VirtualBox

source: vbox/trunk/src/libs/openssl-3.1.4/test/evp_extra_test.c@ 103050

最後變更 在這個檔案從103050是 102863,由 vboxsync 提交於 10 月 前

openssl-3.1.4: Applied and adjusted our OpenSSL changes to 3.1.3. bugref:10577
檔案大小: 175.2 KB
 
1/*
2 * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/* We need to use some deprecated APIs */
11#define OPENSSL_SUPPRESS_DEPRECATED
12
13#include <stdio.h>
14#include <stdlib.h>
15#include <string.h>
16#include <openssl/bio.h>
17#include <openssl/conf.h>
18#include <openssl/crypto.h>
19#include <openssl/err.h>
20#include <openssl/evp.h>
21#include <openssl/x509.h>
22#include <openssl/pem.h>
23#include <openssl/kdf.h>
24#include <openssl/provider.h>
25#include <openssl/core_names.h>
26#include <openssl/params.h>
27#include <openssl/param_build.h>
28#include <openssl/dsa.h>
29#include <openssl/dh.h>
30#include <openssl/aes.h>
31#include <openssl/decoder.h>
32#include <openssl/rsa.h>
33#include <openssl/engine.h>
34#include <openssl/proverr.h>
35#include "testutil.h"
36#include "internal/nelem.h"
37#include "internal/sizes.h"
38#include "crypto/evp.h"
39
40static OSSL_LIB_CTX *testctx = NULL;
41static char *testpropq = NULL;
42
43static OSSL_PROVIDER *nullprov = NULL;
44static OSSL_PROVIDER *deflprov = NULL;
45static OSSL_PROVIDER *lgcyprov = NULL;
46
47/*
48 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
49 * should never use this key anywhere but in an example.
50 */
51static const unsigned char kExampleRSAKeyDER[] = {
52 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
53 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
54 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
55 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
56 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
57 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
58 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
59 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
60 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
61 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
62 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
63 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
64 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
65 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
66 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
67 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
68 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
69 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
70 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
71 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
72 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
73 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
74 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
75 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
76 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
77 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
78 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
79 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
80 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
81 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
82 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
83 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
84 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
85 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
86 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
87 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
88 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
89 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
90 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
91 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
92 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
93 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
94 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
95 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
96 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
97 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
98 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
99 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
100 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
101 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
102 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
103};
104
105/*
106* kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
107 * should never use this key anywhere but in an example.
108 */
109#ifndef OPENSSL_NO_DSA
110static const unsigned char kExampleDSAKeyDER[] = {
111 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
112 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
113 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
114 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
115 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
116 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
117 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
118 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
119 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
120 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
121 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
122 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
123 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
124 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
125 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
126 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
127 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
128 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
129 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
130 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
131 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
132 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
133 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
134 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
135 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
136 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
137 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
138 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
139 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
140 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
141 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
142 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
143 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
144 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
145 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
146 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
147 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
148 0x40, 0x48
149};
150#endif
151
152/*
153 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
154 * components are not correct.
155 */
156static const unsigned char kExampleBadRSAKeyDER[] = {
157 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
158 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
159 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
160 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
161 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
162 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
163 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
164 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
165 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
166 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
167 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
168 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
169 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
170 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
171 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
172 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
173 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
174 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
175 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
176 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
177 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
178 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
179 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
180 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
181 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
182 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
183 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
184 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
185 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
186 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
187 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
188 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
189 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
190 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
191 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
192 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
193 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
194 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
195 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
196 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
197 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
198 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
199 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
200 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
201 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
202 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
203 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
204 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
205 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
206 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
207 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
208 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
209 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
210 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
211 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
212 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
213 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
214 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
215 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
216 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
217 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
218 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
219 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
220 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
221 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
222 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
223 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
224 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
225 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
226 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
227 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
228 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
229 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
230 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
231 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
232 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
233 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
234 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
235 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
236 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
237 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
238 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
239 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
240 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
241 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
242 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
243 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
244 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
245 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
246};
247
248/*
249 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All
250 * values are 0.
251 */
252static const unsigned char kExampleBad2RSAKeyDER[] = {
253 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
254 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
255 0x01, 0x00, 0x02, 0x01, 0x00
256};
257
258static const unsigned char kMsg[] = { 1, 2, 3, 4 };
259
260static const unsigned char kSignature[] = {
261 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
262 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
263 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
264 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
265 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
266 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
267 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
268 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
269 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
270 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
271 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
272};
273
274/*
275 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
276 * PrivateKeyInfo.
277 */
278static const unsigned char kExampleRSAKeyPKCS8[] = {
279 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
280 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
281 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
282 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
283 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
284 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
285 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
286 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
287 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
288 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
289 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
290 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
291 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
292 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
293 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
294 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
295 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
296 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
297 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
298 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
299 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
300 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
301 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
302 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
303 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
304 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
305 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
306 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
307 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
308 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
309 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
310 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
311 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
312 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
313 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
314 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
315 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
316 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
317 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
318 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
319 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
320 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
321 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
322 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
323 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
324 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
325 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
326 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
327 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
328 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
329 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
330 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
331 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
332};
333
334#ifndef OPENSSL_NO_EC
335/*
336 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
337 * structure.
338 */
339static const unsigned char kExampleECKeyDER[] = {
340 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
341 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
342 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
343 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
344 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
345 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
346 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
347 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
348 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
349 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
350 0xc1,
351};
352
353/*
354 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
355 * structure. The private key is equal to the order and will fail to import
356 */
357static const unsigned char kExampleBadECKeyDER[] = {
358 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
359 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
360 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
361 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
362 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
363 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
364 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
365 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
366 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
367};
368
369/* prime256v1 */
370static const unsigned char kExampleECPubKeyDER[] = {
371 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
372 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
373 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
374 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
375 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
376 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
377 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
378 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
379};
380
381/*
382 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
383 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
384 */
385static const unsigned char kExampleBadECPubKeyDER[] = {
386 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
387 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
388 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
389 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
390 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
391 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
392 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
393 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
394};
395
396static const unsigned char pExampleECParamDER[] = {
397 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
398};
399
400static const unsigned char kExampleED25519KeyDER[] = {
401 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
402 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
403 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
404 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
405};
406
407static const unsigned char kExampleED25519PubKeyDER[] = {
408 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
409 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
410 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
411 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
412};
413
414# ifndef OPENSSL_NO_DEPRECATED_3_0
415static const unsigned char kExampleX25519KeyDER[] = {
416 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
417 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
418 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
419 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
420};
421# endif
422#endif
423
424/* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
425#ifndef OPENSSL_NO_DEPRECATED_3_0
426# ifndef OPENSSL_NO_DH
427static const unsigned char kExampleDHKeyDER[] = {
428 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
429 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
430 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
431 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
432 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
433 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
434 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
435 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
436 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
437 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
438 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
439 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
440 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
441 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
442 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
443 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
444 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
445 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
446 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
447 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
448 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
449 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
450 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
451 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
452 0x2e, 0x87, 0x2a, 0x0b, 0x7a
453};
454# endif
455#endif
456
457static const unsigned char kCFBDefaultKey[] = {
458 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
459 0x09, 0xCF, 0x4F, 0x3C
460};
461
462static const unsigned char kGCMDefaultKey[32] = { 0 };
463
464static const unsigned char kGCMResetKey[] = {
465 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
466 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
467 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
468};
469
470static const unsigned char iCFBIV[] = {
471 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
472 0x0C, 0x0D, 0x0E, 0x0F
473};
474
475static const unsigned char iGCMDefaultIV[12] = { 0 };
476
477static const unsigned char iGCMResetIV1[] = {
478 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
479};
480
481static const unsigned char iGCMResetIV2[] = {
482 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
483};
484
485static const unsigned char cfbPlaintext[] = {
486 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
487 0x73, 0x93, 0x17, 0x2A
488};
489
490static const unsigned char gcmDefaultPlaintext[16] = { 0 };
491
492static const unsigned char gcmResetPlaintext[] = {
493 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
494 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
495 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
496 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
497 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
498};
499
500static const unsigned char cfbCiphertext[] = {
501 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
502 0xE8, 0x3C, 0xFB, 0x4A
503};
504
505static const unsigned char gcmDefaultCiphertext[] = {
506 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
507 0xba, 0xf3, 0x9d, 0x18
508};
509
510static const unsigned char gcmResetCiphertext1[] = {
511 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
512 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
513 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
514 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
515 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
516};
517
518static const unsigned char gcmResetCiphertext2[] = {
519 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
520 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
521 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
522 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
523 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
524};
525
526static const unsigned char gcmAAD[] = {
527 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
528 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
529};
530
531static const unsigned char gcmDefaultTag[] = {
532 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
533 0xd4, 0x8a, 0xb9, 0x19
534};
535
536static const unsigned char gcmResetTag1[] = {
537 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
538 0xfe, 0x2e, 0xa8, 0xf2
539};
540
541static const unsigned char gcmResetTag2[] = {
542 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
543 0xbb, 0x2d, 0x55, 0x1b
544};
545
546typedef struct APK_DATA_st {
547 const unsigned char *kder;
548 size_t size;
549 const char *keytype;
550 int evptype;
551 int check;
552 int pub_check;
553 int param_check;
554 int type; /* 0 for private, 1 for public, 2 for params */
555} APK_DATA;
556
557static APK_DATA keydata[] = {
558 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
559 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
560#ifndef OPENSSL_NO_EC
561 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
562#endif
563};
564
565static APK_DATA keycheckdata[] = {
566 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
567 0},
568 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
569 0, 1, 1, 0},
570 {kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA,
571 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0},
572#ifndef OPENSSL_NO_EC
573 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
574 /* group is also associated in our pub key */
575 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
576 1, 1},
577 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
578 2},
579 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
580 EVP_PKEY_ED25519, 1, 1, 1, 0},
581 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
582 EVP_PKEY_ED25519, 0, 1, 1, 1},
583#endif
584};
585
586static EVP_PKEY *load_example_key(const char *keytype,
587 const unsigned char *data, size_t data_len)
588{
589 const unsigned char **pdata = &data;
590 EVP_PKEY *pkey = NULL;
591 OSSL_DECODER_CTX *dctx =
592 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
593 testctx, testpropq);
594
595 /* |pkey| will be NULL on error */
596 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
597 OSSL_DECODER_CTX_free(dctx);
598 return pkey;
599}
600
601static EVP_PKEY *load_example_rsa_key(void)
602{
603 return load_example_key("RSA", kExampleRSAKeyDER,
604 sizeof(kExampleRSAKeyDER));
605}
606
607#ifndef OPENSSL_NO_DSA
608static EVP_PKEY *load_example_dsa_key(void)
609{
610 return load_example_key("DSA", kExampleDSAKeyDER,
611 sizeof(kExampleDSAKeyDER));
612}
613#endif
614
615#ifndef OPENSSL_NO_EC
616static EVP_PKEY *load_example_ec_key(void)
617{
618 return load_example_key("EC", kExampleECKeyDER,
619 sizeof(kExampleECKeyDER));
620}
621#endif
622
623#ifndef OPENSSL_NO_DEPRECATED_3_0
624# ifndef OPENSSL_NO_DH
625static EVP_PKEY *load_example_dh_key(void)
626{
627 return load_example_key("DH", kExampleDHKeyDER,
628 sizeof(kExampleDHKeyDER));
629}
630# endif
631
632# ifndef OPENSSL_NO_EC
633static EVP_PKEY *load_example_ed25519_key(void)
634{
635 return load_example_key("ED25519", kExampleED25519KeyDER,
636 sizeof(kExampleED25519KeyDER));
637}
638
639static EVP_PKEY *load_example_x25519_key(void)
640{
641 return load_example_key("X25519", kExampleX25519KeyDER,
642 sizeof(kExampleX25519KeyDER));
643}
644# endif
645#endif /* OPENSSL_NO_DEPRECATED_3_0 */
646
647static EVP_PKEY *load_example_hmac_key(void)
648{
649 EVP_PKEY *pkey = NULL;
650 unsigned char key[] = {
651 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
652 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
653 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
654 };
655
656 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
657 NULL, key, sizeof(key));
658 if (!TEST_ptr(pkey))
659 return NULL;
660
661 return pkey;
662}
663
664static int test_EVP_set_default_properties(void)
665{
666 OSSL_LIB_CTX *ctx;
667 EVP_MD *md = NULL;
668 int res = 0;
669
670 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
671 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
672 goto err;
673 EVP_MD_free(md);
674 md = NULL;
675
676 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
677 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
678 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
679 goto err;
680 EVP_MD_free(md);
681 md = NULL;
682
683 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
684 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
685 goto err;
686 res = 1;
687err:
688 EVP_MD_free(md);
689 OSSL_LIB_CTX_free(ctx);
690 return res;
691}
692
693#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
694static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
695{
696 EVP_PKEY_CTX *pctx = NULL;
697 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL;
698
699 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
700 goto err;
701 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
702 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
703 params), 0))
704 goto err;
705
706 if (!TEST_ptr(tmp_pkey))
707 goto err;
708
709 pkey = tmp_pkey;
710 tmp_pkey = NULL;
711 err:
712 EVP_PKEY_free(tmp_pkey);
713 EVP_PKEY_CTX_free(pctx);
714 return pkey;
715}
716
717static int test_selection(EVP_PKEY *pkey, int selection)
718{
719 int testresult = 0;
720 int ret;
721 BIO *bio = BIO_new(BIO_s_mem());
722
723 ret = PEM_write_bio_PUBKEY(bio, pkey);
724 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
725 if (!TEST_true(ret))
726 goto err;
727 } else {
728 if (!TEST_false(ret))
729 goto err;
730 }
731 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
732 testctx, NULL);
733 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
734 if (!TEST_true(ret))
735 goto err;
736 } else {
737 if (!TEST_false(ret))
738 goto err;
739 }
740
741 testresult = 1;
742 err:
743 BIO_free(bio);
744
745 return testresult;
746}
747#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
748
749/*
750 * Test combinations of private, public, missing and private + public key
751 * params to ensure they are all accepted
752 */
753#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
754static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
755{
756 OSSL_PARAM_BLD *bld = NULL;
757 OSSL_PARAM *params = NULL;
758 EVP_PKEY *just_params = NULL;
759 EVP_PKEY *params_and_priv = NULL;
760 EVP_PKEY *params_and_pub = NULL;
761 EVP_PKEY *params_and_keypair = NULL;
762 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
763 int ret = 0;
764
765 /*
766 * Setup the parameters for our pkey object. For our purposes they don't
767 * have to actually be *valid* parameters. We just need to set something.
768 */
769 if (!TEST_ptr(p = BN_new())
770 || !TEST_ptr(q = BN_new())
771 || !TEST_ptr(g = BN_new())
772 || !TEST_ptr(pub = BN_new())
773 || !TEST_ptr(priv = BN_new()))
774 goto err;
775
776 /* Test !priv and !pub */
777 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
778 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
779 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
780 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
781 goto err;
782 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
783 || !TEST_ptr(just_params = make_key_fromdata(keytype, params)))
784 goto err;
785
786 OSSL_PARAM_free(params);
787 OSSL_PARAM_BLD_free(bld);
788 params = NULL;
789 bld = NULL;
790
791 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
792 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
793 goto err;
794
795 /* Test priv and !pub */
796 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
797 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
798 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
799 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
800 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
801 priv)))
802 goto err;
803 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
804 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params)))
805 goto err;
806
807 OSSL_PARAM_free(params);
808 OSSL_PARAM_BLD_free(bld);
809 params = NULL;
810 bld = NULL;
811
812 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
813 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
814 goto err;
815
816 /* Test !priv and pub */
817 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
818 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
819 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
820 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
821 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
822 pub)))
823 goto err;
824 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
825 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params)))
826 goto err;
827
828 OSSL_PARAM_free(params);
829 OSSL_PARAM_BLD_free(bld);
830 params = NULL;
831 bld = NULL;
832
833 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
834 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
835 goto err;
836
837 /* Test priv and pub */
838 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
839 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
840 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
841 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
842 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
843 pub))
844 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
845 priv)))
846 goto err;
847 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
848 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params)))
849 goto err;
850
851 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
852 goto err;
853
854 ret = 1;
855 err:
856 OSSL_PARAM_free(params);
857 OSSL_PARAM_BLD_free(bld);
858 EVP_PKEY_free(just_params);
859 EVP_PKEY_free(params_and_priv);
860 EVP_PKEY_free(params_and_pub);
861 EVP_PKEY_free(params_and_keypair);
862 BN_free(p);
863 BN_free(q);
864 BN_free(g);
865 BN_free(pub);
866 BN_free(priv);
867
868 return ret;
869}
870#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
871
872/*
873 * Test combinations of private, public, missing and private + public key
874 * params to ensure they are all accepted for EC keys
875 */
876#ifndef OPENSSL_NO_EC
877static unsigned char ec_priv[] = {
878 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
879 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
880 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
881};
882static unsigned char ec_pub[] = {
883 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
884 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
885 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
886 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
887 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
888 0x08, 0x09, 0xb8, 0xdb, 0x03
889};
890
891static int test_EC_priv_pub(void)
892{
893 OSSL_PARAM_BLD *bld = NULL;
894 OSSL_PARAM *params = NULL;
895 EVP_PKEY *just_params = NULL;
896 EVP_PKEY *params_and_priv = NULL;
897 EVP_PKEY *params_and_pub = NULL;
898 EVP_PKEY *params_and_keypair = NULL;
899 BIGNUM *priv = NULL;
900 int ret = 0;
901 unsigned char *encoded = NULL;
902 size_t len = 0;
903 unsigned char buffer[128];
904
905 /*
906 * Setup the parameters for our pkey object. For our purposes they don't
907 * have to actually be *valid* parameters. We just need to set something.
908 */
909 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
910 goto err;
911
912 /* Test !priv and !pub */
913 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
914 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
915 OSSL_PKEY_PARAM_GROUP_NAME,
916 "P-256", 0)))
917 goto err;
918 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
919 || !TEST_ptr(just_params = make_key_fromdata("EC", params)))
920 goto err;
921
922 OSSL_PARAM_free(params);
923 OSSL_PARAM_BLD_free(bld);
924 params = NULL;
925 bld = NULL;
926
927 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
928 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
929 goto err;
930
931 /* Test priv and !pub */
932 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
933 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
934 OSSL_PKEY_PARAM_GROUP_NAME,
935 "P-256", 0))
936 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
937 priv)))
938 goto err;
939 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
940 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params)))
941 goto err;
942
943 OSSL_PARAM_free(params);
944 OSSL_PARAM_BLD_free(bld);
945 params = NULL;
946 bld = NULL;
947
948 /*
949 * We indicate only parameters here, in spite of having built a key that
950 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
951 * expected to fail because it does not support exporting a private EC
952 * key without a corresponding public key
953 */
954 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
955 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
956 goto err;
957
958 /* Test !priv and pub */
959 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
960 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
961 OSSL_PKEY_PARAM_GROUP_NAME,
962 "P-256", 0))
963 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
964 OSSL_PKEY_PARAM_PUB_KEY,
965 ec_pub, sizeof(ec_pub))))
966 goto err;
967 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
968 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params)))
969 goto err;
970
971 OSSL_PARAM_free(params);
972 OSSL_PARAM_BLD_free(bld);
973 params = NULL;
974 bld = NULL;
975
976 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
977 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
978 goto err;
979
980 /* Test priv and pub */
981 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
982 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
983 OSSL_PKEY_PARAM_GROUP_NAME,
984 "P-256", 0))
985 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
986 OSSL_PKEY_PARAM_PUB_KEY,
987 ec_pub, sizeof(ec_pub)))
988 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
989 priv)))
990 goto err;
991 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
992 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params)))
993 goto err;
994
995 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
996 goto err;
997
998 /* Try key equality */
999 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0)
1000 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub),
1001 0)
1002 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv),
1003 0)
1004 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair),
1005 0)
1006 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0)
1007 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0)
1008 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0)
1009 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0))
1010 goto err;
1011
1012 /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */
1013 if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0))
1014 goto err;
1015 OPENSSL_free(encoded);
1016 encoded = NULL;
1017 if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) {
1018 OPENSSL_free(encoded);
1019 encoded = NULL;
1020 goto err;
1021 }
1022
1023 /* Positive and negative testcase for EVP_PKEY_get_octet_string_param */
1024 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1025 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1026 buffer, sizeof(buffer), &len), 1)
1027 || !TEST_int_eq(len, 65))
1028 goto err;
1029
1030 len = 0;
1031 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1032 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1033 NULL, 0, &len), 1)
1034 || !TEST_int_eq(len, 65))
1035 goto err;
1036
1037 /* too-short buffer len*/
1038 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1039 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1040 buffer, 10, &len), 0))
1041 goto err;
1042
1043 ret = 1;
1044 err:
1045 OSSL_PARAM_free(params);
1046 OSSL_PARAM_BLD_free(bld);
1047 EVP_PKEY_free(just_params);
1048 EVP_PKEY_free(params_and_priv);
1049 EVP_PKEY_free(params_and_pub);
1050 EVP_PKEY_free(params_and_keypair);
1051 BN_free(priv);
1052
1053 return ret;
1054}
1055
1056/* Test that using a legacy EC key with only a private key in it works */
1057# ifndef OPENSSL_NO_DEPRECATED_3_0
1058static int test_EC_priv_only_legacy(void)
1059{
1060 BIGNUM *priv = NULL;
1061 int ret = 0;
1062 EC_KEY *eckey = NULL;
1063 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
1064 EVP_MD_CTX *ctx = NULL;
1065
1066 /* Create the low level EC_KEY */
1067 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1068 goto err;
1069
1070 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1071 if (!TEST_ptr(eckey))
1072 goto err;
1073
1074 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1075 goto err;
1076
1077 pkey = EVP_PKEY_new();
1078 if (!TEST_ptr(pkey))
1079 goto err;
1080
1081 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1082 goto err;
1083 eckey = NULL;
1084
1085 while (dup_pk == NULL) {
1086 ret = 0;
1087 ctx = EVP_MD_CTX_new();
1088 if (!TEST_ptr(ctx))
1089 goto err;
1090
1091 /*
1092 * The EVP_DigestSignInit function should create the key on the
1093 * provider side which is sufficient for this test.
1094 */
1095 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
1096 testpropq, pkey, NULL)))
1097 goto err;
1098 EVP_MD_CTX_free(ctx);
1099 ctx = NULL;
1100
1101 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
1102 goto err;
1103 /* EVP_PKEY_eq() returns -2 with missing public keys */
1104 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
1105 EVP_PKEY_free(pkey);
1106 pkey = dup_pk;
1107 if (!ret)
1108 goto err;
1109 }
1110
1111 err:
1112 EVP_MD_CTX_free(ctx);
1113 EVP_PKEY_free(pkey);
1114 EC_KEY_free(eckey);
1115 BN_free(priv);
1116
1117 return ret;
1118}
1119# endif /* OPENSSL_NO_DEPRECATED_3_0 */
1120#endif /* OPENSSL_NO_EC */
1121
1122static int test_EVP_PKEY_sign(int tst)
1123{
1124 int ret = 0;
1125 EVP_PKEY *pkey = NULL;
1126 unsigned char *sig = NULL;
1127 size_t sig_len = 0, shortsig_len = 1;
1128 EVP_PKEY_CTX *ctx = NULL;
1129 unsigned char tbs[] = {
1130 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1131 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1132 };
1133
1134 if (tst == 0 ) {
1135 if (!TEST_ptr(pkey = load_example_rsa_key()))
1136 goto out;
1137 } else if (tst == 1) {
1138#ifndef OPENSSL_NO_DSA
1139 if (!TEST_ptr(pkey = load_example_dsa_key()))
1140 goto out;
1141#else
1142 ret = 1;
1143 goto out;
1144#endif
1145 } else {
1146#ifndef OPENSSL_NO_EC
1147 if (!TEST_ptr(pkey = load_example_ec_key()))
1148 goto out;
1149#else
1150 ret = 1;
1151 goto out;
1152#endif
1153 }
1154
1155 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1156 if (!TEST_ptr(ctx)
1157 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1158 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1159 sizeof(tbs)), 0))
1160 goto out;
1161 sig = OPENSSL_malloc(sig_len);
1162 if (!TEST_ptr(sig)
1163 /* Test sending a signature buffer that is too short is rejected */
1164 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1165 sizeof(tbs)), 0)
1166 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1167 0)
1168 /* Test the signature round-trips */
1169 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1170 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1171 0))
1172 goto out;
1173
1174 ret = 1;
1175 out:
1176 EVP_PKEY_CTX_free(ctx);
1177 OPENSSL_free(sig);
1178 EVP_PKEY_free(pkey);
1179 return ret;
1180}
1181
1182#ifndef OPENSSL_NO_DEPRECATED_3_0
1183static int test_EVP_PKEY_sign_with_app_method(int tst)
1184{
1185 int ret = 0;
1186 EVP_PKEY *pkey = NULL;
1187 RSA *rsa = NULL;
1188 RSA_METHOD *rsa_meth = NULL;
1189#ifndef OPENSSL_NO_DSA
1190 DSA *dsa = NULL;
1191 DSA_METHOD *dsa_meth = NULL;
1192#endif
1193 unsigned char *sig = NULL;
1194 size_t sig_len = 0, shortsig_len = 1;
1195 EVP_PKEY_CTX *ctx = NULL;
1196 unsigned char tbs[] = {
1197 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1198 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1199 };
1200
1201 if (tst == 0) {
1202 if (!TEST_ptr(pkey = load_example_rsa_key()))
1203 goto out;
1204 if (!TEST_ptr(rsa_meth = RSA_meth_dup(RSA_get_default_method())))
1205 goto out;
1206
1207 if (!TEST_ptr(rsa = EVP_PKEY_get1_RSA(pkey))
1208 || !TEST_int_gt(RSA_set_method(rsa, rsa_meth), 0)
1209 || !TEST_int_gt(EVP_PKEY_assign_RSA(pkey, rsa), 0))
1210 goto out;
1211 rsa = NULL; /* now owned by the pkey */
1212 } else {
1213#ifndef OPENSSL_NO_DSA
1214 if (!TEST_ptr(pkey = load_example_dsa_key()))
1215 goto out;
1216 if (!TEST_ptr(dsa_meth = DSA_meth_dup(DSA_get_default_method())))
1217 goto out;
1218
1219 if (!TEST_ptr(dsa = EVP_PKEY_get1_DSA(pkey))
1220 || !TEST_int_gt(DSA_set_method(dsa, dsa_meth), 0)
1221 || !TEST_int_gt(EVP_PKEY_assign_DSA(pkey, dsa), 0))
1222 goto out;
1223 dsa = NULL; /* now owned by the pkey */
1224#else
1225 ret = 1;
1226 goto out;
1227#endif
1228 }
1229
1230 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1231 if (!TEST_ptr(ctx)
1232 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1233 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1234 sizeof(tbs)), 0))
1235 goto out;
1236 sig = OPENSSL_malloc(sig_len);
1237 if (!TEST_ptr(sig)
1238 /* Test sending a signature buffer that is too short is rejected */
1239 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1240 sizeof(tbs)), 0)
1241 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1242 0)
1243 /* Test the signature round-trips */
1244 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1245 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1246 0))
1247 goto out;
1248
1249 ret = 1;
1250 out:
1251 EVP_PKEY_CTX_free(ctx);
1252 OPENSSL_free(sig);
1253 EVP_PKEY_free(pkey);
1254 RSA_free(rsa);
1255 RSA_meth_free(rsa_meth);
1256#ifndef OPENSSL_NO_DSA
1257 DSA_free(dsa);
1258 DSA_meth_free(dsa_meth);
1259#endif
1260 return ret;
1261}
1262#endif /* !OPENSSL_NO_DEPRECATED_3_0 */
1263
1264/*
1265 * n = 0 => test using legacy cipher
1266 * n = 1 => test using fetched cipher
1267 */
1268static int test_EVP_Enveloped(int n)
1269{
1270 int ret = 0;
1271 EVP_CIPHER_CTX *ctx = NULL;
1272 EVP_PKEY *keypair = NULL;
1273 unsigned char *kek = NULL;
1274 unsigned char iv[EVP_MAX_IV_LENGTH];
1275 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1276 int len, kek_len, ciphertext_len, plaintext_len;
1277 unsigned char ciphertext[32], plaintext[16];
1278 EVP_CIPHER *type = NULL;
1279
1280 if (nullprov != NULL)
1281 return TEST_skip("Test does not support a non-default library context");
1282
1283 if (n == 0)
1284 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1285 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1286 testpropq)))
1287 goto err;
1288
1289 if (!TEST_ptr(keypair = load_example_rsa_key())
1290 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
1291 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1292 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1293 &keypair, 1))
1294 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1295 msg, sizeof(msg)))
1296 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1297 &len)))
1298 goto err;
1299
1300 ciphertext_len += len;
1301
1302 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1303 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1304 ciphertext, ciphertext_len))
1305 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1306 goto err;
1307
1308 plaintext_len += len;
1309 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1310 goto err;
1311
1312 ret = 1;
1313err:
1314 if (n != 0)
1315 EVP_CIPHER_free(type);
1316 OPENSSL_free(kek);
1317 EVP_PKEY_free(keypair);
1318 EVP_CIPHER_CTX_free(ctx);
1319 return ret;
1320}
1321
1322/*
1323 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1324 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1325 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1326 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1327 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1328 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1329 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1330 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1331 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1332 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1333 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1334 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1335 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1336 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1337 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1338 * Test 15-29: Same as above with reinitialization
1339 */
1340static int test_EVP_DigestSignInit(int tst)
1341{
1342 int ret = 0;
1343 EVP_PKEY *pkey = NULL;
1344 unsigned char *sig = NULL, *sig2 = NULL;
1345 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
1346 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1347 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1348 BIO *mdbio = NULL, *membio = NULL;
1349 size_t written;
1350 const EVP_MD *md;
1351 EVP_MD *mdexp = NULL;
1352 int reinit = 0;
1353
1354 if (nullprov != NULL)
1355 return TEST_skip("Test does not support a non-default library context");
1356
1357 if (tst >= 15) {
1358 reinit = 1;
1359 tst -= 15;
1360 }
1361
1362 if (tst >= 6 && tst <= 8) {
1363 membio = BIO_new(BIO_s_mem());
1364 mdbio = BIO_new(BIO_f_md());
1365 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1366 goto out;
1367 BIO_push(mdbio, membio);
1368 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1369 goto out;
1370 } else {
1371 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1372 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1373 goto out;
1374 }
1375
1376 if (tst % 3 == 0) {
1377 if (!TEST_ptr(pkey = load_example_rsa_key()))
1378 goto out;
1379 } else if (tst % 3 == 1) {
1380#ifndef OPENSSL_NO_DSA
1381 if (!TEST_ptr(pkey = load_example_dsa_key()))
1382 goto out;
1383#else
1384 ret = 1;
1385 goto out;
1386#endif
1387 } else {
1388 if (!TEST_ptr(pkey = load_example_hmac_key()))
1389 goto out;
1390 }
1391
1392 if (tst >= 3 && tst <= 5)
1393 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1394 else
1395 md = EVP_sha256();
1396
1397 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1398 goto out;
1399
1400 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
1401 goto out;
1402
1403 if (tst >= 6 && tst <= 8) {
1404 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1405 goto out;
1406 } else if (tst < 6) {
1407 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1408 goto out;
1409 }
1410
1411 if (tst >= 9) {
1412 /* Determine the size of the signature. */
1413 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1414 sizeof(kMsg)))
1415 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1416 goto out;
1417 if (tst <= 11) {
1418 /* Test that supply a short sig buffer fails */
1419 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1420 sizeof(kMsg))))
1421 goto out;
1422 /*
1423 * We end here because once EVP_DigestSign() has failed you should
1424 * not call it again without re-initing the ctx
1425 */
1426 ret = 1;
1427 goto out;
1428 }
1429 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1430 sizeof(kMsg))))
1431 goto out;
1432 } else {
1433 /* Determine the size of the signature. */
1434 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1435 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1436 /*
1437 * Trying to create a signature with a deliberately short
1438 * buffer should fail.
1439 */
1440 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1441 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1442 goto out;
1443 }
1444
1445 /*
1446 * Ensure that the signature round-trips (Verification isn't supported for
1447 * HMAC via EVP_DigestVerify*)
1448 */
1449 if (tst % 3 != 2) {
1450 if (tst >= 6 && tst <= 8) {
1451 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1452 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1453 goto out;
1454 }
1455
1456 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1457 NULL, pkey)))
1458 goto out;
1459
1460 if (tst >= 6 && tst <= 8) {
1461 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1462 goto out;
1463 } else {
1464 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1465 sizeof(kMsg))))
1466 goto out;
1467 }
1468 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1469 goto out;
1470
1471 /* Multiple calls to EVP_DigestVerifyFinal should work */
1472 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1473 goto out;
1474 } else {
1475 /*
1476 * For HMAC a doubled call to DigestSignFinal should produce the same
1477 * value as finalization should not happen.
1478 */
1479 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1480 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1481 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1482 goto out;
1483
1484 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1485 goto out;
1486 }
1487
1488 ret = 1;
1489
1490 out:
1491 BIO_free(membio);
1492 BIO_free(mdbio);
1493 EVP_MD_CTX_free(a_md_ctx);
1494 EVP_MD_CTX_free(a_md_ctx_verify);
1495 EVP_PKEY_free(pkey);
1496 OPENSSL_free(sig);
1497 OPENSSL_free(sig2);
1498 EVP_MD_free(mdexp);
1499
1500 return ret;
1501}
1502
1503static int test_EVP_DigestVerifyInit(void)
1504{
1505 int ret = 0;
1506 EVP_PKEY *pkey = NULL;
1507 EVP_MD_CTX *md_ctx = NULL;
1508
1509 if (nullprov != NULL)
1510 return TEST_skip("Test does not support a non-default library context");
1511
1512 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1513 || !TEST_ptr(pkey = load_example_rsa_key()))
1514 goto out;
1515
1516 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1517 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1518 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1519 sizeof(kSignature)), 0))
1520 goto out;
1521
1522 /* test with reinitialization */
1523 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
1524 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1525 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1526 sizeof(kSignature)), 0))
1527 goto out;
1528 ret = 1;
1529
1530 out:
1531 EVP_MD_CTX_free(md_ctx);
1532 EVP_PKEY_free(pkey);
1533 return ret;
1534}
1535
1536#ifndef OPENSSL_NO_SIPHASH
1537/* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
1538static int test_siphash_digestsign(void)
1539{
1540 unsigned char key[16];
1541 unsigned char buf[8], digest[8];
1542 unsigned char expected[8] = {
1543 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1544 };
1545 EVP_PKEY *pkey = NULL;
1546 EVP_MD_CTX *mdctx = NULL;
1547 EVP_PKEY_CTX *ctx = NULL;
1548 int ret = 0;
1549 size_t len = 8;
1550
1551 if (nullprov != NULL)
1552 return TEST_skip("Test does not support a non-default library context");
1553
1554 memset(buf, 0, 8);
1555 memset(key, 1, 16);
1556 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
1557 key, 16)))
1558 goto out;
1559
1560 if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
1561 goto out;
1562
1563 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
1564 goto out;
1565 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
1566 EVP_PKEY_CTRL_SET_DIGEST_SIZE,
1567 8, NULL), 1))
1568 goto out;
1569 /* reinitialize */
1570 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
1571 goto out;
1572 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
1573 goto out;
1574 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
1575 goto out;
1576 if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
1577 goto out;
1578
1579 ret = 1;
1580 out:
1581 EVP_PKEY_free(pkey);
1582 EVP_MD_CTX_free(mdctx);
1583 return ret;
1584}
1585#endif
1586
1587/*
1588 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1589 */
1590static int test_EVP_Digest(void)
1591{
1592 int ret = 0;
1593 EVP_MD_CTX *md_ctx = NULL;
1594 unsigned char md[EVP_MAX_MD_SIZE];
1595 EVP_MD *sha256 = NULL;
1596 EVP_MD *shake256 = NULL;
1597
1598 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1599 goto out;
1600
1601 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1602 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1603 goto out;
1604
1605 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1606 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1607 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1608 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1609 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1610 goto out;
1611
1612 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1613 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1614 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1615 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1616 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1617 /*
1618 * EVP_DigestInit_ex with NULL type should work on
1619 * pre-initialized context.
1620 */
1621 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1622 goto out;
1623
1624 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1625 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1626 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1627 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1628 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1629 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1630 goto out;
1631 ret = 1;
1632
1633 out:
1634 EVP_MD_CTX_free(md_ctx);
1635 EVP_MD_free(sha256);
1636 EVP_MD_free(shake256);
1637 return ret;
1638}
1639
1640static int test_EVP_md_null(void)
1641{
1642 int ret = 0;
1643 EVP_MD_CTX *md_ctx = NULL;
1644 const EVP_MD *md_null = EVP_md_null();
1645 unsigned char md_value[EVP_MAX_MD_SIZE];
1646 unsigned int md_len = sizeof(md_value);
1647
1648 if (nullprov != NULL)
1649 return TEST_skip("Test does not support a non-default library context");
1650
1651 if (!TEST_ptr(md_null)
1652 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1653 goto out;
1654
1655 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
1656 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
1657 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
1658 goto out;
1659
1660 if (!TEST_uint_eq(md_len, 0))
1661 goto out;
1662
1663 ret = 1;
1664 out:
1665 EVP_MD_CTX_free(md_ctx);
1666 return ret;
1667}
1668
1669static int test_d2i_AutoPrivateKey(int i)
1670{
1671 int ret = 0;
1672 const unsigned char *p;
1673 EVP_PKEY *pkey = NULL;
1674 const APK_DATA *ak = &keydata[i];
1675 const unsigned char *input = ak->kder;
1676 size_t input_len = ak->size;
1677 int expected_id = ak->evptype;
1678
1679 p = input;
1680 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1681 || !TEST_ptr_eq(p, input + input_len)
1682 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
1683 goto done;
1684
1685 ret = 1;
1686
1687 done:
1688 EVP_PKEY_free(pkey);
1689 return ret;
1690}
1691
1692#ifndef OPENSSL_NO_EC
1693
1694static const unsigned char ec_public_sect163k1_validxy[] = {
1695 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1696 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1697 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1698 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1699 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1700 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1701};
1702
1703static const unsigned char ec_public_sect163k1_badx[] = {
1704 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1705 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1706 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1707 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1708 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1709 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1710};
1711
1712static const unsigned char ec_public_sect163k1_bady[] = {
1713 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1714 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1715 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1716 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1717 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1718 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1719};
1720
1721static struct ec_der_pub_keys_st {
1722 const unsigned char *der;
1723 size_t len;
1724 int valid;
1725} ec_der_pub_keys[] = {
1726 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1727 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1728 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1729};
1730
1731/*
1732 * Tests the range of the decoded EC char2 public point.
1733 * See ec_GF2m_simple_oct2point().
1734 */
1735static int test_invalide_ec_char2_pub_range_decode(int id)
1736{
1737 int ret = 0;
1738 EVP_PKEY *pkey;
1739
1740 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1741 ec_der_pub_keys[id].len);
1742
1743 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1744 || TEST_ptr_null(pkey);
1745 EVP_PKEY_free(pkey);
1746 return ret;
1747}
1748
1749/* Tests loading a bad key in PKCS8 format */
1750static int test_EVP_PKCS82PKEY(void)
1751{
1752 int ret = 0;
1753 const unsigned char *derp = kExampleBadECKeyDER;
1754 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1755 EVP_PKEY *pkey = NULL;
1756
1757 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1758 sizeof(kExampleBadECKeyDER))))
1759 goto done;
1760
1761 if (!TEST_ptr_eq(derp,
1762 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1763 goto done;
1764
1765 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1766 goto done;
1767
1768 ret = 1;
1769
1770 done:
1771 PKCS8_PRIV_KEY_INFO_free(p8inf);
1772 EVP_PKEY_free(pkey);
1773
1774 return ret;
1775}
1776
1777#endif
1778static int test_EVP_PKCS82PKEY_wrong_tag(void)
1779{
1780 EVP_PKEY *pkey = NULL;
1781 EVP_PKEY *pkey2 = NULL;
1782 BIO *membio = NULL;
1783 char *membuf = NULL;
1784 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1785 int ok = 0;
1786
1787 if (testctx != NULL)
1788 /* test not supported with non-default context */
1789 return 1;
1790
1791 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1792 || !TEST_ptr(pkey = load_example_rsa_key())
1793 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1794 NULL, 0, NULL, NULL),
1795 0)
1796 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1797 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1798 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
1799 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1800 goto done;
1801 }
1802
1803 ok = 1;
1804 done:
1805 EVP_PKEY_free(pkey);
1806 EVP_PKEY_free(pkey2);
1807 PKCS8_PRIV_KEY_INFO_free(p8inf);
1808 BIO_free_all(membio);
1809 return ok;
1810}
1811
1812/* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1813static int test_privatekey_to_pkcs8(void)
1814{
1815 EVP_PKEY *pkey = NULL;
1816 BIO *membio = NULL;
1817 char *membuf = NULL;
1818 long membuf_len = 0;
1819 int ok = 0;
1820
1821 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1822 || !TEST_ptr(pkey = load_example_rsa_key())
1823 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1824 NULL, 0, NULL, NULL),
1825 0)
1826 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1827 || !TEST_ptr(membuf)
1828 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1829 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1830 /*
1831 * We try to write PEM as well, just to see that it doesn't err, but
1832 * assume that the result is correct.
1833 */
1834 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1835 NULL, 0, NULL, NULL),
1836 0))
1837 goto done;
1838
1839 ok = 1;
1840 done:
1841 EVP_PKEY_free(pkey);
1842 BIO_free_all(membio);
1843 return ok;
1844}
1845
1846#ifndef OPENSSL_NO_EC
1847static const struct {
1848 int encoding;
1849 const char *encoding_name;
1850} ec_encodings[] = {
1851 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1852 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1853};
1854
1855static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1856{
1857 const OSSL_PARAM *p;
1858 const char *enc_name = NULL;
1859 int *enc = arg;
1860 size_t i;
1861
1862 *enc = -1;
1863
1864 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1865 OSSL_PKEY_PARAM_EC_ENCODING))
1866 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1867 return 0;
1868
1869 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1870 if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1871 *enc = ec_encodings[i].encoding;
1872 break;
1873 }
1874 }
1875
1876 return (*enc != -1);
1877}
1878
1879static int test_EC_keygen_with_enc(int idx)
1880{
1881 EVP_PKEY *params = NULL, *key = NULL;
1882 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1883 int enc;
1884 int ret = 0;
1885
1886 enc = ec_encodings[idx].encoding;
1887
1888 /* Create key parameters */
1889 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1890 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
1891 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0)
1892 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0)
1893 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
1894 || !TEST_ptr(params))
1895 goto done;
1896
1897 /* Create key */
1898 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1899 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1900 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1901 || !TEST_ptr(key))
1902 goto done;
1903
1904 /* Check that the encoding got all the way into the key */
1905 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1906 ec_export_get_encoding_cb, &enc))
1907 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1908 goto done;
1909
1910 ret = 1;
1911 done:
1912 EVP_PKEY_free(key);
1913 EVP_PKEY_free(params);
1914 EVP_PKEY_CTX_free(kctx);
1915 EVP_PKEY_CTX_free(pctx);
1916 return ret;
1917}
1918#endif
1919
1920#if !defined(OPENSSL_NO_SM2)
1921
1922static int test_EVP_SM2_verify(void)
1923{
1924 const char *pubkey =
1925 "-----BEGIN PUBLIC KEY-----\n"
1926 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1927 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1928 "-----END PUBLIC KEY-----\n";
1929
1930 const char *msg = "message digest";
1931 const char *id = "[email protected]";
1932
1933 const uint8_t signature[] = {
1934 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1935 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1936 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1937 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1938 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1939 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1940 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1941 };
1942
1943 int rc = 0;
1944 BIO *bio = NULL;
1945 EVP_PKEY *pkey = NULL;
1946 EVP_MD_CTX *mctx = NULL;
1947 EVP_PKEY_CTX *pctx = NULL;
1948 EVP_MD *sm3 = NULL;
1949
1950 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1951 if (!TEST_true(bio != NULL))
1952 goto done;
1953
1954 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
1955 if (!TEST_true(pkey != NULL))
1956 goto done;
1957
1958 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1959 goto done;
1960
1961 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1962 goto done;
1963
1964 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1965 goto done;
1966
1967 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1968
1969 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1970 goto done;
1971
1972 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
1973 goto done;
1974
1975 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1976 goto done;
1977
1978 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1979 goto done;
1980
1981 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
1982 goto done;
1983 rc = 1;
1984
1985 done:
1986 BIO_free(bio);
1987 EVP_PKEY_free(pkey);
1988 EVP_PKEY_CTX_free(pctx);
1989 EVP_MD_CTX_free(mctx);
1990 EVP_MD_free(sm3);
1991 return rc;
1992}
1993
1994static int test_EVP_SM2(void)
1995{
1996 int ret = 0;
1997 EVP_PKEY *pkey = NULL;
1998 EVP_PKEY *pkeyparams = NULL;
1999 EVP_PKEY_CTX *pctx = NULL;
2000 EVP_PKEY_CTX *kctx = NULL;
2001 EVP_PKEY_CTX *sctx = NULL;
2002 size_t sig_len = 0;
2003 unsigned char *sig = NULL;
2004 EVP_MD_CTX *md_ctx = NULL;
2005 EVP_MD_CTX *md_ctx_verify = NULL;
2006 EVP_PKEY_CTX *cctx = NULL;
2007 EVP_MD *check_md = NULL;
2008
2009 uint8_t ciphertext[128];
2010 size_t ctext_len = sizeof(ciphertext);
2011
2012 uint8_t plaintext[8];
2013 size_t ptext_len = sizeof(plaintext);
2014
2015 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
2016
2017 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
2018 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
2019 int i;
2020 char mdname[OSSL_MAX_NAME_SIZE];
2021
2022 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
2023 "SM2", testpropq)))
2024 goto done;
2025
2026 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
2027 goto done;
2028
2029 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0))
2030 goto done;
2031
2032 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
2033 goto done;
2034
2035 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2036 pkeyparams, testpropq)))
2037 goto done;
2038
2039 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0))
2040 goto done;
2041
2042 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
2043 goto done;
2044
2045 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
2046 goto done;
2047
2048 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
2049 goto done;
2050
2051 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2052 goto done;
2053
2054 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
2055 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
2056
2057 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
2058 goto done;
2059
2060 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
2061 goto done;
2062
2063 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
2064 goto done;
2065
2066 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
2067 goto done;
2068
2069 /* Determine the size of the signature. */
2070 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
2071 goto done;
2072
2073 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
2074 goto done;
2075
2076 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
2077 goto done;
2078
2079 /* Ensure that the signature round-trips. */
2080
2081 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
2082 pkey)))
2083 goto done;
2084
2085 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
2086 goto done;
2087
2088 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2089 goto done;
2090
2091 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2092 goto done;
2093
2094 /*
2095 * Try verify again with non-matching 0 length id but ensure that it can
2096 * be set on the context and overrides the previous value.
2097 */
2098
2099 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
2100 pkey)))
2101 goto done;
2102
2103 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0))
2104 goto done;
2105
2106 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2107 goto done;
2108
2109 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2110 goto done;
2111
2112 /* now check encryption/decryption */
2113
2114 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2115 mdname, sizeof(mdname));
2116 for (i = 0; i < 2; i++) {
2117 const char *mdnames[] = {
2118#ifndef OPENSSL_NO_SM3
2119 "SM3",
2120#else
2121 NULL,
2122#endif
2123 "SHA2-256" };
2124 EVP_PKEY_CTX_free(cctx);
2125
2126 if (mdnames[i] == NULL)
2127 continue;
2128
2129 sparams[0] =
2130 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2131 (char *)mdnames[i], 0);
2132
2133 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2134 pkey, testpropq)))
2135 goto done;
2136
2137 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
2138 goto done;
2139
2140 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2141 goto done;
2142
2143 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
2144 sizeof(kMsg))))
2145 goto done;
2146
2147 if (!TEST_int_gt(EVP_PKEY_decrypt_init(cctx), 0))
2148 goto done;
2149
2150 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2151 goto done;
2152
2153 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
2154 ctext_len), 0))
2155 goto done;
2156
2157 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
2158 goto done;
2159
2160 /*
2161 * Test we're still using the digest we think we are.
2162 * Because of aliases, the easiest is to fetch the digest and
2163 * check the name with EVP_MD_is_a().
2164 */
2165 EVP_MD_free(check_md);
2166 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
2167 goto done;
2168 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
2169 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
2170 goto done;
2171 }
2172
2173 if (!TEST_true(ptext_len == sizeof(kMsg)))
2174 goto done;
2175
2176 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
2177 goto done;
2178 }
2179
2180 ret = 1;
2181done:
2182 EVP_PKEY_CTX_free(pctx);
2183 EVP_PKEY_CTX_free(kctx);
2184 EVP_PKEY_CTX_free(sctx);
2185 EVP_PKEY_CTX_free(cctx);
2186 EVP_PKEY_free(pkey);
2187 EVP_PKEY_free(pkeyparams);
2188 EVP_MD_CTX_free(md_ctx);
2189 EVP_MD_CTX_free(md_ctx_verify);
2190 EVP_MD_free(check_md);
2191 OPENSSL_free(sig);
2192 return ret;
2193}
2194
2195#endif
2196
2197static struct keys_st {
2198 int type;
2199 char *priv;
2200 char *pub;
2201} keys[] = {
2202 {
2203 EVP_PKEY_HMAC, "0123456789", NULL
2204 },
2205 {
2206 EVP_PKEY_HMAC, "", NULL
2207#ifndef OPENSSL_NO_POLY1305
2208 }, {
2209 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
2210#endif
2211#ifndef OPENSSL_NO_SIPHASH
2212 }, {
2213 EVP_PKEY_SIPHASH, "0123456789012345", NULL
2214#endif
2215 },
2216#ifndef OPENSSL_NO_EC
2217 {
2218 EVP_PKEY_X25519, "01234567890123456789012345678901",
2219 "abcdefghijklmnopqrstuvwxyzabcdef"
2220 }, {
2221 EVP_PKEY_ED25519, "01234567890123456789012345678901",
2222 "abcdefghijklmnopqrstuvwxyzabcdef"
2223 }, {
2224 EVP_PKEY_X448,
2225 "01234567890123456789012345678901234567890123456789012345",
2226 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2227 }, {
2228 EVP_PKEY_ED448,
2229 "012345678901234567890123456789012345678901234567890123456",
2230 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2231 }
2232#endif
2233};
2234
2235static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
2236{
2237 int ret = 0;
2238 unsigned char buf[80];
2239 unsigned char *in;
2240 size_t inlen, len = 0, shortlen = 1;
2241 EVP_PKEY *pkey;
2242
2243 /* Check if this algorithm supports public keys */
2244 if (pub && keys[tst].pub == NULL)
2245 return 1;
2246
2247 memset(buf, 0, sizeof(buf));
2248
2249 if (pub) {
2250#ifndef OPENSSL_NO_EC
2251 inlen = strlen(keys[tst].pub);
2252 in = (unsigned char *)keys[tst].pub;
2253 if (uselibctx) {
2254 pkey = EVP_PKEY_new_raw_public_key_ex(
2255 testctx,
2256 OBJ_nid2sn(keys[tst].type),
2257 NULL,
2258 in,
2259 inlen);
2260 } else {
2261 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
2262 NULL,
2263 in,
2264 inlen);
2265 }
2266#else
2267 return 1;
2268#endif
2269 } else {
2270 inlen = strlen(keys[tst].priv);
2271 in = (unsigned char *)keys[tst].priv;
2272 if (uselibctx) {
2273 pkey = EVP_PKEY_new_raw_private_key_ex(
2274 testctx, OBJ_nid2sn(keys[tst].type),
2275 NULL,
2276 in,
2277 inlen);
2278 } else {
2279 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
2280 NULL,
2281 in,
2282 inlen);
2283 }
2284 }
2285
2286 if (!TEST_ptr(pkey)
2287 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
2288 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
2289 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
2290 || !TEST_true(len == inlen))
2291 goto done;
2292 if (tst != 1) {
2293 /*
2294 * Test that supplying a buffer that is too small fails. Doesn't apply
2295 * to HMAC with a zero length key
2296 */
2297 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
2298 &shortlen)))
2299 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
2300 &shortlen))))
2301 goto done;
2302 }
2303 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
2304 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
2305 || !TEST_mem_eq(in, inlen, buf, len))
2306 goto done;
2307
2308 ret = 1;
2309 done:
2310 EVP_PKEY_free(pkey);
2311 return ret;
2312}
2313
2314static int test_set_get_raw_keys(int tst)
2315{
2316 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
2317 && test_set_get_raw_keys_int(tst, 0, 1)
2318 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
2319 && test_set_get_raw_keys_int(tst, 1, 1);
2320}
2321
2322#ifndef OPENSSL_NO_DEPRECATED_3_0
2323static int pkey_custom_check(EVP_PKEY *pkey)
2324{
2325 return 0xbeef;
2326}
2327
2328static int pkey_custom_pub_check(EVP_PKEY *pkey)
2329{
2330 return 0xbeef;
2331}
2332
2333static int pkey_custom_param_check(EVP_PKEY *pkey)
2334{
2335 return 0xbeef;
2336}
2337
2338static EVP_PKEY_METHOD *custom_pmeth;
2339#endif
2340
2341static int test_EVP_PKEY_check(int i)
2342{
2343 int ret = 0;
2344 EVP_PKEY *pkey = NULL;
2345 EVP_PKEY_CTX *ctx = NULL;
2346#ifndef OPENSSL_NO_DEPRECATED_3_0
2347 EVP_PKEY_CTX *ctx2 = NULL;
2348#endif
2349 const APK_DATA *ak = &keycheckdata[i];
2350 const unsigned char *input = ak->kder;
2351 size_t input_len = ak->size;
2352 int expected_id = ak->evptype;
2353 int expected_check = ak->check;
2354 int expected_pub_check = ak->pub_check;
2355 int expected_param_check = ak->param_check;
2356 int type = ak->type;
2357
2358 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
2359 goto done;
2360 if (type == 0
2361 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2362 goto done;
2363
2364 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2365 goto done;
2366
2367 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
2368 goto done;
2369
2370 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
2371 goto done;
2372
2373 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
2374 goto done;
2375
2376#ifndef OPENSSL_NO_DEPRECATED_3_0
2377 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
2378 /* assign the pkey directly, as an internal test */
2379 EVP_PKEY_up_ref(pkey);
2380 ctx2->pkey = pkey;
2381
2382 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
2383 goto done;
2384
2385 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
2386 goto done;
2387
2388 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
2389 goto done;
2390#endif
2391
2392 ret = 1;
2393
2394 done:
2395 EVP_PKEY_CTX_free(ctx);
2396#ifndef OPENSSL_NO_DEPRECATED_3_0
2397 EVP_PKEY_CTX_free(ctx2);
2398#endif
2399 EVP_PKEY_free(pkey);
2400 return ret;
2401}
2402
2403#ifndef OPENSSL_NO_CMAC
2404static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
2405{
2406 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
2407 const char msg[] = "Hello World";
2408 size_t maclen = AES_BLOCK_SIZE;
2409 int ret = 1;
2410
2411 if (!TEST_ptr(mdctx)
2412 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
2413 testpropq, pkey, NULL))
2414 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
2415 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
2416 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
2417 ret = 0;
2418
2419 EVP_MD_CTX_free(mdctx);
2420
2421 return ret;
2422}
2423static int test_CMAC_keygen(void)
2424{
2425 static unsigned char key[] = {
2426 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2427 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2428 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2429 };
2430 EVP_PKEY_CTX *kctx = NULL;
2431 int ret = 0;
2432 EVP_PKEY *pkey = NULL;
2433 unsigned char mac[AES_BLOCK_SIZE];
2434# if !defined(OPENSSL_NO_DEPRECATED_3_0)
2435 unsigned char mac2[AES_BLOCK_SIZE];
2436# endif
2437
2438 if (nullprov != NULL)
2439 return TEST_skip("Test does not support a non-default library context");
2440
2441 /*
2442 * This is a legacy method for CMACs, but should still work.
2443 * This verifies that it works without an ENGINE.
2444 */
2445 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2446
2447 /* Test a CMAC key created using the "generated" method */
2448 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2449 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2450 EVP_PKEY_CTRL_CIPHER,
2451 0, (void *)EVP_aes_256_cbc()), 0)
2452 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2453 EVP_PKEY_CTRL_SET_MAC_KEY,
2454 sizeof(key), (void *)key), 0)
2455 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2456 || !TEST_ptr(pkey)
2457 || !TEST_true(get_cmac_val(pkey, mac)))
2458 goto done;
2459
2460# if !defined(OPENSSL_NO_DEPRECATED_3_0)
2461 EVP_PKEY_free(pkey);
2462
2463 /*
2464 * Test a CMAC key using the direct method, and compare with the mac
2465 * created above.
2466 */
2467 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_cbc());
2468 if (!TEST_ptr(pkey)
2469 || !TEST_true(get_cmac_val(pkey, mac2))
2470 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
2471 goto done;
2472# endif
2473
2474 ret = 1;
2475
2476 done:
2477 EVP_PKEY_free(pkey);
2478 EVP_PKEY_CTX_free(kctx);
2479 return ret;
2480}
2481#endif
2482
2483static int test_HKDF(void)
2484{
2485 EVP_PKEY_CTX *pctx;
2486 unsigned char out[20];
2487 size_t outlen;
2488 int i, ret = 0;
2489 unsigned char salt[] = "0123456789";
2490 unsigned char key[] = "012345678901234567890123456789";
2491 unsigned char info[] = "infostring";
2492 const unsigned char expected[] = {
2493 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2494 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2495 };
2496 size_t expectedlen = sizeof(expected);
2497
2498 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2499 goto done;
2500
2501 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2502 for (i = 0; i < 2; i++) {
2503 outlen = sizeof(out);
2504 memset(out, 0, outlen);
2505
2506 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2507 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2508 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2509 sizeof(salt) - 1), 0)
2510 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2511 sizeof(key) - 1), 0)
2512 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2513 sizeof(info) - 1), 0)
2514 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2515 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2516 goto done;
2517 }
2518
2519 ret = 1;
2520
2521 done:
2522 EVP_PKEY_CTX_free(pctx);
2523
2524 return ret;
2525}
2526
2527static int test_emptyikm_HKDF(void)
2528{
2529 EVP_PKEY_CTX *pctx;
2530 unsigned char out[20];
2531 size_t outlen;
2532 int ret = 0;
2533 unsigned char salt[] = "9876543210";
2534 unsigned char key[] = "";
2535 unsigned char info[] = "stringinfo";
2536 const unsigned char expected[] = {
2537 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2538 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2539 };
2540 size_t expectedlen = sizeof(expected);
2541
2542 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2543 goto done;
2544
2545 outlen = sizeof(out);
2546 memset(out, 0, outlen);
2547
2548 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2549 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2550 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2551 sizeof(salt) - 1), 0)
2552 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2553 sizeof(key) - 1), 0)
2554 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2555 sizeof(info) - 1), 0)
2556 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2557 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2558 goto done;
2559
2560 ret = 1;
2561
2562 done:
2563 EVP_PKEY_CTX_free(pctx);
2564
2565 return ret;
2566}
2567
2568#ifndef OPENSSL_NO_EC
2569static int test_X509_PUBKEY_inplace(void)
2570{
2571 int ret = 0;
2572 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
2573 const unsigned char *p = kExampleECPubKeyDER;
2574 size_t input_len = sizeof(kExampleECPubKeyDER);
2575
2576 if (!TEST_ptr(xp))
2577 goto done;
2578 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
2579 goto done;
2580
2581 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2582 goto done;
2583
2584 p = kExampleBadECPubKeyDER;
2585 input_len = sizeof(kExampleBadECPubKeyDER);
2586
2587 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2588 goto done;
2589
2590 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2591 goto done;
2592
2593 ret = 1;
2594
2595 done:
2596 X509_PUBKEY_free(xp);
2597 return ret;
2598}
2599
2600static int test_X509_PUBKEY_dup(void)
2601{
2602 int ret = 0;
2603 X509_PUBKEY *xp = NULL, *xq = NULL;
2604 const unsigned char *p = kExampleECPubKeyDER;
2605 size_t input_len = sizeof(kExampleECPubKeyDER);
2606
2607 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2608 if (!TEST_ptr(xp)
2609 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
2610 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2611 || !TEST_ptr_ne(xp, xq))
2612 goto done;
2613
2614 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2615 || !TEST_ptr(X509_PUBKEY_get0(xp))
2616 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
2617 goto done;
2618
2619 X509_PUBKEY_free(xq);
2620 xq = NULL;
2621 p = kExampleBadECPubKeyDER;
2622 input_len = sizeof(kExampleBadECPubKeyDER);
2623
2624 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2625 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2626 goto done;
2627
2628 X509_PUBKEY_free(xp);
2629 xp = NULL;
2630 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2631 goto done;
2632
2633 ret = 1;
2634
2635 done:
2636 X509_PUBKEY_free(xp);
2637 X509_PUBKEY_free(xq);
2638 return ret;
2639}
2640#endif /* OPENSSL_NO_EC */
2641
2642/* Test getting and setting parameters on an EVP_PKEY_CTX */
2643static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
2644{
2645 EVP_MD_CTX *mdctx = NULL;
2646 EVP_PKEY_CTX *ctx = NULL;
2647 const OSSL_PARAM *params;
2648 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
2649 int ret = 0;
2650 const EVP_MD *md;
2651 char mdname[OSSL_MAX_NAME_SIZE];
2652 char ssl3ms[48];
2653
2654 /* Initialise a sign operation */
2655 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
2656 if (!TEST_ptr(ctx)
2657 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
2658 goto err;
2659
2660 /*
2661 * We should be able to query the parameters now.
2662 */
2663 params = EVP_PKEY_CTX_settable_params(ctx);
2664 if (!TEST_ptr(params)
2665 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2666 OSSL_SIGNATURE_PARAM_DIGEST)))
2667 goto err;
2668
2669 params = EVP_PKEY_CTX_gettable_params(ctx);
2670 if (!TEST_ptr(params)
2671 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2672 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
2673 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2674 OSSL_SIGNATURE_PARAM_DIGEST)))
2675 goto err;
2676
2677 /*
2678 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2679 * EVP_PKEY_CTX_get_params()
2680 */
2681 strcpy(mdname, "SHA512");
2682 param_md = param;
2683 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2684 mdname, 0);
2685 *param++ = OSSL_PARAM_construct_end();
2686
2687 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2688 goto err;
2689
2690 mdname[0] = '\0';
2691 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2692 mdname, sizeof(mdname));
2693 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
2694 || !TEST_str_eq(mdname, "SHA512"))
2695 goto err;
2696
2697 /*
2698 * Test the TEST_PKEY_CTX_set_signature_md() and
2699 * TEST_PKEY_CTX_get_signature_md() functions
2700 */
2701 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2702 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2703 || !TEST_ptr_eq(md, EVP_sha256()))
2704 goto err;
2705
2706 /*
2707 * Test getting MD parameters via an associated EVP_PKEY_CTX
2708 */
2709 mdctx = EVP_MD_CTX_new();
2710 if (!TEST_ptr(mdctx)
2711 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2712 pkey, NULL)))
2713 goto err;
2714
2715 /*
2716 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2717 * able to obtain the digest's settable parameters from the provider.
2718 */
2719 params = EVP_MD_CTX_settable_params(mdctx);
2720 if (!TEST_ptr(params)
2721 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2722 /* The final key should be NULL */
2723 || !TEST_ptr_null(params[1].key))
2724 goto err;
2725
2726 param = ourparams;
2727 memset(ssl3ms, 0, sizeof(ssl3ms));
2728 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2729 ssl3ms, sizeof(ssl3ms));
2730 *param++ = OSSL_PARAM_construct_end();
2731
2732 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2733 goto err;
2734
2735 ret = 1;
2736
2737 err:
2738 EVP_MD_CTX_free(mdctx);
2739 EVP_PKEY_CTX_free(ctx);
2740
2741 return ret;
2742}
2743
2744#ifndef OPENSSL_NO_DSA
2745static int test_DSA_get_set_params(void)
2746{
2747 OSSL_PARAM_BLD *bld = NULL;
2748 OSSL_PARAM *params = NULL;
2749 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2750 EVP_PKEY_CTX *pctx = NULL;
2751 EVP_PKEY *pkey = NULL;
2752 int ret = 0;
2753
2754 /*
2755 * Setup the parameters for our DSA object. For our purposes they don't
2756 * have to actually be *valid* parameters. We just need to set something.
2757 */
2758 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2759 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2760 || !TEST_ptr(p = BN_new())
2761 || !TEST_ptr(q = BN_new())
2762 || !TEST_ptr(g = BN_new())
2763 || !TEST_ptr(pub = BN_new())
2764 || !TEST_ptr(priv = BN_new()))
2765 goto err;
2766 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2767 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2768 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2769 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2770 pub))
2771 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2772 priv)))
2773 goto err;
2774 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2775 goto err;
2776
2777 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2778 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2779 params), 0))
2780 goto err;
2781
2782 if (!TEST_ptr(pkey))
2783 goto err;
2784
2785 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2786
2787 err:
2788 EVP_PKEY_free(pkey);
2789 EVP_PKEY_CTX_free(pctx);
2790 OSSL_PARAM_free(params);
2791 OSSL_PARAM_BLD_free(bld);
2792 BN_free(p);
2793 BN_free(q);
2794 BN_free(g);
2795 BN_free(pub);
2796 BN_free(priv);
2797
2798 return ret;
2799}
2800
2801/*
2802 * Test combinations of private, public, missing and private + public key
2803 * params to ensure they are all accepted
2804 */
2805static int test_DSA_priv_pub(void)
2806{
2807 return test_EVP_PKEY_ffc_priv_pub("DSA");
2808}
2809
2810#endif /* !OPENSSL_NO_DSA */
2811
2812static int test_RSA_get_set_params(void)
2813{
2814 OSSL_PARAM_BLD *bld = NULL;
2815 OSSL_PARAM *params = NULL;
2816 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2817 EVP_PKEY_CTX *pctx = NULL;
2818 EVP_PKEY *pkey = NULL;
2819 int ret = 0;
2820
2821 /*
2822 * Setup the parameters for our RSA object. For our purposes they don't
2823 * have to actually be *valid* parameters. We just need to set something.
2824 */
2825 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2826 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2827 || !TEST_ptr(n = BN_new())
2828 || !TEST_ptr(e = BN_new())
2829 || !TEST_ptr(d = BN_new()))
2830 goto err;
2831 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2832 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2833 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2834 goto err;
2835 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2836 goto err;
2837
2838 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2839 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2840 params), 0))
2841 goto err;
2842
2843 if (!TEST_ptr(pkey))
2844 goto err;
2845
2846 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2847
2848 err:
2849 EVP_PKEY_free(pkey);
2850 EVP_PKEY_CTX_free(pctx);
2851 OSSL_PARAM_free(params);
2852 OSSL_PARAM_BLD_free(bld);
2853 BN_free(n);
2854 BN_free(e);
2855 BN_free(d);
2856
2857 return ret;
2858}
2859
2860static int test_RSA_OAEP_set_get_params(void)
2861{
2862 int ret = 0;
2863 EVP_PKEY *key = NULL;
2864 EVP_PKEY_CTX *key_ctx = NULL;
2865
2866 if (nullprov != NULL)
2867 return TEST_skip("Test does not support a non-default library context");
2868
2869 if (!TEST_ptr(key = load_example_rsa_key())
2870 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(0, key, 0)))
2871 goto err;
2872
2873 {
2874 int padding = RSA_PKCS1_OAEP_PADDING;
2875 OSSL_PARAM params[4];
2876
2877 params[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE, &padding);
2878 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
2879 OSSL_DIGEST_NAME_SHA2_256, 0);
2880 params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
2881 OSSL_DIGEST_NAME_SHA1, 0);
2882 params[3] = OSSL_PARAM_construct_end();
2883
2884 if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params),0))
2885 goto err;
2886 }
2887 {
2888 OSSL_PARAM params[3];
2889 char oaepmd[30] = { '\0' };
2890 char mgf1md[30] = { '\0' };
2891
2892 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
2893 oaepmd, sizeof(oaepmd));
2894 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
2895 mgf1md, sizeof(mgf1md));
2896 params[2] = OSSL_PARAM_construct_end();
2897
2898 if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx, params)))
2899 goto err;
2900
2901 if (!TEST_str_eq(oaepmd, OSSL_DIGEST_NAME_SHA2_256)
2902 || !TEST_str_eq(mgf1md, OSSL_DIGEST_NAME_SHA1))
2903 goto err;
2904 }
2905
2906 ret = 1;
2907
2908 err:
2909 EVP_PKEY_free(key);
2910 EVP_PKEY_CTX_free(key_ctx);
2911
2912 return ret;
2913}
2914
2915/* https://github.com/openssl/openssl/issues/21288 */
2916static int test_RSA_OAEP_set_null_label(void)
2917{
2918 int ret = 0;
2919 EVP_PKEY *key = NULL;
2920 EVP_PKEY_CTX *key_ctx = NULL;
2921
2922 if (!TEST_ptr(key = load_example_rsa_key())
2923 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(testctx, key, NULL))
2924 || !TEST_true(EVP_PKEY_encrypt_init(key_ctx)))
2925 goto err;
2926
2927 if (!TEST_true(EVP_PKEY_CTX_set_rsa_padding(key_ctx, RSA_PKCS1_OAEP_PADDING)))
2928 goto err;
2929
2930 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, OPENSSL_strdup("foo"), 0)))
2931 goto err;
2932
2933 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, NULL, 0)))
2934 goto err;
2935
2936 ret = 1;
2937
2938 err:
2939 EVP_PKEY_free(key);
2940 EVP_PKEY_CTX_free(key_ctx);
2941
2942 return ret;
2943}
2944
2945#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2946static int test_decrypt_null_chunks(void)
2947{
2948 EVP_CIPHER_CTX* ctx = NULL;
2949 EVP_CIPHER *cipher = NULL;
2950 const unsigned char key[32] = {
2951 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2952 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2953 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2954 };
2955 unsigned char iv[12] = {
2956 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2957 };
2958 unsigned char msg[] = "It was the best of times, it was the worst of times";
2959 unsigned char ciphertext[80];
2960 unsigned char plaintext[80];
2961 /* We initialise tmp to a non zero value on purpose */
2962 int ctlen, ptlen, tmp = 99;
2963 int ret = 0;
2964 const int enc_offset = 10, dec_offset = 20;
2965
2966 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2967 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2968 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
2969 key, iv))
2970 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2971 enc_offset))
2972 /* Deliberate add a zero length update */
2973 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2974 0))
2975 || !TEST_int_eq(tmp, 0)
2976 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2977 msg + enc_offset,
2978 sizeof(msg) - enc_offset))
2979 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2980 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2981 || !TEST_int_eq(tmp, 0))
2982 goto err;
2983
2984 /* Deliberately initialise tmp to a non zero value */
2985 tmp = 99;
2986 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
2987 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2988 dec_offset))
2989 /*
2990 * Deliberately add a zero length update. We also deliberately do
2991 * this at a different offset than for encryption.
2992 */
2993 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2994 0))
2995 || !TEST_int_eq(tmp, 0)
2996 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2997 ciphertext + dec_offset,
2998 ctlen - dec_offset))
2999 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
3000 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
3001 || !TEST_int_eq(tmp, 0)
3002 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
3003 goto err;
3004
3005 ret = 1;
3006 err:
3007 EVP_CIPHER_CTX_free(ctx);
3008 EVP_CIPHER_free(cipher);
3009 return ret;
3010}
3011#endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
3012
3013#ifndef OPENSSL_NO_DH
3014/*
3015 * Test combinations of private, public, missing and private + public key
3016 * params to ensure they are all accepted
3017 */
3018static int test_DH_priv_pub(void)
3019{
3020 return test_EVP_PKEY_ffc_priv_pub("DH");
3021}
3022
3023# ifndef OPENSSL_NO_DEPRECATED_3_0
3024static int test_EVP_PKEY_set1_DH(void)
3025{
3026 DH *x942dh = NULL, *noqdh = NULL;
3027 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
3028 int ret = 0;
3029 BIGNUM *p, *g = NULL;
3030 BIGNUM *pubkey = NULL;
3031 unsigned char pub[2048 / 8];
3032 size_t len = 0;
3033
3034 if (!TEST_ptr(p = BN_new())
3035 || !TEST_ptr(g = BN_new())
3036 || !TEST_ptr(pubkey = BN_new())
3037 || !TEST_true(BN_set_word(p, 9999))
3038 || !TEST_true(BN_set_word(g, 2))
3039 || !TEST_true(BN_set_word(pubkey, 4321))
3040 || !TEST_ptr(noqdh = DH_new())
3041 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
3042 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
3043 || !TEST_ptr(pubkey = BN_new())
3044 || !TEST_true(BN_set_word(pubkey, 4321)))
3045 goto err;
3046 p = g = NULL;
3047
3048 x942dh = DH_get_2048_256();
3049 pkey1 = EVP_PKEY_new();
3050 pkey2 = EVP_PKEY_new();
3051 if (!TEST_ptr(x942dh)
3052 || !TEST_ptr(noqdh)
3053 || !TEST_ptr(pkey1)
3054 || !TEST_ptr(pkey2)
3055 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
3056 goto err;
3057 pubkey = NULL;
3058
3059 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
3060 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
3061 goto err;
3062
3063 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
3064 &pubkey))
3065 || !TEST_ptr(pubkey))
3066 goto err;
3067
3068 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
3069 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
3070 goto err;
3071
3072 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
3073 OSSL_PKEY_PARAM_PUB_KEY,
3074 pub, sizeof(pub), &len))
3075 || !TEST_size_t_ne(len, 0))
3076 goto err;
3077
3078 ret = 1;
3079 err:
3080 BN_free(p);
3081 BN_free(g);
3082 BN_free(pubkey);
3083 EVP_PKEY_free(pkey1);
3084 EVP_PKEY_free(pkey2);
3085 DH_free(x942dh);
3086 DH_free(noqdh);
3087
3088 return ret;
3089}
3090# endif /* !OPENSSL_NO_DEPRECATED_3_0 */
3091#endif /* !OPENSSL_NO_DH */
3092
3093/*
3094 * We test what happens with an empty template. For the sake of this test,
3095 * the template must be ignored, and we know that's the case for RSA keys
3096 * (this might arguably be a misfeature, but that's what we currently do,
3097 * even in provider code, since that's how the legacy RSA implementation
3098 * does things)
3099 */
3100static int test_keygen_with_empty_template(int n)
3101{
3102 EVP_PKEY_CTX *ctx = NULL;
3103 EVP_PKEY *pkey = NULL;
3104 EVP_PKEY *tkey = NULL;
3105 int ret = 0;
3106
3107 if (nullprov != NULL)
3108 return TEST_skip("Test does not support a non-default library context");
3109
3110 switch (n) {
3111 case 0:
3112 /* We do test with no template at all as well */
3113 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
3114 goto err;
3115 break;
3116 case 1:
3117 /* Here we create an empty RSA key that serves as our template */
3118 if (!TEST_ptr(tkey = EVP_PKEY_new())
3119 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
3120 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
3121 goto err;
3122 break;
3123 }
3124
3125 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3126 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
3127 goto err;
3128
3129 ret = 1;
3130 err:
3131 EVP_PKEY_CTX_free(ctx);
3132 EVP_PKEY_free(pkey);
3133 EVP_PKEY_free(tkey);
3134 return ret;
3135}
3136
3137/*
3138 * Test that we fail if we attempt to use an algorithm that is not available
3139 * in the current library context (unless we are using an algorithm that
3140 * should be made available via legacy codepaths).
3141 *
3142 * 0: RSA
3143 * 1: SM2
3144 */
3145static int test_pkey_ctx_fail_without_provider(int tst)
3146{
3147 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
3148 OSSL_PROVIDER *tmpnullprov = NULL;
3149 EVP_PKEY_CTX *pctx = NULL;
3150 const char *keytype = NULL;
3151 int expect_null = 0;
3152 int ret = 0;
3153
3154 if (!TEST_ptr(tmpctx))
3155 goto err;
3156
3157 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
3158 if (!TEST_ptr(tmpnullprov))
3159 goto err;
3160
3161 /*
3162 * We check for certain algos in the null provider.
3163 * If an algo is expected to have a provider keymgmt, constructing an
3164 * EVP_PKEY_CTX is expected to fail (return NULL).
3165 * Otherwise, if it's expected to have legacy support, constructing an
3166 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
3167 */
3168 switch (tst) {
3169 case 0:
3170 keytype = "RSA";
3171 expect_null = 1;
3172 break;
3173 case 1:
3174 keytype = "SM2";
3175 expect_null = 1;
3176#ifdef OPENSSL_NO_EC
3177 TEST_info("EC disable, skipping SM2 check...");
3178 goto end;
3179#endif
3180#ifdef OPENSSL_NO_SM2
3181 TEST_info("SM2 disable, skipping SM2 check...");
3182 goto end;
3183#endif
3184 break;
3185 default:
3186 TEST_error("No test for case %d", tst);
3187 goto err;
3188 }
3189
3190 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
3191 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
3192 goto err;
3193
3194#if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
3195 end:
3196#endif
3197 ret = 1;
3198
3199 err:
3200 EVP_PKEY_CTX_free(pctx);
3201 OSSL_PROVIDER_unload(tmpnullprov);
3202 OSSL_LIB_CTX_free(tmpctx);
3203 return ret;
3204}
3205
3206static int test_rand_agglomeration(void)
3207{
3208 EVP_RAND *rand;
3209 EVP_RAND_CTX *ctx;
3210 OSSL_PARAM params[3], *p = params;
3211 int res;
3212 unsigned int step = 7;
3213 static unsigned char seed[] = "It does not matter how slowly you go "
3214 "as long as you do not stop.";
3215 unsigned char out[sizeof(seed)];
3216
3217 if (!TEST_int_ne(sizeof(seed) % step, 0)
3218 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
3219 return 0;
3220 ctx = EVP_RAND_CTX_new(rand, NULL);
3221 EVP_RAND_free(rand);
3222 if (!TEST_ptr(ctx))
3223 return 0;
3224
3225 memset(out, 0, sizeof(out));
3226 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
3227 seed, sizeof(seed));
3228 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
3229 *p = OSSL_PARAM_construct_end();
3230 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
3231 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
3232 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
3233 EVP_RAND_CTX_free(ctx);
3234 return res;
3235}
3236
3237/*
3238 * Test that we correctly return the original or "running" IV after
3239 * an encryption operation.
3240 * Run multiple times for some different relevant algorithms/modes.
3241 */
3242static int test_evp_iv_aes(int idx)
3243{
3244 int ret = 0;
3245 EVP_CIPHER_CTX *ctx = NULL;
3246 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
3247 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
3248 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
3249 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
3250 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
3251 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3252 9, 10, 11, 12, 13, 14, 15, 16 };
3253 unsigned char ciphertext[32], oiv[16], iv[16];
3254 unsigned char *ref_iv;
3255 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
3256 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
3257
3258 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
3259 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
3260 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
3261 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
3262 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3263 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3264 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
3265#ifndef OPENSSL_NO_OCB
3266 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3267 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3268#endif
3269 int len = sizeof(ciphertext);
3270 size_t ivlen, ref_len;
3271 const EVP_CIPHER *type = NULL;
3272 int iv_reset = 0;
3273
3274 if (nullprov != NULL && idx < 6)
3275 return TEST_skip("Test does not support a non-default library context");
3276
3277 switch(idx) {
3278 case 0:
3279 type = EVP_aes_128_cbc();
3280 /* FALLTHROUGH */
3281 case 6:
3282 type = (type != NULL) ? type :
3283 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
3284 ref_iv = cbc_state;
3285 ref_len = sizeof(cbc_state);
3286 iv_reset = 1;
3287 break;
3288 case 1:
3289 type = EVP_aes_128_ofb();
3290 /* FALLTHROUGH */
3291 case 7:
3292 type = (type != NULL) ? type :
3293 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
3294 ref_iv = ofb_state;
3295 ref_len = sizeof(ofb_state);
3296 iv_reset = 1;
3297 break;
3298 case 2:
3299 type = EVP_aes_128_cfb();
3300 /* FALLTHROUGH */
3301 case 8:
3302 type = (type != NULL) ? type :
3303 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
3304 ref_iv = cfb_state;
3305 ref_len = sizeof(cfb_state);
3306 iv_reset = 1;
3307 break;
3308 case 3:
3309 type = EVP_aes_128_gcm();
3310 /* FALLTHROUGH */
3311 case 9:
3312 type = (type != NULL) ? type :
3313 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
3314 ref_iv = gcm_state;
3315 ref_len = sizeof(gcm_state);
3316 break;
3317 case 4:
3318 type = EVP_aes_128_ccm();
3319 /* FALLTHROUGH */
3320 case 10:
3321 type = (type != NULL) ? type :
3322 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
3323 ref_iv = ccm_state;
3324 ref_len = sizeof(ccm_state);
3325 break;
3326#ifdef OPENSSL_NO_OCB
3327 case 5:
3328 case 11:
3329 return 1;
3330#else
3331 case 5:
3332 type = EVP_aes_128_ocb();
3333 /* FALLTHROUGH */
3334 case 11:
3335 type = (type != NULL) ? type :
3336 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
3337 ref_iv = ocb_state;
3338 ref_len = sizeof(ocb_state);
3339 break;
3340#endif
3341 default:
3342 return 0;
3343 }
3344
3345 if (!TEST_ptr(type)
3346 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3347 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3348 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3349 (int)sizeof(msg)))
3350 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3351 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3352 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3353 goto err;
3354 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3355 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3356 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3357 goto err;
3358
3359 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3360 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3361 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3362 goto err;
3363 if (iv_reset) {
3364 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3365 goto err;
3366 } else {
3367 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
3368 goto err;
3369 }
3370
3371 ret = 1;
3372err:
3373 EVP_CIPHER_CTX_free(ctx);
3374 if (idx >= 6)
3375 EVP_CIPHER_free((EVP_CIPHER *)type);
3376 return ret;
3377}
3378
3379#ifndef OPENSSL_NO_DES
3380static int test_evp_iv_des(int idx)
3381{
3382 int ret = 0;
3383 EVP_CIPHER_CTX *ctx = NULL;
3384 static const unsigned char key[24] = {
3385 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3386 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3387 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3388 };
3389 static const unsigned char init_iv[8] = {
3390 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3391 };
3392 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3393 9, 10, 11, 12, 13, 14, 15, 16 };
3394 unsigned char ciphertext[32], oiv[8], iv[8];
3395 unsigned const char *ref_iv;
3396 static const unsigned char cbc_state_des[8] = {
3397 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3398 };
3399 static const unsigned char cbc_state_3des[8] = {
3400 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3401 };
3402 static const unsigned char ofb_state_des[8] = {
3403 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3404 };
3405 static const unsigned char ofb_state_3des[8] = {
3406 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3407 };
3408 static const unsigned char cfb_state_des[8] = {
3409 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3410 };
3411 static const unsigned char cfb_state_3des[8] = {
3412 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3413 };
3414 int len = sizeof(ciphertext);
3415 size_t ivlen, ref_len;
3416 EVP_CIPHER *type = NULL;
3417
3418 if (lgcyprov == NULL && idx < 3)
3419 return TEST_skip("Test requires legacy provider to be loaded");
3420
3421 switch(idx) {
3422 case 0:
3423 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
3424 ref_iv = cbc_state_des;
3425 ref_len = sizeof(cbc_state_des);
3426 break;
3427 case 1:
3428 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
3429 ref_iv = ofb_state_des;
3430 ref_len = sizeof(ofb_state_des);
3431 break;
3432 case 2:
3433 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
3434 ref_iv = cfb_state_des;
3435 ref_len = sizeof(cfb_state_des);
3436 break;
3437 case 3:
3438 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
3439 ref_iv = cbc_state_3des;
3440 ref_len = sizeof(cbc_state_3des);
3441 break;
3442 case 4:
3443 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
3444 ref_iv = ofb_state_3des;
3445 ref_len = sizeof(ofb_state_3des);
3446 break;
3447 case 5:
3448 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
3449 ref_iv = cfb_state_3des;
3450 ref_len = sizeof(cfb_state_3des);
3451 break;
3452 default:
3453 return 0;
3454 }
3455
3456 if (!TEST_ptr(type)
3457 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3458 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3459 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3460 (int)sizeof(msg)))
3461 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3462 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3463 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3464 goto err;
3465 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3466 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3467 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3468 goto err;
3469
3470 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3471 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3472 goto err;
3473 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3474 goto err;
3475
3476 ret = 1;
3477err:
3478 EVP_CIPHER_CTX_free(ctx);
3479 EVP_CIPHER_free(type);
3480 return ret;
3481}
3482#endif
3483
3484#ifndef OPENSSL_NO_BF
3485static int test_evp_bf_default_keylen(int idx)
3486{
3487 int ret = 0;
3488 static const char *algos[4] = {
3489 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb"
3490 };
3491 int ivlen[4] = { 0, 8, 8, 8 };
3492 EVP_CIPHER *cipher = NULL;
3493
3494 if (lgcyprov == NULL)
3495 return TEST_skip("Test requires legacy provider to be loaded");
3496
3497 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq))
3498 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16)
3499 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx]))
3500 goto err;
3501
3502 ret = 1;
3503err:
3504 EVP_CIPHER_free(cipher);
3505 return ret;
3506}
3507#endif
3508
3509#ifndef OPENSSL_NO_EC
3510static int ecpub_nids[] = {
3511 NID_brainpoolP256r1, NID_X9_62_prime256v1,
3512 NID_secp384r1, NID_secp521r1,
3513# ifndef OPENSSL_NO_EC2M
3514 NID_sect233k1, NID_sect233r1, NID_sect283r1,
3515 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
3516# endif
3517 NID_brainpoolP384r1, NID_brainpoolP512r1
3518};
3519
3520static int test_ecpub(int idx)
3521{
3522 int ret = 0, len, savelen;
3523 int nid;
3524 unsigned char buf[1024];
3525 unsigned char *p;
3526 EVP_PKEY *pkey = NULL;
3527 EVP_PKEY_CTX *ctx = NULL;
3528# ifndef OPENSSL_NO_DEPRECATED_3_0
3529 const unsigned char *q;
3530 EVP_PKEY *pkey2 = NULL;
3531 EC_KEY *ec = NULL;
3532# endif
3533
3534 if (nullprov != NULL)
3535 return TEST_skip("Test does not support a non-default library context");
3536
3537 nid = ecpub_nids[idx];
3538
3539 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
3540 if (!TEST_ptr(ctx)
3541 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3542 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0)
3543 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
3544 goto done;
3545 len = i2d_PublicKey(pkey, NULL);
3546 savelen = len;
3547 if (!TEST_int_ge(len, 1)
3548 || !TEST_int_lt(len, 1024))
3549 goto done;
3550 p = buf;
3551 len = i2d_PublicKey(pkey, &p);
3552 if (!TEST_int_ge(len, 1)
3553 || !TEST_int_eq(len, savelen))
3554 goto done;
3555
3556# ifndef OPENSSL_NO_DEPRECATED_3_0
3557 /* Now try to decode the just-created DER. */
3558 q = buf;
3559 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
3560 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
3561 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
3562 goto done;
3563 /* EC_KEY ownership transferred */
3564 ec = NULL;
3565 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
3566 goto done;
3567 /* The keys should match. */
3568 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
3569 goto done;
3570# endif
3571
3572 ret = 1;
3573
3574 done:
3575 EVP_PKEY_CTX_free(ctx);
3576 EVP_PKEY_free(pkey);
3577# ifndef OPENSSL_NO_DEPRECATED_3_0
3578 EVP_PKEY_free(pkey2);
3579 EC_KEY_free(ec);
3580# endif
3581 return ret;
3582}
3583#endif
3584
3585static int test_EVP_rsa_pss_with_keygen_bits(void)
3586{
3587 int ret = 0;
3588 EVP_PKEY_CTX *ctx = NULL;
3589 EVP_PKEY *pkey = NULL;
3590 EVP_MD *md;
3591
3592 md = EVP_MD_fetch(testctx, "sha256", testpropq);
3593 ret = TEST_ptr(md)
3594 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq)))
3595 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3596 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
3597 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0)
3598 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
3599
3600 EVP_MD_free(md);
3601 EVP_PKEY_free(pkey);
3602 EVP_PKEY_CTX_free(ctx);
3603 return ret;
3604}
3605
3606static int test_EVP_rsa_pss_set_saltlen(void)
3607{
3608 int ret = 0;
3609 EVP_PKEY *pkey = NULL;
3610 EVP_PKEY_CTX *pkey_ctx = NULL;
3611 EVP_MD *sha256 = NULL;
3612 EVP_MD_CTX *sha256_ctx = NULL;
3613 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
3614 const int test_value = 32;
3615
3616 ret = TEST_ptr(pkey = load_example_rsa_key())
3617 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
3618 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
3619 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
3620 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
3621 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0)
3622 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0)
3623 && TEST_int_eq(saltlen, test_value);
3624
3625 EVP_MD_CTX_free(sha256_ctx);
3626 EVP_PKEY_free(pkey);
3627 EVP_MD_free(sha256);
3628
3629 return ret;
3630}
3631
3632static int success = 1;
3633static void md_names(const char *name, void *vctx)
3634{
3635 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
3636 /* Force a namemap update */
3637 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
3638
3639 if (!TEST_ptr(aes128))
3640 success = 0;
3641
3642 EVP_CIPHER_free(aes128);
3643}
3644
3645/*
3646 * Test that changing the namemap in a user callback works in a names_do_all
3647 * function.
3648 */
3649static int test_names_do_all(void)
3650{
3651 /* We use a custom libctx so that we know the state of the namemap */
3652 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
3653 EVP_MD *sha256 = NULL;
3654 int testresult = 0;
3655
3656 if (!TEST_ptr(ctx))
3657 goto err;
3658
3659 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
3660 if (!TEST_ptr(sha256))
3661 goto err;
3662
3663 /*
3664 * We loop through all the names for a given digest. This should still work
3665 * even if the namemap changes part way through.
3666 */
3667 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
3668 goto err;
3669
3670 if (!TEST_true(success))
3671 goto err;
3672
3673 testresult = 1;
3674 err:
3675 EVP_MD_free(sha256);
3676 OSSL_LIB_CTX_free(ctx);
3677 return testresult;
3678}
3679
3680typedef struct {
3681 const char *cipher;
3682 const unsigned char *key;
3683 const unsigned char *iv;
3684 const unsigned char *input;
3685 const unsigned char *expected;
3686 const unsigned char *tag;
3687 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3688 size_t inlen;
3689 size_t expectedlen;
3690 size_t taglen;
3691 int keyfirst;
3692 int initenc;
3693 int finalenc;
3694} EVP_INIT_TEST_st;
3695
3696static const EVP_INIT_TEST_st evp_init_tests[] = {
3697 {
3698 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3699 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3700 0, 1, 0, 1
3701 },
3702 {
3703 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3704 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3705 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3706 sizeof(gcmDefaultTag), 1, 0, 1
3707 },
3708 {
3709 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3710 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3711 0, 0, 0, 1
3712 },
3713 {
3714 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3715 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3716 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3717 sizeof(gcmDefaultTag), 0, 0, 1
3718 },
3719 {
3720 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3721 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3722 0, 1, 1, 0
3723 },
3724 {
3725 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3726 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3727 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3728 sizeof(gcmDefaultTag), 1, 1, 0
3729 },
3730 {
3731 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3732 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3733 0, 0, 1, 0
3734 },
3735 {
3736 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3737 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3738 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3739 sizeof(gcmDefaultTag), 0, 1, 0
3740 }
3741};
3742
3743static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
3744{
3745 int res = 0;
3746
3747 if (t->ivlen != 0) {
3748 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0))
3749 goto err;
3750 }
3751 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
3752 goto err;
3753 res = 1;
3754 err:
3755 return res;
3756}
3757
3758/*
3759 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3760 * arguments are given one at a time and a final adjustment to the enc
3761 * parameter sets the correct operation.
3762 */
3763static int test_evp_init_seq(int idx)
3764{
3765 int outlen1, outlen2;
3766 int testresult = 0;
3767 unsigned char outbuf[1024];
3768 unsigned char tag[16];
3769 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
3770 EVP_CIPHER_CTX *ctx = NULL;
3771 EVP_CIPHER *type = NULL;
3772 size_t taglen = sizeof(tag);
3773 char *errmsg = NULL;
3774
3775 ctx = EVP_CIPHER_CTX_new();
3776 if (ctx == NULL) {
3777 errmsg = "CTX_ALLOC";
3778 goto err;
3779 }
3780 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
3781 errmsg = "CIPHER_FETCH";
3782 goto err;
3783 }
3784 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
3785 errmsg = "EMPTY_ENC_INIT";
3786 goto err;
3787 }
3788 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3789 errmsg = "PADDING";
3790 goto err;
3791 }
3792 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3793 errmsg = "KEY_INIT (before iv)";
3794 goto err;
3795 }
3796 if (!evp_init_seq_set_iv(ctx, t)) {
3797 errmsg = "IV_INIT";
3798 goto err;
3799 }
3800 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3801 errmsg = "KEY_INIT (after iv)";
3802 goto err;
3803 }
3804 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
3805 errmsg = "FINAL_ENC_INIT";
3806 goto err;
3807 }
3808 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3809 errmsg = "CIPHER_UPDATE";
3810 goto err;
3811 }
3812 if (t->finalenc == 0 && t->tag != NULL) {
3813 /* Set expected tag */
3814 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
3815 t->taglen, (void *)t->tag), 0)) {
3816 errmsg = "SET_TAG";
3817 goto err;
3818 }
3819 }
3820 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3821 errmsg = "CIPHER_FINAL";
3822 goto err;
3823 }
3824 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3825 errmsg = "WRONG_RESULT";
3826 goto err;
3827 }
3828 if (t->finalenc != 0 && t->tag != NULL) {
3829 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
3830 errmsg = "GET_TAG";
3831 goto err;
3832 }
3833 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
3834 errmsg = "TAG_ERROR";
3835 goto err;
3836 }
3837 }
3838 testresult = 1;
3839 err:
3840 if (errmsg != NULL)
3841 TEST_info("evp_init_test %d: %s", idx, errmsg);
3842 EVP_CIPHER_CTX_free(ctx);
3843 EVP_CIPHER_free(type);
3844 return testresult;
3845}
3846
3847typedef struct {
3848 const unsigned char *input;
3849 const unsigned char *expected;
3850 size_t inlen;
3851 size_t expectedlen;
3852 int enc;
3853} EVP_RESET_TEST_st;
3854
3855static const EVP_RESET_TEST_st evp_reset_tests[] = {
3856 {
3857 cfbPlaintext, cfbCiphertext,
3858 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
3859 },
3860 {
3861 cfbCiphertext, cfbPlaintext,
3862 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
3863 }
3864};
3865
3866/*
3867 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3868 * been used.
3869 */
3870static int test_evp_reset(int idx)
3871{
3872 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
3873 int outlen1, outlen2;
3874 int testresult = 0;
3875 unsigned char outbuf[1024];
3876 EVP_CIPHER_CTX *ctx = NULL;
3877 EVP_CIPHER *type = NULL;
3878 char *errmsg = NULL;
3879
3880 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3881 errmsg = "CTX_ALLOC";
3882 goto err;
3883 }
3884 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
3885 errmsg = "CIPHER_FETCH";
3886 goto err;
3887 }
3888 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3889 errmsg = "CIPHER_INIT";
3890 goto err;
3891 }
3892 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3893 errmsg = "PADDING";
3894 goto err;
3895 }
3896 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3897 errmsg = "CIPHER_UPDATE";
3898 goto err;
3899 }
3900 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3901 errmsg = "CIPHER_FINAL";
3902 goto err;
3903 }
3904 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3905 errmsg = "WRONG_RESULT";
3906 goto err;
3907 }
3908 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
3909 errmsg = "CIPHER_REINIT";
3910 goto err;
3911 }
3912 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3913 errmsg = "CIPHER_UPDATE (reinit)";
3914 goto err;
3915 }
3916 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3917 errmsg = "CIPHER_FINAL (reinit)";
3918 goto err;
3919 }
3920 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3921 errmsg = "WRONG_RESULT (reinit)";
3922 goto err;
3923 }
3924 testresult = 1;
3925 err:
3926 if (errmsg != NULL)
3927 TEST_info("test_evp_reset %d: %s", idx, errmsg);
3928 EVP_CIPHER_CTX_free(ctx);
3929 EVP_CIPHER_free(type);
3930 return testresult;
3931}
3932
3933typedef struct {
3934 const char *cipher;
3935 int enc;
3936} EVP_UPDATED_IV_TEST_st;
3937
3938static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
3939 {
3940 "aes-128-cfb", 1
3941 },
3942 {
3943 "aes-128-cfb", 0
3944 },
3945 {
3946 "aes-128-cfb1", 1
3947 },
3948 {
3949 "aes-128-cfb1", 0
3950 },
3951 {
3952 "aes-128-cfb8", 1
3953 },
3954 {
3955 "aes-128-cfb8", 0
3956 },
3957 {
3958 "aes-128-ofb", 1
3959 },
3960 {
3961 "aes-128-ofb", 0
3962 },
3963 {
3964 "aes-128-ctr", 1
3965 },
3966 {
3967 "aes-128-ctr", 0
3968 },
3969 {
3970 "aes-128-cbc", 1
3971 },
3972 {
3973 "aes-128-cbc", 0
3974 }
3975};
3976
3977/*
3978 * Test that the IV in the context is updated during a crypto operation for CFB
3979 * and OFB.
3980 */
3981static int test_evp_updated_iv(int idx)
3982{
3983 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
3984 int outlen1, outlen2;
3985 int testresult = 0;
3986 unsigned char outbuf[1024];
3987 EVP_CIPHER_CTX *ctx = NULL;
3988 EVP_CIPHER *type = NULL;
3989 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
3990 int iv_len;
3991 char *errmsg = NULL;
3992
3993 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3994 errmsg = "CTX_ALLOC";
3995 goto err;
3996 }
3997 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
3998 TEST_info("cipher %s not supported, skipping", t->cipher);
3999 goto ok;
4000 }
4001
4002 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
4003 errmsg = "CIPHER_INIT";
4004 goto err;
4005 }
4006 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
4007 errmsg = "PADDING";
4008 goto err;
4009 }
4010 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
4011 errmsg = "CIPHER_UPDATE";
4012 goto err;
4013 }
4014 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
4015 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
4016 goto err;
4017 }
4018 if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) {
4019 errmsg = "CIPHER_CTX_GET_IV_LEN";
4020 goto err;
4021 }
4022 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
4023 errmsg = "IV_NOT_UPDATED";
4024 goto err;
4025 }
4026 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4027 errmsg = "CIPHER_FINAL";
4028 goto err;
4029 }
4030 ok:
4031 testresult = 1;
4032 err:
4033 if (errmsg != NULL)
4034 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
4035 EVP_CIPHER_CTX_free(ctx);
4036 EVP_CIPHER_free(type);
4037 return testresult;
4038}
4039
4040typedef struct {
4041 const unsigned char *iv1;
4042 const unsigned char *iv2;
4043 const unsigned char *expected1;
4044 const unsigned char *expected2;
4045 const unsigned char *tag1;
4046 const unsigned char *tag2;
4047 size_t ivlen1;
4048 size_t ivlen2;
4049 size_t expectedlen1;
4050 size_t expectedlen2;
4051} TEST_GCM_IV_REINIT_st;
4052
4053static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
4054 {
4055 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
4056 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
4057 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
4058 },
4059 {
4060 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
4061 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
4062 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
4063 }
4064};
4065
4066static int test_gcm_reinit(int idx)
4067{
4068 int outlen1, outlen2, outlen3;
4069 int testresult = 0;
4070 unsigned char outbuf[1024];
4071 unsigned char tag[16];
4072 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
4073 EVP_CIPHER_CTX *ctx = NULL;
4074 EVP_CIPHER *type = NULL;
4075 size_t taglen = sizeof(tag);
4076 char *errmsg = NULL;
4077
4078 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
4079 errmsg = "CTX_ALLOC";
4080 goto err;
4081 }
4082 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
4083 errmsg = "CIPHER_FETCH";
4084 goto err;
4085 }
4086 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
4087 errmsg = "ENC_INIT";
4088 goto err;
4089 }
4090 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) {
4091 errmsg = "SET_IVLEN1";
4092 goto err;
4093 }
4094 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
4095 errmsg = "SET_IV1";
4096 goto err;
4097 }
4098 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
4099 errmsg = "AAD1";
4100 goto err;
4101 }
4102 EVP_CIPHER_CTX_set_padding(ctx, 0);
4103 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
4104 sizeof(gcmResetPlaintext)))) {
4105 errmsg = "CIPHER_UPDATE1";
4106 goto err;
4107 }
4108 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4109 errmsg = "CIPHER_FINAL1";
4110 goto err;
4111 }
4112 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
4113 errmsg = "WRONG_RESULT1";
4114 goto err;
4115 }
4116 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4117 errmsg = "GET_TAG1";
4118 goto err;
4119 }
4120 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
4121 errmsg = "TAG_ERROR1";
4122 goto err;
4123 }
4124 /* Now reinit */
4125 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) {
4126 errmsg = "SET_IVLEN2";
4127 goto err;
4128 }
4129 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
4130 errmsg = "SET_IV2";
4131 goto err;
4132 }
4133 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
4134 errmsg = "AAD2";
4135 goto err;
4136 }
4137 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
4138 sizeof(gcmResetPlaintext)))) {
4139 errmsg = "CIPHER_UPDATE2";
4140 goto err;
4141 }
4142 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4143 errmsg = "CIPHER_FINAL2";
4144 goto err;
4145 }
4146 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
4147 errmsg = "WRONG_RESULT2";
4148 goto err;
4149 }
4150 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4151 errmsg = "GET_TAG2";
4152 goto err;
4153 }
4154 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
4155 errmsg = "TAG_ERROR2";
4156 goto err;
4157 }
4158 testresult = 1;
4159 err:
4160 if (errmsg != NULL)
4161 TEST_info("evp_init_test %d: %s", idx, errmsg);
4162 EVP_CIPHER_CTX_free(ctx);
4163 EVP_CIPHER_free(type);
4164 return testresult;
4165}
4166
4167#ifndef OPENSSL_NO_DEPRECATED_3_0
4168static EVP_PKEY_METHOD *custom_pmeth = NULL;
4169static const EVP_PKEY_METHOD *orig_pmeth = NULL;
4170
4171# define EVP_PKEY_CTRL_MY_COMMAND 9999
4172
4173static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
4174{
4175 int (*pinit)(EVP_PKEY_CTX *ctx);
4176
4177 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
4178 return pinit(ctx);
4179}
4180
4181static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
4182{
4183 void (*pcleanup)(EVP_PKEY_CTX *ctx);
4184
4185 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
4186 pcleanup(ctx);
4187}
4188
4189static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
4190 size_t *outlen, const unsigned char *in,
4191 size_t inlen)
4192{
4193 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
4194 const unsigned char *tbs, size_t tbslen);
4195
4196 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
4197 return psign(ctx, out, outlen, in, inlen);
4198}
4199
4200static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
4201 size_t *siglen, const unsigned char *tbs,
4202 size_t tbslen)
4203{
4204 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
4205 const unsigned char *tbs, size_t tbslen);
4206
4207 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
4208 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
4209}
4210
4211static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
4212 size_t *keylen)
4213{
4214 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
4215
4216 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
4217 return pderive(ctx, key, keylen);
4218}
4219
4220static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
4221{
4222 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
4223
4224 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
4225 return pcopy(dst, src);
4226}
4227
4228static int ctrl_called;
4229
4230static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
4231{
4232 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
4233
4234 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
4235
4236 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
4237 ctrl_called = 1;
4238 return 1;
4239 }
4240
4241 return pctrl(ctx, type, p1, p2);
4242}
4243
4244static int test_custom_pmeth(int idx)
4245{
4246 EVP_PKEY_CTX *pctx = NULL;
4247 EVP_MD_CTX *ctx = NULL;
4248 EVP_PKEY *pkey = NULL;
4249 int id, orig_id, orig_flags;
4250 int testresult = 0;
4251 size_t reslen;
4252 unsigned char *res = NULL;
4253 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
4254 const EVP_MD *md = EVP_sha256();
4255 int doderive = 0;
4256
4257 ctrl_called = 0;
4258
4259 /* We call deprecated APIs so this test doesn't support a custom libctx */
4260 if (testctx != NULL)
4261 return 1;
4262
4263 switch(idx) {
4264 case 0:
4265 case 6:
4266 id = EVP_PKEY_RSA;
4267 pkey = load_example_rsa_key();
4268 break;
4269 case 1:
4270 case 7:
4271# ifndef OPENSSL_NO_DSA
4272 id = EVP_PKEY_DSA;
4273 pkey = load_example_dsa_key();
4274 break;
4275# else
4276 return 1;
4277# endif
4278 case 2:
4279 case 8:
4280# ifndef OPENSSL_NO_EC
4281 id = EVP_PKEY_EC;
4282 pkey = load_example_ec_key();
4283 break;
4284# else
4285 return 1;
4286# endif
4287 case 3:
4288 case 9:
4289# ifndef OPENSSL_NO_EC
4290 id = EVP_PKEY_ED25519;
4291 md = NULL;
4292 pkey = load_example_ed25519_key();
4293 break;
4294# else
4295 return 1;
4296# endif
4297 case 4:
4298 case 10:
4299# ifndef OPENSSL_NO_DH
4300 id = EVP_PKEY_DH;
4301 doderive = 1;
4302 pkey = load_example_dh_key();
4303 break;
4304# else
4305 return 1;
4306# endif
4307 case 5:
4308 case 11:
4309# ifndef OPENSSL_NO_EC
4310 id = EVP_PKEY_X25519;
4311 doderive = 1;
4312 pkey = load_example_x25519_key();
4313 break;
4314# else
4315 return 1;
4316# endif
4317 default:
4318 TEST_error("Should not happen");
4319 goto err;
4320 }
4321
4322 if (!TEST_ptr(pkey))
4323 goto err;
4324
4325 if (idx < 6) {
4326 if (!TEST_true(evp_pkey_is_provided(pkey)))
4327 goto err;
4328 } else {
4329 EVP_PKEY *tmp = pkey;
4330
4331 /* Convert to a legacy key */
4332 pkey = EVP_PKEY_new();
4333 if (!TEST_ptr(pkey)) {
4334 pkey = tmp;
4335 goto err;
4336 }
4337 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
4338 EVP_PKEY_free(tmp);
4339 goto err;
4340 }
4341 EVP_PKEY_free(tmp);
4342 if (!TEST_true(evp_pkey_is_legacy(pkey)))
4343 goto err;
4344 }
4345
4346 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
4347 || !TEST_ptr(pkey))
4348 goto err;
4349
4350 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
4351 if (!TEST_int_eq(orig_id, id)
4352 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
4353 goto err;
4354
4355 if (id == EVP_PKEY_ED25519) {
4356 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
4357 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
4358 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
4359 } else {
4360 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
4361 }
4362 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
4363 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
4364 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
4365 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
4366 }
4367 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
4368 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
4369 goto err;
4370
4371 if (doderive) {
4372 pctx = EVP_PKEY_CTX_new(pkey, NULL);
4373 if (!TEST_ptr(pctx)
4374 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
4375 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4376 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4377 1)
4378 || !TEST_int_eq(ctrl_called, 1)
4379 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
4380 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
4381 || !TEST_ptr(res = OPENSSL_malloc(reslen))
4382 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
4383 goto err;
4384 } else {
4385 ctx = EVP_MD_CTX_new();
4386 reslen = EVP_PKEY_size(pkey);
4387 res = OPENSSL_malloc(reslen);
4388 if (!TEST_ptr(ctx)
4389 || !TEST_ptr(res)
4390 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
4391 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4392 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4393 1)
4394 || !TEST_int_eq(ctrl_called, 1))
4395 goto err;
4396
4397 if (id == EVP_PKEY_ED25519) {
4398 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
4399 goto err;
4400 } else {
4401 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
4402 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
4403 goto err;
4404 }
4405 }
4406
4407 testresult = 1;
4408 err:
4409 OPENSSL_free(res);
4410 EVP_MD_CTX_free(ctx);
4411 if (doderive)
4412 EVP_PKEY_CTX_free(pctx);
4413 EVP_PKEY_free(pkey);
4414 EVP_PKEY_meth_remove(custom_pmeth);
4415 EVP_PKEY_meth_free(custom_pmeth);
4416 custom_pmeth = NULL;
4417 return testresult;
4418}
4419
4420static int test_evp_md_cipher_meth(void)
4421{
4422 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
4423 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
4424 int testresult = 0;
4425
4426 if (!TEST_ptr(md) || !TEST_ptr(ciph))
4427 goto err;
4428
4429 testresult = 1;
4430
4431 err:
4432 EVP_MD_meth_free(md);
4433 EVP_CIPHER_meth_free(ciph);
4434
4435 return testresult;
4436}
4437
4438typedef struct {
4439 int data;
4440} custom_dgst_ctx;
4441
4442static int custom_md_init_called = 0;
4443static int custom_md_cleanup_called = 0;
4444
4445static int custom_md_init(EVP_MD_CTX *ctx)
4446{
4447 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4448
4449 if (p == NULL)
4450 return 0;
4451
4452 custom_md_init_called++;
4453 return 1;
4454}
4455
4456static int custom_md_cleanup(EVP_MD_CTX *ctx)
4457{
4458 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4459
4460 if (p == NULL)
4461 /* Nothing to do */
4462 return 1;
4463
4464 custom_md_cleanup_called++;
4465 return 1;
4466}
4467
4468static int test_custom_md_meth(void)
4469{
4470 EVP_MD_CTX *mdctx = NULL;
4471 EVP_MD *tmp = NULL;
4472 char mess[] = "Test Message\n";
4473 unsigned char md_value[EVP_MAX_MD_SIZE];
4474 unsigned int md_len;
4475 int testresult = 0;
4476 int nid;
4477
4478 /*
4479 * We are testing deprecated functions. We don't support a non-default
4480 * library context in this test.
4481 */
4482 if (testctx != NULL)
4483 return TEST_skip("Non-default libctx");
4484
4485 custom_md_init_called = custom_md_cleanup_called = 0;
4486
4487 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
4488 if (!TEST_int_ne(nid, NID_undef))
4489 goto err;
4490 tmp = EVP_MD_meth_new(nid, NID_undef);
4491 if (!TEST_ptr(tmp))
4492 goto err;
4493
4494 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init))
4495 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup))
4496 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp,
4497 sizeof(custom_dgst_ctx))))
4498 goto err;
4499
4500 mdctx = EVP_MD_CTX_new();
4501 if (!TEST_ptr(mdctx)
4502 /*
4503 * Initing our custom md and then initing another md should
4504 * result in the init and cleanup functions of the custom md
4505 * being called.
4506 */
4507 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL))
4508 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
4509 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess)))
4510 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len))
4511 || !TEST_int_eq(custom_md_init_called, 1)
4512 || !TEST_int_eq(custom_md_cleanup_called, 1))
4513 goto err;
4514
4515 testresult = 1;
4516 err:
4517 EVP_MD_CTX_free(mdctx);
4518 EVP_MD_meth_free(tmp);
4519 return testresult;
4520}
4521
4522typedef struct {
4523 int data;
4524} custom_ciph_ctx;
4525
4526static int custom_ciph_init_called = 0;
4527static int custom_ciph_cleanup_called = 0;
4528
4529static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
4530 const unsigned char *iv, int enc)
4531{
4532 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
4533
4534 if (p == NULL)
4535 return 0;
4536
4537 custom_ciph_init_called++;
4538 return 1;
4539}
4540
4541static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx)
4542{
4543 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
4544
4545 if (p == NULL)
4546 /* Nothing to do */
4547 return 1;
4548
4549 custom_ciph_cleanup_called++;
4550 return 1;
4551}
4552
4553static int test_custom_ciph_meth(void)
4554{
4555 EVP_CIPHER_CTX *ciphctx = NULL;
4556 EVP_CIPHER *tmp = NULL;
4557 int testresult = 0;
4558 int nid;
4559
4560 /*
4561 * We are testing deprecated functions. We don't support a non-default
4562 * library context in this test.
4563 */
4564 if (testctx != NULL)
4565 return TEST_skip("Non-default libctx");
4566
4567 custom_ciph_init_called = custom_ciph_cleanup_called = 0;
4568
4569 nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph");
4570 if (!TEST_int_ne(nid, NID_undef))
4571 goto err;
4572 tmp = EVP_CIPHER_meth_new(nid, 16, 16);
4573 if (!TEST_ptr(tmp))
4574 goto err;
4575
4576 if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init))
4577 || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT))
4578 || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup))
4579 || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp,
4580 sizeof(custom_ciph_ctx))))
4581 goto err;
4582
4583 ciphctx = EVP_CIPHER_CTX_new();
4584 if (!TEST_ptr(ciphctx)
4585 /*
4586 * Initing our custom cipher and then initing another cipher
4587 * should result in the init and cleanup functions of the custom
4588 * cipher being called.
4589 */
4590 || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1))
4591 || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL,
4592 NULL, NULL, 1))
4593 || !TEST_int_eq(custom_ciph_init_called, 1)
4594 || !TEST_int_eq(custom_ciph_cleanup_called, 1))
4595 goto err;
4596
4597 testresult = 1;
4598 err:
4599 EVP_CIPHER_CTX_free(ciphctx);
4600 EVP_CIPHER_meth_free(tmp);
4601 return testresult;
4602}
4603
4604# ifndef OPENSSL_NO_DYNAMIC_ENGINE
4605/* Test we can create a signature keys with an associated ENGINE */
4606static int test_signatures_with_engine(int tst)
4607{
4608 ENGINE *e;
4609 const char *engine_id = "dasync";
4610 EVP_PKEY *pkey = NULL;
4611 const unsigned char badcmackey[] = { 0x00, 0x01 };
4612 const unsigned char cmackey[] = {
4613 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4614 0x0c, 0x0d, 0x0e, 0x0f
4615 };
4616 const unsigned char ed25519key[] = {
4617 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4618 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4619 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
4620 };
4621 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4622 int testresult = 0;
4623 EVP_MD_CTX *ctx = NULL;
4624 unsigned char *mac = NULL;
4625 size_t maclen = 0;
4626 int ret;
4627
4628# ifdef OPENSSL_NO_CMAC
4629 /* Skip CMAC tests in a no-cmac build */
4630 if (tst <= 1)
4631 return 1;
4632# endif
4633
4634 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4635 return 0;
4636
4637 if (!TEST_true(ENGINE_init(e))) {
4638 ENGINE_free(e);
4639 return 0;
4640 }
4641
4642 switch (tst) {
4643 case 0:
4644 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
4645 EVP_aes_128_cbc());
4646 break;
4647 case 1:
4648 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
4649 EVP_aes_128_cbc());
4650 break;
4651 case 2:
4652 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
4653 sizeof(ed25519key));
4654 break;
4655 default:
4656 TEST_error("Invalid test case");
4657 goto err;
4658 }
4659 if (!TEST_ptr(pkey))
4660 goto err;
4661
4662 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
4663 goto err;
4664
4665 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
4666 pkey);
4667 if (tst == 0) {
4668 if (!TEST_true(ret))
4669 goto err;
4670
4671 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
4672 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
4673 goto err;
4674
4675 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
4676 goto err;
4677
4678 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
4679 goto err;
4680 } else {
4681 /* We used a bad key. We expect a failure here */
4682 if (!TEST_false(ret))
4683 goto err;
4684 }
4685
4686 testresult = 1;
4687 err:
4688 EVP_MD_CTX_free(ctx);
4689 OPENSSL_free(mac);
4690 EVP_PKEY_free(pkey);
4691 ENGINE_finish(e);
4692 ENGINE_free(e);
4693
4694 return testresult;
4695}
4696
4697static int test_cipher_with_engine(void)
4698{
4699 ENGINE *e;
4700 const char *engine_id = "dasync";
4701 const unsigned char keyiv[] = {
4702 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4703 0x0c, 0x0d, 0x0e, 0x0f
4704 };
4705 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4706 int testresult = 0;
4707 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
4708 unsigned char buf[AES_BLOCK_SIZE];
4709 int len = 0;
4710
4711 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4712 return 0;
4713
4714 if (!TEST_true(ENGINE_init(e))) {
4715 ENGINE_free(e);
4716 return 0;
4717 }
4718
4719 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4720 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
4721 goto err;
4722
4723 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
4724 goto err;
4725
4726 /* Copy the ctx, and complete the operation with the new ctx */
4727 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
4728 goto err;
4729
4730 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
4731 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
4732 goto err;
4733
4734 testresult = 1;
4735 err:
4736 EVP_CIPHER_CTX_free(ctx);
4737 EVP_CIPHER_CTX_free(ctx2);
4738 ENGINE_finish(e);
4739 ENGINE_free(e);
4740
4741 return testresult;
4742}
4743# endif /* OPENSSL_NO_DYNAMIC_ENGINE */
4744#endif /* OPENSSL_NO_DEPRECATED_3_0 */
4745
4746static int ecxnids[] = {
4747 NID_X25519,
4748 NID_X448,
4749 NID_ED25519,
4750 NID_ED448
4751};
4752
4753/* Test that creating ECX keys with a short private key fails as expected */
4754static int test_ecx_short_keys(int tst)
4755{
4756 unsigned char ecxkeydata = 1;
4757 EVP_PKEY *pkey;
4758
4759
4760 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, OBJ_nid2sn(ecxnids[tst]),
4761 NULL, &ecxkeydata, 1);
4762 if (!TEST_ptr_null(pkey)) {
4763 EVP_PKEY_free(pkey);
4764 return 0;
4765 }
4766
4767 return 1;
4768}
4769
4770typedef enum OPTION_choice {
4771 OPT_ERR = -1,
4772 OPT_EOF = 0,
4773 OPT_CONTEXT,
4774 OPT_TEST_ENUM
4775} OPTION_CHOICE;
4776
4777const OPTIONS *test_get_options(void)
4778{
4779 static const OPTIONS options[] = {
4780 OPT_TEST_OPTIONS_DEFAULT_USAGE,
4781 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
4782 { NULL }
4783 };
4784 return options;
4785}
4786
4787#ifndef OPENSSL_NO_EC
4788/* Test that trying to sign with a public key errors out gracefully */
4789static int test_ecx_not_private_key(int tst)
4790{
4791 EVP_PKEY *pkey = NULL;
4792
4793 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4794 int testresult = 0;
4795 EVP_MD_CTX *ctx = NULL;
4796 unsigned char *mac = NULL;
4797 size_t maclen = 0;
4798 unsigned char *pubkey;
4799 size_t pubkeylen;
4800
4801 switch (keys[tst].type) {
4802 case NID_X25519:
4803 case NID_X448:
4804 return TEST_skip("signing not supported for X25519/X448");
4805 }
4806
4807 /* Check if this algorithm supports public keys */
4808 if (keys[tst].pub == NULL)
4809 return TEST_skip("no public key present");
4810
4811 pubkey = (unsigned char *)keys[tst].pub;
4812 pubkeylen = strlen(keys[tst].pub);
4813
4814 pkey = EVP_PKEY_new_raw_public_key_ex(testctx, OBJ_nid2sn(keys[tst].type),
4815 NULL, pubkey, pubkeylen);
4816 if (!TEST_ptr(pkey))
4817 goto err;
4818
4819 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
4820 goto err;
4821
4822 if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey) != 1)
4823 goto check_err;
4824
4825 if (EVP_DigestSign(ctx, NULL, &maclen, msg, sizeof(msg)) != 1)
4826 goto check_err;
4827
4828 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
4829 goto err;
4830
4831 if (!TEST_int_eq(EVP_DigestSign(ctx, mac, &maclen, msg, sizeof(msg)), 0))
4832 goto err;
4833
4834 check_err:
4835 /*
4836 * Currently only EVP_DigestSign will throw PROV_R_NOT_A_PRIVATE_KEY,
4837 * but we relax the check to allow error also thrown by
4838 * EVP_DigestSignInit and EVP_DigestSign.
4839 */
4840 if (ERR_GET_REASON(ERR_peek_error()) == PROV_R_NOT_A_PRIVATE_KEY) {
4841 testresult = 1;
4842 ERR_clear_error();
4843 }
4844
4845 err:
4846 EVP_MD_CTX_free(ctx);
4847 OPENSSL_free(mac);
4848 EVP_PKEY_free(pkey);
4849
4850 return testresult;
4851}
4852#endif /* OPENSSL_NO_EC */
4853
4854static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s,
4855 const unsigned char *gcm_iv, size_t gcm_ivlen,
4856 const unsigned char *gcm_pt, size_t gcm_pt_s,
4857 const unsigned char *gcm_aad, size_t gcm_aad_s,
4858 const unsigned char *gcm_ct, size_t gcm_ct_s,
4859 const unsigned char *gcm_tag, size_t gcm_tag_s)
4860{
4861 int ret = 0;
4862 EVP_CIPHER_CTX *ctx;
4863 EVP_CIPHER *cipher = NULL;
4864 int outlen, tmplen;
4865 unsigned char outbuf[1024];
4866 unsigned char outtag[16];
4867 OSSL_PARAM params[2] = {
4868 OSSL_PARAM_END, OSSL_PARAM_END
4869 };
4870
4871 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4872 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")))
4873 goto err;
4874
4875 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
4876 &gcm_ivlen);
4877
4878 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
4879 || (gcm_aad != NULL
4880 && !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen,
4881 gcm_aad, gcm_aad_s)))
4882 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen,
4883 gcm_pt, gcm_pt_s))
4884 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)))
4885 goto err;
4886
4887 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
4888 outtag, sizeof(outtag));
4889
4890 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params))
4891 || !TEST_mem_eq(outbuf, outlen, gcm_ct, gcm_ct_s)
4892 || !TEST_mem_eq(outtag, gcm_tag_s, gcm_tag, gcm_tag_s))
4893 goto err;
4894
4895 ret = 1;
4896err:
4897 EVP_CIPHER_free(cipher);
4898 EVP_CIPHER_CTX_free(ctx);
4899
4900 return ret;
4901}
4902
4903static int aes_gcm_decrypt(const unsigned char *gcm_key, size_t gcm_key_s,
4904 const unsigned char *gcm_iv, size_t gcm_ivlen,
4905 const unsigned char *gcm_pt, size_t gcm_pt_s,
4906 const unsigned char *gcm_aad, size_t gcm_aad_s,
4907 const unsigned char *gcm_ct, size_t gcm_ct_s,
4908 const unsigned char *gcm_tag, size_t gcm_tag_s)
4909{
4910 int ret = 0;
4911 EVP_CIPHER_CTX *ctx;
4912 EVP_CIPHER *cipher = NULL;
4913 int outlen;
4914 unsigned char outbuf[1024];
4915 OSSL_PARAM params[2] = {
4916 OSSL_PARAM_END, OSSL_PARAM_END
4917 };
4918
4919 if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
4920 goto err;
4921
4922 if ((cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")) == NULL)
4923 goto err;
4924
4925 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
4926 &gcm_ivlen);
4927
4928 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
4929 || (gcm_aad != NULL
4930 && !TEST_true(EVP_DecryptUpdate(ctx, NULL, &outlen,
4931 gcm_aad, gcm_aad_s)))
4932 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen,
4933 gcm_ct, gcm_ct_s))
4934 || !TEST_mem_eq(outbuf, outlen, gcm_pt, gcm_pt_s))
4935 goto err;
4936
4937 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
4938 (void*)gcm_tag, gcm_tag_s);
4939
4940 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))
4941 ||!TEST_true(EVP_DecryptFinal_ex(ctx, outbuf, &outlen)))
4942 goto err;
4943
4944 ret = 1;
4945err:
4946 EVP_CIPHER_free(cipher);
4947 EVP_CIPHER_CTX_free(ctx);
4948
4949 return ret;
4950}
4951
4952static int test_aes_gcm_ivlen_change_cve_2023_5363(void)
4953{
4954 /* AES-GCM test data obtained from NIST public test vectors */
4955 static const unsigned char gcm_key[] = {
4956 0xd0, 0xc2, 0x67, 0xc1, 0x9f, 0x30, 0xd8, 0x0b, 0x89, 0x14, 0xbb, 0xbf,
4957 0xb7, 0x2f, 0x73, 0xb8, 0xd3, 0xcd, 0x5f, 0x6a, 0x78, 0x70, 0x15, 0x84,
4958 0x8a, 0x7b, 0x30, 0xe3, 0x8f, 0x16, 0xf1, 0x8b,
4959 };
4960 static const unsigned char gcm_iv[] = {
4961 0xb6, 0xdc, 0xda, 0x95, 0xac, 0x99, 0x77, 0x76, 0x25, 0xae, 0x87, 0xf8,
4962 0xa3, 0xa9, 0xdd, 0x64, 0xd7, 0x9b, 0xbd, 0x5f, 0x4a, 0x0e, 0x54, 0xca,
4963 0x1a, 0x9f, 0xa2, 0xe3, 0xf4, 0x5f, 0x5f, 0xc2, 0xce, 0xa7, 0xb6, 0x14,
4964 0x12, 0x6f, 0xf0, 0xaf, 0xfd, 0x3e, 0x17, 0x35, 0x6e, 0xa0, 0x16, 0x09,
4965 0xdd, 0xa1, 0x3f, 0xd8, 0xdd, 0xf3, 0xdf, 0x4f, 0xcb, 0x18, 0x49, 0xb8,
4966 0xb3, 0x69, 0x2c, 0x5d, 0x4f, 0xad, 0x30, 0x91, 0x08, 0xbc, 0xbe, 0x24,
4967 0x01, 0x0f, 0xbe, 0x9c, 0xfb, 0x4f, 0x5d, 0x19, 0x7f, 0x4c, 0x53, 0xb0,
4968 0x95, 0x90, 0xac, 0x7b, 0x1f, 0x7b, 0xa0, 0x99, 0xe1, 0xf3, 0x48, 0x54,
4969 0xd0, 0xfc, 0xa9, 0xcc, 0x91, 0xf8, 0x1f, 0x9b, 0x6c, 0x9a, 0xe0, 0xdc,
4970 0x63, 0xea, 0x7d, 0x2a, 0x4a, 0x7d, 0xa5, 0xed, 0x68, 0x57, 0x27, 0x6b,
4971 0x68, 0xe0, 0xf2, 0xb8, 0x51, 0x50, 0x8d, 0x3d,
4972 };
4973 static const unsigned char gcm_pt[] = {
4974 0xb8, 0xb6, 0x88, 0x36, 0x44, 0xe2, 0x34, 0xdf, 0x24, 0x32, 0x91, 0x07,
4975 0x4f, 0xe3, 0x6f, 0x81,
4976 };
4977 static const unsigned char gcm_ct[] = {
4978 0xff, 0x4f, 0xb3, 0xf3, 0xf9, 0xa2, 0x51, 0xd4, 0x82, 0xc2, 0xbe, 0xf3,
4979 0xe2, 0xd0, 0xec, 0xed,
4980 };
4981 static const unsigned char gcm_tag[] = {
4982 0xbd, 0x06, 0x38, 0x09, 0xf7, 0xe1, 0xc4, 0x72, 0x0e, 0xf2, 0xea, 0x63,
4983 0xdb, 0x99, 0x6c, 0x21,
4984 };
4985
4986 return aes_gcm_encrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv),
4987 gcm_pt, sizeof(gcm_pt), NULL, 0,
4988 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag))
4989 && aes_gcm_decrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv),
4990 gcm_pt, sizeof(gcm_pt), NULL, 0,
4991 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag));
4992}
4993
4994#ifndef OPENSSL_NO_RC4
4995static int rc4_encrypt(const unsigned char *rc4_key, size_t rc4_key_s,
4996 const unsigned char *rc4_pt, size_t rc4_pt_s,
4997 const unsigned char *rc4_ct, size_t rc4_ct_s)
4998{
4999 int ret = 0;
5000 EVP_CIPHER_CTX *ctx;
5001 EVP_CIPHER *cipher = NULL;
5002 int outlen, tmplen;
5003 unsigned char outbuf[1024];
5004 OSSL_PARAM params[2] = {
5005 OSSL_PARAM_END, OSSL_PARAM_END
5006 };
5007
5008 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
5009 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "RC4", "")))
5010 goto err;
5011
5012 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
5013 &rc4_key_s);
5014
5015 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, rc4_key, NULL, params))
5016 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen,
5017 rc4_pt, rc4_pt_s))
5018 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)))
5019 goto err;
5020
5021 if (!TEST_mem_eq(outbuf, outlen, rc4_ct, rc4_ct_s))
5022 goto err;
5023
5024 ret = 1;
5025err:
5026 EVP_CIPHER_free(cipher);
5027 EVP_CIPHER_CTX_free(ctx);
5028
5029 return ret;
5030}
5031
5032static int rc4_decrypt(const unsigned char *rc4_key, size_t rc4_key_s,
5033 const unsigned char *rc4_pt, size_t rc4_pt_s,
5034 const unsigned char *rc4_ct, size_t rc4_ct_s)
5035{
5036 int ret = 0;
5037 EVP_CIPHER_CTX *ctx;
5038 EVP_CIPHER *cipher = NULL;
5039 int outlen;
5040 unsigned char outbuf[1024];
5041 OSSL_PARAM params[2] = {
5042 OSSL_PARAM_END, OSSL_PARAM_END
5043 };
5044
5045 if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
5046 goto err;
5047
5048 if ((cipher = EVP_CIPHER_fetch(testctx, "RC4", "")) == NULL)
5049 goto err;
5050
5051 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
5052 &rc4_key_s);
5053
5054 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, rc4_key, NULL, params))
5055 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen,
5056 rc4_ct, rc4_ct_s))
5057 || !TEST_mem_eq(outbuf, outlen, rc4_pt, rc4_pt_s))
5058 goto err;
5059
5060 ret = 1;
5061err:
5062 EVP_CIPHER_free(cipher);
5063 EVP_CIPHER_CTX_free(ctx);
5064
5065 return ret;
5066}
5067
5068static int test_aes_rc4_keylen_change_cve_2023_5363(void)
5069{
5070 /* RC4 test data obtained from RFC 6229 */
5071 static const struct {
5072 unsigned char key[5];
5073 unsigned char padding[11];
5074 } rc4_key = {
5075 { /* Five bytes of key material */
5076 0x83, 0x32, 0x22, 0x77, 0x2a,
5077 },
5078 { /* Random padding to 16 bytes */
5079 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 0xaa, 0x32, 0x91
5080 }
5081 };
5082 static const unsigned char rc4_pt[] = {
5083 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5084 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
5085 };
5086 static const unsigned char rc4_ct[] = {
5087 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a,
5088 0x2e, 0x87, 0x9e, 0x92, 0xa4, 0x97, 0xef, 0xda
5089 };
5090
5091 if (lgcyprov == NULL)
5092 return TEST_skip("Test requires legacy provider to be loaded");
5093
5094 return rc4_encrypt(rc4_key.key, sizeof(rc4_key.key),
5095 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct))
5096 && rc4_decrypt(rc4_key.key, sizeof(rc4_key.key),
5097 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct));
5098}
5099#endif
5100
5101int setup_tests(void)
5102{
5103 OPTION_CHOICE o;
5104
5105 while ((o = opt_next()) != OPT_EOF) {
5106 switch (o) {
5107 case OPT_CONTEXT:
5108 /* Set up an alternate library context */
5109 testctx = OSSL_LIB_CTX_new();
5110 if (!TEST_ptr(testctx))
5111 return 0;
5112 /* Swap the libctx to test non-default context only */
5113 nullprov = OSSL_PROVIDER_load(NULL, "null");
5114 deflprov = OSSL_PROVIDER_load(testctx, "default");
5115#ifndef OPENSSL_SYS_TANDEM
5116 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
5117#endif
5118 break;
5119 case OPT_TEST_CASES:
5120 break;
5121 default:
5122 return 0;
5123 }
5124 }
5125
5126 ADD_TEST(test_EVP_set_default_properties);
5127 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
5128 ADD_TEST(test_EVP_DigestVerifyInit);
5129#ifndef OPENSSL_NO_SIPHASH
5130 ADD_TEST(test_siphash_digestsign);
5131#endif
5132 ADD_TEST(test_EVP_Digest);
5133 ADD_TEST(test_EVP_md_null);
5134 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
5135#ifndef OPENSSL_NO_DEPRECATED_3_0
5136 ADD_ALL_TESTS(test_EVP_PKEY_sign_with_app_method, 2);
5137#endif
5138 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
5139 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
5140 ADD_TEST(test_privatekey_to_pkcs8);
5141 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
5142#ifndef OPENSSL_NO_EC
5143 ADD_TEST(test_EVP_PKCS82PKEY);
5144#endif
5145#ifndef OPENSSL_NO_EC
5146 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
5147#endif
5148#if !defined(OPENSSL_NO_SM2)
5149 ADD_TEST(test_EVP_SM2);
5150 ADD_TEST(test_EVP_SM2_verify);
5151#endif
5152 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
5153#ifndef OPENSSL_NO_DEPRECATED_3_0
5154 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
5155 if (!TEST_ptr(custom_pmeth))
5156 return 0;
5157 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
5158 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
5159 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
5160 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
5161 return 0;
5162#endif
5163 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
5164#ifndef OPENSSL_NO_CMAC
5165 ADD_TEST(test_CMAC_keygen);
5166#endif
5167 ADD_TEST(test_HKDF);
5168 ADD_TEST(test_emptyikm_HKDF);
5169#ifndef OPENSSL_NO_EC
5170 ADD_TEST(test_X509_PUBKEY_inplace);
5171 ADD_TEST(test_X509_PUBKEY_dup);
5172 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
5173 OSSL_NELEM(ec_der_pub_keys));
5174#endif
5175#ifndef OPENSSL_NO_DSA
5176 ADD_TEST(test_DSA_get_set_params);
5177 ADD_TEST(test_DSA_priv_pub);
5178#endif
5179 ADD_TEST(test_RSA_get_set_params);
5180 ADD_TEST(test_RSA_OAEP_set_get_params);
5181 ADD_TEST(test_RSA_OAEP_set_null_label);
5182#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
5183 ADD_TEST(test_decrypt_null_chunks);
5184#endif
5185#ifndef OPENSSL_NO_DH
5186 ADD_TEST(test_DH_priv_pub);
5187# ifndef OPENSSL_NO_DEPRECATED_3_0
5188 ADD_TEST(test_EVP_PKEY_set1_DH);
5189# endif
5190#endif
5191#ifndef OPENSSL_NO_EC
5192 ADD_TEST(test_EC_priv_pub);
5193# ifndef OPENSSL_NO_DEPRECATED_3_0
5194 ADD_TEST(test_EC_priv_only_legacy);
5195# endif
5196#endif
5197 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
5198 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
5199
5200 ADD_TEST(test_rand_agglomeration);
5201 ADD_ALL_TESTS(test_evp_iv_aes, 12);
5202#ifndef OPENSSL_NO_DES
5203 ADD_ALL_TESTS(test_evp_iv_des, 6);
5204#endif
5205#ifndef OPENSSL_NO_BF
5206 ADD_ALL_TESTS(test_evp_bf_default_keylen, 4);
5207#endif
5208 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
5209 ADD_TEST(test_EVP_rsa_pss_set_saltlen);
5210#ifndef OPENSSL_NO_EC
5211 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
5212#endif
5213
5214 ADD_TEST(test_names_do_all);
5215
5216 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
5217 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
5218 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
5219 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
5220
5221#ifndef OPENSSL_NO_DEPRECATED_3_0
5222 ADD_ALL_TESTS(test_custom_pmeth, 12);
5223 ADD_TEST(test_evp_md_cipher_meth);
5224 ADD_TEST(test_custom_md_meth);
5225 ADD_TEST(test_custom_ciph_meth);
5226
5227# ifndef OPENSSL_NO_DYNAMIC_ENGINE
5228 /* Tests only support the default libctx */
5229 if (testctx == NULL) {
5230# ifndef OPENSSL_NO_EC
5231 ADD_ALL_TESTS(test_signatures_with_engine, 3);
5232# else
5233 ADD_ALL_TESTS(test_signatures_with_engine, 2);
5234# endif
5235 ADD_TEST(test_cipher_with_engine);
5236 }
5237# endif
5238#endif
5239
5240 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
5241
5242#ifndef OPENSSL_NO_EC
5243 ADD_ALL_TESTS(test_ecx_not_private_key, OSSL_NELEM(keys));
5244#endif
5245
5246 /* Test cases for CVE-2023-5363 */
5247 ADD_TEST(test_aes_gcm_ivlen_change_cve_2023_5363);
5248#ifndef OPENSSL_NO_RC4
5249 ADD_TEST(test_aes_rc4_keylen_change_cve_2023_5363);
5250#endif
5251
5252 return 1;
5253}
5254
5255void cleanup_tests(void)
5256{
5257 OSSL_PROVIDER_unload(nullprov);
5258 OSSL_PROVIDER_unload(deflprov);
5259#ifndef OPENSSL_SYS_TANDEM
5260 OSSL_PROVIDER_unload(lgcyprov);
5261#endif
5262 OSSL_LIB_CTX_free(testctx);
5263}
注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette