3005 * should be made available via legacy codepaths).
3006 *
3007 * 0: RSA
3008 * 1: SM2
3009 */
3010static int test_pkey_ctx_fail_without_provider(int tst)
3011{
3012 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
3013 OSSL_PROVIDER *tmpnullprov = NULL;
3014 EVP_PKEY_CTX *pctx = NULL;
3015 const char *keytype = NULL;
3016 int expect_null = 0;
3017 int ret = 0;
3018
3019 if (!TEST_ptr(tmpctx))
3020 goto err;
3021
3022 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
3023 if (!TEST_ptr(tmpnullprov))
3024 goto err;
3025
3026 /*
3027 * We check for certain algos in the null provider.
3028 * If an algo is expected to have a provider keymgmt, contructing an
3029 * EVP_PKEY_CTX is expected to fail (return NULL).
3030 * Otherwise, if it's expected to have legacy support, contructing an
3031 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
3032 */
3033 switch (tst) {
3034 case 0:
3035 keytype = "RSA";
3036 expect_null = 1;
3037 break;
3038 case 1:
3039 keytype = "SM2";
3040 expect_null = 1;
3041#ifdef OPENSSL_NO_EC
3042 TEST_info("EC disable, skipping SM2 check...");
3043 goto end;
3044#endif
3045#ifdef OPENSSL_NO_SM2
3046 TEST_info("SM2 disable, skipping SM2 check...");
3047 goto end;
3048#endif
3049 break;
3050 default:
3051 TEST_error("No test for case %d", tst);
3052 goto err;
3053 }
3054
3055 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
3056 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
3057 goto err;
3058
3059#if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
3060 end:
3061#endif
3062 ret = 1;
3063
3064 err:
3065 EVP_PKEY_CTX_free(pctx);
3066 OSSL_PROVIDER_unload(tmpnullprov);
3067 OSSL_LIB_CTX_free(tmpctx);
3068 return ret;
3069}
3070
3071static int test_rand_agglomeration(void)
3072{
3073 EVP_RAND *rand;
3074 EVP_RAND_CTX *ctx;
3075 OSSL_PARAM params[3], *p = params;
3076 int res;
3077 unsigned int step = 7;
3078 static unsigned char seed[] = "It does not matter how slowly you go "
3079 "as long as you do not stop.";
3080 unsigned char out[sizeof(seed)];
3081
3082 if (!TEST_int_ne(sizeof(seed) % step, 0)
3083 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
3084 return 0;
3085 ctx = EVP_RAND_CTX_new(rand, NULL);
3086 EVP_RAND_free(rand);
3087 if (!TEST_ptr(ctx))
3088 return 0;
3089
3090 memset(out, 0, sizeof(out));
3091 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
3092 seed, sizeof(seed));
3093 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
3094 *p = OSSL_PARAM_construct_end();
3095 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
3096 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
3097 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
3098 EVP_RAND_CTX_free(ctx);
3099 return res;
3100}
3101
3102/*
3103 * Test that we correctly return the original or "running" IV after
3104 * an encryption operation.
3105 * Run multiple times for some different relevant algorithms/modes.
3106 */
3107static int test_evp_iv_aes(int idx)
3108{
3109 int ret = 0;
3110 EVP_CIPHER_CTX *ctx = NULL;
3111 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
3112 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
3113 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
3114 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
3115 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
3116 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3117 9, 10, 11, 12, 13, 14, 15, 16 };
3118 unsigned char ciphertext[32], oiv[16], iv[16];
3119 unsigned char *ref_iv;
3120 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
3121 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
3122
3123 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
3124 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
3125 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
3126 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
3127 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3128 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3129 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
3130#ifndef OPENSSL_NO_OCB
3131 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3132 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3133#endif
3134 int len = sizeof(ciphertext);
3135 size_t ivlen, ref_len;
3136 const EVP_CIPHER *type = NULL;
3137 int iv_reset = 0;
3138
3139 if (nullprov != NULL && idx < 6)
3140 return TEST_skip("Test does not support a non-default library context");
3141
3142 switch(idx) {
3143 case 0:
3144 type = EVP_aes_128_cbc();
3145 /* FALLTHROUGH */
3146 case 6:
3147 type = (type != NULL) ? type :
3148 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
3149 ref_iv = cbc_state;
3150 ref_len = sizeof(cbc_state);
3151 iv_reset = 1;
3152 break;
3153 case 1:
3154 type = EVP_aes_128_ofb();
3155 /* FALLTHROUGH */
3156 case 7:
3157 type = (type != NULL) ? type :
3158 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
3159 ref_iv = ofb_state;
3160 ref_len = sizeof(ofb_state);
3161 iv_reset = 1;
3162 break;
3163 case 2:
3164 type = EVP_aes_128_cfb();
3165 /* FALLTHROUGH */
3166 case 8:
3167 type = (type != NULL) ? type :
3168 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
3169 ref_iv = cfb_state;
3170 ref_len = sizeof(cfb_state);
3171 iv_reset = 1;
3172 break;
3173 case 3:
3174 type = EVP_aes_128_gcm();
3175 /* FALLTHROUGH */
3176 case 9:
3177 type = (type != NULL) ? type :
3178 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
3179 ref_iv = gcm_state;
3180 ref_len = sizeof(gcm_state);
3181 break;
3182 case 4:
3183 type = EVP_aes_128_ccm();
3184 /* FALLTHROUGH */
3185 case 10:
3186 type = (type != NULL) ? type :
3187 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
3188 ref_iv = ccm_state;
3189 ref_len = sizeof(ccm_state);
3190 break;
3191#ifdef OPENSSL_NO_OCB
3192 case 5:
3193 case 11:
3194 return 1;
3195#else
3196 case 5:
3197 type = EVP_aes_128_ocb();
3198 /* FALLTHROUGH */
3199 case 11:
3200 type = (type != NULL) ? type :
3201 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
3202 ref_iv = ocb_state;
3203 ref_len = sizeof(ocb_state);
3204 break;
3205#endif
3206 default:
3207 return 0;
3208 }
3209
3210 if (!TEST_ptr(type)
3211 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3212 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3213 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3214 (int)sizeof(msg)))
3215 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3216 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3217 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3218 goto err;
3219 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3220 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3221 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3222 goto err;
3223
3224 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3225 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3226 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3227 goto err;
3228 if (iv_reset) {
3229 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3230 goto err;
3231 } else {
3232 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
3233 goto err;
3234 }
3235
3236 ret = 1;
3237err:
3238 EVP_CIPHER_CTX_free(ctx);
3239 if (idx >= 6)
3240 EVP_CIPHER_free((EVP_CIPHER *)type);
3241 return ret;
3242}
3243
3244#ifndef OPENSSL_NO_DES
3245static int test_evp_iv_des(int idx)
3246{
3247 int ret = 0;
3248 EVP_CIPHER_CTX *ctx = NULL;
3249 static const unsigned char key[24] = {
3250 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3251 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3252 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3253 };
3254 static const unsigned char init_iv[8] = {
3255 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3256 };
3257 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3258 9, 10, 11, 12, 13, 14, 15, 16 };
3259 unsigned char ciphertext[32], oiv[8], iv[8];
3260 unsigned const char *ref_iv;
3261 static const unsigned char cbc_state_des[8] = {
3262 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3263 };
3264 static const unsigned char cbc_state_3des[8] = {
3265 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3266 };
3267 static const unsigned char ofb_state_des[8] = {
3268 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3269 };
3270 static const unsigned char ofb_state_3des[8] = {
3271 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3272 };
3273 static const unsigned char cfb_state_des[8] = {
3274 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3275 };
3276 static const unsigned char cfb_state_3des[8] = {
3277 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3278 };
3279 int len = sizeof(ciphertext);
3280 size_t ivlen, ref_len;
3281 EVP_CIPHER *type = NULL;
3282
3283 if (lgcyprov == NULL && idx < 3)
3284 return TEST_skip("Test requires legacy provider to be loaded");
3285
3286 switch(idx) {
3287 case 0:
3288 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
3289 ref_iv = cbc_state_des;
3290 ref_len = sizeof(cbc_state_des);
3291 break;
3292 case 1:
3293 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
3294 ref_iv = ofb_state_des;
3295 ref_len = sizeof(ofb_state_des);
3296 break;
3297 case 2:
3298 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
3299 ref_iv = cfb_state_des;
3300 ref_len = sizeof(cfb_state_des);
3301 break;
3302 case 3:
3303 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
3304 ref_iv = cbc_state_3des;
3305 ref_len = sizeof(cbc_state_3des);
3306 break;
3307 case 4:
3308 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
3309 ref_iv = ofb_state_3des;
3310 ref_len = sizeof(ofb_state_3des);
3311 break;
3312 case 5:
3313 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
3314 ref_iv = cfb_state_3des;
3315 ref_len = sizeof(cfb_state_3des);
3316 break;
3317 default:
3318 return 0;
3319 }
3320
3321 if (!TEST_ptr(type)
3322 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3323 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3324 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3325 (int)sizeof(msg)))
3326 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3327 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3328 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3329 goto err;
3330 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3331 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3332 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3333 goto err;
3334
3335 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3336 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3337 goto err;
3338 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3339 goto err;
3340
3341 ret = 1;
3342err:
3343 EVP_CIPHER_CTX_free(ctx);
3344 EVP_CIPHER_free(type);
3345 return ret;
3346}
3347#endif
3348
3349#ifndef OPENSSL_NO_BF
3350static int test_evp_bf_default_keylen(int idx)
3351{
3352 int ret = 0;
3353 static const char *algos[4] = {
3354 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb"
3355 };
3356 int ivlen[4] = { 0, 8, 8, 8 };
3357 EVP_CIPHER *cipher = NULL;
3358
3359 if (lgcyprov == NULL)
3360 return TEST_skip("Test requires legacy provider to be loaded");
3361
3362 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq))
3363 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16)
3364 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx]))
3365 goto err;
3366
3367 ret = 1;
3368err:
3369 EVP_CIPHER_free(cipher);
3370 return ret;
3371}
3372#endif
3373
3374#ifndef OPENSSL_NO_EC
3375static int ecpub_nids[] = {
3376 NID_brainpoolP256r1, NID_X9_62_prime256v1,
3377 NID_secp384r1, NID_secp521r1,
3378# ifndef OPENSSL_NO_EC2M
3379 NID_sect233k1, NID_sect233r1, NID_sect283r1,
3380 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
3381# endif
3382 NID_brainpoolP384r1, NID_brainpoolP512r1
3383};
3384
3385static int test_ecpub(int idx)
3386{
3387 int ret = 0, len, savelen;
3388 int nid;
3389 unsigned char buf[1024];
3390 unsigned char *p;
3391 EVP_PKEY *pkey = NULL;
3392 EVP_PKEY_CTX *ctx = NULL;
3393# ifndef OPENSSL_NO_DEPRECATED_3_0
3394 const unsigned char *q;
3395 EVP_PKEY *pkey2 = NULL;
3396 EC_KEY *ec = NULL;
3397# endif
3398
3399 if (nullprov != NULL)
3400 return TEST_skip("Test does not support a non-default library context");
3401
3402 nid = ecpub_nids[idx];
3403
3404 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
3405 if (!TEST_ptr(ctx)
3406 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3407 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0)
3408 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
3409 goto done;
3410 len = i2d_PublicKey(pkey, NULL);
3411 savelen = len;
3412 if (!TEST_int_ge(len, 1)
3413 || !TEST_int_lt(len, 1024))
3414 goto done;
3415 p = buf;
3416 len = i2d_PublicKey(pkey, &p);
3417 if (!TEST_int_ge(len, 1)
3418 || !TEST_int_eq(len, savelen))
3419 goto done;
3420
3421# ifndef OPENSSL_NO_DEPRECATED_3_0
3422 /* Now try to decode the just-created DER. */
3423 q = buf;
3424 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
3425 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
3426 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
3427 goto done;
3428 /* EC_KEY ownership transferred */
3429 ec = NULL;
3430 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
3431 goto done;
3432 /* The keys should match. */
3433 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
3434 goto done;
3435# endif
3436
3437 ret = 1;
3438
3439 done:
3440 EVP_PKEY_CTX_free(ctx);
3441 EVP_PKEY_free(pkey);
3442# ifndef OPENSSL_NO_DEPRECATED_3_0
3443 EVP_PKEY_free(pkey2);
3444 EC_KEY_free(ec);
3445# endif
3446 return ret;
3447}
3448#endif
3449
3450static int test_EVP_rsa_pss_with_keygen_bits(void)
3451{
3452 int ret = 0;
3453 EVP_PKEY_CTX *ctx = NULL;
3454 EVP_PKEY *pkey = NULL;
3455 EVP_MD *md;
3456
3457 md = EVP_MD_fetch(testctx, "sha256", testpropq);
3458 ret = TEST_ptr(md)
3459 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq)))
3460 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3461 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
3462 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0)
3463 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
3464
3465 EVP_MD_free(md);
3466 EVP_PKEY_free(pkey);
3467 EVP_PKEY_CTX_free(ctx);
3468 return ret;
3469}
3470
3471static int test_EVP_rsa_pss_set_saltlen(void)
3472{
3473 int ret = 0;
3474 EVP_PKEY *pkey = NULL;
3475 EVP_PKEY_CTX *pkey_ctx = NULL;
3476 EVP_MD *sha256 = NULL;
3477 EVP_MD_CTX *sha256_ctx = NULL;
3478 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
3479 const int test_value = 32;
3480
3481 ret = TEST_ptr(pkey = load_example_rsa_key())
3482 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
3483 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
3484 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
3485 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
3486 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0)
3487 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0)
3488 && TEST_int_eq(saltlen, test_value);
3489
3490 EVP_MD_CTX_free(sha256_ctx);
3491 EVP_PKEY_free(pkey);
3492 EVP_MD_free(sha256);
3493
3494 return ret;
3495}
3496
3497static int success = 1;
3498static void md_names(const char *name, void *vctx)
3499{
3500 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
3501 /* Force a namemap update */
3502 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
3503
3504 if (!TEST_ptr(aes128))
3505 success = 0;
3506
3507 EVP_CIPHER_free(aes128);
3508}
3509
3510/*
3511 * Test that changing the namemap in a user callback works in a names_do_all
3512 * function.
3513 */
3514static int test_names_do_all(void)
3515{
3516 /* We use a custom libctx so that we know the state of the namemap */
3517 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
3518 EVP_MD *sha256 = NULL;
3519 int testresult = 0;
3520
3521 if (!TEST_ptr(ctx))
3522 goto err;
3523
3524 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
3525 if (!TEST_ptr(sha256))
3526 goto err;
3527
3528 /*
3529 * We loop through all the names for a given digest. This should still work
3530 * even if the namemap changes part way through.
3531 */
3532 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
3533 goto err;
3534
3535 if (!TEST_true(success))
3536 goto err;
3537
3538 testresult = 1;
3539 err:
3540 EVP_MD_free(sha256);
3541 OSSL_LIB_CTX_free(ctx);
3542 return testresult;
3543}
3544
3545typedef struct {
3546 const char *cipher;
3547 const unsigned char *key;
3548 const unsigned char *iv;
3549 const unsigned char *input;
3550 const unsigned char *expected;
3551 const unsigned char *tag;
3552 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3553 size_t inlen;
3554 size_t expectedlen;
3555 size_t taglen;
3556 int keyfirst;
3557 int initenc;
3558 int finalenc;
3559} EVP_INIT_TEST_st;
3560
3561static const EVP_INIT_TEST_st evp_init_tests[] = {
3562 {
3563 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3564 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3565 0, 1, 0, 1
3566 },
3567 {
3568 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3569 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3570 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3571 sizeof(gcmDefaultTag), 1, 0, 1
3572 },
3573 {
3574 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3575 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3576 0, 0, 0, 1
3577 },
3578 {
3579 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3580 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3581 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3582 sizeof(gcmDefaultTag), 0, 0, 1
3583 },
3584 {
3585 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3586 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3587 0, 1, 1, 0
3588 },
3589 {
3590 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3591 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3592 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3593 sizeof(gcmDefaultTag), 1, 1, 0
3594 },
3595 {
3596 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3597 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3598 0, 0, 1, 0
3599 },
3600 {
3601 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3602 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3603 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3604 sizeof(gcmDefaultTag), 0, 1, 0
3605 }
3606};
3607
3608static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
3609{
3610 int res = 0;
3611
3612 if (t->ivlen != 0) {
3613 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0))
3614 goto err;
3615 }
3616 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
3617 goto err;
3618 res = 1;
3619 err:
3620 return res;
3621}
3622
3623/*
3624 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3625 * arguments are given one at a time and a final adjustment to the enc
3626 * parameter sets the correct operation.
3627 */
3628static int test_evp_init_seq(int idx)
3629{
3630 int outlen1, outlen2;
3631 int testresult = 0;
3632 unsigned char outbuf[1024];
3633 unsigned char tag[16];
3634 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
3635 EVP_CIPHER_CTX *ctx = NULL;
3636 EVP_CIPHER *type = NULL;
3637 size_t taglen = sizeof(tag);
3638 char *errmsg = NULL;
3639
3640 ctx = EVP_CIPHER_CTX_new();
3641 if (ctx == NULL) {
3642 errmsg = "CTX_ALLOC";
3643 goto err;
3644 }
3645 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
3646 errmsg = "CIPHER_FETCH";
3647 goto err;
3648 }
3649 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
3650 errmsg = "EMPTY_ENC_INIT";
3651 goto err;
3652 }
3653 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3654 errmsg = "PADDING";
3655 goto err;
3656 }
3657 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3658 errmsg = "KEY_INIT (before iv)";
3659 goto err;
3660 }
3661 if (!evp_init_seq_set_iv(ctx, t)) {
3662 errmsg = "IV_INIT";
3663 goto err;
3664 }
3665 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3666 errmsg = "KEY_INIT (after iv)";
3667 goto err;
3668 }
3669 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
3670 errmsg = "FINAL_ENC_INIT";
3671 goto err;
3672 }
3673 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3674 errmsg = "CIPHER_UPDATE";
3675 goto err;
3676 }
3677 if (t->finalenc == 0 && t->tag != NULL) {
3678 /* Set expected tag */
3679 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
3680 t->taglen, (void *)t->tag), 0)) {
3681 errmsg = "SET_TAG";
3682 goto err;
3683 }
3684 }
3685 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3686 errmsg = "CIPHER_FINAL";
3687 goto err;
3688 }
3689 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3690 errmsg = "WRONG_RESULT";
3691 goto err;
3692 }
3693 if (t->finalenc != 0 && t->tag != NULL) {
3694 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
3695 errmsg = "GET_TAG";
3696 goto err;
3697 }
3698 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
3699 errmsg = "TAG_ERROR";
3700 goto err;
3701 }
3702 }
3703 testresult = 1;
3704 err:
3705 if (errmsg != NULL)
3706 TEST_info("evp_init_test %d: %s", idx, errmsg);
3707 EVP_CIPHER_CTX_free(ctx);
3708 EVP_CIPHER_free(type);
3709 return testresult;
3710}
3711
3712typedef struct {
3713 const unsigned char *input;
3714 const unsigned char *expected;
3715 size_t inlen;
3716 size_t expectedlen;
3717 int enc;
3718} EVP_RESET_TEST_st;
3719
3720static const EVP_RESET_TEST_st evp_reset_tests[] = {
3721 {
3722 cfbPlaintext, cfbCiphertext,
3723 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
3724 },
3725 {
3726 cfbCiphertext, cfbPlaintext,
3727 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
3728 }
3729};
3730
3731/*
3732 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3733 * been used.
3734 */
3735static int test_evp_reset(int idx)
3736{
3737 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
3738 int outlen1, outlen2;
3739 int testresult = 0;
3740 unsigned char outbuf[1024];
3741 EVP_CIPHER_CTX *ctx = NULL;
3742 EVP_CIPHER *type = NULL;
3743 char *errmsg = NULL;
3744
3745 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3746 errmsg = "CTX_ALLOC";
3747 goto err;
3748 }
3749 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
3750 errmsg = "CIPHER_FETCH";
3751 goto err;
3752 }
3753 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3754 errmsg = "CIPHER_INIT";
3755 goto err;
3756 }
3757 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3758 errmsg = "PADDING";
3759 goto err;
3760 }
3761 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3762 errmsg = "CIPHER_UPDATE";
3763 goto err;
3764 }
3765 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3766 errmsg = "CIPHER_FINAL";
3767 goto err;
3768 }
3769 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3770 errmsg = "WRONG_RESULT";
3771 goto err;
3772 }
3773 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
3774 errmsg = "CIPHER_REINIT";
3775 goto err;
3776 }
3777 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3778 errmsg = "CIPHER_UPDATE (reinit)";
3779 goto err;
3780 }
3781 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3782 errmsg = "CIPHER_FINAL (reinit)";
3783 goto err;
3784 }
3785 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3786 errmsg = "WRONG_RESULT (reinit)";
3787 goto err;
3788 }
3789 testresult = 1;
3790 err:
3791 if (errmsg != NULL)
3792 TEST_info("test_evp_reset %d: %s", idx, errmsg);
3793 EVP_CIPHER_CTX_free(ctx);
3794 EVP_CIPHER_free(type);
3795 return testresult;
3796}
3797
3798typedef struct {
3799 const char *cipher;
3800 int enc;
3801} EVP_UPDATED_IV_TEST_st;
3802
3803static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
3804 {
3805 "aes-128-cfb", 1
3806 },
3807 {
3808 "aes-128-cfb", 0
3809 },
3810 {
3811 "aes-128-cfb1", 1
3812 },
3813 {
3814 "aes-128-cfb1", 0
3815 },
3816 {
3817 "aes-128-cfb8", 1
3818 },
3819 {
3820 "aes-128-cfb8", 0
3821 },
3822 {
3823 "aes-128-ofb", 1
3824 },
3825 {
3826 "aes-128-ofb", 0
3827 },
3828 {
3829 "aes-128-ctr", 1
3830 },
3831 {
3832 "aes-128-ctr", 0
3833 },
3834 {
3835 "aes-128-cbc", 1
3836 },
3837 {
3838 "aes-128-cbc", 0
3839 }
3840};
3841
3842/*
3843 * Test that the IV in the context is updated during a crypto operation for CFB
3844 * and OFB.
3845 */
3846static int test_evp_updated_iv(int idx)
3847{
3848 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
3849 int outlen1, outlen2;
3850 int testresult = 0;
3851 unsigned char outbuf[1024];
3852 EVP_CIPHER_CTX *ctx = NULL;
3853 EVP_CIPHER *type = NULL;
3854 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
3855 int iv_len;
3856 char *errmsg = NULL;
3857
3858 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3859 errmsg = "CTX_ALLOC";
3860 goto err;
3861 }
3862 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
3863 TEST_info("cipher %s not supported, skipping", t->cipher);
3864 goto ok;
3865 }
3866
3867 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3868 errmsg = "CIPHER_INIT";
3869 goto err;
3870 }
3871 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3872 errmsg = "PADDING";
3873 goto err;
3874 }
3875 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
3876 errmsg = "CIPHER_UPDATE";
3877 goto err;
3878 }
3879 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
3880 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
3881 goto err;
3882 }
3883 if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) {
3884 errmsg = "CIPHER_CTX_GET_IV_LEN";
3885 goto err;
3886 }
3887 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
3888 errmsg = "IV_NOT_UPDATED";
3889 goto err;
3890 }
3891 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3892 errmsg = "CIPHER_FINAL";
3893 goto err;
3894 }
3895 ok:
3896 testresult = 1;
3897 err:
3898 if (errmsg != NULL)
3899 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
3900 EVP_CIPHER_CTX_free(ctx);
3901 EVP_CIPHER_free(type);
3902 return testresult;
3903}
3904
3905typedef struct {
3906 const unsigned char *iv1;
3907 const unsigned char *iv2;
3908 const unsigned char *expected1;
3909 const unsigned char *expected2;
3910 const unsigned char *tag1;
3911 const unsigned char *tag2;
3912 size_t ivlen1;
3913 size_t ivlen2;
3914 size_t expectedlen1;
3915 size_t expectedlen2;
3916} TEST_GCM_IV_REINIT_st;
3917
3918static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
3919 {
3920 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
3921 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
3922 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
3923 },
3924 {
3925 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
3926 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
3927 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
3928 }
3929};
3930
3931static int test_gcm_reinit(int idx)
3932{
3933 int outlen1, outlen2, outlen3;
3934 int testresult = 0;
3935 unsigned char outbuf[1024];
3936 unsigned char tag[16];
3937 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
3938 EVP_CIPHER_CTX *ctx = NULL;
3939 EVP_CIPHER *type = NULL;
3940 size_t taglen = sizeof(tag);
3941 char *errmsg = NULL;
3942
3943 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3944 errmsg = "CTX_ALLOC";
3945 goto err;
3946 }
3947 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
3948 errmsg = "CIPHER_FETCH";
3949 goto err;
3950 }
3951 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
3952 errmsg = "ENC_INIT";
3953 goto err;
3954 }
3955 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) {
3956 errmsg = "SET_IVLEN1";
3957 goto err;
3958 }
3959 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
3960 errmsg = "SET_IV1";
3961 goto err;
3962 }
3963 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3964 errmsg = "AAD1";
3965 goto err;
3966 }
3967 EVP_CIPHER_CTX_set_padding(ctx, 0);
3968 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3969 sizeof(gcmResetPlaintext)))) {
3970 errmsg = "CIPHER_UPDATE1";
3971 goto err;
3972 }
3973 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3974 errmsg = "CIPHER_FINAL1";
3975 goto err;
3976 }
3977 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
3978 errmsg = "WRONG_RESULT1";
3979 goto err;
3980 }
3981 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
3982 errmsg = "GET_TAG1";
3983 goto err;
3984 }
3985 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
3986 errmsg = "TAG_ERROR1";
3987 goto err;
3988 }
3989 /* Now reinit */
3990 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) {
3991 errmsg = "SET_IVLEN2";
3992 goto err;
3993 }
3994 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
3995 errmsg = "SET_IV2";
3996 goto err;
3997 }
3998 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3999 errmsg = "AAD2";
4000 goto err;
4001 }
4002 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
4003 sizeof(gcmResetPlaintext)))) {
4004 errmsg = "CIPHER_UPDATE2";
4005 goto err;
4006 }
4007 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4008 errmsg = "CIPHER_FINAL2";
4009 goto err;
4010 }
4011 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
4012 errmsg = "WRONG_RESULT2";
4013 goto err;
4014 }
4015 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4016 errmsg = "GET_TAG2";
4017 goto err;
4018 }
4019 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
4020 errmsg = "TAG_ERROR2";
4021 goto err;
4022 }
4023 testresult = 1;
4024 err:
4025 if (errmsg != NULL)
4026 TEST_info("evp_init_test %d: %s", idx, errmsg);
4027 EVP_CIPHER_CTX_free(ctx);
4028 EVP_CIPHER_free(type);
4029 return testresult;
4030}
4031
4032#ifndef OPENSSL_NO_DEPRECATED_3_0
4033static EVP_PKEY_METHOD *custom_pmeth = NULL;
4034static const EVP_PKEY_METHOD *orig_pmeth = NULL;
4035
4036# define EVP_PKEY_CTRL_MY_COMMAND 9999
4037
4038static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
4039{
4040 int (*pinit)(EVP_PKEY_CTX *ctx);
4041
4042 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
4043 return pinit(ctx);
4044}
4045
4046static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
4047{
4048 void (*pcleanup)(EVP_PKEY_CTX *ctx);
4049
4050 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
4051 pcleanup(ctx);
4052}
4053
4054static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
4055 size_t *outlen, const unsigned char *in,
4056 size_t inlen)
4057{
4058 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
4059 const unsigned char *tbs, size_t tbslen);
4060
4061 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
4062 return psign(ctx, out, outlen, in, inlen);
4063}
4064
4065static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
4066 size_t *siglen, const unsigned char *tbs,
4067 size_t tbslen)
4068{
4069 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
4070 const unsigned char *tbs, size_t tbslen);
4071
4072 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
4073 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
4074}
4075
4076static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
4077 size_t *keylen)
4078{
4079 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
4080
4081 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
4082 return pderive(ctx, key, keylen);
4083}
4084
4085static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
4086{
4087 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
4088
4089 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
4090 return pcopy(dst, src);
4091}
4092
4093static int ctrl_called;
4094
4095static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
4096{
4097 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
4098
4099 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
4100
4101 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
4102 ctrl_called = 1;
4103 return 1;
4104 }
4105
4106 return pctrl(ctx, type, p1, p2);
4107}
4108
4109static int test_custom_pmeth(int idx)
4110{
4111 EVP_PKEY_CTX *pctx = NULL;
4112 EVP_MD_CTX *ctx = NULL;
4113 EVP_PKEY *pkey = NULL;
4114 int id, orig_id, orig_flags;
4115 int testresult = 0;
4116 size_t reslen;
4117 unsigned char *res = NULL;
4118 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
4119 const EVP_MD *md = EVP_sha256();
4120 int doderive = 0;
4121
4122 ctrl_called = 0;
4123
4124 /* We call deprecated APIs so this test doesn't support a custom libctx */
4125 if (testctx != NULL)
4126 return 1;
4127
4128 switch(idx) {
4129 case 0:
4130 case 6:
4131 id = EVP_PKEY_RSA;
4132 pkey = load_example_rsa_key();
4133 break;
4134 case 1:
4135 case 7:
4136# ifndef OPENSSL_NO_DSA
4137 id = EVP_PKEY_DSA;
4138 pkey = load_example_dsa_key();
4139 break;
4140# else
4141 return 1;
4142# endif
4143 case 2:
4144 case 8:
4145# ifndef OPENSSL_NO_EC
4146 id = EVP_PKEY_EC;
4147 pkey = load_example_ec_key();
4148 break;
4149# else
4150 return 1;
4151# endif
4152 case 3:
4153 case 9:
4154# ifndef OPENSSL_NO_EC
4155 id = EVP_PKEY_ED25519;
4156 md = NULL;
4157 pkey = load_example_ed25519_key();
4158 break;
4159# else
4160 return 1;
4161# endif
4162 case 4:
4163 case 10:
4164# ifndef OPENSSL_NO_DH
4165 id = EVP_PKEY_DH;
4166 doderive = 1;
4167 pkey = load_example_dh_key();
4168 break;
4169# else
4170 return 1;
4171# endif
4172 case 5:
4173 case 11:
4174# ifndef OPENSSL_NO_EC
4175 id = EVP_PKEY_X25519;
4176 doderive = 1;
4177 pkey = load_example_x25519_key();
4178 break;
4179# else
4180 return 1;
4181# endif
4182 default:
4183 TEST_error("Should not happen");
4184 goto err;
4185 }
4186
4187 if (!TEST_ptr(pkey))
4188 goto err;
4189
4190 if (idx < 6) {
4191 if (!TEST_true(evp_pkey_is_provided(pkey)))
4192 goto err;
4193 } else {
4194 EVP_PKEY *tmp = pkey;
4195
4196 /* Convert to a legacy key */
4197 pkey = EVP_PKEY_new();
4198 if (!TEST_ptr(pkey)) {
4199 pkey = tmp;
4200 goto err;
4201 }
4202 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
4203 EVP_PKEY_free(tmp);
4204 goto err;
4205 }
4206 EVP_PKEY_free(tmp);
4207 if (!TEST_true(evp_pkey_is_legacy(pkey)))
4208 goto err;
4209 }
4210
4211 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
4212 || !TEST_ptr(pkey))
4213 goto err;
4214
4215 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
4216 if (!TEST_int_eq(orig_id, id)
4217 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
4218 goto err;
4219
4220 if (id == EVP_PKEY_ED25519) {
4221 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
4222 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
4223 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
4224 } else {
4225 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
4226 }
4227 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
4228 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
4229 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
4230 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
4231 }
4232 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
4233 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
4234 goto err;
4235
4236 if (doderive) {
4237 pctx = EVP_PKEY_CTX_new(pkey, NULL);
4238 if (!TEST_ptr(pctx)
4239 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
4240 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4241 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4242 1)
4243 || !TEST_int_eq(ctrl_called, 1)
4244 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
4245 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
4246 || !TEST_ptr(res = OPENSSL_malloc(reslen))
4247 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
4248 goto err;
4249 } else {
4250 ctx = EVP_MD_CTX_new();
4251 reslen = EVP_PKEY_size(pkey);
4252 res = OPENSSL_malloc(reslen);
4253 if (!TEST_ptr(ctx)
4254 || !TEST_ptr(res)
4255 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
4256 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4257 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4258 1)
4259 || !TEST_int_eq(ctrl_called, 1))
4260 goto err;
4261
4262 if (id == EVP_PKEY_ED25519) {
4263 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
4264 goto err;
4265 } else {
4266 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
4267 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
4268 goto err;
4269 }
4270 }
4271
4272 testresult = 1;
4273 err:
4274 OPENSSL_free(res);
4275 EVP_MD_CTX_free(ctx);
4276 if (doderive)
4277 EVP_PKEY_CTX_free(pctx);
4278 EVP_PKEY_free(pkey);
4279 EVP_PKEY_meth_remove(custom_pmeth);
4280 EVP_PKEY_meth_free(custom_pmeth);
4281 custom_pmeth = NULL;
4282 return testresult;
4283}
4284
4285static int test_evp_md_cipher_meth(void)
4286{
4287 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
4288 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
4289 int testresult = 0;
4290
4291 if (!TEST_ptr(md) || !TEST_ptr(ciph))
4292 goto err;
4293
4294 testresult = 1;
4295
4296 err:
4297 EVP_MD_meth_free(md);
4298 EVP_CIPHER_meth_free(ciph);
4299
4300 return testresult;
4301}
4302
4303typedef struct {
4304 int data;
4305} custom_dgst_ctx;
4306
4307static int custom_md_init_called = 0;
4308static int custom_md_cleanup_called = 0;
4309
4310static int custom_md_init(EVP_MD_CTX *ctx)
4311{
4312 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4313
4314 if (p == NULL)
4315 return 0;
4316
4317 custom_md_init_called++;
4318 return 1;
4319}
4320
4321static int custom_md_cleanup(EVP_MD_CTX *ctx)
4322{
4323 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4324
4325 if (p == NULL)
4326 /* Nothing to do */
4327 return 1;
4328
4329 custom_md_cleanup_called++;
4330 return 1;
4331}
4332
4333static int test_custom_md_meth(void)
4334{
4335 EVP_MD_CTX *mdctx = NULL;
4336 EVP_MD *tmp = NULL;
4337 char mess[] = "Test Message\n";
4338 unsigned char md_value[EVP_MAX_MD_SIZE];
4339 unsigned int md_len;
4340 int testresult = 0;
4341 int nid;
4342
4343 /*
4344 * We are testing deprecated functions. We don't support a non-default
4345 * library context in this test.
4346 */
4347 if (testctx != NULL)
4348 return TEST_skip("Non-default libctx");
4349
4350 custom_md_init_called = custom_md_cleanup_called = 0;
4351
4352 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
4353 if (!TEST_int_ne(nid, NID_undef))
4354 goto err;
4355 tmp = EVP_MD_meth_new(nid, NID_undef);
4356 if (!TEST_ptr(tmp))
4357 goto err;
4358
4359 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init))
4360 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup))
4361 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp,
4362 sizeof(custom_dgst_ctx))))
4363 goto err;
4364
4365 mdctx = EVP_MD_CTX_new();
4366 if (!TEST_ptr(mdctx)
4367 /*
4368 * Initing our custom md and then initing another md should
4369 * result in the init and cleanup functions of the custom md
4370 * being called.
4371 */
4372 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL))
4373 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
4374 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess)))
4375 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len))
4376 || !TEST_int_eq(custom_md_init_called, 1)
4377 || !TEST_int_eq(custom_md_cleanup_called, 1))
4378 goto err;
4379
4380 testresult = 1;
4381 err:
4382 EVP_MD_CTX_free(mdctx);
4383 EVP_MD_meth_free(tmp);
4384 return testresult;
4385}
4386
4387typedef struct {
4388 int data;
4389} custom_ciph_ctx;
4390
4391static int custom_ciph_init_called = 0;
4392static int custom_ciph_cleanup_called = 0;
4393
4394static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
4395 const unsigned char *iv, int enc)
4396{
4397 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
4398
4399 if (p == NULL)
4400 return 0;
4401
4402 custom_ciph_init_called++;
4403 return 1;
4404}
4405
4406static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx)
4407{
4408 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
4409
4410 if (p == NULL)
4411 /* Nothing to do */
4412 return 1;
4413
4414 custom_ciph_cleanup_called++;
4415 return 1;
4416}
4417
4418static int test_custom_ciph_meth(void)
4419{
4420 EVP_CIPHER_CTX *ciphctx = NULL;
4421 EVP_CIPHER *tmp = NULL;
4422 int testresult = 0;
4423 int nid;
4424
4425 /*
4426 * We are testing deprecated functions. We don't support a non-default
4427 * library context in this test.
4428 */
4429 if (testctx != NULL)
4430 return TEST_skip("Non-default libctx");
4431
4432 custom_ciph_init_called = custom_ciph_cleanup_called = 0;
4433
4434 nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph");
4435 if (!TEST_int_ne(nid, NID_undef))
4436 goto err;
4437 tmp = EVP_CIPHER_meth_new(nid, 16, 16);
4438 if (!TEST_ptr(tmp))
4439 goto err;
4440
4441 if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init))
4442 || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT))
4443 || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup))
4444 || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp,
4445 sizeof(custom_ciph_ctx))))
4446 goto err;
4447
4448 ciphctx = EVP_CIPHER_CTX_new();
4449 if (!TEST_ptr(ciphctx)
4450 /*
4451 * Initing our custom cipher and then initing another cipher
4452 * should result in the init and cleanup functions of the custom
4453 * cipher being called.
4454 */
4455 || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1))
4456 || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL,
4457 NULL, NULL, 1))
4458 || !TEST_int_eq(custom_ciph_init_called, 1)
4459 || !TEST_int_eq(custom_ciph_cleanup_called, 1))
4460 goto err;
4461
4462 testresult = 1;
4463 err:
4464 EVP_CIPHER_CTX_free(ciphctx);
4465 EVP_CIPHER_meth_free(tmp);
4466 return testresult;
4467}
4468
4469# ifndef OPENSSL_NO_DYNAMIC_ENGINE
4470/* Test we can create a signature keys with an associated ENGINE */
4471static int test_signatures_with_engine(int tst)
4472{
4473 ENGINE *e;
4474 const char *engine_id = "dasync";
4475 EVP_PKEY *pkey = NULL;
4476 const unsigned char badcmackey[] = { 0x00, 0x01 };
4477 const unsigned char cmackey[] = {
4478 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4479 0x0c, 0x0d, 0x0e, 0x0f
4480 };
4481 const unsigned char ed25519key[] = {
4482 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4483 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4484 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
4485 };
4486 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4487 int testresult = 0;
4488 EVP_MD_CTX *ctx = NULL;
4489 unsigned char *mac = NULL;
4490 size_t maclen = 0;
4491 int ret;
4492
4493# ifdef OPENSSL_NO_CMAC
4494 /* Skip CMAC tests in a no-cmac build */
4495 if (tst <= 1)
4496 return 1;
4497# endif
4498
4499 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4500 return 0;
4501
4502 if (!TEST_true(ENGINE_init(e))) {
4503 ENGINE_free(e);
4504 return 0;
4505 }
4506
4507 switch (tst) {
4508 case 0:
4509 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
4510 EVP_aes_128_cbc());
4511 break;
4512 case 1:
4513 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
4514 EVP_aes_128_cbc());
4515 break;
4516 case 2:
4517 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
4518 sizeof(ed25519key));
4519 break;
4520 default:
4521 TEST_error("Invalid test case");
4522 goto err;
4523 }
4524 if (!TEST_ptr(pkey))
4525 goto err;
4526
4527 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
4528 goto err;
4529
4530 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
4531 pkey);
4532 if (tst == 0) {
4533 if (!TEST_true(ret))
4534 goto err;
4535
4536 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
4537 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
4538 goto err;
4539
4540 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
4541 goto err;
4542
4543 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
4544 goto err;
4545 } else {
4546 /* We used a bad key. We expect a failure here */
4547 if (!TEST_false(ret))
4548 goto err;
4549 }
4550
4551 testresult = 1;
4552 err:
4553 EVP_MD_CTX_free(ctx);
4554 OPENSSL_free(mac);
4555 EVP_PKEY_free(pkey);
4556 ENGINE_finish(e);
4557 ENGINE_free(e);
4558
4559 return testresult;
4560}
4561
4562static int test_cipher_with_engine(void)
4563{
4564 ENGINE *e;
4565 const char *engine_id = "dasync";
4566 const unsigned char keyiv[] = {
4567 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4568 0x0c, 0x0d, 0x0e, 0x0f
4569 };
4570 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4571 int testresult = 0;
4572 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
4573 unsigned char buf[AES_BLOCK_SIZE];
4574 int len = 0;
4575
4576 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4577 return 0;
4578
4579 if (!TEST_true(ENGINE_init(e))) {
4580 ENGINE_free(e);
4581 return 0;
4582 }
4583
4584 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4585 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
4586 goto err;
4587
4588 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
4589 goto err;
4590
4591 /* Copy the ctx, and complete the operation with the new ctx */
4592 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
4593 goto err;
4594
4595 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
4596 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
4597 goto err;
4598
4599 testresult = 1;
4600 err:
4601 EVP_CIPHER_CTX_free(ctx);
4602 EVP_CIPHER_CTX_free(ctx2);
4603 ENGINE_finish(e);
4604 ENGINE_free(e);
4605
4606 return testresult;
4607}
4608# endif /* OPENSSL_NO_DYNAMIC_ENGINE */
4609#endif /* OPENSSL_NO_DEPRECATED_3_0 */
4610
4611static int ecxnids[] = {
4612 NID_X25519,
4613 NID_X448,
4614 NID_ED25519,
4615 NID_ED448
4616};
4617
4618/* Test that creating ECX keys with a short private key fails as expected */
4619static int test_ecx_short_keys(int tst)
4620{
4621 unsigned char ecxkeydata = 1;
4622 EVP_PKEY *pkey;
4623
4624
4625 pkey = EVP_PKEY_new_raw_private_key(ecxnids[tst], NULL, &ecxkeydata, 1);
4626 if (!TEST_ptr_null(pkey)) {
4627 EVP_PKEY_free(pkey);
4628 return 0;
4629 }
4630 return 1;
4631}
4632
4633typedef enum OPTION_choice {
4634 OPT_ERR = -1,
4635 OPT_EOF = 0,
4636 OPT_CONTEXT,
4637 OPT_TEST_ENUM
4638} OPTION_CHOICE;
4639
4640const OPTIONS *test_get_options(void)
4641{
4642 static const OPTIONS options[] = {
4643 OPT_TEST_OPTIONS_DEFAULT_USAGE,
4644 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
4645 { NULL }
4646 };
4647 return options;
4648}
4649
4650int setup_tests(void)
4651{
4652 OPTION_CHOICE o;
4653
4654 while ((o = opt_next()) != OPT_EOF) {
4655 switch (o) {
4656 case OPT_CONTEXT:
4657 /* Set up an alternate library context */
4658 testctx = OSSL_LIB_CTX_new();
4659 if (!TEST_ptr(testctx))
4660 return 0;
4661 /* Swap the libctx to test non-default context only */
4662 nullprov = OSSL_PROVIDER_load(NULL, "null");
4663 deflprov = OSSL_PROVIDER_load(testctx, "default");
4664 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
4665 break;
4666 case OPT_TEST_CASES:
4667 break;
4668 default:
4669 return 0;
4670 }
4671 }
4672
4673 ADD_TEST(test_EVP_set_default_properties);
4674 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
4675 ADD_TEST(test_EVP_DigestVerifyInit);
4676#ifndef OPENSSL_NO_SIPHASH
4677 ADD_TEST(test_siphash_digestsign);
4678#endif
4679 ADD_TEST(test_EVP_Digest);
4680 ADD_TEST(test_EVP_md_null);
4681 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
4682 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
4683 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
4684 ADD_TEST(test_privatekey_to_pkcs8);
4685 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
4686#ifndef OPENSSL_NO_EC
4687 ADD_TEST(test_EVP_PKCS82PKEY);
4688#endif
4689#ifndef OPENSSL_NO_EC
4690 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
4691#endif
4692#if !defined(OPENSSL_NO_SM2)
4693 ADD_TEST(test_EVP_SM2);
4694 ADD_TEST(test_EVP_SM2_verify);
4695#endif
4696 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
4697#ifndef OPENSSL_NO_DEPRECATED_3_0
4698 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
4699 if (!TEST_ptr(custom_pmeth))
4700 return 0;
4701 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
4702 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
4703 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
4704 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
4705 return 0;
4706#endif
4707 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
4708#ifndef OPENSSL_NO_CMAC
4709 ADD_TEST(test_CMAC_keygen);
4710#endif
4711 ADD_TEST(test_HKDF);
4712 ADD_TEST(test_emptyikm_HKDF);
4713#ifndef OPENSSL_NO_EC
4714 ADD_TEST(test_X509_PUBKEY_inplace);
4715 ADD_TEST(test_X509_PUBKEY_dup);
4716 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
4717 OSSL_NELEM(ec_der_pub_keys));
4718#endif
4719#ifndef OPENSSL_NO_DSA
4720 ADD_TEST(test_DSA_get_set_params);
4721 ADD_TEST(test_DSA_priv_pub);
4722#endif
4723 ADD_TEST(test_RSA_get_set_params);
4724 ADD_TEST(test_RSA_OAEP_set_get_params);
4725#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
4726 ADD_TEST(test_decrypt_null_chunks);
4727#endif
4728#ifndef OPENSSL_NO_DH
4729 ADD_TEST(test_DH_priv_pub);
4730# ifndef OPENSSL_NO_DEPRECATED_3_0
4731 ADD_TEST(test_EVP_PKEY_set1_DH);
4732# endif
4733#endif
4734#ifndef OPENSSL_NO_EC
4735 ADD_TEST(test_EC_priv_pub);
4736# ifndef OPENSSL_NO_DEPRECATED_3_0
4737 ADD_TEST(test_EC_priv_only_legacy);
4738# endif
4739#endif
4740 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
4741 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
4742
4743 ADD_TEST(test_rand_agglomeration);
4744 ADD_ALL_TESTS(test_evp_iv_aes, 12);
4745#ifndef OPENSSL_NO_DES
4746 ADD_ALL_TESTS(test_evp_iv_des, 6);
4747#endif
4748#ifndef OPENSSL_NO_BF
4749 ADD_ALL_TESTS(test_evp_bf_default_keylen, 4);
4750#endif
4751 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
4752 ADD_TEST(test_EVP_rsa_pss_set_saltlen);
4753#ifndef OPENSSL_NO_EC
4754 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
4755#endif
4756
4757 ADD_TEST(test_names_do_all);
4758
4759 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
4760 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
4761 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
4762 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
4763
4764#ifndef OPENSSL_NO_DEPRECATED_3_0
4765 ADD_ALL_TESTS(test_custom_pmeth, 12);
4766 ADD_TEST(test_evp_md_cipher_meth);
4767 ADD_TEST(test_custom_md_meth);
4768 ADD_TEST(test_custom_ciph_meth);
4769
4770# ifndef OPENSSL_NO_DYNAMIC_ENGINE
4771 /* Tests only support the default libctx */
4772 if (testctx == NULL) {
4773# ifndef OPENSSL_NO_EC
4774 ADD_ALL_TESTS(test_signatures_with_engine, 3);
4775# else
4776 ADD_ALL_TESTS(test_signatures_with_engine, 2);
4777# endif
4778 ADD_TEST(test_cipher_with_engine);
4779 }
4780# endif
4781#endif
4782
4783 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
4784
4785 return 1;
4786}
4787
4788void cleanup_tests(void)
4789{
4790 OSSL_PROVIDER_unload(nullprov);
4791 OSSL_PROVIDER_unload(deflprov);
4792 OSSL_PROVIDER_unload(lgcyprov);
4793 OSSL_LIB_CTX_free(testctx);
4794}
注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette