1 /*
2 * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
34 #include <openssl/proverr.h>
35 #include "testutil.h"
36 #include "internal/nelem.h"
37 #include "internal/sizes.h"
38 #include "crypto/evp.h"
39 #include "fake_rsaprov.h"
40 #include "fake_pipelineprov.h"
41
42 #ifdef STATIC_LEGACY
43 OSSL_provider_init_fn ossl_legacy_provider_init;
44 #endif
45
46 static OSSL_LIB_CTX *testctx = NULL;
47 static char *testpropq = NULL;
48
49 static OSSL_PROVIDER *nullprov = NULL;
50 static OSSL_PROVIDER *deflprov = NULL;
51 static OSSL_PROVIDER *lgcyprov = NULL;
52
53 /*
54 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
55 * should never use this key anywhere but in an example.
56 */
57 static const unsigned char kExampleRSAKeyDER[] = {
58 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
59 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
60 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
61 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
62 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
63 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
64 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
65 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
66 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
67 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
68 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
69 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
70 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
71 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
72 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
73 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
74 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
75 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
76 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
77 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
78 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
79 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
80 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
81 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
82 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
83 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
84 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
85 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
86 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
87 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
88 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
89 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
90 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
91 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
92 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
93 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
94 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
95 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
96 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
97 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
98 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
99 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
100 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
101 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
102 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
103 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
104 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
105 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
106 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
107 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
108 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
109 };
110
111 /* An invalid key whose prime factors exceed modulus n. */
112 static const unsigned char kInvalidRSAKeyDER[] = {
113 0x30, 0x80, 0x02, 0x00, 0x02, 0x02, 0xb6, 0x00, 0x02, 0x02, 0x04, 0x80,
114 0x02, 0x00, 0x02, 0x82, 0x08, 0x01, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00,
115 0x00, 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
116 0x02, 0x00, 0x00, 0x00, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
117 0xff, 0x01, 0x04, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06,
118 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06,
119 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0xaa, 0xaa, 0xaa, 0xaa,
120 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
121 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x2b,
122 0x31, 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
123 0xaa, 0xaa, 0xaa, 0x29, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02, 0x01,
124 0xc8, 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88, 0xee,
125 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
126 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15,
127 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07,
128 0x07, 0x07, 0x07, 0x07, 0x29, 0x0f, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07,
129 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
130 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15,
131 0xec, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
132 0x15, 0xe6, 0x15, 0x15, 0x15, 0x15, 0xff, 0x03, 0x00, 0x0a, 0x00, 0x00,
133 0x00, 0x00, 0x55, 0x15, 0x15, 0x15, 0x15, 0x11, 0x05, 0x15, 0x15, 0x15,
134 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0xf9, 0xf8, 0xf9,
135 0x02, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07, 0x07,
136 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
137 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15,
138 0x00, 0x02, 0x00, 0x6d, 0x61, 0x78, 0x00, 0x02, 0x00, 0x02, 0x15, 0x59,
139 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
140 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
141 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
142 0x59, 0x59, 0x51, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0xa5, 0x59, 0x59,
143 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
144 0x5d, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
145 0x59, 0x59, 0x59, 0x59, 0x59, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15,
146 0x15, 0x15, 0x00, 0x02, 0x01, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02,
147 0x00, 0x22, 0x00, 0x15, 0x15, 0x15, 0xeb, 0xea, 0xea, 0xea, 0xea, 0xea,
148 0xea, 0xf1, 0x15, 0x15, 0x15, 0x15, 0x15, 0x40, 0x55, 0x15, 0x15, 0x15,
149 0x15, 0x15, 0x05, 0x15, 0x15, 0x30, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07,
150 0x00, 0x00, 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
151 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x11, 0x07, 0x07, 0x07, 0x07,
152 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
153 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00,
154 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x29,
155 0x07, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
156 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
157 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
158 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
159 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x59,
160 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
161 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
162 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
163 0x59, 0x59, 0x59, 0x02, 0x02, 0xb6, 0x00, 0x02, 0x02, 0x04, 0x80, 0x02,
164 0x00, 0x02, 0x82, 0x08, 0x01, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00, 0x00,
165 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
166 0x00, 0x00, 0x00, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
167 0x01, 0x04, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06,
168 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06,
169 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
170 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
171 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x2b, 0x31,
172 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
173 0xaa, 0xaa, 0x29, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02, 0x01, 0xc8,
174 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88, 0xee, 0x07,
175 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
176 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00,
177 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07,
178 0x07, 0x07, 0x07, 0x29, 0x0f, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07,
179 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
180 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0xec,
181 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
182 0xe6, 0x15, 0x15, 0x15, 0x15, 0xff, 0x03, 0x00, 0x0a, 0x00, 0x00, 0x00,
183 0x00, 0x55, 0x15, 0x15, 0x15, 0x15, 0x11, 0x05, 0x15, 0x15, 0x15, 0x07,
184 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0xf9, 0xf8, 0xf9, 0x02,
185 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07, 0x07, 0x07,
186 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
187 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00,
188 0x02, 0x00, 0x6d, 0x61, 0x78, 0x00, 0x02, 0x00, 0x02, 0x15, 0x59, 0x59,
189 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
190 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
191 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
192 0x59, 0x51, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0xa5, 0x59, 0x59, 0x59,
193 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x5d,
194 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
195 0x59, 0x59, 0x59, 0x59, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15,
196 0x15, 0x00, 0x02, 0x01, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00,
197 0x22, 0x00, 0x15, 0x15, 0x15, 0xeb, 0xea, 0xea, 0xea, 0xea, 0xea, 0xea,
198 0xf1, 0x15, 0x15, 0x15, 0x15, 0x15, 0x40, 0x55, 0x15, 0x15, 0x15, 0x15,
199 0x15, 0x05, 0x15, 0x15, 0x30, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00,
200 0x00, 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0xff,
201 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x11, 0x07, 0x07, 0x07, 0x07, 0x07,
202 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
203 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02,
204 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x29, 0x07,
205 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
206 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
207 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
208 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
209 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x59, 0x59,
210 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
211 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
212 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
213 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
214 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
215 0x59, 0x59, 0x59, 0x06, 0xce, 0x15, 0x00, 0xfe, 0xf7, 0x52, 0x53, 0x41,
216 0x31, 0x01, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
217 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
218 0xff, 0xff, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
219 0x2b, 0x31, 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
220 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02,
221 0x01, 0xc8, 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88,
222 0xee, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
223 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15,
224 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15,
225 0x07, 0x07, 0x07, 0x07, 0x07, 0x29, 0x07, 0x07, 0x07, 0x4d, 0x00, 0x07,
226 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
227 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15,
228 0x15, 0xec, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
229 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
230 0x15, 0x15, 0x15, 0x55, 0x15, 0x15, 0x15, 0x15, 0x15, 0x05, 0x15, 0x15,
231 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0x07, 0x07,
232 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07,
233 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
234 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15,
235 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15,
236 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
237 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x8f,
238 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f,
239 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f,
240 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f,
241 0x8f, 0x8f, 0x8f, 0x8f, 0x59, 0x59, 0x59, 0x00, 0x00, 0x00, 0x00, 0x00,
242 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc1, 0x3d, 0xc1, 0xc1,
243 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1,
244 0xc1, 0xc1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
245 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
246 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x42, 0xa5, 0x02, 0x02, 0x42, 0x02,
247 0x02, 0x51, 0x01, 0x02, 0x02, 0xd2, 0x42, 0x02, 0xe8, 0xe8, 0xe8, 0xe8,
248 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
249 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
250 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
251 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
252 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
253 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0x02,
254 0x02, 0x42, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
255 0x21, 0x2b, 0x02, 0x02, 0x02, 0x02, 0x02, 0x21, 0x02, 0x02, 0x32, 0x80,
256 0x02, 0x02, 0x7f, 0x1b, 0x02, 0x00, 0x1f, 0x04, 0xff, 0x80, 0x02, 0x02,
257 0x02, 0x02, 0x42, 0x02, 0x12, 0x02, 0x42, 0x02, 0x79, 0x70, 0x65, 0x36,
258 0x28, 0xc8, 0x02, 0x01, 0x81, 0x08, 0xfe, 0x00, 0xf9, 0x02, 0x42, 0x10,
259 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,
260 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,
261 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,
262 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,
263 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0xa5, 0x02,
264 0x02, 0x42, 0x02, 0x02, 0x51, 0x01, 0x02, 0x02, 0xd2, 0x42, 0x02, 0x02,
265 0x02, 0x42, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
266 0x21, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x32, 0x80, 0x02, 0x02,
267 0x7f, 0x1b, 0x02, 0x00, 0x1f, 0x04, 0xff, 0x80, 0x02, 0x02, 0x02, 0x02,
268 0x42, 0x02, 0x12, 0x02, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
269 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x47,
270 0x4f, 0x53, 0x54, 0x20, 0x52, 0x20, 0x33, 0x34, 0x2e, 0x31, 0x31, 0x2d,
271 0x32, 0x30, 0x31, 0x32, 0x20, 0x77, 0x69, 0x74, 0x68, 0x30, 0x80, 0x60,
272 0x02, 0x82, 0x24, 0x02, 0x02, 0x41, 0x52, 0x49, 0x41, 0x2d, 0x31, 0x32,
273 0x38, 0x2d, 0x43, 0x46, 0x42, 0x38, 0xff, 0xff, 0xff, 0x3a, 0x5b, 0xff,
274 0xff, 0x7f, 0x49, 0x74, 0x84, 0x00, 0x00, 0x70, 0x65, 0x00, 0x00, 0x30,
275 0x80, 0x60, 0x02, 0x82, 0x24, 0x02, 0x02, 0x41, 0x52, 0x49, 0x41, 0x2d,
276 0x31, 0x32, 0x38, 0x2d, 0x43, 0x46, 0x42, 0x38, 0xff, 0xff, 0xff, 0x3a,
277 0x5b, 0xff, 0xff, 0x7f, 0x49, 0x74, 0x84, 0x00, 0x00, 0x70, 0x65, 0x33,
278 0x28, 0xc8, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
279 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x15, 0x15, 0x15,
280 0x15, 0x05, 0x15, 0x95, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00,
281 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
282 0x07, 0x0b, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
283 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
284 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00,
285 0x02, 0x00, 0x25, 0x02, 0x02, 0x22, 0x3a, 0x02, 0x02, 0x02, 0x42, 0x02,
286 0x02, 0x02, 0x02, 0x02, 0x02, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
287 0xe2, 0x80,
288 };
289
290 /*
291 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
292 * should never use this key anywhere but in an example.
293 */
294 #ifndef OPENSSL_NO_DSA
295 static const unsigned char kExampleDSAKeyDER[] = {
296 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
297 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
298 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
299 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
300 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
301 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
302 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
303 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
304 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
305 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
306 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
307 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
308 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
309 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
310 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
311 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
312 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
313 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
314 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
315 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
316 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
317 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
318 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
319 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
320 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
321 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
322 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
323 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
324 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
325 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
326 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
327 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
328 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
329 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
330 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
331 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
332 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
333 0x40, 0x48
334 };
335 #endif
336
337 /*
338 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
339 * components are not correct.
340 */
341 static const unsigned char kExampleBadRSAKeyDER[] = {
342 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
343 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
344 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
345 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
346 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
347 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
348 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
349 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
350 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
351 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
352 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
353 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
354 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
355 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
356 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
357 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
358 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
359 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
360 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
361 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
362 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
363 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
364 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
365 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
366 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
367 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
368 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
369 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
370 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
371 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
372 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
373 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
374 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
375 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
376 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
377 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
378 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
379 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
380 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
381 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
382 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
383 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
384 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
385 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
386 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
387 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
388 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
389 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
390 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
391 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
392 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
393 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
394 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
395 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
396 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
397 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
398 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
399 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
400 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
401 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
402 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
403 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
404 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
405 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
406 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
407 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
408 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
409 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
410 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
411 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
412 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
413 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
414 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
415 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
416 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
417 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
418 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
419 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
420 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
421 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
422 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
423 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
424 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
425 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
426 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
427 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
428 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
429 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
430 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
431 };
432
433 /*
434 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All
435 * values are 0.
436 */
437 static const unsigned char kExampleBad2RSAKeyDER[] = {
438 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
439 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
440 0x01, 0x00, 0x02, 0x01, 0x00
441 };
442
443 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
444
445 static const unsigned char kSignature[] = {
446 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
447 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
448 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
449 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
450 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
451 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
452 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
453 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
454 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
455 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
456 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
457 };
458
459 /*
460 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
461 * PrivateKeyInfo.
462 */
463 static const unsigned char kExampleRSAKeyPKCS8[] = {
464 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
465 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
466 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
467 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
468 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
469 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
470 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
471 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
472 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
473 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
474 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
475 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
476 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
477 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
478 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
479 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
480 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
481 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
482 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
483 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
484 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
485 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
486 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
487 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
488 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
489 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
490 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
491 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
492 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
493 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
494 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
495 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
496 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
497 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
498 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
499 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
500 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
501 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
502 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
503 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
504 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
505 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
506 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
507 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
508 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
509 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
510 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
511 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
512 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
513 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
514 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
515 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
516 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
517 };
518
519 #ifndef OPENSSL_NO_EC
520 /*
521 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
522 * structure.
523 */
524 static const unsigned char kExampleECKeyDER[] = {
525 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
526 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
527 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
528 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
529 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
530 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
531 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
532 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
533 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
534 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
535 0xc1,
536 };
537
538 /*
539 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
540 * structure. The private key is equal to the order and will fail to import
541 */
542 static const unsigned char kExampleBadECKeyDER[] = {
543 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
544 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
545 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
546 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
547 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
548 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
549 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
550 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
551 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
552 };
553
554 /* prime256v1 */
555 static const unsigned char kExampleECPubKeyDER[] = {
556 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
557 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
558 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
559 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
560 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
561 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
562 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
563 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
564 };
565
566 /*
567 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
568 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
569 */
570 static const unsigned char kExampleBadECPubKeyDER[] = {
571 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
572 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
573 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
574 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
575 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
576 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
577 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
578 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
579 };
580
581 static const unsigned char pExampleECParamDER[] = {
582 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
583 };
584
585 # ifndef OPENSSL_NO_ECX
586 static const unsigned char kExampleED25519KeyDER[] = {
587 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
588 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
589 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
590 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
591 };
592
593 static const unsigned char kExampleED25519PubKeyDER[] = {
594 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
595 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
596 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
597 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
598 };
599
600 # ifndef OPENSSL_NO_DEPRECATED_3_0
601 static const unsigned char kExampleX25519KeyDER[] = {
602 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
603 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
604 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
605 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
606 };
607 # endif
608 # endif
609 #endif
610
611 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
612 #ifndef OPENSSL_NO_DEPRECATED_3_0
613 # ifndef OPENSSL_NO_DH
614 static const unsigned char kExampleDHKeyDER[] = {
615 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
616 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
617 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
618 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
619 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
620 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
621 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
622 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
623 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
624 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
625 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
626 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
627 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
628 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
629 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
630 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
631 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
632 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
633 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
634 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
635 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
636 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
637 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
638 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
639 0x2e, 0x87, 0x2a, 0x0b, 0x7a
640 };
641 # endif
642 #endif
643
644 static const unsigned char kCFBDefaultKey[] = {
645 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
646 0x09, 0xCF, 0x4F, 0x3C
647 };
648
649 static const unsigned char kGCMDefaultKey[32] = { 0 };
650
651 static const unsigned char kGCMResetKey[] = {
652 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
653 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
654 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
655 };
656
657 static const unsigned char iCFBIV[] = {
658 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
659 0x0C, 0x0D, 0x0E, 0x0F
660 };
661
662 static const unsigned char iGCMDefaultIV[12] = { 0 };
663
664 static const unsigned char iGCMResetIV1[] = {
665 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
666 };
667
668 static const unsigned char iGCMResetIV2[] = {
669 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
670 };
671
672 static const unsigned char cfbPlaintext[] = {
673 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
674 0x73, 0x93, 0x17, 0x2A
675 };
676 static const unsigned char cfbPlaintext_partial[] = {
677 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
678 0x73, 0x93, 0x17, 0x2A, 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
679 };
680
681 static const unsigned char gcmDefaultPlaintext[16] = { 0 };
682
683 static const unsigned char gcmResetPlaintext[] = {
684 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
685 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
686 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
687 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
688 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
689 };
690
691 static const unsigned char cfbCiphertext[] = {
692 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
693 0xE8, 0x3C, 0xFB, 0x4A
694 };
695
696 static const unsigned char cfbCiphertext_partial[] = {
697 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
698 0xE8, 0x3C, 0xFB, 0x4A, 0x0D, 0x4A, 0x71, 0x82, 0x90, 0xF0, 0x9A, 0x35
699 };
700
701 static const unsigned char ofbCiphertext_partial[] = {
702 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
703 0xE8, 0x3C, 0xFB, 0x4A, 0xB2, 0x65, 0x64, 0x38, 0x26, 0xD2, 0xBC, 0x09
704 };
705
706 static const unsigned char gcmDefaultCiphertext[] = {
707 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
708 0xba, 0xf3, 0x9d, 0x18
709 };
710
711 static const unsigned char gcmResetCiphertext1[] = {
712 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
713 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
714 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
715 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
716 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
717 };
718
719 static const unsigned char gcmResetCiphertext2[] = {
720 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
721 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
722 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
723 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
724 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
725 };
726
727 static const unsigned char gcmAAD[] = {
728 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
729 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
730 };
731
732 static const unsigned char gcmDefaultTag[] = {
733 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
734 0xd4, 0x8a, 0xb9, 0x19
735 };
736
737 static const unsigned char gcmResetTag1[] = {
738 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
739 0xfe, 0x2e, 0xa8, 0xf2
740 };
741
742 static const unsigned char gcmResetTag2[] = {
743 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
744 0xbb, 0x2d, 0x55, 0x1b
745 };
746
747 typedef struct APK_DATA_st {
748 const unsigned char *kder;
749 size_t size;
750 const char *keytype;
751 int evptype;
752 int check;
753 int pub_check;
754 int param_check;
755 int type; /* 0 for private, 1 for public, 2 for params */
756 } APK_DATA;
757
758 static APK_DATA keydata[] = {
759 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
760 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
761 #ifndef OPENSSL_NO_EC
762 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
763 #endif
764 };
765
766 static APK_DATA keycheckdata[] = {
767 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
768 0},
769 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
770 0, 1, 1, 0},
771 {kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA,
772 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0},
773 #ifndef OPENSSL_NO_EC
774 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
775 /* group is also associated in our pub key */
776 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
777 1, 1},
778 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
779 2},
780 # ifndef OPENSSL_NO_ECX
781 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
782 EVP_PKEY_ED25519, 1, 1, 1, 0},
783 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
784 EVP_PKEY_ED25519, 0, 1, 1, 1},
785 # endif
786 #endif
787 };
788
load_example_key(const char * keytype,const unsigned char * data,size_t data_len)789 static EVP_PKEY *load_example_key(const char *keytype,
790 const unsigned char *data, size_t data_len)
791 {
792 const unsigned char **pdata = &data;
793 EVP_PKEY *pkey = NULL;
794 OSSL_DECODER_CTX *dctx =
795 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
796 testctx, testpropq);
797
798 /* |pkey| will be NULL on error */
799 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
800 OSSL_DECODER_CTX_free(dctx);
801 return pkey;
802 }
803
load_example_rsa_key(void)804 static EVP_PKEY *load_example_rsa_key(void)
805 {
806 return load_example_key("RSA", kExampleRSAKeyDER,
807 sizeof(kExampleRSAKeyDER));
808 }
809
810 #ifndef OPENSSL_NO_DSA
load_example_dsa_key(void)811 static EVP_PKEY *load_example_dsa_key(void)
812 {
813 return load_example_key("DSA", kExampleDSAKeyDER,
814 sizeof(kExampleDSAKeyDER));
815 }
816 #endif
817
818 #ifndef OPENSSL_NO_EC
load_example_ec_key(void)819 static EVP_PKEY *load_example_ec_key(void)
820 {
821 return load_example_key("EC", kExampleECKeyDER,
822 sizeof(kExampleECKeyDER));
823 }
824 #endif
825
826 #ifndef OPENSSL_NO_DEPRECATED_3_0
827 # ifndef OPENSSL_NO_DH
load_example_dh_key(void)828 static EVP_PKEY *load_example_dh_key(void)
829 {
830 return load_example_key("DH", kExampleDHKeyDER,
831 sizeof(kExampleDHKeyDER));
832 }
833 # endif
834
835 # ifndef OPENSSL_NO_ECX
load_example_ed25519_key(void)836 static EVP_PKEY *load_example_ed25519_key(void)
837 {
838 return load_example_key("ED25519", kExampleED25519KeyDER,
839 sizeof(kExampleED25519KeyDER));
840 }
841
load_example_x25519_key(void)842 static EVP_PKEY *load_example_x25519_key(void)
843 {
844 return load_example_key("X25519", kExampleX25519KeyDER,
845 sizeof(kExampleX25519KeyDER));
846 }
847 # endif
848 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
849
load_example_hmac_key(void)850 static EVP_PKEY *load_example_hmac_key(void)
851 {
852 EVP_PKEY *pkey = NULL;
853 unsigned char key[] = {
854 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
855 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
856 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
857 };
858
859 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
860 NULL, key, sizeof(key));
861 if (!TEST_ptr(pkey))
862 return NULL;
863
864 return pkey;
865 }
866
test_EVP_set_config_properties(void)867 static int test_EVP_set_config_properties(void)
868 {
869 char *fetched_properties = NULL;
870 const char test_propq[] = "test.fizzbuzz=buzzfizz";
871 int res = 0;
872
873 fetched_properties = EVP_get1_default_properties(OSSL_LIB_CTX_get0_global_default());
874 if (!TEST_ptr(fetched_properties)
875 || !TEST_str_eq(fetched_properties, test_propq))
876 goto err;
877 OPENSSL_free(fetched_properties);
878 fetched_properties = NULL;
879
880 res = 1;
881 err:
882 OPENSSL_free(fetched_properties);
883 return res;
884 }
885
test_EVP_set_default_properties(void)886 static int test_EVP_set_default_properties(void)
887 {
888 OSSL_LIB_CTX *ctx;
889 EVP_MD *md = NULL;
890 int res = 0;
891 char *fetched_properties = NULL;
892 const char test_propq[] = "provider=fizzbang";
893 const char test_fips_propq[] = "fips=yes,provider=fizzbang";
894
895 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
896 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
897 goto err;
898 EVP_MD_free(md);
899 md = NULL;
900
901 if (!TEST_true(EVP_set_default_properties(ctx, test_propq))
902 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
903 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
904 goto err;
905 EVP_MD_free(md);
906 md = NULL;
907
908 fetched_properties = EVP_get1_default_properties(ctx);
909 if (!TEST_ptr(fetched_properties)
910 || !TEST_str_eq(fetched_properties, test_propq))
911 goto err;
912 OPENSSL_free(fetched_properties);
913 fetched_properties = NULL;
914
915 if (!TEST_true(EVP_default_properties_enable_fips(ctx, 1)))
916 goto err;
917 fetched_properties = EVP_get1_default_properties(ctx);
918 if (!TEST_ptr(fetched_properties)
919 || !TEST_str_eq(fetched_properties, test_fips_propq))
920 goto err;
921 OPENSSL_free(fetched_properties);
922 fetched_properties = NULL;
923
924 if (!TEST_true(EVP_default_properties_enable_fips(ctx, 0)))
925 goto err;
926
927 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
928 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
929 goto err;
930 res = 1;
931 err:
932 OPENSSL_free(fetched_properties);
933 EVP_MD_free(md);
934 OSSL_LIB_CTX_free(ctx);
935 return res;
936 }
937
938 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
make_key_fromdata(char * keytype,OSSL_PARAM * params)939 static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
940 {
941 EVP_PKEY_CTX *pctx = NULL;
942 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL;
943
944 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
945 goto err;
946 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
947 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
948 params), 0))
949 goto err;
950
951 if (!TEST_ptr(tmp_pkey))
952 goto err;
953
954 pkey = tmp_pkey;
955 tmp_pkey = NULL;
956 err:
957 EVP_PKEY_free(tmp_pkey);
958 EVP_PKEY_CTX_free(pctx);
959 return pkey;
960 }
961
test_selection(EVP_PKEY * pkey,int selection)962 static int test_selection(EVP_PKEY *pkey, int selection)
963 {
964 int testresult = 0;
965 int ret;
966 BIO *bio = BIO_new(BIO_s_mem());
967
968 ret = PEM_write_bio_PUBKEY(bio, pkey);
969 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
970 if (!TEST_true(ret))
971 goto err;
972 } else {
973 if (!TEST_false(ret))
974 goto err;
975 }
976 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
977 testctx, NULL);
978 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
979 if (!TEST_true(ret))
980 goto err;
981 } else {
982 if (!TEST_false(ret))
983 goto err;
984 }
985
986 testresult = 1;
987 err:
988 BIO_free(bio);
989
990 return testresult;
991 }
992 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
993
994 /*
995 * Test combinations of private, public, missing and private + public key
996 * params to ensure they are all accepted
997 */
998 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
test_EVP_PKEY_ffc_priv_pub(char * keytype)999 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
1000 {
1001 OSSL_PARAM_BLD *bld = NULL;
1002 OSSL_PARAM *params = NULL;
1003 EVP_PKEY *just_params = NULL;
1004 EVP_PKEY *params_and_priv = NULL;
1005 EVP_PKEY *params_and_pub = NULL;
1006 EVP_PKEY *params_and_keypair = NULL;
1007 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
1008 int ret = 0;
1009
1010 /*
1011 * Setup the parameters for our pkey object. For our purposes they don't
1012 * have to actually be *valid* parameters. We just need to set something.
1013 */
1014 if (!TEST_ptr(p = BN_new())
1015 || !TEST_ptr(q = BN_new())
1016 || !TEST_ptr(g = BN_new())
1017 || !TEST_ptr(pub = BN_new())
1018 || !TEST_ptr(priv = BN_new()))
1019 goto err;
1020
1021 /* Test !priv and !pub */
1022 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1023 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1024 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1025 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
1026 goto err;
1027 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1028 || !TEST_ptr(just_params = make_key_fromdata(keytype, params)))
1029 goto err;
1030
1031 OSSL_PARAM_free(params);
1032 OSSL_PARAM_BLD_free(bld);
1033 params = NULL;
1034 bld = NULL;
1035
1036 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
1037 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
1038 goto err;
1039
1040 /* Test priv and !pub */
1041 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1042 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1043 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1044 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1045 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1046 priv)))
1047 goto err;
1048 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1049 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params)))
1050 goto err;
1051
1052 OSSL_PARAM_free(params);
1053 OSSL_PARAM_BLD_free(bld);
1054 params = NULL;
1055 bld = NULL;
1056
1057 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
1058 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
1059 goto err;
1060
1061 /* Test !priv and pub */
1062 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1063 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1064 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1065 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1066 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
1067 pub)))
1068 goto err;
1069 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1070 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params)))
1071 goto err;
1072
1073 OSSL_PARAM_free(params);
1074 OSSL_PARAM_BLD_free(bld);
1075 params = NULL;
1076 bld = NULL;
1077
1078 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
1079 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
1080 goto err;
1081
1082 /* Test priv and pub */
1083 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1084 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1085 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1086 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1087 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
1088 pub))
1089 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1090 priv)))
1091 goto err;
1092 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1093 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params)))
1094 goto err;
1095
1096 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
1097 goto err;
1098
1099 ret = 1;
1100 err:
1101 OSSL_PARAM_free(params);
1102 OSSL_PARAM_BLD_free(bld);
1103 EVP_PKEY_free(just_params);
1104 EVP_PKEY_free(params_and_priv);
1105 EVP_PKEY_free(params_and_pub);
1106 EVP_PKEY_free(params_and_keypair);
1107 BN_free(p);
1108 BN_free(q);
1109 BN_free(g);
1110 BN_free(pub);
1111 BN_free(priv);
1112
1113 return ret;
1114 }
1115 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
1116
1117 /*
1118 * Test combinations of private, public, missing and private + public key
1119 * params to ensure they are all accepted for EC keys
1120 */
1121 #ifndef OPENSSL_NO_EC
1122 static unsigned char ec_priv[] = {
1123 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
1124 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
1125 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
1126 };
1127 static unsigned char ec_pub[] = {
1128 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
1129 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
1130 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
1131 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
1132 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
1133 0x08, 0x09, 0xb8, 0xdb, 0x03
1134 };
1135
test_EC_priv_pub(void)1136 static int test_EC_priv_pub(void)
1137 {
1138 OSSL_PARAM_BLD *bld = NULL;
1139 OSSL_PARAM *params = NULL;
1140 EVP_PKEY *just_params = NULL;
1141 EVP_PKEY *params_and_priv = NULL;
1142 EVP_PKEY *params_and_pub = NULL;
1143 EVP_PKEY *params_and_keypair = NULL;
1144 BIGNUM *priv = NULL;
1145 int ret = 0;
1146 unsigned char *encoded = NULL;
1147 size_t len = 0;
1148 unsigned char buffer[128];
1149
1150 /*
1151 * Setup the parameters for our pkey object. For our purposes they don't
1152 * have to actually be *valid* parameters. We just need to set something.
1153 */
1154 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1155 goto err;
1156
1157 /* Test !priv and !pub */
1158 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1159 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1160 OSSL_PKEY_PARAM_GROUP_NAME,
1161 "P-256", 0)))
1162 goto err;
1163 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1164 || !TEST_ptr(just_params = make_key_fromdata("EC", params)))
1165 goto err;
1166
1167 OSSL_PARAM_free(params);
1168 OSSL_PARAM_BLD_free(bld);
1169 params = NULL;
1170 bld = NULL;
1171
1172 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
1173 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
1174 goto err;
1175
1176 /* Test priv and !pub */
1177 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1178 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1179 OSSL_PKEY_PARAM_GROUP_NAME,
1180 "P-256", 0))
1181 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1182 priv)))
1183 goto err;
1184 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1185 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params)))
1186 goto err;
1187
1188 OSSL_PARAM_free(params);
1189 OSSL_PARAM_BLD_free(bld);
1190 params = NULL;
1191 bld = NULL;
1192
1193 /*
1194 * We indicate only parameters here, in spite of having built a key that
1195 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
1196 * expected to fail because it does not support exporting a private EC
1197 * key without a corresponding public key
1198 */
1199 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
1200 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
1201 goto err;
1202
1203 /* Test !priv and pub */
1204 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1205 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1206 OSSL_PKEY_PARAM_GROUP_NAME,
1207 "P-256", 0))
1208 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1209 OSSL_PKEY_PARAM_PUB_KEY,
1210 ec_pub, sizeof(ec_pub))))
1211 goto err;
1212 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1213 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params)))
1214 goto err;
1215
1216 OSSL_PARAM_free(params);
1217 OSSL_PARAM_BLD_free(bld);
1218 params = NULL;
1219 bld = NULL;
1220
1221 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
1222 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
1223 goto err;
1224
1225 /* Test priv and pub */
1226 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1227 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1228 OSSL_PKEY_PARAM_GROUP_NAME,
1229 "P-256", 0))
1230 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1231 OSSL_PKEY_PARAM_PUB_KEY,
1232 ec_pub, sizeof(ec_pub)))
1233 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1234 priv)))
1235 goto err;
1236 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1237 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params)))
1238 goto err;
1239
1240 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
1241 goto err;
1242
1243 /* Try key equality */
1244 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0)
1245 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub),
1246 0)
1247 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv),
1248 0)
1249 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair),
1250 0)
1251 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0)
1252 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0)
1253 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0)
1254 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0))
1255 goto err;
1256
1257 /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */
1258 if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0))
1259 goto err;
1260 OPENSSL_free(encoded);
1261 encoded = NULL;
1262 if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) {
1263 OPENSSL_free(encoded);
1264 encoded = NULL;
1265 goto err;
1266 }
1267
1268 /* Positive and negative testcase for EVP_PKEY_get_octet_string_param */
1269 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1270 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1271 buffer, sizeof(buffer), &len), 1)
1272 || !TEST_int_eq(len, 65))
1273 goto err;
1274
1275 len = 0;
1276 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1277 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1278 NULL, 0, &len), 1)
1279 || !TEST_int_eq(len, 65))
1280 goto err;
1281
1282 /* too-short buffer len*/
1283 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1284 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1285 buffer, 10, &len), 0))
1286 goto err;
1287
1288 ret = 1;
1289 err:
1290 OSSL_PARAM_free(params);
1291 OSSL_PARAM_BLD_free(bld);
1292 EVP_PKEY_free(just_params);
1293 EVP_PKEY_free(params_and_priv);
1294 EVP_PKEY_free(params_and_pub);
1295 EVP_PKEY_free(params_and_keypair);
1296 BN_free(priv);
1297
1298 return ret;
1299 }
1300
1301 /* Also test that we can read the EC PUB affine coordinates */
test_evp_get_ec_pub(void)1302 static int test_evp_get_ec_pub(void)
1303 {
1304 OSSL_PARAM_BLD *bld = NULL;
1305 OSSL_PARAM *params = NULL;
1306 unsigned char *pad = NULL;
1307 EVP_PKEY *keypair = NULL;
1308 BIGNUM *priv = NULL;
1309 BIGNUM *x = NULL;
1310 BIGNUM *y = NULL;
1311 int ret = 0;
1312
1313 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1314 goto err;
1315
1316 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1317 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1318 OSSL_PKEY_PARAM_GROUP_NAME,
1319 "P-256", 0))
1320 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1321 OSSL_PKEY_PARAM_PUB_KEY,
1322 ec_pub, sizeof(ec_pub)))
1323 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1324 priv)))
1325 goto err;
1326
1327 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1328 || !TEST_ptr(keypair = make_key_fromdata("EC", params)))
1329 goto err;
1330
1331 if (!test_selection(keypair, EVP_PKEY_KEYPAIR))
1332 goto err;
1333
1334 if (!EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_X, &x)
1335 || !EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_Y, &y))
1336 goto err;
1337
1338 if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub))))
1339 goto err;
1340
1341 pad[0] = ec_pub[0];
1342 BN_bn2bin(x, &pad[1]);
1343 BN_bn2bin(y, &pad[33]);
1344 if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0))
1345 goto err;
1346
1347 ret = 1;
1348
1349 err:
1350 OSSL_PARAM_free(params);
1351 OSSL_PARAM_BLD_free(bld);
1352 EVP_PKEY_free(keypair);
1353 OPENSSL_free(pad);
1354 BN_free(priv);
1355 BN_free(x);
1356 BN_free(y);
1357 return ret;
1358 }
1359
1360 /* Test that using a legacy EC key with only a private key in it works */
1361 # ifndef OPENSSL_NO_DEPRECATED_3_0
test_EC_priv_only_legacy(void)1362 static int test_EC_priv_only_legacy(void)
1363 {
1364 BIGNUM *priv = NULL;
1365 int ret = 0;
1366 EC_KEY *eckey = NULL;
1367 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
1368 EVP_MD_CTX *ctx = NULL;
1369
1370 /* Create the low level EC_KEY */
1371 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1372 goto err;
1373
1374 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1375 if (!TEST_ptr(eckey))
1376 goto err;
1377
1378 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1379 goto err;
1380
1381 pkey = EVP_PKEY_new();
1382 if (!TEST_ptr(pkey))
1383 goto err;
1384
1385 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1386 goto err;
1387 eckey = NULL;
1388
1389 for (;;) {
1390 ret = 0;
1391 ctx = EVP_MD_CTX_new();
1392 if (!TEST_ptr(ctx))
1393 goto err;
1394
1395 /*
1396 * The EVP_DigestSignInit function should create the key on the
1397 * provider side which is sufficient for this test.
1398 */
1399 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
1400 testpropq, pkey, NULL)))
1401 goto err;
1402 EVP_MD_CTX_free(ctx);
1403 ctx = NULL;
1404
1405 if (dup_pk != NULL)
1406 break;
1407
1408 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
1409 goto err;
1410 /* EVP_PKEY_eq() returns -2 with missing public keys */
1411 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
1412 EVP_PKEY_free(pkey);
1413 pkey = dup_pk;
1414 if (!ret)
1415 goto err;
1416 }
1417 ret = 1;
1418
1419 err:
1420 EVP_MD_CTX_free(ctx);
1421 EVP_PKEY_free(pkey);
1422 EC_KEY_free(eckey);
1423 BN_free(priv);
1424
1425 return ret;
1426 }
1427
test_evp_get_ec_pub_legacy(void)1428 static int test_evp_get_ec_pub_legacy(void)
1429 {
1430 OSSL_LIB_CTX *libctx = NULL;
1431 unsigned char *pad = NULL;
1432 EVP_PKEY *pkey = NULL;
1433 EC_KEY *eckey = NULL;
1434 BIGNUM *priv = NULL;
1435 BIGNUM *x = NULL;
1436 BIGNUM *y = NULL;
1437 int ret = 0;
1438
1439 if (!TEST_ptr(libctx = OSSL_LIB_CTX_new()))
1440 goto err;
1441
1442 /* Create the legacy key */
1443 if (!TEST_ptr(eckey = EC_KEY_new_by_curve_name_ex(libctx, NULL,
1444 NID_X9_62_prime256v1)))
1445 goto err;
1446
1447 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1448 goto err;
1449
1450 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1451 goto err;
1452
1453 if (!TEST_ptr(x = BN_bin2bn(&ec_pub[1], 32, NULL)))
1454 goto err;
1455
1456 if (!TEST_ptr(y = BN_bin2bn(&ec_pub[33], 32, NULL)))
1457 goto err;
1458
1459 if (!TEST_true(EC_KEY_set_public_key_affine_coordinates(eckey, x, y)))
1460 goto err;
1461
1462 if (!TEST_ptr(pkey = EVP_PKEY_new()))
1463 goto err;
1464
1465 /* Transfer the legacy key */
1466 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1467 goto err;
1468 eckey = NULL;
1469
1470 if (!TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &x))
1471 || !TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &y)))
1472 goto err;
1473
1474 if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub))))
1475 goto err;
1476
1477 pad[0] = ec_pub[0];
1478 BN_bn2bin(x, &pad[1]);
1479 BN_bn2bin(y, &pad[33]);
1480
1481 if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0))
1482 goto err;
1483
1484 ret = 1;
1485
1486 err:
1487 OSSL_LIB_CTX_free(libctx);
1488 EVP_PKEY_free(pkey);
1489 EC_KEY_free(eckey);
1490 OPENSSL_free(pad);
1491 BN_free(priv);
1492 BN_free(x);
1493 BN_free(y);
1494
1495 return ret;
1496 }
1497 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
1498 #endif /* OPENSSL_NO_EC */
1499
test_EVP_PKEY_sign(int tst)1500 static int test_EVP_PKEY_sign(int tst)
1501 {
1502 int ret = 0;
1503 EVP_PKEY *pkey = NULL;
1504 unsigned char *sig = NULL;
1505 size_t sig_len = 0, shortsig_len = 1;
1506 EVP_PKEY_CTX *ctx = NULL;
1507 unsigned char tbs[] = {
1508 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1509 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1510 };
1511
1512 if (tst == 0) {
1513 if (!TEST_ptr(pkey = load_example_rsa_key()))
1514 goto out;
1515 } else if (tst == 1) {
1516 #ifndef OPENSSL_NO_DSA
1517 if (!TEST_ptr(pkey = load_example_dsa_key()))
1518 goto out;
1519 #else
1520 ret = 1;
1521 goto out;
1522 #endif
1523 } else {
1524 #ifndef OPENSSL_NO_EC
1525 if (!TEST_ptr(pkey = load_example_ec_key()))
1526 goto out;
1527 #else
1528 ret = 1;
1529 goto out;
1530 #endif
1531 }
1532
1533 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1534 if (!TEST_ptr(ctx)
1535 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1536 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1537 sizeof(tbs)), 0))
1538 goto out;
1539 sig = OPENSSL_malloc(sig_len);
1540 if (!TEST_ptr(sig)
1541 /* Test sending a signature buffer that is too short is rejected */
1542 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1543 sizeof(tbs)), 0)
1544 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1545 0)
1546 /* Test the signature round-trips */
1547 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1548 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1549 0))
1550 goto out;
1551
1552 ret = 1;
1553 out:
1554 EVP_PKEY_CTX_free(ctx);
1555 OPENSSL_free(sig);
1556 EVP_PKEY_free(pkey);
1557 return ret;
1558 }
1559
1560 #ifndef OPENSSL_NO_DEPRECATED_3_0
test_EVP_PKEY_sign_with_app_method(int tst)1561 static int test_EVP_PKEY_sign_with_app_method(int tst)
1562 {
1563 int ret = 0;
1564 EVP_PKEY *pkey = NULL;
1565 RSA *rsa = NULL;
1566 RSA_METHOD *rsa_meth = NULL;
1567 #ifndef OPENSSL_NO_DSA
1568 DSA *dsa = NULL;
1569 DSA_METHOD *dsa_meth = NULL;
1570 #endif
1571 unsigned char *sig = NULL;
1572 size_t sig_len = 0, shortsig_len = 1;
1573 EVP_PKEY_CTX *ctx = NULL;
1574 unsigned char tbs[] = {
1575 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1576 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1577 };
1578
1579 if (tst == 0) {
1580 if (!TEST_ptr(pkey = load_example_rsa_key()))
1581 goto out;
1582 if (!TEST_ptr(rsa_meth = RSA_meth_dup(RSA_get_default_method())))
1583 goto out;
1584
1585 if (!TEST_ptr(rsa = EVP_PKEY_get1_RSA(pkey))
1586 || !TEST_int_gt(RSA_set_method(rsa, rsa_meth), 0)
1587 || !TEST_int_gt(EVP_PKEY_assign_RSA(pkey, rsa), 0))
1588 goto out;
1589 rsa = NULL; /* now owned by the pkey */
1590 } else {
1591 #ifndef OPENSSL_NO_DSA
1592 if (!TEST_ptr(pkey = load_example_dsa_key()))
1593 goto out;
1594 if (!TEST_ptr(dsa_meth = DSA_meth_dup(DSA_get_default_method())))
1595 goto out;
1596
1597 if (!TEST_ptr(dsa = EVP_PKEY_get1_DSA(pkey))
1598 || !TEST_int_gt(DSA_set_method(dsa, dsa_meth), 0)
1599 || !TEST_int_gt(EVP_PKEY_assign_DSA(pkey, dsa), 0))
1600 goto out;
1601 dsa = NULL; /* now owned by the pkey */
1602 #else
1603 ret = 1;
1604 goto out;
1605 #endif
1606 }
1607
1608 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1609 if (!TEST_ptr(ctx)
1610 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1611 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1612 sizeof(tbs)), 0))
1613 goto out;
1614 sig = OPENSSL_malloc(sig_len);
1615 if (!TEST_ptr(sig)
1616 /* Test sending a signature buffer that is too short is rejected */
1617 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1618 sizeof(tbs)), 0)
1619 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1620 0)
1621 /* Test the signature round-trips */
1622 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1623 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1624 0))
1625 goto out;
1626
1627 ret = 1;
1628 out:
1629 EVP_PKEY_CTX_free(ctx);
1630 OPENSSL_free(sig);
1631 EVP_PKEY_free(pkey);
1632 RSA_free(rsa);
1633 RSA_meth_free(rsa_meth);
1634 #ifndef OPENSSL_NO_DSA
1635 DSA_free(dsa);
1636 DSA_meth_free(dsa_meth);
1637 #endif
1638 return ret;
1639 }
1640 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */
1641
1642 /*
1643 * n = 0 => test using legacy cipher
1644 * n = 1 => test using fetched cipher
1645 */
test_EVP_Enveloped(int n)1646 static int test_EVP_Enveloped(int n)
1647 {
1648 int ret = 0;
1649 EVP_CIPHER_CTX *ctx = NULL;
1650 EVP_PKEY *keypair = NULL;
1651 unsigned char *kek = NULL;
1652 unsigned char iv[EVP_MAX_IV_LENGTH];
1653 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1654 int len, kek_len, ciphertext_len, plaintext_len;
1655 unsigned char ciphertext[32], plaintext[16];
1656 EVP_CIPHER *type = NULL;
1657
1658 if (nullprov != NULL)
1659 return TEST_skip("Test does not support a non-default library context");
1660
1661 if (n == 0)
1662 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1663 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1664 testpropq)))
1665 goto err;
1666
1667 if (!TEST_ptr(keypair = load_example_rsa_key())
1668 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
1669 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1670 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1671 &keypair, 1))
1672 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1673 msg, sizeof(msg)))
1674 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1675 &len)))
1676 goto err;
1677
1678 ciphertext_len += len;
1679
1680 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1681 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1682 ciphertext, ciphertext_len))
1683 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1684 goto err;
1685
1686 plaintext_len += len;
1687 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1688 goto err;
1689
1690 ret = 1;
1691 err:
1692 if (n != 0)
1693 EVP_CIPHER_free(type);
1694 OPENSSL_free(kek);
1695 EVP_PKEY_free(keypair);
1696 EVP_CIPHER_CTX_free(ctx);
1697 return ret;
1698 }
1699
1700 /*
1701 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1702 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1703 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1704 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1705 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1706 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1707 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1708 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1709 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1710 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1711 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1712 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1713 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1714 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1715 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1716 * Test 15-29: Same as above with reinitialization
1717 */
test_EVP_DigestSignInit(int tst)1718 static int test_EVP_DigestSignInit(int tst)
1719 {
1720 int ret = 0;
1721 EVP_PKEY *pkey = NULL;
1722 unsigned char *sig = NULL, *sig2 = NULL;
1723 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
1724 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1725 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1726 BIO *mdbio = NULL, *membio = NULL;
1727 size_t written;
1728 const EVP_MD *md;
1729 EVP_MD *mdexp = NULL;
1730 int reinit = 0;
1731
1732 if (nullprov != NULL)
1733 return TEST_skip("Test does not support a non-default library context");
1734
1735 if (tst >= 15) {
1736 reinit = 1;
1737 tst -= 15;
1738 }
1739
1740 if (tst >= 6 && tst <= 8) {
1741 membio = BIO_new(BIO_s_mem());
1742 mdbio = BIO_new(BIO_f_md());
1743 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1744 goto out;
1745 BIO_push(mdbio, membio);
1746 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1747 goto out;
1748 } else {
1749 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1750 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1751 goto out;
1752 }
1753
1754 if (tst % 3 == 0) {
1755 if (!TEST_ptr(pkey = load_example_rsa_key()))
1756 goto out;
1757 } else if (tst % 3 == 1) {
1758 #ifndef OPENSSL_NO_DSA
1759 if (!TEST_ptr(pkey = load_example_dsa_key()))
1760 goto out;
1761 #else
1762 ret = 1;
1763 goto out;
1764 #endif
1765 } else {
1766 if (!TEST_ptr(pkey = load_example_hmac_key()))
1767 goto out;
1768 }
1769
1770 if (tst >= 3 && tst <= 5)
1771 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1772 else
1773 md = EVP_sha256();
1774
1775 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1776 goto out;
1777
1778 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
1779 goto out;
1780
1781 if (tst >= 6 && tst <= 8) {
1782 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1783 goto out;
1784 } else if (tst < 6) {
1785 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1786 goto out;
1787 }
1788
1789 if (tst >= 9) {
1790 /* Determine the size of the signature. */
1791 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1792 sizeof(kMsg)))
1793 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1794 goto out;
1795 if (tst <= 11) {
1796 /* Test that supply a short sig buffer fails */
1797 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1798 sizeof(kMsg))))
1799 goto out;
1800 /*
1801 * We end here because once EVP_DigestSign() has failed you should
1802 * not call it again without re-initing the ctx
1803 */
1804 ret = 1;
1805 goto out;
1806 }
1807 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1808 sizeof(kMsg))))
1809 goto out;
1810 } else {
1811 /* Determine the size of the signature. */
1812 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1813 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1814 /*
1815 * Trying to create a signature with a deliberately short
1816 * buffer should fail.
1817 */
1818 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1819 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1820 goto out;
1821 }
1822
1823 /*
1824 * Ensure that the signature round-trips (Verification isn't supported for
1825 * HMAC via EVP_DigestVerify*)
1826 */
1827 if (tst % 3 != 2) {
1828 if (tst >= 6 && tst <= 8) {
1829 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1830 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1831 goto out;
1832 }
1833
1834 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1835 NULL, pkey)))
1836 goto out;
1837
1838 if (tst >= 6 && tst <= 8) {
1839 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1840 goto out;
1841 } else {
1842 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1843 sizeof(kMsg))))
1844 goto out;
1845 }
1846 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1847 goto out;
1848
1849 /* Multiple calls to EVP_DigestVerifyFinal should work */
1850 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1851 goto out;
1852 } else {
1853 /*
1854 * For HMAC a doubled call to DigestSignFinal should produce the same
1855 * value as finalization should not happen.
1856 */
1857 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1858 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1859 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1860 goto out;
1861
1862 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1863 goto out;
1864 }
1865
1866 ret = 1;
1867
1868 out:
1869 BIO_free(membio);
1870 BIO_free(mdbio);
1871 EVP_MD_CTX_free(a_md_ctx);
1872 EVP_MD_CTX_free(a_md_ctx_verify);
1873 EVP_PKEY_free(pkey);
1874 OPENSSL_free(sig);
1875 OPENSSL_free(sig2);
1876 EVP_MD_free(mdexp);
1877
1878 return ret;
1879 }
1880
test_EVP_DigestVerifyInit(void)1881 static int test_EVP_DigestVerifyInit(void)
1882 {
1883 int ret = 0;
1884 EVP_PKEY *pkey = NULL;
1885 EVP_MD_CTX *md_ctx = NULL;
1886
1887 if (nullprov != NULL)
1888 return TEST_skip("Test does not support a non-default library context");
1889
1890 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1891 || !TEST_ptr(pkey = load_example_rsa_key()))
1892 goto out;
1893
1894 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1895 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1896 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1897 sizeof(kSignature)), 0))
1898 goto out;
1899
1900 /* test with reinitialization */
1901 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
1902 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1903 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1904 sizeof(kSignature)), 0))
1905 goto out;
1906 ret = 1;
1907
1908 out:
1909 EVP_MD_CTX_free(md_ctx);
1910 EVP_PKEY_free(pkey);
1911 return ret;
1912 }
1913
1914 #ifndef OPENSSL_NO_SIPHASH
1915 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
test_siphash_digestsign(void)1916 static int test_siphash_digestsign(void)
1917 {
1918 unsigned char key[16];
1919 unsigned char buf[8], digest[8];
1920 unsigned char expected[8] = {
1921 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1922 };
1923 EVP_PKEY *pkey = NULL;
1924 EVP_MD_CTX *mdctx = NULL;
1925 EVP_PKEY_CTX *ctx = NULL;
1926 int ret = 0;
1927 size_t len = 8;
1928
1929 if (nullprov != NULL)
1930 return TEST_skip("Test does not support a non-default library context");
1931
1932 memset(buf, 0, 8);
1933 memset(key, 1, 16);
1934 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
1935 key, 16)))
1936 goto out;
1937
1938 if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
1939 goto out;
1940
1941 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
1942 goto out;
1943 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
1944 EVP_PKEY_CTRL_SET_DIGEST_SIZE,
1945 8, NULL), 1))
1946 goto out;
1947 /* reinitialize */
1948 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
1949 goto out;
1950 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
1951 goto out;
1952 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
1953 goto out;
1954 if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
1955 goto out;
1956
1957 ret = 1;
1958 out:
1959 EVP_PKEY_free(pkey);
1960 EVP_MD_CTX_free(mdctx);
1961 return ret;
1962 }
1963 #endif
1964
1965 /*
1966 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1967 */
test_EVP_Digest(void)1968 static int test_EVP_Digest(void)
1969 {
1970 int ret = 0;
1971 EVP_MD_CTX *md_ctx = NULL;
1972 unsigned char md[EVP_MAX_MD_SIZE];
1973 EVP_MD *sha256 = NULL;
1974 EVP_MD *shake256 = NULL;
1975
1976 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1977 goto out;
1978
1979 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1980 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1981 goto out;
1982
1983 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1984 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1985 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1986 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1987 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1988 goto out;
1989
1990 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1991 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1992 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1993 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1994 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1995 /*
1996 * EVP_DigestInit_ex with NULL type should work on
1997 * pre-initialized context.
1998 */
1999 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
2000 goto out;
2001
2002 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
2003 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
2004 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
2005 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
2006 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
2007 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
2008 goto out;
2009 ret = 1;
2010
2011 out:
2012 EVP_MD_CTX_free(md_ctx);
2013 EVP_MD_free(sha256);
2014 EVP_MD_free(shake256);
2015 return ret;
2016 }
2017
test_EVP_md_null(void)2018 static int test_EVP_md_null(void)
2019 {
2020 int ret = 0;
2021 EVP_MD_CTX *md_ctx = NULL;
2022 const EVP_MD *md_null = EVP_md_null();
2023 unsigned char md_value[EVP_MAX_MD_SIZE];
2024 unsigned int md_len = sizeof(md_value);
2025
2026 if (nullprov != NULL)
2027 return TEST_skip("Test does not support a non-default library context");
2028
2029 if (!TEST_ptr(md_null)
2030 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
2031 goto out;
2032
2033 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
2034 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
2035 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
2036 goto out;
2037
2038 if (!TEST_uint_eq(md_len, 0))
2039 goto out;
2040
2041 ret = 1;
2042 out:
2043 EVP_MD_CTX_free(md_ctx);
2044 return ret;
2045 }
2046
test_d2i_AutoPrivateKey(int i)2047 static int test_d2i_AutoPrivateKey(int i)
2048 {
2049 int ret = 0;
2050 const unsigned char *p;
2051 EVP_PKEY *pkey = NULL;
2052 const APK_DATA *ak = &keydata[i];
2053 const unsigned char *input = ak->kder;
2054 size_t input_len = ak->size;
2055 int expected_id = ak->evptype;
2056
2057 p = input;
2058 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
2059 || !TEST_ptr_eq(p, input + input_len)
2060 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2061 goto done;
2062
2063 ret = 1;
2064
2065 done:
2066 EVP_PKEY_free(pkey);
2067 return ret;
2068 }
2069
2070 #ifndef OPENSSL_NO_EC
2071
2072 static const unsigned char ec_public_sect163k1_validxy[] = {
2073 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
2074 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
2075 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
2076 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
2077 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
2078 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
2079 };
2080
2081 static const unsigned char ec_public_sect163k1_badx[] = {
2082 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
2083 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
2084 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
2085 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
2086 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
2087 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
2088 };
2089
2090 static const unsigned char ec_public_sect163k1_bady[] = {
2091 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
2092 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
2093 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
2094 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
2095 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
2096 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
2097 };
2098
2099 static struct ec_der_pub_keys_st {
2100 const unsigned char *der;
2101 size_t len;
2102 int valid;
2103 } ec_der_pub_keys[] = {
2104 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
2105 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
2106 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
2107 };
2108
2109 /*
2110 * Tests the range of the decoded EC char2 public point.
2111 * See ec_GF2m_simple_oct2point().
2112 */
test_invalide_ec_char2_pub_range_decode(int id)2113 static int test_invalide_ec_char2_pub_range_decode(int id)
2114 {
2115 int ret = 0;
2116 EVP_PKEY *pkey;
2117
2118 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
2119 ec_der_pub_keys[id].len);
2120
2121 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
2122 || TEST_ptr_null(pkey);
2123 EVP_PKEY_free(pkey);
2124 return ret;
2125 }
2126
2127 /* Tests loading a bad key in PKCS8 format */
test_EVP_PKCS82PKEY(void)2128 static int test_EVP_PKCS82PKEY(void)
2129 {
2130 int ret = 0;
2131 const unsigned char *derp = kExampleBadECKeyDER;
2132 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
2133 EVP_PKEY *pkey = NULL;
2134
2135 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
2136 sizeof(kExampleBadECKeyDER))))
2137 goto done;
2138
2139 if (!TEST_ptr_eq(derp,
2140 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
2141 goto done;
2142
2143 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
2144 goto done;
2145
2146 ret = 1;
2147
2148 done:
2149 PKCS8_PRIV_KEY_INFO_free(p8inf);
2150 EVP_PKEY_free(pkey);
2151
2152 return ret;
2153 }
2154
2155 #endif
test_EVP_PKCS82PKEY_wrong_tag(void)2156 static int test_EVP_PKCS82PKEY_wrong_tag(void)
2157 {
2158 EVP_PKEY *pkey = NULL;
2159 EVP_PKEY *pkey2 = NULL;
2160 BIO *membio = NULL;
2161 char *membuf = NULL;
2162 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
2163 int ok = 0;
2164
2165 if (testctx != NULL)
2166 /* test not supported with non-default context */
2167 return 1;
2168
2169 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
2170 || !TEST_ptr(pkey = load_example_rsa_key())
2171 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
2172 NULL, 0, NULL, NULL),
2173 0)
2174 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
2175 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
2176 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
2177 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
2178 goto done;
2179 }
2180
2181 ok = 1;
2182 done:
2183 EVP_PKEY_free(pkey);
2184 EVP_PKEY_free(pkey2);
2185 PKCS8_PRIV_KEY_INFO_free(p8inf);
2186 BIO_free_all(membio);
2187 return ok;
2188 }
2189
2190 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
test_privatekey_to_pkcs8(void)2191 static int test_privatekey_to_pkcs8(void)
2192 {
2193 EVP_PKEY *pkey = NULL;
2194 BIO *membio = NULL;
2195 char *membuf = NULL;
2196 long membuf_len = 0;
2197 int ok = 0;
2198
2199 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
2200 || !TEST_ptr(pkey = load_example_rsa_key())
2201 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
2202 NULL, 0, NULL, NULL),
2203 0)
2204 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
2205 || !TEST_ptr(membuf)
2206 || !TEST_mem_eq(membuf, (size_t)membuf_len,
2207 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
2208 /*
2209 * We try to write PEM as well, just to see that it doesn't err, but
2210 * assume that the result is correct.
2211 */
2212 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
2213 NULL, 0, NULL, NULL),
2214 0))
2215 goto done;
2216
2217 ok = 1;
2218 done:
2219 EVP_PKEY_free(pkey);
2220 BIO_free_all(membio);
2221 return ok;
2222 }
2223
2224 #ifndef OPENSSL_NO_EC
2225 static const struct {
2226 int encoding;
2227 const char *encoding_name;
2228 } ec_encodings[] = {
2229 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
2230 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
2231 };
2232
ec_export_get_encoding_cb(const OSSL_PARAM params[],void * arg)2233 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
2234 {
2235 const OSSL_PARAM *p;
2236 const char *enc_name = NULL;
2237 int *enc = arg;
2238 size_t i;
2239
2240 *enc = -1;
2241
2242 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
2243 OSSL_PKEY_PARAM_EC_ENCODING))
2244 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
2245 return 0;
2246
2247 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
2248 if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
2249 *enc = ec_encodings[i].encoding;
2250 break;
2251 }
2252 }
2253
2254 return (*enc != -1);
2255 }
2256
test_EC_keygen_with_enc(int idx)2257 static int test_EC_keygen_with_enc(int idx)
2258 {
2259 EVP_PKEY *params = NULL, *key = NULL;
2260 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
2261 int enc;
2262 int ret = 0;
2263
2264 enc = ec_encodings[idx].encoding;
2265
2266 /* Create key parameters */
2267 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
2268 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
2269 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0)
2270 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0)
2271 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))
2272 || !TEST_ptr(params))
2273 goto done;
2274
2275 /* Create key */
2276 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
2277 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2278 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
2279 || !TEST_ptr(key))
2280 goto done;
2281
2282 /* Check that the encoding got all the way into the key */
2283 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
2284 ec_export_get_encoding_cb, &enc))
2285 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
2286 goto done;
2287
2288 ret = 1;
2289 done:
2290 EVP_PKEY_free(key);
2291 EVP_PKEY_free(params);
2292 EVP_PKEY_CTX_free(kctx);
2293 EVP_PKEY_CTX_free(pctx);
2294 return ret;
2295 }
2296 #endif
2297
2298 #if !defined(OPENSSL_NO_SM2)
2299
test_EVP_SM2_verify(void)2300 static int test_EVP_SM2_verify(void)
2301 {
2302 const char *pubkey =
2303 "-----BEGIN PUBLIC KEY-----\n"
2304 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
2305 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
2306 "-----END PUBLIC KEY-----\n";
2307
2308 const char *msg = "message digest";
2309 const char *id = "ALICE123@YAHOO.COM";
2310
2311 const uint8_t signature[] = {
2312 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
2313 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
2314 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
2315 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
2316 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
2317 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
2318 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
2319 };
2320
2321 int rc = 0;
2322 BIO *bio = NULL;
2323 EVP_PKEY *pkey = NULL;
2324 EVP_MD_CTX *mctx = NULL;
2325 EVP_PKEY_CTX *pctx = NULL;
2326 EVP_MD *sm3 = NULL;
2327
2328 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
2329 if (!TEST_true(bio != NULL))
2330 goto done;
2331
2332 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
2333 if (!TEST_true(pkey != NULL))
2334 goto done;
2335
2336 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
2337 goto done;
2338
2339 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
2340 goto done;
2341
2342 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2343 goto done;
2344
2345 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
2346
2347 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
2348 goto done;
2349
2350 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
2351 goto done;
2352
2353 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
2354 goto done;
2355
2356 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
2357 goto done;
2358
2359 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
2360 goto done;
2361 rc = 1;
2362
2363 done:
2364 BIO_free(bio);
2365 EVP_PKEY_free(pkey);
2366 EVP_PKEY_CTX_free(pctx);
2367 EVP_MD_CTX_free(mctx);
2368 EVP_MD_free(sm3);
2369 return rc;
2370 }
2371
test_EVP_SM2(void)2372 static int test_EVP_SM2(void)
2373 {
2374 int ret = 0;
2375 EVP_PKEY *pkey = NULL;
2376 EVP_PKEY *pkeyparams = NULL;
2377 EVP_PKEY_CTX *pctx = NULL;
2378 EVP_PKEY_CTX *kctx = NULL;
2379 EVP_PKEY_CTX *sctx = NULL;
2380 size_t sig_len = 0;
2381 unsigned char *sig = NULL;
2382 EVP_MD_CTX *md_ctx = NULL;
2383 EVP_MD_CTX *md_ctx_verify = NULL;
2384 EVP_PKEY_CTX *cctx = NULL;
2385 EVP_MD *check_md = NULL;
2386
2387 uint8_t ciphertext[128];
2388 size_t ctext_len = sizeof(ciphertext);
2389
2390 uint8_t plaintext[8];
2391 size_t ptext_len = sizeof(plaintext);
2392
2393 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
2394
2395 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
2396 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
2397 int i;
2398 char mdname[OSSL_MAX_NAME_SIZE];
2399
2400 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
2401 "SM2", testpropq)))
2402 goto done;
2403
2404 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
2405 goto done;
2406
2407 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0))
2408 goto done;
2409
2410 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
2411 goto done;
2412
2413 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2414 pkeyparams, testpropq)))
2415 goto done;
2416
2417 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0))
2418 goto done;
2419
2420 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
2421 goto done;
2422
2423 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
2424 goto done;
2425
2426 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
2427 goto done;
2428
2429 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2430 goto done;
2431
2432 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
2433 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
2434
2435 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
2436 goto done;
2437
2438 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
2439 goto done;
2440
2441 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
2442 goto done;
2443
2444 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
2445 goto done;
2446
2447 /* Determine the size of the signature. */
2448 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
2449 goto done;
2450
2451 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
2452 goto done;
2453
2454 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
2455 goto done;
2456
2457 /* Ensure that the signature round-trips. */
2458
2459 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
2460 pkey)))
2461 goto done;
2462
2463 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
2464 goto done;
2465
2466 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2467 goto done;
2468
2469 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2470 goto done;
2471
2472 /*
2473 * Try verify again with non-matching 0 length id but ensure that it can
2474 * be set on the context and overrides the previous value.
2475 */
2476
2477 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
2478 pkey)))
2479 goto done;
2480
2481 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0))
2482 goto done;
2483
2484 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2485 goto done;
2486
2487 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2488 goto done;
2489
2490 /* now check encryption/decryption */
2491
2492 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2493 mdname, sizeof(mdname));
2494 for (i = 0; i < 2; i++) {
2495 const char *mdnames[] = {
2496 #ifndef OPENSSL_NO_SM3
2497 "SM3",
2498 #else
2499 NULL,
2500 #endif
2501 "SHA2-256" };
2502 EVP_PKEY_CTX_free(cctx);
2503
2504 if (mdnames[i] == NULL)
2505 continue;
2506
2507 sparams[0] =
2508 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2509 (char *)mdnames[i], 0);
2510
2511 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2512 pkey, testpropq)))
2513 goto done;
2514
2515 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
2516 goto done;
2517
2518 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2519 goto done;
2520
2521 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
2522 sizeof(kMsg))))
2523 goto done;
2524
2525 if (!TEST_int_gt(EVP_PKEY_decrypt_init(cctx), 0))
2526 goto done;
2527
2528 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2529 goto done;
2530
2531 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
2532 ctext_len), 0))
2533 goto done;
2534
2535 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
2536 goto done;
2537
2538 /*
2539 * Test we're still using the digest we think we are.
2540 * Because of aliases, the easiest is to fetch the digest and
2541 * check the name with EVP_MD_is_a().
2542 */
2543 EVP_MD_free(check_md);
2544 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
2545 goto done;
2546 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
2547 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
2548 goto done;
2549 }
2550
2551 if (!TEST_true(ptext_len == sizeof(kMsg)))
2552 goto done;
2553
2554 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
2555 goto done;
2556 }
2557
2558 ret = 1;
2559 done:
2560 EVP_PKEY_CTX_free(pctx);
2561 EVP_PKEY_CTX_free(kctx);
2562 EVP_PKEY_CTX_free(sctx);
2563 EVP_PKEY_CTX_free(cctx);
2564 EVP_PKEY_free(pkey);
2565 EVP_PKEY_free(pkeyparams);
2566 EVP_MD_CTX_free(md_ctx);
2567 EVP_MD_CTX_free(md_ctx_verify);
2568 EVP_MD_free(check_md);
2569 OPENSSL_free(sig);
2570 return ret;
2571 }
2572
2573 #endif
2574
2575 static struct keys_st {
2576 int type;
2577 char *priv;
2578 char *pub;
2579 } keys[] = {
2580 {
2581 EVP_PKEY_HMAC, "0123456789", NULL
2582 },
2583 {
2584 EVP_PKEY_HMAC, "", NULL
2585 #ifndef OPENSSL_NO_POLY1305
2586 }, {
2587 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
2588 #endif
2589 #ifndef OPENSSL_NO_SIPHASH
2590 }, {
2591 EVP_PKEY_SIPHASH, "0123456789012345", NULL
2592 #endif
2593 },
2594 #ifndef OPENSSL_NO_ECX
2595 {
2596 EVP_PKEY_X25519, "01234567890123456789012345678901",
2597 "abcdefghijklmnopqrstuvwxyzabcdef"
2598 }, {
2599 EVP_PKEY_ED25519, "01234567890123456789012345678901",
2600 "abcdefghijklmnopqrstuvwxyzabcdef"
2601 }, {
2602 EVP_PKEY_X448,
2603 "01234567890123456789012345678901234567890123456789012345",
2604 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2605 }, {
2606 EVP_PKEY_ED448,
2607 "012345678901234567890123456789012345678901234567890123456",
2608 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2609 }
2610 #endif
2611 };
2612
test_set_get_raw_keys_int(int tst,int pub,int uselibctx)2613 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
2614 {
2615 int ret = 0;
2616 unsigned char buf[80];
2617 unsigned char *in;
2618 size_t inlen, len = 0, shortlen = 1;
2619 EVP_PKEY *pkey;
2620
2621 /* Check if this algorithm supports public keys */
2622 if (pub && keys[tst].pub == NULL)
2623 return 1;
2624
2625 memset(buf, 0, sizeof(buf));
2626
2627 if (pub) {
2628 #ifndef OPENSSL_NO_EC
2629 inlen = strlen(keys[tst].pub);
2630 in = (unsigned char *)keys[tst].pub;
2631 if (uselibctx) {
2632 pkey = EVP_PKEY_new_raw_public_key_ex(
2633 testctx,
2634 OBJ_nid2sn(keys[tst].type),
2635 NULL,
2636 in,
2637 inlen);
2638 } else {
2639 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
2640 NULL,
2641 in,
2642 inlen);
2643 }
2644 #else
2645 return 1;
2646 #endif
2647 } else {
2648 inlen = strlen(keys[tst].priv);
2649 in = (unsigned char *)keys[tst].priv;
2650 if (uselibctx) {
2651 pkey = EVP_PKEY_new_raw_private_key_ex(
2652 testctx, OBJ_nid2sn(keys[tst].type),
2653 NULL,
2654 in,
2655 inlen);
2656 } else {
2657 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
2658 NULL,
2659 in,
2660 inlen);
2661 }
2662 }
2663
2664 if (!TEST_ptr(pkey)
2665 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
2666 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
2667 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
2668 || !TEST_true(len == inlen))
2669 goto done;
2670 if (tst != 1) {
2671 /*
2672 * Test that supplying a buffer that is too small fails. Doesn't apply
2673 * to HMAC with a zero length key
2674 */
2675 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
2676 &shortlen)))
2677 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
2678 &shortlen))))
2679 goto done;
2680 }
2681 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
2682 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
2683 || !TEST_mem_eq(in, inlen, buf, len))
2684 goto done;
2685
2686 ret = 1;
2687 done:
2688 EVP_PKEY_free(pkey);
2689 return ret;
2690 }
2691
test_set_get_raw_keys(int tst)2692 static int test_set_get_raw_keys(int tst)
2693 {
2694 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
2695 && test_set_get_raw_keys_int(tst, 0, 1)
2696 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
2697 && test_set_get_raw_keys_int(tst, 1, 1);
2698 }
2699
2700 #ifndef OPENSSL_NO_DEPRECATED_3_0
pkey_custom_check(EVP_PKEY * pkey)2701 static int pkey_custom_check(EVP_PKEY *pkey)
2702 {
2703 return 0xbeef;
2704 }
2705
pkey_custom_pub_check(EVP_PKEY * pkey)2706 static int pkey_custom_pub_check(EVP_PKEY *pkey)
2707 {
2708 return 0xbeef;
2709 }
2710
pkey_custom_param_check(EVP_PKEY * pkey)2711 static int pkey_custom_param_check(EVP_PKEY *pkey)
2712 {
2713 return 0xbeef;
2714 }
2715
2716 static EVP_PKEY_METHOD *custom_pmeth;
2717 #endif
2718
test_EVP_PKEY_check(int i)2719 static int test_EVP_PKEY_check(int i)
2720 {
2721 int ret = 0;
2722 EVP_PKEY *pkey = NULL;
2723 EVP_PKEY_CTX *ctx = NULL;
2724 #ifndef OPENSSL_NO_DEPRECATED_3_0
2725 EVP_PKEY_CTX *ctx2 = NULL;
2726 #endif
2727 const APK_DATA *ak = &keycheckdata[i];
2728 const unsigned char *input = ak->kder;
2729 size_t input_len = ak->size;
2730 int expected_id = ak->evptype;
2731 int expected_check = ak->check;
2732 int expected_pub_check = ak->pub_check;
2733 int expected_param_check = ak->param_check;
2734 int type = ak->type;
2735
2736 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
2737 goto done;
2738 if (type == 0
2739 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2740 goto done;
2741
2742 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2743 goto done;
2744
2745 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
2746 goto done;
2747
2748 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
2749 goto done;
2750
2751 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
2752 goto done;
2753
2754 #ifndef OPENSSL_NO_DEPRECATED_3_0
2755 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
2756 /* assign the pkey directly, as an internal test */
2757 EVP_PKEY_up_ref(pkey);
2758 ctx2->pkey = pkey;
2759
2760 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
2761 goto done;
2762
2763 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
2764 goto done;
2765
2766 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
2767 goto done;
2768 #endif
2769
2770 ret = 1;
2771
2772 done:
2773 EVP_PKEY_CTX_free(ctx);
2774 #ifndef OPENSSL_NO_DEPRECATED_3_0
2775 EVP_PKEY_CTX_free(ctx2);
2776 #endif
2777 EVP_PKEY_free(pkey);
2778 return ret;
2779 }
2780
2781 #ifndef OPENSSL_NO_CMAC
get_cmac_val(EVP_PKEY * pkey,unsigned char * mac)2782 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
2783 {
2784 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
2785 const char msg[] = "Hello World";
2786 size_t maclen = AES_BLOCK_SIZE;
2787 int ret = 1;
2788
2789 if (!TEST_ptr(mdctx)
2790 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
2791 testpropq, pkey, NULL))
2792 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
2793 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
2794 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
2795 ret = 0;
2796
2797 EVP_MD_CTX_free(mdctx);
2798
2799 return ret;
2800 }
test_CMAC_keygen(void)2801 static int test_CMAC_keygen(void)
2802 {
2803 static unsigned char key[] = {
2804 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2805 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2806 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2807 };
2808 EVP_PKEY_CTX *kctx = NULL;
2809 int ret = 0;
2810 EVP_PKEY *pkey = NULL;
2811 unsigned char mac[AES_BLOCK_SIZE];
2812 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2813 unsigned char mac2[AES_BLOCK_SIZE];
2814 # endif
2815
2816 if (nullprov != NULL)
2817 return TEST_skip("Test does not support a non-default library context");
2818
2819 /*
2820 * This is a legacy method for CMACs, but should still work.
2821 * This verifies that it works without an ENGINE.
2822 */
2823 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2824
2825 /* Test a CMAC key created using the "generated" method */
2826 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2827 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2828 EVP_PKEY_CTRL_CIPHER,
2829 0, (void *)EVP_aes_256_cbc()), 0)
2830 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2831 EVP_PKEY_CTRL_SET_MAC_KEY,
2832 sizeof(key), (void *)key), 0)
2833 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2834 || !TEST_ptr(pkey)
2835 || !TEST_true(get_cmac_val(pkey, mac)))
2836 goto done;
2837
2838 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2839 EVP_PKEY_free(pkey);
2840
2841 /*
2842 * Test a CMAC key using the direct method, and compare with the mac
2843 * created above.
2844 */
2845 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_cbc());
2846 if (!TEST_ptr(pkey)
2847 || !TEST_true(get_cmac_val(pkey, mac2))
2848 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
2849 goto done;
2850 # endif
2851
2852 ret = 1;
2853
2854 done:
2855 EVP_PKEY_free(pkey);
2856 EVP_PKEY_CTX_free(kctx);
2857 return ret;
2858 }
2859 #endif
2860
test_HKDF(void)2861 static int test_HKDF(void)
2862 {
2863 EVP_PKEY_CTX *pctx;
2864 unsigned char out[20];
2865 size_t outlen;
2866 int i, ret = 0;
2867 unsigned char salt[] = "0123456789";
2868 unsigned char key[] = "012345678901234567890123456789";
2869 unsigned char info[] = "infostring";
2870 const unsigned char expected[] = {
2871 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2872 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2873 };
2874 size_t expectedlen = sizeof(expected);
2875
2876 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2877 goto done;
2878
2879 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2880 for (i = 0; i < 2; i++) {
2881 outlen = sizeof(out);
2882 memset(out, 0, outlen);
2883
2884 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2885 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2886 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2887 sizeof(salt) - 1), 0)
2888 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2889 sizeof(key) - 1), 0)
2890 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2891 sizeof(info) - 1), 0)
2892 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2893 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2894 goto done;
2895 }
2896
2897 ret = 1;
2898
2899 done:
2900 EVP_PKEY_CTX_free(pctx);
2901
2902 return ret;
2903 }
2904
test_emptyikm_HKDF(void)2905 static int test_emptyikm_HKDF(void)
2906 {
2907 EVP_PKEY_CTX *pctx;
2908 unsigned char out[20];
2909 size_t outlen;
2910 int ret = 0;
2911 unsigned char salt[] = "9876543210";
2912 unsigned char key[] = "";
2913 unsigned char info[] = "stringinfo";
2914 const unsigned char expected[] = {
2915 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2916 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2917 };
2918 size_t expectedlen = sizeof(expected);
2919
2920 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2921 goto done;
2922
2923 outlen = sizeof(out);
2924 memset(out, 0, outlen);
2925
2926 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2927 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2928 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2929 sizeof(salt) - 1), 0)
2930 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2931 sizeof(key) - 1), 0)
2932 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2933 sizeof(info) - 1), 0)
2934 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2935 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2936 goto done;
2937
2938 ret = 1;
2939
2940 done:
2941 EVP_PKEY_CTX_free(pctx);
2942
2943 return ret;
2944 }
2945
test_empty_salt_info_HKDF(void)2946 static int test_empty_salt_info_HKDF(void)
2947 {
2948 EVP_PKEY_CTX *pctx;
2949 unsigned char out[20];
2950 size_t outlen;
2951 int ret = 0;
2952 unsigned char salt[] = "";
2953 unsigned char key[] = "012345678901234567890123456789";
2954 unsigned char info[] = "";
2955 const unsigned char expected[] = {
2956 0x67, 0x12, 0xf9, 0x27, 0x8a, 0x8a, 0x3a, 0x8f, 0x7d, 0x2c, 0xa3, 0x6a,
2957 0xaa, 0xe9, 0xb3, 0xb9, 0x52, 0x5f, 0xe0, 0x06,
2958 };
2959 size_t expectedlen = sizeof(expected);
2960
2961 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2962 goto done;
2963
2964 outlen = sizeof(out);
2965 memset(out, 0, outlen);
2966
2967 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2968 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2969 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2970 sizeof(salt) - 1), 0)
2971 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2972 sizeof(key) - 1), 0)
2973 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2974 sizeof(info) - 1), 0)
2975 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2976 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2977 goto done;
2978
2979 ret = 1;
2980
2981 done:
2982 EVP_PKEY_CTX_free(pctx);
2983
2984 return ret;
2985 }
2986
2987 #ifndef OPENSSL_NO_EC
test_X509_PUBKEY_inplace(void)2988 static int test_X509_PUBKEY_inplace(void)
2989 {
2990 int ret = 0;
2991 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
2992 const unsigned char *p = kExampleECPubKeyDER;
2993 size_t input_len = sizeof(kExampleECPubKeyDER);
2994
2995 if (!TEST_ptr(xp))
2996 goto done;
2997 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
2998 goto done;
2999
3000 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
3001 goto done;
3002
3003 p = kExampleBadECPubKeyDER;
3004 input_len = sizeof(kExampleBadECPubKeyDER);
3005
3006 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
3007 goto done;
3008
3009 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
3010 goto done;
3011
3012 ret = 1;
3013
3014 done:
3015 X509_PUBKEY_free(xp);
3016 return ret;
3017 }
3018
test_X509_PUBKEY_dup(void)3019 static int test_X509_PUBKEY_dup(void)
3020 {
3021 int ret = 0;
3022 X509_PUBKEY *xp = NULL, *xq = NULL;
3023 const unsigned char *p = kExampleECPubKeyDER;
3024 size_t input_len = sizeof(kExampleECPubKeyDER);
3025
3026 xp = X509_PUBKEY_new_ex(testctx, testpropq);
3027 if (!TEST_ptr(xp)
3028 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
3029 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
3030 || !TEST_ptr_ne(xp, xq))
3031 goto done;
3032
3033 if (!TEST_ptr(X509_PUBKEY_get0(xq))
3034 || !TEST_ptr(X509_PUBKEY_get0(xp))
3035 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
3036 goto done;
3037
3038 X509_PUBKEY_free(xq);
3039 xq = NULL;
3040 p = kExampleBadECPubKeyDER;
3041 input_len = sizeof(kExampleBadECPubKeyDER);
3042
3043 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
3044 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
3045 goto done;
3046
3047 X509_PUBKEY_free(xp);
3048 xp = NULL;
3049 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
3050 goto done;
3051
3052 ret = 1;
3053
3054 done:
3055 X509_PUBKEY_free(xp);
3056 X509_PUBKEY_free(xq);
3057 return ret;
3058 }
3059 #endif /* OPENSSL_NO_EC */
3060
3061 /* Test getting and setting parameters on an EVP_PKEY_CTX */
test_EVP_PKEY_CTX_get_set_params(EVP_PKEY * pkey)3062 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
3063 {
3064 EVP_MD_CTX *mdctx = NULL;
3065 EVP_PKEY_CTX *ctx = NULL;
3066 const OSSL_PARAM *params;
3067 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
3068 int ret = 0;
3069 const EVP_MD *md;
3070 char mdname[OSSL_MAX_NAME_SIZE];
3071 char ssl3ms[48];
3072
3073 /* Initialise a sign operation */
3074 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
3075 if (!TEST_ptr(ctx)
3076 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
3077 goto err;
3078
3079 /*
3080 * We should be able to query the parameters now.
3081 */
3082 params = EVP_PKEY_CTX_settable_params(ctx);
3083 if (!TEST_ptr(params)
3084 || !TEST_ptr(OSSL_PARAM_locate_const(params,
3085 OSSL_SIGNATURE_PARAM_DIGEST)))
3086 goto err;
3087
3088 params = EVP_PKEY_CTX_gettable_params(ctx);
3089 if (!TEST_ptr(params)
3090 || !TEST_ptr(OSSL_PARAM_locate_const(params,
3091 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
3092 || !TEST_ptr(OSSL_PARAM_locate_const(params,
3093 OSSL_SIGNATURE_PARAM_DIGEST)))
3094 goto err;
3095
3096 /*
3097 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
3098 * EVP_PKEY_CTX_get_params()
3099 */
3100 strcpy(mdname, "SHA512");
3101 param_md = param;
3102 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
3103 mdname, 0);
3104 *param++ = OSSL_PARAM_construct_end();
3105
3106 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
3107 goto err;
3108
3109 mdname[0] = '\0';
3110 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
3111 mdname, sizeof(mdname));
3112 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
3113 || !TEST_str_eq(mdname, "SHA512"))
3114 goto err;
3115
3116 /*
3117 * Test the TEST_PKEY_CTX_set_signature_md() and
3118 * TEST_PKEY_CTX_get_signature_md() functions
3119 */
3120 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
3121 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
3122 || !TEST_ptr_eq(md, EVP_sha256()))
3123 goto err;
3124
3125 /*
3126 * Test getting MD parameters via an associated EVP_PKEY_CTX
3127 */
3128 mdctx = EVP_MD_CTX_new();
3129 if (!TEST_ptr(mdctx)
3130 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
3131 pkey, NULL)))
3132 goto err;
3133
3134 /*
3135 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
3136 * able to obtain the digest's settable parameters from the provider.
3137 */
3138 params = EVP_MD_CTX_settable_params(mdctx);
3139 if (!TEST_ptr(params)
3140 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
3141 /* The final key should be NULL */
3142 || !TEST_ptr_null(params[1].key))
3143 goto err;
3144
3145 param = ourparams;
3146 memset(ssl3ms, 0, sizeof(ssl3ms));
3147 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
3148 ssl3ms, sizeof(ssl3ms));
3149 *param++ = OSSL_PARAM_construct_end();
3150
3151 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
3152 goto err;
3153
3154 ret = 1;
3155
3156 err:
3157 EVP_MD_CTX_free(mdctx);
3158 EVP_PKEY_CTX_free(ctx);
3159
3160 return ret;
3161 }
3162
3163 #ifndef OPENSSL_NO_DSA
test_DSA_get_set_params(void)3164 static int test_DSA_get_set_params(void)
3165 {
3166 OSSL_PARAM_BLD *bld = NULL;
3167 OSSL_PARAM *params = NULL;
3168 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
3169 EVP_PKEY_CTX *pctx = NULL;
3170 EVP_PKEY *pkey = NULL;
3171 int ret = 0;
3172
3173 /*
3174 * Setup the parameters for our DSA object. For our purposes they don't
3175 * have to actually be *valid* parameters. We just need to set something.
3176 */
3177 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
3178 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
3179 || !TEST_ptr(p = BN_new())
3180 || !TEST_ptr(q = BN_new())
3181 || !TEST_ptr(g = BN_new())
3182 || !TEST_ptr(pub = BN_new())
3183 || !TEST_ptr(priv = BN_new()))
3184 goto err;
3185 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
3186 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
3187 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
3188 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
3189 pub))
3190 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
3191 priv)))
3192 goto err;
3193 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
3194 goto err;
3195
3196 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
3197 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
3198 params), 0))
3199 goto err;
3200
3201 if (!TEST_ptr(pkey))
3202 goto err;
3203
3204 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
3205
3206 err:
3207 EVP_PKEY_free(pkey);
3208 EVP_PKEY_CTX_free(pctx);
3209 OSSL_PARAM_free(params);
3210 OSSL_PARAM_BLD_free(bld);
3211 BN_free(p);
3212 BN_free(q);
3213 BN_free(g);
3214 BN_free(pub);
3215 BN_free(priv);
3216
3217 return ret;
3218 }
3219
3220 /*
3221 * Test combinations of private, public, missing and private + public key
3222 * params to ensure they are all accepted
3223 */
test_DSA_priv_pub(void)3224 static int test_DSA_priv_pub(void)
3225 {
3226 return test_EVP_PKEY_ffc_priv_pub("DSA");
3227 }
3228
3229 #endif /* !OPENSSL_NO_DSA */
3230
test_RSA_get_set_params(void)3231 static int test_RSA_get_set_params(void)
3232 {
3233 OSSL_PARAM_BLD *bld = NULL;
3234 OSSL_PARAM *params = NULL;
3235 BIGNUM *n = NULL, *e = NULL, *d = NULL;
3236 EVP_PKEY_CTX *pctx = NULL;
3237 EVP_PKEY *pkey = NULL;
3238 int ret = 0;
3239
3240 /*
3241 * Setup the parameters for our RSA object. For our purposes they don't
3242 * have to actually be *valid* parameters. We just need to set something.
3243 */
3244 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
3245 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
3246 || !TEST_ptr(n = BN_new())
3247 || !TEST_ptr(e = BN_new())
3248 || !TEST_ptr(d = BN_new()))
3249 goto err;
3250 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
3251 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
3252 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
3253 goto err;
3254 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
3255 goto err;
3256
3257 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
3258 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
3259 params), 0))
3260 goto err;
3261
3262 if (!TEST_ptr(pkey))
3263 goto err;
3264
3265 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
3266
3267 err:
3268 EVP_PKEY_free(pkey);
3269 EVP_PKEY_CTX_free(pctx);
3270 OSSL_PARAM_free(params);
3271 OSSL_PARAM_BLD_free(bld);
3272 BN_free(n);
3273 BN_free(e);
3274 BN_free(d);
3275
3276 return ret;
3277 }
3278
test_RSA_OAEP_set_get_params(void)3279 static int test_RSA_OAEP_set_get_params(void)
3280 {
3281 int ret = 0;
3282 EVP_PKEY *key = NULL;
3283 EVP_PKEY_CTX *key_ctx = NULL;
3284
3285 if (nullprov != NULL)
3286 return TEST_skip("Test does not support a non-default library context");
3287
3288 if (!TEST_ptr(key = load_example_rsa_key())
3289 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(0, key, 0)))
3290 goto err;
3291
3292 {
3293 int padding = RSA_PKCS1_OAEP_PADDING;
3294 OSSL_PARAM params[4];
3295
3296 params[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE, &padding);
3297 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
3298 OSSL_DIGEST_NAME_SHA2_256, 0);
3299 params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
3300 OSSL_DIGEST_NAME_SHA1, 0);
3301 params[3] = OSSL_PARAM_construct_end();
3302
3303 if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params),0))
3304 goto err;
3305 }
3306 {
3307 OSSL_PARAM params[3];
3308 char oaepmd[30] = { '\0' };
3309 char mgf1md[30] = { '\0' };
3310
3311 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
3312 oaepmd, sizeof(oaepmd));
3313 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
3314 mgf1md, sizeof(mgf1md));
3315 params[2] = OSSL_PARAM_construct_end();
3316
3317 if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx, params)))
3318 goto err;
3319
3320 if (!TEST_str_eq(oaepmd, OSSL_DIGEST_NAME_SHA2_256)
3321 || !TEST_str_eq(mgf1md, OSSL_DIGEST_NAME_SHA1))
3322 goto err;
3323 }
3324
3325 ret = 1;
3326
3327 err:
3328 EVP_PKEY_free(key);
3329 EVP_PKEY_CTX_free(key_ctx);
3330
3331 return ret;
3332 }
3333
3334 /* https://github.com/openssl/openssl/issues/21288 */
test_RSA_OAEP_set_null_label(void)3335 static int test_RSA_OAEP_set_null_label(void)
3336 {
3337 int ret = 0;
3338 EVP_PKEY *key = NULL;
3339 EVP_PKEY_CTX *key_ctx = NULL;
3340
3341 if (!TEST_ptr(key = load_example_rsa_key())
3342 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(testctx, key, NULL))
3343 || !TEST_true(EVP_PKEY_encrypt_init(key_ctx)))
3344 goto err;
3345
3346 if (!TEST_true(EVP_PKEY_CTX_set_rsa_padding(key_ctx, RSA_PKCS1_OAEP_PADDING)))
3347 goto err;
3348
3349 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, OPENSSL_strdup("foo"), 0)))
3350 goto err;
3351
3352 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, NULL, 0)))
3353 goto err;
3354
3355 ret = 1;
3356
3357 err:
3358 EVP_PKEY_free(key);
3359 EVP_PKEY_CTX_free(key_ctx);
3360
3361 return ret;
3362 }
3363
3364 #ifndef OPENSSL_NO_DEPRECATED_3_0
test_RSA_legacy(void)3365 static int test_RSA_legacy(void)
3366 {
3367 int ret = 0;
3368 BIGNUM *p = NULL;
3369 BIGNUM *q = NULL;
3370 BIGNUM *n = NULL;
3371 BIGNUM *e = NULL;
3372 BIGNUM *d = NULL;
3373 const EVP_MD *md = EVP_sha256();
3374 EVP_MD_CTX *ctx = NULL;
3375 EVP_PKEY *pkey = NULL;
3376 RSA *rsa = NULL;
3377
3378 if (nullprov != NULL)
3379 return TEST_skip("Test does not support a non-default library context");
3380
3381 if (!TEST_ptr(p = BN_dup(BN_value_one()))
3382 || !TEST_ptr(q = BN_dup(BN_value_one()))
3383 || !TEST_ptr(n = BN_dup(BN_value_one()))
3384 || !TEST_ptr(e = BN_dup(BN_value_one()))
3385 || !TEST_ptr(d = BN_dup(BN_value_one())))
3386 goto err;
3387
3388 if (!TEST_ptr(rsa = RSA_new())
3389 || !TEST_ptr(pkey = EVP_PKEY_new())
3390 || !TEST_ptr(ctx = EVP_MD_CTX_new()))
3391 goto err;
3392
3393 if (!TEST_true(RSA_set0_factors(rsa, p, q)))
3394 goto err;
3395 p = NULL;
3396 q = NULL;
3397
3398 if (!TEST_true(RSA_set0_key(rsa, n, e, d)))
3399 goto err;
3400 n = NULL;
3401 e = NULL;
3402 d = NULL;
3403
3404 if (!TEST_true(EVP_PKEY_assign_RSA(pkey, rsa)))
3405 goto err;
3406
3407 rsa = NULL;
3408
3409 if (!TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey)))
3410 goto err;
3411
3412 ret = 1;
3413
3414 err:
3415 RSA_free(rsa);
3416 EVP_MD_CTX_free(ctx);
3417 EVP_PKEY_free(pkey);
3418 BN_free(p);
3419 BN_free(q);
3420 BN_free(n);
3421 BN_free(e);
3422 BN_free(d);
3423
3424 return ret;
3425 }
3426 #endif
3427
3428 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
test_decrypt_null_chunks(void)3429 static int test_decrypt_null_chunks(void)
3430 {
3431 EVP_CIPHER_CTX* ctx = NULL;
3432 EVP_CIPHER *cipher = NULL;
3433 const unsigned char key[32] = {
3434 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
3435 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
3436 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
3437 };
3438 unsigned char iv[12] = {
3439 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
3440 };
3441 unsigned char msg[] = "It was the best of times, it was the worst of times";
3442 unsigned char ciphertext[80];
3443 unsigned char plaintext[80];
3444 /* We initialise tmp to a non zero value on purpose */
3445 int ctlen, ptlen, tmp = 99;
3446 int ret = 0;
3447 const int enc_offset = 10, dec_offset = 20;
3448
3449 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
3450 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
3451 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
3452 key, iv))
3453 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
3454 enc_offset))
3455 /* Deliberate add a zero length update */
3456 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
3457 0))
3458 || !TEST_int_eq(tmp, 0)
3459 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
3460 msg + enc_offset,
3461 sizeof(msg) - enc_offset))
3462 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
3463 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
3464 || !TEST_int_eq(tmp, 0))
3465 goto err;
3466
3467 /* Deliberately initialise tmp to a non zero value */
3468 tmp = 99;
3469 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
3470 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
3471 dec_offset))
3472 /*
3473 * Deliberately add a zero length update. We also deliberately do
3474 * this at a different offset than for encryption.
3475 */
3476 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
3477 0))
3478 || !TEST_int_eq(tmp, 0)
3479 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
3480 ciphertext + dec_offset,
3481 ctlen - dec_offset))
3482 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
3483 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
3484 || !TEST_int_eq(tmp, 0)
3485 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
3486 goto err;
3487
3488 ret = 1;
3489 err:
3490 EVP_CIPHER_CTX_free(ctx);
3491 EVP_CIPHER_free(cipher);
3492 return ret;
3493 }
3494 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
3495
3496 #ifndef OPENSSL_NO_DH
3497 /*
3498 * Test combinations of private, public, missing and private + public key
3499 * params to ensure they are all accepted
3500 */
test_DH_priv_pub(void)3501 static int test_DH_priv_pub(void)
3502 {
3503 return test_EVP_PKEY_ffc_priv_pub("DH");
3504 }
3505
3506 # ifndef OPENSSL_NO_DEPRECATED_3_0
test_EVP_PKEY_set1_DH(void)3507 static int test_EVP_PKEY_set1_DH(void)
3508 {
3509 DH *x942dh = NULL, *noqdh = NULL;
3510 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
3511 int ret = 0;
3512 BIGNUM *p, *g = NULL;
3513 BIGNUM *pubkey = NULL;
3514 unsigned char pub[2048 / 8];
3515 size_t len = 0;
3516
3517 if (!TEST_ptr(p = BN_new())
3518 || !TEST_ptr(g = BN_new())
3519 || !TEST_ptr(pubkey = BN_new())
3520 || !TEST_true(BN_set_word(p, 9999))
3521 || !TEST_true(BN_set_word(g, 2))
3522 || !TEST_true(BN_set_word(pubkey, 4321))
3523 || !TEST_ptr(noqdh = DH_new())
3524 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
3525 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
3526 || !TEST_ptr(pubkey = BN_new())
3527 || !TEST_true(BN_set_word(pubkey, 4321)))
3528 goto err;
3529 p = g = NULL;
3530
3531 x942dh = DH_get_2048_256();
3532 pkey1 = EVP_PKEY_new();
3533 pkey2 = EVP_PKEY_new();
3534 if (!TEST_ptr(x942dh)
3535 || !TEST_ptr(noqdh)
3536 || !TEST_ptr(pkey1)
3537 || !TEST_ptr(pkey2)
3538 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
3539 goto err;
3540 pubkey = NULL;
3541
3542 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
3543 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
3544 goto err;
3545
3546 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
3547 &pubkey))
3548 || !TEST_ptr(pubkey))
3549 goto err;
3550
3551 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
3552 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
3553 goto err;
3554
3555 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
3556 OSSL_PKEY_PARAM_PUB_KEY,
3557 pub, sizeof(pub), &len))
3558 || !TEST_size_t_ne(len, 0))
3559 goto err;
3560
3561 ret = 1;
3562 err:
3563 BN_free(p);
3564 BN_free(g);
3565 BN_free(pubkey);
3566 EVP_PKEY_free(pkey1);
3567 EVP_PKEY_free(pkey2);
3568 DH_free(x942dh);
3569 DH_free(noqdh);
3570
3571 return ret;
3572 }
3573 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
3574 #endif /* !OPENSSL_NO_DH */
3575
3576 /*
3577 * We test what happens with an empty template. For the sake of this test,
3578 * the template must be ignored, and we know that's the case for RSA keys
3579 * (this might arguably be a misfeature, but that's what we currently do,
3580 * even in provider code, since that's how the legacy RSA implementation
3581 * does things)
3582 */
test_keygen_with_empty_template(int n)3583 static int test_keygen_with_empty_template(int n)
3584 {
3585 EVP_PKEY_CTX *ctx = NULL;
3586 EVP_PKEY *pkey = NULL;
3587 EVP_PKEY *tkey = NULL;
3588 int ret = 0;
3589
3590 if (nullprov != NULL)
3591 return TEST_skip("Test does not support a non-default library context");
3592
3593 switch (n) {
3594 case 0:
3595 /* We do test with no template at all as well */
3596 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
3597 goto err;
3598 break;
3599 case 1:
3600 /* Here we create an empty RSA key that serves as our template */
3601 if (!TEST_ptr(tkey = EVP_PKEY_new())
3602 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
3603 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
3604 goto err;
3605 break;
3606 }
3607
3608 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3609 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
3610 goto err;
3611
3612 ret = 1;
3613 err:
3614 EVP_PKEY_CTX_free(ctx);
3615 EVP_PKEY_free(pkey);
3616 EVP_PKEY_free(tkey);
3617 return ret;
3618 }
3619
3620 /*
3621 * Test that we fail if we attempt to use an algorithm that is not available
3622 * in the current library context (unless we are using an algorithm that
3623 * should be made available via legacy codepaths).
3624 *
3625 * 0: RSA
3626 * 1: SM2
3627 */
test_pkey_ctx_fail_without_provider(int tst)3628 static int test_pkey_ctx_fail_without_provider(int tst)
3629 {
3630 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
3631 OSSL_PROVIDER *tmpnullprov = NULL;
3632 EVP_PKEY_CTX *pctx = NULL;
3633 const char *keytype = NULL;
3634 int expect_null = 0;
3635 int ret = 0;
3636
3637 if (!TEST_ptr(tmpctx))
3638 goto err;
3639
3640 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
3641 if (!TEST_ptr(tmpnullprov))
3642 goto err;
3643
3644 /*
3645 * We check for certain algos in the null provider.
3646 * If an algo is expected to have a provider keymgmt, constructing an
3647 * EVP_PKEY_CTX is expected to fail (return NULL).
3648 * Otherwise, if it's expected to have legacy support, constructing an
3649 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
3650 */
3651 switch (tst) {
3652 case 0:
3653 keytype = "RSA";
3654 expect_null = 1;
3655 break;
3656 case 1:
3657 keytype = "SM2";
3658 expect_null = 1;
3659 #ifdef OPENSSL_NO_EC
3660 TEST_info("EC disable, skipping SM2 check...");
3661 goto end;
3662 #endif
3663 #ifdef OPENSSL_NO_SM2
3664 TEST_info("SM2 disable, skipping SM2 check...");
3665 goto end;
3666 #endif
3667 break;
3668 default:
3669 TEST_error("No test for case %d", tst);
3670 goto err;
3671 }
3672
3673 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
3674 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
3675 goto err;
3676
3677 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
3678 end:
3679 #endif
3680 ret = 1;
3681
3682 err:
3683 EVP_PKEY_CTX_free(pctx);
3684 OSSL_PROVIDER_unload(tmpnullprov);
3685 OSSL_LIB_CTX_free(tmpctx);
3686 return ret;
3687 }
3688
test_rand_agglomeration(void)3689 static int test_rand_agglomeration(void)
3690 {
3691 EVP_RAND *rand;
3692 EVP_RAND_CTX *ctx;
3693 OSSL_PARAM params[3], *p = params;
3694 int res;
3695 unsigned int step = 7;
3696 static unsigned char seed[] = "It does not matter how slowly you go "
3697 "as long as you do not stop.";
3698 unsigned char out[sizeof(seed)];
3699
3700 if (!TEST_int_ne(sizeof(seed) % step, 0)
3701 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
3702 return 0;
3703 ctx = EVP_RAND_CTX_new(rand, NULL);
3704 EVP_RAND_free(rand);
3705 if (!TEST_ptr(ctx))
3706 return 0;
3707
3708 memset(out, 0, sizeof(out));
3709 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
3710 seed, sizeof(seed));
3711 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
3712 *p = OSSL_PARAM_construct_end();
3713 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
3714 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
3715 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
3716 EVP_RAND_CTX_free(ctx);
3717 return res;
3718 }
3719
3720 /*
3721 * Test that we correctly return the original or "running" IV after
3722 * an encryption operation.
3723 * Run multiple times for some different relevant algorithms/modes.
3724 */
test_evp_iv_aes(int idx)3725 static int test_evp_iv_aes(int idx)
3726 {
3727 int ret = 0;
3728 EVP_CIPHER_CTX *ctx = NULL;
3729 unsigned char key[16] = {
3730 0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
3731 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57
3732 };
3733 unsigned char init_iv[EVP_MAX_IV_LENGTH] = {
3734 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
3735 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
3736 };
3737 static const unsigned char msg[] = {
3738 1, 2, 3, 4, 5, 6, 7, 8,
3739 9, 10, 11, 12, 13, 14, 15, 16
3740 };
3741 unsigned char ciphertext[32], oiv[16], iv[16];
3742 unsigned char *ref_iv;
3743 unsigned char cbc_state[16] = {
3744 0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
3745 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e
3746 };
3747
3748 unsigned char ofb_state[16] = {
3749 0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
3750 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd
3751 };
3752 unsigned char cfb_state[16] = {
3753 0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
3754 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed
3755 };
3756 unsigned char gcm_state[12] = {
3757 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3758 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81
3759 };
3760 unsigned char ccm_state[7] = { 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98 };
3761 #ifndef OPENSSL_NO_OCB
3762 unsigned char ocb_state[12] = {
3763 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3764 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81
3765 };
3766 #endif
3767 int len = sizeof(ciphertext);
3768 size_t ivlen, ref_len;
3769 const EVP_CIPHER *type = NULL;
3770 int iv_reset = 0;
3771
3772 if (nullprov != NULL && idx < 6)
3773 return TEST_skip("Test does not support a non-default library context");
3774
3775 switch (idx) {
3776 case 0:
3777 type = EVP_aes_128_cbc();
3778 /* FALLTHROUGH */
3779 case 6:
3780 type = (type != NULL) ? type :
3781 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
3782 ref_iv = cbc_state;
3783 ref_len = sizeof(cbc_state);
3784 iv_reset = 1;
3785 break;
3786 case 1:
3787 type = EVP_aes_128_ofb();
3788 /* FALLTHROUGH */
3789 case 7:
3790 type = (type != NULL) ? type :
3791 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
3792 ref_iv = ofb_state;
3793 ref_len = sizeof(ofb_state);
3794 iv_reset = 1;
3795 break;
3796 case 2:
3797 type = EVP_aes_128_cfb();
3798 /* FALLTHROUGH */
3799 case 8:
3800 type = (type != NULL) ? type :
3801 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
3802 ref_iv = cfb_state;
3803 ref_len = sizeof(cfb_state);
3804 iv_reset = 1;
3805 break;
3806 case 3:
3807 type = EVP_aes_128_gcm();
3808 /* FALLTHROUGH */
3809 case 9:
3810 type = (type != NULL) ? type :
3811 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
3812 ref_iv = gcm_state;
3813 ref_len = sizeof(gcm_state);
3814 break;
3815 case 4:
3816 type = EVP_aes_128_ccm();
3817 /* FALLTHROUGH */
3818 case 10:
3819 type = (type != NULL) ? type :
3820 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
3821 ref_iv = ccm_state;
3822 ref_len = sizeof(ccm_state);
3823 break;
3824 #ifdef OPENSSL_NO_OCB
3825 case 5:
3826 case 11:
3827 return 1;
3828 #else
3829 case 5:
3830 type = EVP_aes_128_ocb();
3831 /* FALLTHROUGH */
3832 case 11:
3833 type = (type != NULL) ? type :
3834 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
3835 ref_iv = ocb_state;
3836 ref_len = sizeof(ocb_state);
3837 break;
3838 #endif
3839 default:
3840 return 0;
3841 }
3842
3843 if (!TEST_ptr(type)
3844 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3845 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3846 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3847 (int)sizeof(msg)))
3848 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3849 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3850 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3851 goto err;
3852 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3853
3854 if (!TEST_int_gt(ivlen, 0))
3855 goto err;
3856
3857 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3858 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3859 goto err;
3860
3861 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3862 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3863 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3864 goto err;
3865 if (iv_reset) {
3866 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3867 goto err;
3868 } else {
3869 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
3870 goto err;
3871 }
3872
3873 ret = 1;
3874 err:
3875 EVP_CIPHER_CTX_free(ctx);
3876 if (idx >= 6)
3877 EVP_CIPHER_free((EVP_CIPHER *)type);
3878 return ret;
3879 }
3880
3881 #ifndef OPENSSL_NO_DES
test_evp_iv_des(int idx)3882 static int test_evp_iv_des(int idx)
3883 {
3884 int ret = 0;
3885 EVP_CIPHER_CTX *ctx = NULL;
3886 static const unsigned char key[24] = {
3887 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3888 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3889 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3890 };
3891 static const unsigned char init_iv[8] = {
3892 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3893 };
3894 static const unsigned char msg[] = {
3895 1, 2, 3, 4, 5, 6, 7, 8,
3896 9, 10, 11, 12, 13, 14, 15, 16
3897 };
3898 unsigned char ciphertext[32], oiv[8], iv[8];
3899 unsigned const char *ref_iv;
3900 static const unsigned char cbc_state_des[8] = {
3901 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3902 };
3903 static const unsigned char cbc_state_3des[8] = {
3904 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3905 };
3906 static const unsigned char ofb_state_des[8] = {
3907 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3908 };
3909 static const unsigned char ofb_state_3des[8] = {
3910 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3911 };
3912 static const unsigned char cfb_state_des[8] = {
3913 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3914 };
3915 static const unsigned char cfb_state_3des[8] = {
3916 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3917 };
3918 int len = sizeof(ciphertext);
3919 size_t ivlen, ref_len;
3920 EVP_CIPHER *type = NULL;
3921
3922 if (lgcyprov == NULL && idx < 3)
3923 return TEST_skip("Test requires legacy provider to be loaded");
3924
3925 switch (idx) {
3926 case 0:
3927 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
3928 ref_iv = cbc_state_des;
3929 ref_len = sizeof(cbc_state_des);
3930 break;
3931 case 1:
3932 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
3933 ref_iv = ofb_state_des;
3934 ref_len = sizeof(ofb_state_des);
3935 break;
3936 case 2:
3937 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
3938 ref_iv = cfb_state_des;
3939 ref_len = sizeof(cfb_state_des);
3940 break;
3941 case 3:
3942 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
3943 ref_iv = cbc_state_3des;
3944 ref_len = sizeof(cbc_state_3des);
3945 break;
3946 case 4:
3947 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
3948 ref_iv = ofb_state_3des;
3949 ref_len = sizeof(ofb_state_3des);
3950 break;
3951 case 5:
3952 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
3953 ref_iv = cfb_state_3des;
3954 ref_len = sizeof(cfb_state_3des);
3955 break;
3956 default:
3957 return 0;
3958 }
3959
3960 if (!TEST_ptr(type)
3961 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3962 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3963 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3964 (int)sizeof(msg)))
3965 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3966 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3967 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3968 goto err;
3969 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3970
3971 if (!TEST_int_gt(ivlen, 0))
3972 goto err;
3973
3974 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3975 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3976 goto err;
3977
3978 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3979 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3980 goto err;
3981 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3982 goto err;
3983
3984 ret = 1;
3985 err:
3986 EVP_CIPHER_CTX_free(ctx);
3987 EVP_CIPHER_free(type);
3988 return ret;
3989 }
3990 #endif
3991
3992 #ifndef OPENSSL_NO_BF
test_evp_bf_default_keylen(int idx)3993 static int test_evp_bf_default_keylen(int idx)
3994 {
3995 int ret = 0;
3996 static const char *algos[4] = {
3997 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb"
3998 };
3999 int ivlen[4] = { 0, 8, 8, 8 };
4000 EVP_CIPHER *cipher = NULL;
4001
4002 if (lgcyprov == NULL)
4003 return TEST_skip("Test requires legacy provider to be loaded");
4004
4005 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq))
4006 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16)
4007 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx]))
4008 goto err;
4009
4010 ret = 1;
4011 err:
4012 EVP_CIPHER_free(cipher);
4013 return ret;
4014 }
4015 #endif
4016
4017 #ifndef OPENSSL_NO_EC
4018 static int ecpub_nids[] = {
4019 NID_brainpoolP256r1, NID_X9_62_prime256v1,
4020 NID_secp384r1, NID_secp521r1,
4021 # ifndef OPENSSL_NO_EC2M
4022 NID_sect233k1, NID_sect233r1, NID_sect283r1,
4023 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
4024 # endif
4025 NID_brainpoolP384r1, NID_brainpoolP512r1
4026 };
4027
test_ecpub(int idx)4028 static int test_ecpub(int idx)
4029 {
4030 int ret = 0, len, savelen;
4031 int nid;
4032 unsigned char buf[1024];
4033 unsigned char *p;
4034 EVP_PKEY *pkey = NULL;
4035 EVP_PKEY_CTX *ctx = NULL;
4036 # ifndef OPENSSL_NO_DEPRECATED_3_0
4037 const unsigned char *q;
4038 EVP_PKEY *pkey2 = NULL;
4039 EC_KEY *ec = NULL;
4040 # endif
4041
4042 if (nullprov != NULL)
4043 return TEST_skip("Test does not support a non-default library context");
4044
4045 nid = ecpub_nids[idx];
4046
4047 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4048 if (!TEST_ptr(ctx)
4049 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
4050 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0)
4051 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
4052 goto done;
4053 len = i2d_PublicKey(pkey, NULL);
4054 savelen = len;
4055 if (!TEST_int_ge(len, 1)
4056 || !TEST_int_lt(len, 1024))
4057 goto done;
4058 p = buf;
4059 len = i2d_PublicKey(pkey, &p);
4060 if (!TEST_int_ge(len, 1)
4061 || !TEST_int_eq(len, savelen))
4062 goto done;
4063
4064 # ifndef OPENSSL_NO_DEPRECATED_3_0
4065 /* Now try to decode the just-created DER. */
4066 q = buf;
4067 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
4068 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
4069 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
4070 goto done;
4071 /* EC_KEY ownership transferred */
4072 ec = NULL;
4073 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
4074 goto done;
4075 /* The keys should match. */
4076 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
4077 goto done;
4078 # endif
4079
4080 ret = 1;
4081
4082 done:
4083 EVP_PKEY_CTX_free(ctx);
4084 EVP_PKEY_free(pkey);
4085 # ifndef OPENSSL_NO_DEPRECATED_3_0
4086 EVP_PKEY_free(pkey2);
4087 EC_KEY_free(ec);
4088 # endif
4089 return ret;
4090 }
4091 #endif
4092
test_EVP_rsa_pss_with_keygen_bits(void)4093 static int test_EVP_rsa_pss_with_keygen_bits(void)
4094 {
4095 int ret = 0;
4096 EVP_PKEY_CTX *ctx = NULL;
4097 EVP_PKEY *pkey = NULL;
4098 EVP_MD *md;
4099
4100 md = EVP_MD_fetch(testctx, "sha256", testpropq);
4101 ret = TEST_ptr(md)
4102 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq)))
4103 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
4104 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
4105 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0)
4106 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
4107
4108 EVP_MD_free(md);
4109 EVP_PKEY_free(pkey);
4110 EVP_PKEY_CTX_free(ctx);
4111 return ret;
4112 }
4113
test_EVP_rsa_pss_set_saltlen(void)4114 static int test_EVP_rsa_pss_set_saltlen(void)
4115 {
4116 int ret = 0;
4117 EVP_PKEY *pkey = NULL;
4118 EVP_PKEY_CTX *pkey_ctx = NULL;
4119 EVP_MD *sha256 = NULL;
4120 EVP_MD_CTX *sha256_ctx = NULL;
4121 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
4122 const int test_value = 32;
4123
4124 ret = TEST_ptr(pkey = load_example_rsa_key())
4125 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
4126 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
4127 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
4128 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
4129 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0)
4130 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0)
4131 && TEST_int_eq(saltlen, test_value);
4132
4133 EVP_MD_CTX_free(sha256_ctx);
4134 EVP_PKEY_free(pkey);
4135 EVP_MD_free(sha256);
4136
4137 return ret;
4138 }
4139
test_EVP_rsa_invalid_key(void)4140 static int test_EVP_rsa_invalid_key(void)
4141 {
4142 int ret = 0;
4143 EVP_PKEY *pkey = NULL;
4144
4145 pkey = load_example_key("RSA", kInvalidRSAKeyDER, sizeof(kInvalidRSAKeyDER));
4146 /* we expect to fail to load bogus key */
4147 ret = !TEST_ptr(pkey);
4148 EVP_PKEY_free(pkey);
4149
4150 return ret;
4151 }
4152
4153 static int success = 1;
md_names(const char * name,void * vctx)4154 static void md_names(const char *name, void *vctx)
4155 {
4156 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
4157 /* Force a namemap update */
4158 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
4159
4160 if (!TEST_ptr(aes128))
4161 success = 0;
4162
4163 EVP_CIPHER_free(aes128);
4164 }
4165
4166 /*
4167 * Test that changing the namemap in a user callback works in a names_do_all
4168 * function.
4169 */
test_names_do_all(void)4170 static int test_names_do_all(void)
4171 {
4172 /* We use a custom libctx so that we know the state of the namemap */
4173 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
4174 EVP_MD *sha256 = NULL;
4175 int testresult = 0;
4176
4177 if (!TEST_ptr(ctx))
4178 goto err;
4179
4180 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
4181 if (!TEST_ptr(sha256))
4182 goto err;
4183
4184 /*
4185 * We loop through all the names for a given digest. This should still work
4186 * even if the namemap changes part way through.
4187 */
4188 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
4189 goto err;
4190
4191 if (!TEST_true(success))
4192 goto err;
4193
4194 testresult = 1;
4195 err:
4196 EVP_MD_free(sha256);
4197 OSSL_LIB_CTX_free(ctx);
4198 return testresult;
4199 }
4200
4201 typedef struct {
4202 const char *cipher;
4203 const unsigned char *key;
4204 const unsigned char *iv;
4205 const unsigned char *input;
4206 const unsigned char *expected;
4207 const unsigned char *tag;
4208 size_t ivlen; /* 0 if we do not need to set a specific IV len */
4209 size_t inlen;
4210 size_t expectedlen;
4211 size_t taglen;
4212 int keyfirst;
4213 int initenc;
4214 int finalenc;
4215 } EVP_INIT_TEST_st;
4216
4217 static const EVP_INIT_TEST_st evp_init_tests[] = {
4218 {
4219 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
4220 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
4221 0, 1, 0, 1
4222 },
4223 {
4224 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
4225 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
4226 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
4227 sizeof(gcmDefaultTag), 1, 0, 1
4228 },
4229 {
4230 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
4231 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
4232 0, 0, 0, 1
4233 },
4234 {
4235 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
4236 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
4237 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
4238 sizeof(gcmDefaultTag), 0, 0, 1
4239 },
4240 {
4241 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
4242 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
4243 0, 1, 1, 0
4244 },
4245 {
4246 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
4247 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
4248 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
4249 sizeof(gcmDefaultTag), 1, 1, 0
4250 },
4251 {
4252 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
4253 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
4254 0, 0, 1, 0
4255 },
4256 {
4257 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
4258 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
4259 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
4260 sizeof(gcmDefaultTag), 0, 1, 0
4261 }
4262 };
4263
4264 /* use same key, iv and plaintext for cfb and ofb */
4265 static const EVP_INIT_TEST_st evp_reinit_tests[] = {
4266 {
4267 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial,
4268 cfbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial),
4269 sizeof(cfbCiphertext_partial), 0, 0, 1, 0
4270 },
4271 {
4272 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext_partial,
4273 cfbPlaintext_partial, NULL, 0, sizeof(cfbCiphertext_partial),
4274 sizeof(cfbPlaintext_partial), 0, 0, 0, 0
4275 },
4276 {
4277 "aes-128-ofb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial,
4278 ofbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial),
4279 sizeof(ofbCiphertext_partial), 0, 0, 1, 0
4280 },
4281 {
4282 "aes-128-ofb", kCFBDefaultKey, iCFBIV, ofbCiphertext_partial,
4283 cfbPlaintext_partial, NULL, 0, sizeof(ofbCiphertext_partial),
4284 sizeof(cfbPlaintext_partial), 0, 0, 0, 0
4285 },
4286 };
4287
evp_init_seq_set_iv(EVP_CIPHER_CTX * ctx,const EVP_INIT_TEST_st * t)4288 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
4289 {
4290 int res = 0;
4291
4292 if (t->ivlen != 0) {
4293 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0))
4294 goto err;
4295 }
4296 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
4297 goto err;
4298 res = 1;
4299 err:
4300 return res;
4301 }
4302
4303 /*
4304 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
4305 * arguments are given one at a time and a final adjustment to the enc
4306 * parameter sets the correct operation.
4307 */
test_evp_init_seq(int idx)4308 static int test_evp_init_seq(int idx)
4309 {
4310 int outlen1, outlen2;
4311 int testresult = 0;
4312 unsigned char outbuf[1024];
4313 unsigned char tag[16];
4314 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
4315 EVP_CIPHER_CTX *ctx = NULL;
4316 EVP_CIPHER *type = NULL;
4317 size_t taglen = sizeof(tag);
4318 char *errmsg = NULL;
4319
4320 ctx = EVP_CIPHER_CTX_new();
4321 if (ctx == NULL) {
4322 errmsg = "CTX_ALLOC";
4323 goto err;
4324 }
4325 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
4326 errmsg = "CIPHER_FETCH";
4327 goto err;
4328 }
4329 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
4330 errmsg = "EMPTY_ENC_INIT";
4331 goto err;
4332 }
4333 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
4334 errmsg = "PADDING";
4335 goto err;
4336 }
4337 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
4338 errmsg = "KEY_INIT (before iv)";
4339 goto err;
4340 }
4341 if (!evp_init_seq_set_iv(ctx, t)) {
4342 errmsg = "IV_INIT";
4343 goto err;
4344 }
4345 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
4346 errmsg = "KEY_INIT (after iv)";
4347 goto err;
4348 }
4349 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
4350 errmsg = "FINAL_ENC_INIT";
4351 goto err;
4352 }
4353 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
4354 errmsg = "CIPHER_UPDATE";
4355 goto err;
4356 }
4357 if (t->finalenc == 0 && t->tag != NULL) {
4358 /* Set expected tag */
4359 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
4360 t->taglen, (void *)t->tag), 0)) {
4361 errmsg = "SET_TAG";
4362 goto err;
4363 }
4364 }
4365 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4366 errmsg = "CIPHER_FINAL";
4367 goto err;
4368 }
4369 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
4370 errmsg = "WRONG_RESULT";
4371 goto err;
4372 }
4373 if (t->finalenc != 0 && t->tag != NULL) {
4374 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4375 errmsg = "GET_TAG";
4376 goto err;
4377 }
4378 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
4379 errmsg = "TAG_ERROR";
4380 goto err;
4381 }
4382 }
4383 testresult = 1;
4384 err:
4385 if (errmsg != NULL)
4386 TEST_info("evp_init_test %d: %s", idx, errmsg);
4387 EVP_CIPHER_CTX_free(ctx);
4388 EVP_CIPHER_free(type);
4389 return testresult;
4390 }
4391
4392 /*
4393 * Test re-initialization of cipher context without changing key or iv.
4394 * The result of both iteration should be the same.
4395 */
test_evp_reinit_seq(int idx)4396 static int test_evp_reinit_seq(int idx)
4397 {
4398 int outlen1, outlen2, outlen_final;
4399 int testresult = 0;
4400 unsigned char outbuf1[1024];
4401 unsigned char outbuf2[1024];
4402 const EVP_INIT_TEST_st *t = &evp_reinit_tests[idx];
4403 EVP_CIPHER_CTX *ctx = NULL;
4404 EVP_CIPHER *type = NULL;
4405
4406 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4407 || !TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))
4408 /* setup cipher context */
4409 || !TEST_true(EVP_CipherInit_ex2(ctx, type, t->key, t->iv, t->initenc, NULL))
4410 /* first iteration */
4411 || !TEST_true(EVP_CipherUpdate(ctx, outbuf1, &outlen1, t->input, t->inlen))
4412 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf1, &outlen_final))
4413 /* check test results iteration 1 */
4414 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf1, outlen1 + outlen_final)
4415 /* now re-init the context (same cipher, key and iv) */
4416 || !TEST_true(EVP_CipherInit_ex2(ctx, NULL, NULL, NULL, -1, NULL))
4417 /* second iteration */
4418 || !TEST_true(EVP_CipherUpdate(ctx, outbuf2, &outlen2, t->input, t->inlen))
4419 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf2, &outlen_final))
4420 /* check test results iteration 2 */
4421 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf2, outlen2 + outlen_final))
4422 goto err;
4423 testresult = 1;
4424 err:
4425 EVP_CIPHER_CTX_free(ctx);
4426 EVP_CIPHER_free(type);
4427 return testresult;
4428 }
4429
4430 typedef struct {
4431 const unsigned char *input;
4432 const unsigned char *expected;
4433 size_t inlen;
4434 size_t expectedlen;
4435 int enc;
4436 } EVP_RESET_TEST_st;
4437
4438 static const EVP_RESET_TEST_st evp_reset_tests[] = {
4439 {
4440 cfbPlaintext, cfbCiphertext,
4441 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
4442 },
4443 {
4444 cfbCiphertext, cfbPlaintext,
4445 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
4446 }
4447 };
4448
4449 /*
4450 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
4451 * been used.
4452 */
test_evp_reset(int idx)4453 static int test_evp_reset(int idx)
4454 {
4455 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
4456 int outlen1, outlen2;
4457 int testresult = 0;
4458 unsigned char outbuf[1024];
4459 EVP_CIPHER_CTX *ctx = NULL;
4460 EVP_CIPHER *type = NULL;
4461 char *errmsg = NULL;
4462
4463 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
4464 errmsg = "CTX_ALLOC";
4465 goto err;
4466 }
4467 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
4468 errmsg = "CIPHER_FETCH";
4469 goto err;
4470 }
4471 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
4472 errmsg = "CIPHER_INIT";
4473 goto err;
4474 }
4475 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
4476 errmsg = "PADDING";
4477 goto err;
4478 }
4479 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
4480 errmsg = "CIPHER_UPDATE";
4481 goto err;
4482 }
4483 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4484 errmsg = "CIPHER_FINAL";
4485 goto err;
4486 }
4487 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
4488 errmsg = "WRONG_RESULT";
4489 goto err;
4490 }
4491 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
4492 errmsg = "CIPHER_REINIT";
4493 goto err;
4494 }
4495 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
4496 errmsg = "CIPHER_UPDATE (reinit)";
4497 goto err;
4498 }
4499 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4500 errmsg = "CIPHER_FINAL (reinit)";
4501 goto err;
4502 }
4503 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
4504 errmsg = "WRONG_RESULT (reinit)";
4505 goto err;
4506 }
4507 testresult = 1;
4508 err:
4509 if (errmsg != NULL)
4510 TEST_info("test_evp_reset %d: %s", idx, errmsg);
4511 EVP_CIPHER_CTX_free(ctx);
4512 EVP_CIPHER_free(type);
4513 return testresult;
4514 }
4515
4516 typedef struct {
4517 const char *cipher;
4518 int enc;
4519 } EVP_UPDATED_IV_TEST_st;
4520
4521 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
4522 {
4523 "aes-128-cfb", 1
4524 },
4525 {
4526 "aes-128-cfb", 0
4527 },
4528 {
4529 "aes-128-cfb1", 1
4530 },
4531 {
4532 "aes-128-cfb1", 0
4533 },
4534 {
4535 "aes-128-cfb8", 1
4536 },
4537 {
4538 "aes-128-cfb8", 0
4539 },
4540 {
4541 "aes-128-ofb", 1
4542 },
4543 {
4544 "aes-128-ofb", 0
4545 },
4546 {
4547 "aes-128-ctr", 1
4548 },
4549 {
4550 "aes-128-ctr", 0
4551 },
4552 {
4553 "aes-128-cbc", 1
4554 },
4555 {
4556 "aes-128-cbc", 0
4557 }
4558 };
4559
4560 /*
4561 * Test that the IV in the context is updated during a crypto operation for CFB
4562 * and OFB.
4563 */
test_evp_updated_iv(int idx)4564 static int test_evp_updated_iv(int idx)
4565 {
4566 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
4567 int outlen1, outlen2;
4568 int testresult = 0;
4569 unsigned char outbuf[1024];
4570 EVP_CIPHER_CTX *ctx = NULL;
4571 EVP_CIPHER *type = NULL;
4572 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
4573 int iv_len;
4574 char *errmsg = NULL;
4575
4576 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
4577 errmsg = "CTX_ALLOC";
4578 goto err;
4579 }
4580 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
4581 TEST_info("cipher %s not supported, skipping", t->cipher);
4582 goto ok;
4583 }
4584
4585 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
4586 errmsg = "CIPHER_INIT";
4587 goto err;
4588 }
4589 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
4590 errmsg = "PADDING";
4591 goto err;
4592 }
4593 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
4594 errmsg = "CIPHER_UPDATE";
4595 goto err;
4596 }
4597 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
4598 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
4599 goto err;
4600 }
4601 iv_len = EVP_CIPHER_CTX_get_iv_length(ctx);
4602 if (!TEST_int_ge(iv_len,0)) {
4603 errmsg = "CIPHER_CTX_GET_IV_LEN";
4604 goto err;
4605 }
4606 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
4607 errmsg = "IV_NOT_UPDATED";
4608 goto err;
4609 }
4610 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4611 errmsg = "CIPHER_FINAL";
4612 goto err;
4613 }
4614 ok:
4615 testresult = 1;
4616 err:
4617 if (errmsg != NULL)
4618 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
4619 EVP_CIPHER_CTX_free(ctx);
4620 EVP_CIPHER_free(type);
4621 return testresult;
4622 }
4623
4624 typedef struct {
4625 const unsigned char *iv1;
4626 const unsigned char *iv2;
4627 const unsigned char *expected1;
4628 const unsigned char *expected2;
4629 const unsigned char *tag1;
4630 const unsigned char *tag2;
4631 size_t ivlen1;
4632 size_t ivlen2;
4633 size_t expectedlen1;
4634 size_t expectedlen2;
4635 } TEST_GCM_IV_REINIT_st;
4636
4637 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
4638 {
4639 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
4640 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
4641 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
4642 },
4643 {
4644 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
4645 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
4646 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
4647 }
4648 };
4649
test_gcm_reinit(int idx)4650 static int test_gcm_reinit(int idx)
4651 {
4652 int outlen1, outlen2, outlen3;
4653 int testresult = 0;
4654 unsigned char outbuf[1024];
4655 unsigned char tag[16];
4656 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
4657 EVP_CIPHER_CTX *ctx = NULL;
4658 EVP_CIPHER *type = NULL;
4659 size_t taglen = sizeof(tag);
4660 char *errmsg = NULL;
4661
4662 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
4663 errmsg = "CTX_ALLOC";
4664 goto err;
4665 }
4666 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
4667 errmsg = "CIPHER_FETCH";
4668 goto err;
4669 }
4670 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
4671 errmsg = "ENC_INIT";
4672 goto err;
4673 }
4674 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) {
4675 errmsg = "SET_IVLEN1";
4676 goto err;
4677 }
4678 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
4679 errmsg = "SET_IV1";
4680 goto err;
4681 }
4682 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
4683 errmsg = "AAD1";
4684 goto err;
4685 }
4686 EVP_CIPHER_CTX_set_padding(ctx, 0);
4687 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
4688 sizeof(gcmResetPlaintext)))) {
4689 errmsg = "CIPHER_UPDATE1";
4690 goto err;
4691 }
4692 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4693 errmsg = "CIPHER_FINAL1";
4694 goto err;
4695 }
4696 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
4697 errmsg = "WRONG_RESULT1";
4698 goto err;
4699 }
4700 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4701 errmsg = "GET_TAG1";
4702 goto err;
4703 }
4704 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
4705 errmsg = "TAG_ERROR1";
4706 goto err;
4707 }
4708 /* Now reinit */
4709 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) {
4710 errmsg = "SET_IVLEN2";
4711 goto err;
4712 }
4713 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
4714 errmsg = "SET_IV2";
4715 goto err;
4716 }
4717 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
4718 errmsg = "AAD2";
4719 goto err;
4720 }
4721 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
4722 sizeof(gcmResetPlaintext)))) {
4723 errmsg = "CIPHER_UPDATE2";
4724 goto err;
4725 }
4726 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4727 errmsg = "CIPHER_FINAL2";
4728 goto err;
4729 }
4730 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
4731 errmsg = "WRONG_RESULT2";
4732 goto err;
4733 }
4734 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4735 errmsg = "GET_TAG2";
4736 goto err;
4737 }
4738 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
4739 errmsg = "TAG_ERROR2";
4740 goto err;
4741 }
4742 testresult = 1;
4743 err:
4744 if (errmsg != NULL)
4745 TEST_info("evp_init_test %d: %s", idx, errmsg);
4746 EVP_CIPHER_CTX_free(ctx);
4747 EVP_CIPHER_free(type);
4748 return testresult;
4749 }
4750
4751 static const char *ivlen_change_ciphers[] = {
4752 "AES-256-GCM",
4753 #ifndef OPENSSL_NO_OCB
4754 "AES-256-OCB",
4755 #endif
4756 "AES-256-CCM"
4757 };
4758
4759 /* Negative test for ivlen change after iv being set */
test_ivlen_change(int idx)4760 static int test_ivlen_change(int idx)
4761 {
4762 int outlen;
4763 int res = 0;
4764 unsigned char outbuf[1024];
4765 static const unsigned char iv[] = {
4766 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
4767 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
4768 };
4769 EVP_CIPHER_CTX *ctx = NULL;
4770 EVP_CIPHER *ciph = NULL;
4771 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
4772 size_t ivlen = 13; /* non-default IV length */
4773
4774 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
4775 goto err;
4776
4777 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, ivlen_change_ciphers[idx],
4778 testpropq)))
4779 goto err;
4780
4781 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, kGCMDefaultKey, iv, 1)))
4782 goto err;
4783
4784 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4785 sizeof(gcmDefaultPlaintext))))
4786 goto err;
4787
4788 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
4789 &ivlen);
4790 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)))
4791 goto err;
4792
4793 ERR_set_mark();
4794 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4795 sizeof(gcmDefaultPlaintext)))) {
4796 ERR_clear_last_mark();
4797 goto err;
4798 }
4799 ERR_pop_to_mark();
4800
4801 res = 1;
4802 err:
4803 EVP_CIPHER_CTX_free(ctx);
4804 EVP_CIPHER_free(ciph);
4805 return res;
4806 }
4807
4808 static const char *keylen_change_ciphers[] = {
4809 #ifndef OPENSSL_NO_BF
4810 "BF-ECB",
4811 #endif
4812 #ifndef OPENSSL_NO_CAST
4813 "CAST5-ECB",
4814 #endif
4815 #ifndef OPENSSL_NO_RC2
4816 "RC2-ECB",
4817 #endif
4818 #ifndef OPENSSL_NO_RC4
4819 "RC4",
4820 #endif
4821 #ifndef OPENSSL_NO_RC5
4822 "RC5-ECB",
4823 #endif
4824 NULL
4825 };
4826
4827 /* Negative test for keylen change after key was set */
test_keylen_change(int idx)4828 static int test_keylen_change(int idx)
4829 {
4830 int outlen;
4831 int res = 0;
4832 unsigned char outbuf[1024];
4833 static const unsigned char key[] = {
4834 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
4835 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
4836 };
4837 EVP_CIPHER_CTX *ctx = NULL;
4838 EVP_CIPHER *ciph = NULL;
4839 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
4840 size_t keylen = 12; /* non-default key length */
4841
4842 if (lgcyprov == NULL)
4843 return TEST_skip("Test requires legacy provider to be loaded");
4844
4845 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
4846 goto err;
4847
4848 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, keylen_change_ciphers[idx],
4849 testpropq)))
4850 goto err;
4851
4852 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, key, NULL, 1)))
4853 goto err;
4854
4855 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4856 sizeof(gcmDefaultPlaintext))))
4857 goto err;
4858
4859 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
4860 &keylen);
4861 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)))
4862 goto err;
4863
4864 ERR_set_mark();
4865 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4866 sizeof(gcmDefaultPlaintext)))) {
4867 ERR_clear_last_mark();
4868 goto err;
4869 }
4870 ERR_pop_to_mark();
4871
4872 res = 1;
4873 err:
4874 EVP_CIPHER_CTX_free(ctx);
4875 EVP_CIPHER_free(ciph);
4876 return res;
4877 }
4878
4879 #ifndef OPENSSL_NO_DEPRECATED_3_0
4880 static EVP_PKEY_METHOD *custom_pmeth = NULL;
4881 static const EVP_PKEY_METHOD *orig_pmeth = NULL;
4882
4883 # define EVP_PKEY_CTRL_MY_COMMAND 9999
4884
custom_pmeth_init(EVP_PKEY_CTX * ctx)4885 static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
4886 {
4887 int (*pinit)(EVP_PKEY_CTX *ctx);
4888
4889 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
4890 return pinit(ctx);
4891 }
4892
custom_pmeth_cleanup(EVP_PKEY_CTX * ctx)4893 static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
4894 {
4895 void (*pcleanup)(EVP_PKEY_CTX *ctx);
4896
4897 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
4898 pcleanup(ctx);
4899 }
4900
custom_pmeth_sign(EVP_PKEY_CTX * ctx,unsigned char * out,size_t * outlen,const unsigned char * in,size_t inlen)4901 static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
4902 size_t *outlen, const unsigned char *in,
4903 size_t inlen)
4904 {
4905 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
4906 const unsigned char *tbs, size_t tbslen);
4907
4908 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
4909 return psign(ctx, out, outlen, in, inlen);
4910 }
4911
custom_pmeth_digestsign(EVP_MD_CTX * ctx,unsigned char * sig,size_t * siglen,const unsigned char * tbs,size_t tbslen)4912 static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
4913 size_t *siglen, const unsigned char *tbs,
4914 size_t tbslen)
4915 {
4916 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
4917 const unsigned char *tbs, size_t tbslen);
4918
4919 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
4920 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
4921 }
4922
custom_pmeth_derive(EVP_PKEY_CTX * ctx,unsigned char * key,size_t * keylen)4923 static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
4924 size_t *keylen)
4925 {
4926 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
4927
4928 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
4929 return pderive(ctx, key, keylen);
4930 }
4931
custom_pmeth_copy(EVP_PKEY_CTX * dst,const EVP_PKEY_CTX * src)4932 static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
4933 {
4934 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
4935
4936 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
4937 return pcopy(dst, src);
4938 }
4939
4940 static int ctrl_called;
4941
custom_pmeth_ctrl(EVP_PKEY_CTX * ctx,int type,int p1,void * p2)4942 static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
4943 {
4944 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
4945
4946 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
4947
4948 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
4949 ctrl_called = 1;
4950 return 1;
4951 }
4952
4953 return pctrl(ctx, type, p1, p2);
4954 }
4955
test_custom_pmeth(int idx)4956 static int test_custom_pmeth(int idx)
4957 {
4958 EVP_PKEY_CTX *pctx = NULL;
4959 EVP_MD_CTX *ctx = NULL;
4960 EVP_PKEY *pkey = NULL;
4961 int id, orig_id, orig_flags;
4962 int testresult = 0;
4963 size_t reslen;
4964 unsigned char *res = NULL;
4965 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
4966 const EVP_MD *md = EVP_sha256();
4967 int doderive = 0;
4968
4969 ctrl_called = 0;
4970
4971 /* We call deprecated APIs so this test doesn't support a custom libctx */
4972 if (testctx != NULL)
4973 return 1;
4974
4975 switch (idx) {
4976 case 0:
4977 case 6:
4978 id = EVP_PKEY_RSA;
4979 pkey = load_example_rsa_key();
4980 break;
4981 case 1:
4982 case 7:
4983 # ifndef OPENSSL_NO_DSA
4984 id = EVP_PKEY_DSA;
4985 pkey = load_example_dsa_key();
4986 break;
4987 # else
4988 return 1;
4989 # endif
4990 case 2:
4991 case 8:
4992 # ifndef OPENSSL_NO_EC
4993 id = EVP_PKEY_EC;
4994 pkey = load_example_ec_key();
4995 break;
4996 # else
4997 return 1;
4998 # endif
4999 case 3:
5000 case 9:
5001 # ifndef OPENSSL_NO_ECX
5002 id = EVP_PKEY_ED25519;
5003 md = NULL;
5004 pkey = load_example_ed25519_key();
5005 break;
5006 # else
5007 return 1;
5008 # endif
5009 case 4:
5010 case 10:
5011 # ifndef OPENSSL_NO_DH
5012 id = EVP_PKEY_DH;
5013 doderive = 1;
5014 pkey = load_example_dh_key();
5015 break;
5016 # else
5017 return 1;
5018 # endif
5019 case 5:
5020 case 11:
5021 # ifndef OPENSSL_NO_ECX
5022 id = EVP_PKEY_X25519;
5023 doderive = 1;
5024 pkey = load_example_x25519_key();
5025 break;
5026 # else
5027 return 1;
5028 # endif
5029 default:
5030 TEST_error("Should not happen");
5031 goto err;
5032 }
5033
5034 if (!TEST_ptr(pkey))
5035 goto err;
5036
5037 if (idx < 6) {
5038 if (!TEST_true(evp_pkey_is_provided(pkey)))
5039 goto err;
5040 } else {
5041 EVP_PKEY *tmp = pkey;
5042
5043 /* Convert to a legacy key */
5044 pkey = EVP_PKEY_new();
5045 if (!TEST_ptr(pkey)) {
5046 pkey = tmp;
5047 goto err;
5048 }
5049 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
5050 EVP_PKEY_free(tmp);
5051 goto err;
5052 }
5053 EVP_PKEY_free(tmp);
5054 if (!TEST_true(evp_pkey_is_legacy(pkey)))
5055 goto err;
5056 }
5057
5058 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
5059 || !TEST_ptr(pkey))
5060 goto err;
5061
5062 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
5063 if (!TEST_int_eq(orig_id, id)
5064 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
5065 goto err;
5066
5067 if (id == EVP_PKEY_ED25519) {
5068 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
5069 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
5070 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
5071 } else {
5072 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
5073 }
5074 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
5075 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
5076 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
5077 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
5078 }
5079 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
5080 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
5081 goto err;
5082
5083 if (doderive) {
5084 pctx = EVP_PKEY_CTX_new(pkey, NULL);
5085 if (!TEST_ptr(pctx)
5086 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
5087 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
5088 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
5089 1)
5090 || !TEST_int_eq(ctrl_called, 1)
5091 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
5092 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
5093 || !TEST_ptr(res = OPENSSL_malloc(reslen))
5094 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
5095 goto err;
5096 } else {
5097 ctx = EVP_MD_CTX_new();
5098 reslen = EVP_PKEY_size(pkey);
5099 res = OPENSSL_malloc(reslen);
5100 if (!TEST_ptr(ctx)
5101 || !TEST_ptr(res)
5102 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
5103 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
5104 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
5105 1)
5106 || !TEST_int_eq(ctrl_called, 1))
5107 goto err;
5108
5109 if (id == EVP_PKEY_ED25519) {
5110 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
5111 goto err;
5112 } else {
5113 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
5114 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
5115 goto err;
5116 }
5117 }
5118
5119 testresult = 1;
5120 err:
5121 OPENSSL_free(res);
5122 EVP_MD_CTX_free(ctx);
5123 if (doderive)
5124 EVP_PKEY_CTX_free(pctx);
5125 EVP_PKEY_free(pkey);
5126 EVP_PKEY_meth_remove(custom_pmeth);
5127 EVP_PKEY_meth_free(custom_pmeth);
5128 custom_pmeth = NULL;
5129 return testresult;
5130 }
5131
test_evp_md_cipher_meth(void)5132 static int test_evp_md_cipher_meth(void)
5133 {
5134 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
5135 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
5136 int testresult = 0;
5137
5138 if (!TEST_ptr(md) || !TEST_ptr(ciph))
5139 goto err;
5140
5141 testresult = 1;
5142
5143 err:
5144 EVP_MD_meth_free(md);
5145 EVP_CIPHER_meth_free(ciph);
5146
5147 return testresult;
5148 }
5149
5150 typedef struct {
5151 int data;
5152 } custom_dgst_ctx;
5153
5154 static int custom_md_init_called = 0;
5155 static int custom_md_cleanup_called = 0;
5156
custom_md_init(EVP_MD_CTX * ctx)5157 static int custom_md_init(EVP_MD_CTX *ctx)
5158 {
5159 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
5160
5161 if (p == NULL)
5162 return 0;
5163
5164 custom_md_init_called++;
5165 return 1;
5166 }
5167
custom_md_cleanup(EVP_MD_CTX * ctx)5168 static int custom_md_cleanup(EVP_MD_CTX *ctx)
5169 {
5170 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
5171
5172 if (p == NULL)
5173 /* Nothing to do */
5174 return 1;
5175
5176 custom_md_cleanup_called++;
5177 return 1;
5178 }
5179
test_custom_md_meth(void)5180 static int test_custom_md_meth(void)
5181 {
5182 ASN1_OBJECT *o = NULL;
5183 EVP_MD_CTX *mdctx = NULL;
5184 EVP_MD *tmp = NULL;
5185 char mess[] = "Test Message\n";
5186 unsigned char md_value[EVP_MAX_MD_SIZE];
5187 unsigned int md_len;
5188 int testresult = 0;
5189 int nid;
5190
5191 /*
5192 * We are testing deprecated functions. We don't support a non-default
5193 * library context in this test.
5194 */
5195 if (testctx != NULL)
5196 return TEST_skip("Non-default libctx");
5197
5198 custom_md_init_called = custom_md_cleanup_called = 0;
5199
5200 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
5201 if (!TEST_int_ne(nid, NID_undef))
5202 goto err;
5203 tmp = EVP_MD_meth_new(nid, NID_undef);
5204 if (!TEST_ptr(tmp))
5205 goto err;
5206
5207 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init))
5208 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup))
5209 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp,
5210 sizeof(custom_dgst_ctx))))
5211 goto err;
5212
5213 mdctx = EVP_MD_CTX_new();
5214 if (!TEST_ptr(mdctx)
5215 /*
5216 * Initing our custom md and then initing another md should
5217 * result in the init and cleanup functions of the custom md
5218 * being called.
5219 */
5220 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL))
5221 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
5222 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess)))
5223 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len))
5224 || !TEST_int_eq(custom_md_init_called, 1)
5225 || !TEST_int_eq(custom_md_cleanup_called, 1))
5226 goto err;
5227
5228 if (!TEST_int_eq(OBJ_create("1.3.6.1.4.1.16604.998866.1",
5229 "custom-md", "custom-md"), NID_undef)
5230 || !TEST_int_eq(ERR_GET_LIB(ERR_peek_error()), ERR_LIB_OBJ)
5231 || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), OBJ_R_OID_EXISTS))
5232 goto err;
5233
5234 o = ASN1_OBJECT_create(nid, (unsigned char *)
5235 "\53\6\1\4\1\201\201\134\274\373\122\1", 12,
5236 "custom-md", "custom-md");
5237 if (!TEST_int_eq(OBJ_add_object(o), nid))
5238 goto err;
5239
5240 testresult = 1;
5241 err:
5242 ASN1_OBJECT_free(o);
5243 EVP_MD_CTX_free(mdctx);
5244 EVP_MD_meth_free(tmp);
5245 return testresult;
5246 }
5247
5248 typedef struct {
5249 int data;
5250 } custom_ciph_ctx;
5251
5252 static int custom_ciph_init_called = 0;
5253 static int custom_ciph_cleanup_called = 0;
5254
custom_ciph_init(EVP_CIPHER_CTX * ctx,const unsigned char * key,const unsigned char * iv,int enc)5255 static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
5256 const unsigned char *iv, int enc)
5257 {
5258 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
5259
5260 if (p == NULL)
5261 return 0;
5262
5263 custom_ciph_init_called++;
5264 return 1;
5265 }
5266
custom_ciph_cleanup(EVP_CIPHER_CTX * ctx)5267 static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx)
5268 {
5269 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
5270
5271 if (p == NULL)
5272 /* Nothing to do */
5273 return 1;
5274
5275 custom_ciph_cleanup_called++;
5276 return 1;
5277 }
5278
test_custom_ciph_meth(void)5279 static int test_custom_ciph_meth(void)
5280 {
5281 EVP_CIPHER_CTX *ciphctx = NULL;
5282 EVP_CIPHER *tmp = NULL;
5283 int testresult = 0;
5284 int nid;
5285
5286 /*
5287 * We are testing deprecated functions. We don't support a non-default
5288 * library context in this test.
5289 */
5290 if (testctx != NULL)
5291 return TEST_skip("Non-default libctx");
5292
5293 custom_ciph_init_called = custom_ciph_cleanup_called = 0;
5294
5295 nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph");
5296 if (!TEST_int_ne(nid, NID_undef))
5297 goto err;
5298 tmp = EVP_CIPHER_meth_new(nid, 16, 16);
5299 if (!TEST_ptr(tmp))
5300 goto err;
5301
5302 if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init))
5303 || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT))
5304 || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup))
5305 || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp,
5306 sizeof(custom_ciph_ctx))))
5307 goto err;
5308
5309 ciphctx = EVP_CIPHER_CTX_new();
5310 if (!TEST_ptr(ciphctx)
5311 /*
5312 * Initing our custom cipher and then initing another cipher
5313 * should result in the init and cleanup functions of the custom
5314 * cipher being called.
5315 */
5316 || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1))
5317 || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL,
5318 NULL, NULL, 1))
5319 || !TEST_int_eq(custom_ciph_init_called, 1)
5320 || !TEST_int_eq(custom_ciph_cleanup_called, 1))
5321 goto err;
5322
5323 testresult = 1;
5324 err:
5325 EVP_CIPHER_CTX_free(ciphctx);
5326 EVP_CIPHER_meth_free(tmp);
5327 return testresult;
5328 }
5329
5330 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
5331 /* Test we can create a signature keys with an associated ENGINE */
test_signatures_with_engine(int tst)5332 static int test_signatures_with_engine(int tst)
5333 {
5334 ENGINE *e;
5335 const char *engine_id = "dasync";
5336 EVP_PKEY *pkey = NULL;
5337 const unsigned char badcmackey[] = { 0x00, 0x01 };
5338 const unsigned char cmackey[] = {
5339 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
5340 0x0c, 0x0d, 0x0e, 0x0f
5341 };
5342 const unsigned char ed25519key[] = {
5343 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
5344 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
5345 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
5346 };
5347 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
5348 int testresult = 0;
5349 EVP_MD_CTX *ctx = NULL;
5350 unsigned char *mac = NULL;
5351 size_t maclen = 0;
5352 int ret;
5353
5354 # ifdef OPENSSL_NO_CMAC
5355 /* Skip CMAC tests in a no-cmac build */
5356 if (tst <= 1)
5357 return 1;
5358 # endif
5359 # ifdef OPENSSL_NO_ECX
5360 /* Skip ECX tests in a no-ecx build */
5361 if (tst == 2)
5362 return 1;
5363 # endif
5364
5365 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
5366 return 0;
5367
5368 if (!TEST_true(ENGINE_init(e))) {
5369 ENGINE_free(e);
5370 return 0;
5371 }
5372
5373 switch (tst) {
5374 case 0:
5375 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
5376 EVP_aes_128_cbc());
5377 break;
5378 case 1:
5379 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
5380 EVP_aes_128_cbc());
5381 break;
5382 case 2:
5383 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
5384 sizeof(ed25519key));
5385 break;
5386 default:
5387 TEST_error("Invalid test case");
5388 goto err;
5389 }
5390 if (!TEST_ptr(pkey))
5391 goto err;
5392
5393 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
5394 goto err;
5395
5396 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
5397 pkey);
5398 if (tst == 0) {
5399 if (!TEST_true(ret))
5400 goto err;
5401
5402 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
5403 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
5404 goto err;
5405
5406 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
5407 goto err;
5408
5409 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
5410 goto err;
5411 } else {
5412 /* We used a bad key. We expect a failure here */
5413 if (!TEST_false(ret))
5414 goto err;
5415 }
5416
5417 testresult = 1;
5418 err:
5419 EVP_MD_CTX_free(ctx);
5420 OPENSSL_free(mac);
5421 EVP_PKEY_free(pkey);
5422 ENGINE_finish(e);
5423 ENGINE_free(e);
5424
5425 return testresult;
5426 }
5427
test_cipher_with_engine(void)5428 static int test_cipher_with_engine(void)
5429 {
5430 ENGINE *e;
5431 const char *engine_id = "dasync";
5432 const unsigned char keyiv[] = {
5433 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
5434 0x0c, 0x0d, 0x0e, 0x0f
5435 };
5436 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
5437 int testresult = 0;
5438 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
5439 unsigned char buf[AES_BLOCK_SIZE];
5440 int len = 0;
5441
5442 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
5443 return 0;
5444
5445 if (!TEST_true(ENGINE_init(e))) {
5446 ENGINE_free(e);
5447 return 0;
5448 }
5449
5450 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
5451 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
5452 goto err;
5453
5454 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
5455 goto err;
5456
5457 /* Copy the ctx, and complete the operation with the new ctx */
5458 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
5459 goto err;
5460
5461 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
5462 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
5463 goto err;
5464
5465 testresult = 1;
5466 err:
5467 EVP_CIPHER_CTX_free(ctx);
5468 EVP_CIPHER_CTX_free(ctx2);
5469 ENGINE_finish(e);
5470 ENGINE_free(e);
5471
5472 return testresult;
5473 }
5474 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
5475 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
5476
5477 #ifndef OPENSSL_NO_ECX
5478 static int ecxnids[] = {
5479 NID_X25519,
5480 NID_X448,
5481 NID_ED25519,
5482 NID_ED448
5483 };
5484
5485 /* Test that creating ECX keys with a short private key fails as expected */
test_ecx_short_keys(int tst)5486 static int test_ecx_short_keys(int tst)
5487 {
5488 unsigned char ecxkeydata = 1;
5489 EVP_PKEY *pkey;
5490
5491
5492 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, OBJ_nid2sn(ecxnids[tst]),
5493 NULL, &ecxkeydata, 1);
5494 if (!TEST_ptr_null(pkey)) {
5495 EVP_PKEY_free(pkey);
5496 return 0;
5497 }
5498
5499 return 1;
5500 }
5501 #endif
5502
5503 typedef enum OPTION_choice {
5504 OPT_ERR = -1,
5505 OPT_EOF = 0,
5506 OPT_CONTEXT,
5507 OPT_CONFIG_FILE,
5508 OPT_TEST_ENUM
5509 } OPTION_CHOICE;
5510
test_get_options(void)5511 const OPTIONS *test_get_options(void)
5512 {
5513 static const OPTIONS options[] = {
5514 OPT_TEST_OPTIONS_DEFAULT_USAGE,
5515 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
5516 { "config", OPT_CONFIG_FILE, '<',
5517 "The configuration file to use for the libctx" },
5518 { NULL }
5519 };
5520 return options;
5521 }
5522
5523 #ifndef OPENSSL_NO_ECX
5524 /* Test that trying to sign with a public key errors out gracefully */
test_ecx_not_private_key(int tst)5525 static int test_ecx_not_private_key(int tst)
5526 {
5527 EVP_PKEY *pkey = NULL;
5528
5529 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
5530 int testresult = 0;
5531 EVP_MD_CTX *ctx = NULL;
5532 unsigned char *mac = NULL;
5533 size_t maclen = 0;
5534 unsigned char *pubkey;
5535 size_t pubkeylen;
5536
5537 switch (keys[tst].type) {
5538 case NID_X25519:
5539 case NID_X448:
5540 return TEST_skip("signing not supported for X25519/X448");
5541 }
5542
5543 /* Check if this algorithm supports public keys */
5544 if (keys[tst].pub == NULL)
5545 return TEST_skip("no public key present");
5546
5547 pubkey = (unsigned char *)keys[tst].pub;
5548 pubkeylen = strlen(keys[tst].pub);
5549
5550 pkey = EVP_PKEY_new_raw_public_key_ex(testctx, OBJ_nid2sn(keys[tst].type),
5551 NULL, pubkey, pubkeylen);
5552 if (!TEST_ptr(pkey))
5553 goto err;
5554
5555 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
5556 goto err;
5557
5558 if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey) != 1)
5559 goto check_err;
5560
5561 if (EVP_DigestSign(ctx, NULL, &maclen, msg, sizeof(msg)) != 1)
5562 goto check_err;
5563
5564 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
5565 goto err;
5566
5567 if (!TEST_int_eq(EVP_DigestSign(ctx, mac, &maclen, msg, sizeof(msg)), 0))
5568 goto err;
5569
5570 check_err:
5571 /*
5572 * Currently only EVP_DigestSign will throw PROV_R_NOT_A_PRIVATE_KEY,
5573 * but we relax the check to allow error also thrown by
5574 * EVP_DigestSignInit and EVP_DigestSign.
5575 */
5576 if (ERR_GET_REASON(ERR_peek_error()) == PROV_R_NOT_A_PRIVATE_KEY) {
5577 testresult = 1;
5578 ERR_clear_error();
5579 }
5580
5581 err:
5582 EVP_MD_CTX_free(ctx);
5583 OPENSSL_free(mac);
5584 EVP_PKEY_free(pkey);
5585
5586 return testresult;
5587 }
5588 #endif /* OPENSSL_NO_ECX */
5589
test_sign_continuation(void)5590 static int test_sign_continuation(void)
5591 {
5592 OSSL_PROVIDER *fake_rsa = NULL;
5593 int testresult = 0;
5594 EVP_PKEY *pkey = NULL;
5595 EVP_PKEY_CTX *pctx = NULL;
5596 EVP_MD_CTX *mctx = NULL;
5597 const char sigbuf[] = "To Be Signed";
5598 unsigned char signature[256];
5599 size_t siglen = 256;
5600 static int nodupnum = 1;
5601 static const OSSL_PARAM nodup_params[] = {
5602 OSSL_PARAM_int("NO_DUP", &nodupnum),
5603 OSSL_PARAM_END
5604 };
5605
5606 if (!TEST_ptr(fake_rsa = fake_rsa_start(testctx)))
5607 return 0;
5608
5609 /* Construct a pkey using precise propq to use our provider */
5610 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA",
5611 "provider=fake-rsa"))
5612 || !TEST_true(EVP_PKEY_fromdata_init(pctx))
5613 || !TEST_true(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, NULL))
5614 || !TEST_ptr(pkey))
5615 goto end;
5616
5617 /* First test it continues (classic behavior) */
5618 if (!TEST_ptr(mctx = EVP_MD_CTX_new())
5619 || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx,
5620 NULL, pkey, NULL))
5621 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
5622 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen))
5623 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
5624 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen)))
5625 goto end;
5626
5627 EVP_MD_CTX_free(mctx);
5628
5629 /* try again but failing the continuation */
5630 if (!TEST_ptr(mctx = EVP_MD_CTX_new())
5631 || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx,
5632 NULL, pkey, nodup_params))
5633 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
5634 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen))
5635 || !TEST_false(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
5636 || !TEST_false(EVP_DigestSignFinal(mctx, signature, &siglen)))
5637 goto end;
5638
5639 testresult = 1;
5640
5641 end:
5642 EVP_MD_CTX_free(mctx);
5643 EVP_PKEY_free(pkey);
5644 EVP_PKEY_CTX_free(pctx);
5645 fake_rsa_finish(fake_rsa);
5646 return testresult;
5647 }
5648
aes_gcm_encrypt(const unsigned char * gcm_key,size_t gcm_key_s,const unsigned char * gcm_iv,size_t gcm_ivlen,const unsigned char * gcm_pt,size_t gcm_pt_s,const unsigned char * gcm_aad,size_t gcm_aad_s,const unsigned char * gcm_ct,size_t gcm_ct_s,const unsigned char * gcm_tag,size_t gcm_tag_s)5649 static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s,
5650 const unsigned char *gcm_iv, size_t gcm_ivlen,
5651 const unsigned char *gcm_pt, size_t gcm_pt_s,
5652 const unsigned char *gcm_aad, size_t gcm_aad_s,
5653 const unsigned char *gcm_ct, size_t gcm_ct_s,
5654 const unsigned char *gcm_tag, size_t gcm_tag_s)
5655 {
5656 int ret = 0;
5657 EVP_CIPHER_CTX *ctx;
5658 EVP_CIPHER *cipher = NULL;
5659 int outlen, tmplen;
5660 unsigned char outbuf[1024];
5661 unsigned char outtag[16];
5662 OSSL_PARAM params[2] = {
5663 OSSL_PARAM_END, OSSL_PARAM_END
5664 };
5665
5666 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
5667 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")))
5668 goto err;
5669
5670 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
5671 &gcm_ivlen);
5672
5673 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
5674 || (gcm_aad != NULL
5675 && !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen,
5676 gcm_aad, gcm_aad_s)))
5677 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen,
5678 gcm_pt, gcm_pt_s))
5679 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)))
5680 goto err;
5681
5682 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
5683 outtag, sizeof(outtag));
5684
5685 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params))
5686 || !TEST_mem_eq(outbuf, outlen, gcm_ct, gcm_ct_s)
5687 || !TEST_mem_eq(outtag, gcm_tag_s, gcm_tag, gcm_tag_s))
5688 goto err;
5689
5690 ret = 1;
5691 err:
5692 EVP_CIPHER_free(cipher);
5693 EVP_CIPHER_CTX_free(ctx);
5694
5695 return ret;
5696 }
5697
aes_gcm_decrypt(const unsigned char * gcm_key,size_t gcm_key_s,const unsigned char * gcm_iv,size_t gcm_ivlen,const unsigned char * gcm_pt,size_t gcm_pt_s,const unsigned char * gcm_aad,size_t gcm_aad_s,const unsigned char * gcm_ct,size_t gcm_ct_s,const unsigned char * gcm_tag,size_t gcm_tag_s)5698 static int aes_gcm_decrypt(const unsigned char *gcm_key, size_t gcm_key_s,
5699 const unsigned char *gcm_iv, size_t gcm_ivlen,
5700 const unsigned char *gcm_pt, size_t gcm_pt_s,
5701 const unsigned char *gcm_aad, size_t gcm_aad_s,
5702 const unsigned char *gcm_ct, size_t gcm_ct_s,
5703 const unsigned char *gcm_tag, size_t gcm_tag_s)
5704 {
5705 int ret = 0;
5706 EVP_CIPHER_CTX *ctx;
5707 EVP_CIPHER *cipher = NULL;
5708 int outlen;
5709 unsigned char outbuf[1024];
5710 OSSL_PARAM params[2] = {
5711 OSSL_PARAM_END, OSSL_PARAM_END
5712 };
5713
5714 if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
5715 goto err;
5716
5717 if ((cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")) == NULL)
5718 goto err;
5719
5720 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
5721 &gcm_ivlen);
5722
5723 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
5724 || (gcm_aad != NULL
5725 && !TEST_true(EVP_DecryptUpdate(ctx, NULL, &outlen,
5726 gcm_aad, gcm_aad_s)))
5727 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen,
5728 gcm_ct, gcm_ct_s))
5729 || !TEST_mem_eq(outbuf, outlen, gcm_pt, gcm_pt_s))
5730 goto err;
5731
5732 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
5733 (void*)gcm_tag, gcm_tag_s);
5734
5735 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))
5736 ||!TEST_true(EVP_DecryptFinal_ex(ctx, outbuf, &outlen)))
5737 goto err;
5738
5739 ret = 1;
5740 err:
5741 EVP_CIPHER_free(cipher);
5742 EVP_CIPHER_CTX_free(ctx);
5743
5744 return ret;
5745 }
5746
test_aes_gcm_ivlen_change_cve_2023_5363(void)5747 static int test_aes_gcm_ivlen_change_cve_2023_5363(void)
5748 {
5749 /* AES-GCM test data obtained from NIST public test vectors */
5750 static const unsigned char gcm_key[] = {
5751 0xd0, 0xc2, 0x67, 0xc1, 0x9f, 0x30, 0xd8, 0x0b, 0x89, 0x14, 0xbb, 0xbf,
5752 0xb7, 0x2f, 0x73, 0xb8, 0xd3, 0xcd, 0x5f, 0x6a, 0x78, 0x70, 0x15, 0x84,
5753 0x8a, 0x7b, 0x30, 0xe3, 0x8f, 0x16, 0xf1, 0x8b,
5754 };
5755 static const unsigned char gcm_iv[] = {
5756 0xb6, 0xdc, 0xda, 0x95, 0xac, 0x99, 0x77, 0x76, 0x25, 0xae, 0x87, 0xf8,
5757 0xa3, 0xa9, 0xdd, 0x64, 0xd7, 0x9b, 0xbd, 0x5f, 0x4a, 0x0e, 0x54, 0xca,
5758 0x1a, 0x9f, 0xa2, 0xe3, 0xf4, 0x5f, 0x5f, 0xc2, 0xce, 0xa7, 0xb6, 0x14,
5759 0x12, 0x6f, 0xf0, 0xaf, 0xfd, 0x3e, 0x17, 0x35, 0x6e, 0xa0, 0x16, 0x09,
5760 0xdd, 0xa1, 0x3f, 0xd8, 0xdd, 0xf3, 0xdf, 0x4f, 0xcb, 0x18, 0x49, 0xb8,
5761 0xb3, 0x69, 0x2c, 0x5d, 0x4f, 0xad, 0x30, 0x91, 0x08, 0xbc, 0xbe, 0x24,
5762 0x01, 0x0f, 0xbe, 0x9c, 0xfb, 0x4f, 0x5d, 0x19, 0x7f, 0x4c, 0x53, 0xb0,
5763 0x95, 0x90, 0xac, 0x7b, 0x1f, 0x7b, 0xa0, 0x99, 0xe1, 0xf3, 0x48, 0x54,
5764 0xd0, 0xfc, 0xa9, 0xcc, 0x91, 0xf8, 0x1f, 0x9b, 0x6c, 0x9a, 0xe0, 0xdc,
5765 0x63, 0xea, 0x7d, 0x2a, 0x4a, 0x7d, 0xa5, 0xed, 0x68, 0x57, 0x27, 0x6b,
5766 0x68, 0xe0, 0xf2, 0xb8, 0x51, 0x50, 0x8d, 0x3d,
5767 };
5768 static const unsigned char gcm_pt[] = {
5769 0xb8, 0xb6, 0x88, 0x36, 0x44, 0xe2, 0x34, 0xdf, 0x24, 0x32, 0x91, 0x07,
5770 0x4f, 0xe3, 0x6f, 0x81,
5771 };
5772 static const unsigned char gcm_ct[] = {
5773 0xff, 0x4f, 0xb3, 0xf3, 0xf9, 0xa2, 0x51, 0xd4, 0x82, 0xc2, 0xbe, 0xf3,
5774 0xe2, 0xd0, 0xec, 0xed,
5775 };
5776 static const unsigned char gcm_tag[] = {
5777 0xbd, 0x06, 0x38, 0x09, 0xf7, 0xe1, 0xc4, 0x72, 0x0e, 0xf2, 0xea, 0x63,
5778 0xdb, 0x99, 0x6c, 0x21,
5779 };
5780
5781 return aes_gcm_encrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv),
5782 gcm_pt, sizeof(gcm_pt), NULL, 0,
5783 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag))
5784 && aes_gcm_decrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv),
5785 gcm_pt, sizeof(gcm_pt), NULL, 0,
5786 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag));
5787 }
5788
5789 #ifndef OPENSSL_NO_RC4
rc4_encrypt(const unsigned char * rc4_key,size_t rc4_key_s,const unsigned char * rc4_pt,size_t rc4_pt_s,const unsigned char * rc4_ct,size_t rc4_ct_s)5790 static int rc4_encrypt(const unsigned char *rc4_key, size_t rc4_key_s,
5791 const unsigned char *rc4_pt, size_t rc4_pt_s,
5792 const unsigned char *rc4_ct, size_t rc4_ct_s)
5793 {
5794 int ret = 0;
5795 EVP_CIPHER_CTX *ctx;
5796 EVP_CIPHER *cipher = NULL;
5797 int outlen, tmplen;
5798 unsigned char outbuf[1024];
5799 OSSL_PARAM params[2] = {
5800 OSSL_PARAM_END, OSSL_PARAM_END
5801 };
5802
5803 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
5804 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "RC4", "")))
5805 goto err;
5806
5807 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
5808 &rc4_key_s);
5809
5810 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, rc4_key, NULL, params))
5811 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen,
5812 rc4_pt, rc4_pt_s))
5813 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)))
5814 goto err;
5815
5816 if (!TEST_mem_eq(outbuf, outlen, rc4_ct, rc4_ct_s))
5817 goto err;
5818
5819 ret = 1;
5820 err:
5821 EVP_CIPHER_free(cipher);
5822 EVP_CIPHER_CTX_free(ctx);
5823
5824 return ret;
5825 }
5826
rc4_decrypt(const unsigned char * rc4_key,size_t rc4_key_s,const unsigned char * rc4_pt,size_t rc4_pt_s,const unsigned char * rc4_ct,size_t rc4_ct_s)5827 static int rc4_decrypt(const unsigned char *rc4_key, size_t rc4_key_s,
5828 const unsigned char *rc4_pt, size_t rc4_pt_s,
5829 const unsigned char *rc4_ct, size_t rc4_ct_s)
5830 {
5831 int ret = 0;
5832 EVP_CIPHER_CTX *ctx;
5833 EVP_CIPHER *cipher = NULL;
5834 int outlen;
5835 unsigned char outbuf[1024];
5836 OSSL_PARAM params[2] = {
5837 OSSL_PARAM_END, OSSL_PARAM_END
5838 };
5839
5840 if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
5841 goto err;
5842
5843 if ((cipher = EVP_CIPHER_fetch(testctx, "RC4", "")) == NULL)
5844 goto err;
5845
5846 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
5847 &rc4_key_s);
5848
5849 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, rc4_key, NULL, params))
5850 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen,
5851 rc4_ct, rc4_ct_s))
5852 || !TEST_mem_eq(outbuf, outlen, rc4_pt, rc4_pt_s))
5853 goto err;
5854
5855 ret = 1;
5856 err:
5857 EVP_CIPHER_free(cipher);
5858 EVP_CIPHER_CTX_free(ctx);
5859
5860 return ret;
5861 }
5862
test_aes_rc4_keylen_change_cve_2023_5363(void)5863 static int test_aes_rc4_keylen_change_cve_2023_5363(void)
5864 {
5865 /* RC4 test data obtained from RFC 6229 */
5866 static const struct {
5867 unsigned char key[5];
5868 unsigned char padding[11];
5869 } rc4_key = {
5870 { /* Five bytes of key material */
5871 0x83, 0x32, 0x22, 0x77, 0x2a,
5872 },
5873 { /* Random padding to 16 bytes */
5874 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 0xaa, 0x32, 0x91
5875 }
5876 };
5877 static const unsigned char rc4_pt[] = {
5878 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5879 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
5880 };
5881 static const unsigned char rc4_ct[] = {
5882 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a,
5883 0x2e, 0x87, 0x9e, 0x92, 0xa4, 0x97, 0xef, 0xda
5884 };
5885
5886 if (lgcyprov == NULL)
5887 return TEST_skip("Test requires legacy provider to be loaded");
5888
5889 return rc4_encrypt(rc4_key.key, sizeof(rc4_key.key),
5890 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct))
5891 && rc4_decrypt(rc4_key.key, sizeof(rc4_key.key),
5892 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct));
5893 }
5894 #endif
5895
test_invalid_ctx_for_digest(void)5896 static int test_invalid_ctx_for_digest(void)
5897 {
5898 int ret;
5899 EVP_MD_CTX *mdctx;
5900
5901 mdctx = EVP_MD_CTX_new();
5902 if (!TEST_ptr(mdctx))
5903 return 0;
5904
5905 if (!TEST_int_eq(EVP_DigestUpdate(mdctx, "test", sizeof("test") - 1), 0))
5906 ret = 0;
5907 else
5908 ret = 1;
5909
5910 EVP_MD_CTX_free(mdctx);
5911
5912 return ret;
5913 }
5914
test_evp_cipher_pipeline(void)5915 static int test_evp_cipher_pipeline(void)
5916 {
5917 OSSL_PROVIDER *fake_pipeline = NULL;
5918 int testresult = 0;
5919 EVP_CIPHER *cipher = NULL;
5920 EVP_CIPHER *pipeline_cipher = NULL;
5921 EVP_CIPHER_CTX *ctx = NULL;
5922 unsigned char key[32];
5923 size_t keylen = 32;
5924 size_t ivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_FIXED_IV_LEN;
5925 size_t taglen = EVP_GCM_TLS_TAG_LEN;
5926 unsigned char *iv_array[EVP_MAX_PIPES], *tag_array[EVP_MAX_PIPES];
5927 unsigned char *plaintext_array[EVP_MAX_PIPES];
5928 unsigned char *ciphertext_array_p[EVP_MAX_PIPES];
5929 void **aead_tags = (void **)&tag_array;
5930 unsigned char *temp[EVP_MAX_PIPES];
5931 size_t outsize_array[EVP_MAX_PIPES], outlen_array[EVP_MAX_PIPES];
5932 size_t ciphertextlen_array[EVP_MAX_PIPES];
5933 size_t inlen_array[EVP_MAX_PIPES];
5934 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
5935 unsigned char *ciphertext, *exp_plaintext, *tag;
5936 size_t numpipes, plaintextlen, i;
5937
5938 if (!TEST_ptr(fake_pipeline = fake_pipeline_start(testctx)))
5939 return 0;
5940 if (!TEST_ptr(pipeline_cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM",
5941 "provider=fake-pipeline"))
5942 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", testpropq))
5943 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
5944 goto end;
5945 memset(key, 0x01, sizeof(key));
5946
5947 /* Negative tests */
5948 if (!TEST_false(EVP_CIPHER_can_pipeline(cipher, 1)))
5949 goto end;
5950 if (!TEST_false(EVP_CIPHER_can_pipeline(EVP_aes_256_gcm(), 1)))
5951 goto end;
5952 if (!TEST_false(EVP_CipherPipelineEncryptInit(ctx, pipeline_cipher,
5953 key, keylen,
5954 EVP_MAX_PIPES + 1, NULL, 0)))
5955 goto end;
5956
5957 /* Positive tests */
5958 for (numpipes = 1; numpipes <= EVP_MAX_PIPES; numpipes++) {
5959 for (plaintextlen = 1; plaintextlen <= 256; plaintextlen++) {
5960 size_t ciphertextlen = 0;
5961 int outlen = 0;
5962
5963 /* Cleanup to be able to error out */
5964 memset(iv_array, 0, sizeof(iv_array));
5965 memset(plaintext_array, 0, sizeof(plaintext_array));
5966 memset(ciphertext_array_p, 0, sizeof(ciphertext_array_p));
5967 memset(tag_array, 0, sizeof(tag_array));
5968 ciphertext = NULL;
5969 exp_plaintext = NULL;
5970 tag = NULL;
5971
5972 /* Allocate fresh buffers with exact size to catch buffer overwrites */
5973 for (i = 0; i < numpipes; i++) {
5974 if (!TEST_ptr(iv_array[i] = OPENSSL_malloc(ivlen))
5975 || !TEST_ptr(plaintext_array[i] = OPENSSL_malloc(plaintextlen))
5976 || !TEST_ptr(ciphertext_array_p[i] =
5977 OPENSSL_malloc(plaintextlen + EVP_MAX_BLOCK_LENGTH))
5978 || !TEST_ptr(tag_array[i] = OPENSSL_malloc(taglen)))
5979 goto err;
5980
5981 memset(iv_array[i], i + 33, ivlen);
5982 memset(plaintext_array[i], i + 1, plaintextlen);
5983 inlen_array[i] = plaintextlen;
5984 outlen_array[i] = 0;
5985 ciphertextlen_array[i] = 0;
5986 outsize_array[i] = plaintextlen + EVP_MAX_BLOCK_LENGTH;
5987 }
5988 if (!TEST_ptr(ciphertext =
5989 OPENSSL_malloc(plaintextlen + EVP_MAX_BLOCK_LENGTH))
5990 || !TEST_ptr(tag = OPENSSL_malloc(taglen))
5991 || !TEST_ptr(exp_plaintext = OPENSSL_malloc(plaintextlen)))
5992 goto err;
5993
5994 /* Encrypt using pipeline API */
5995 if (!TEST_true(EVP_CIPHER_CTX_reset(ctx))
5996 || !TEST_true(EVP_CIPHER_can_pipeline(pipeline_cipher, 1))
5997 || !TEST_true(EVP_CipherPipelineEncryptInit(ctx, pipeline_cipher,
5998 key, keylen, numpipes,
5999 (const unsigned char **)iv_array,
6000 ivlen))
6001 /* reuse plaintext for AAD as it won't affect test */
6002 || !TEST_true(EVP_CipherPipelineUpdate(ctx, NULL, outlen_array, NULL,
6003 (const unsigned char **)plaintext_array,
6004 inlen_array))
6005 || !TEST_true(EVP_CipherPipelineUpdate(ctx, ciphertext_array_p,
6006 outlen_array, outsize_array,
6007 (const unsigned char **)plaintext_array,
6008 inlen_array)))
6009 goto err;
6010
6011 for (i = 0; i < numpipes; i++) {
6012 ciphertextlen_array[i] = outlen_array[i];
6013 temp[i] = ciphertext_array_p[i] + ciphertextlen_array[i];
6014 outsize_array[i] = outsize_array[i] - ciphertextlen_array[i];
6015 }
6016
6017 if (!TEST_true(EVP_CipherPipelineFinal(ctx, temp, outlen_array, outsize_array)))
6018 goto err;
6019
6020 for (i = 0; i < numpipes; i++)
6021 ciphertextlen_array[i] += outlen_array[i];
6022
6023 params[0] = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_PIPELINE_AEAD_TAG,
6024 (void **)&aead_tags, taglen);
6025 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params)))
6026 goto err;
6027
6028 /* Encrypt using non-pipeline API and compare */
6029 if (!TEST_true(EVP_CIPHER_CTX_reset(ctx)))
6030 goto err;
6031
6032 for (i = 0; i < numpipes; i++) {
6033 if (!TEST_true(EVP_EncryptInit(ctx, cipher, key, iv_array[i]))
6034 || !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen,
6035 plaintext_array[i],
6036 plaintextlen))
6037 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &outlen,
6038 plaintext_array[i],
6039 plaintextlen)))
6040 goto err;
6041 ciphertextlen = outlen;
6042
6043 if (!TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext + outlen, &outlen)))
6044 goto err;
6045 ciphertextlen += outlen;
6046
6047 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
6048 (void *)tag, taglen);
6049 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params)))
6050 goto err;
6051
6052 if (!TEST_mem_eq(ciphertext_array_p[i], ciphertextlen_array[i],
6053 ciphertext, ciphertextlen)
6054 || !TEST_mem_eq(tag_array[i], taglen, tag, taglen))
6055 goto err;
6056 }
6057
6058 for (i = 0; i < numpipes; i++)
6059 outsize_array[i] = plaintextlen;
6060
6061 /* Decrypt using pipeline API and compare */
6062 params[0] = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_PIPELINE_AEAD_TAG,
6063 (void **)&aead_tags, taglen);
6064 if (!TEST_true(EVP_CIPHER_CTX_reset(ctx))
6065 || !TEST_true(EVP_CIPHER_can_pipeline(pipeline_cipher, 0))
6066 || !TEST_true(EVP_CipherPipelineDecryptInit(ctx, pipeline_cipher,
6067 key, keylen, numpipes,
6068 (const unsigned char **)iv_array,
6069 ivlen))
6070 || !TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))
6071 || !TEST_true(EVP_CipherPipelineUpdate(ctx, NULL, outlen_array, NULL,
6072 (const unsigned char **)plaintext_array,
6073 inlen_array))
6074 || !TEST_true(EVP_CipherPipelineUpdate(ctx, plaintext_array,
6075 outlen_array, outsize_array,
6076 (const unsigned char **)ciphertext_array_p,
6077 ciphertextlen_array)))
6078 goto err;
6079
6080 for (i = 0; i < numpipes; i++) {
6081 temp[i] = plaintext_array[i] + outlen_array[i];
6082 outsize_array[i] = outsize_array[i] - outlen_array[i];
6083 }
6084
6085 if (!TEST_true(EVP_CipherPipelineFinal(ctx, temp, outlen_array, outsize_array)))
6086 goto err;
6087
6088 for (i = 0; i < numpipes; i++) {
6089 memset(exp_plaintext, i + 1, plaintextlen);
6090 if (!TEST_mem_eq(plaintext_array[i], plaintextlen,
6091 exp_plaintext, plaintextlen))
6092 goto err;
6093 }
6094
6095 for (i = 0; i < numpipes; i++) {
6096 OPENSSL_free(iv_array[i]);
6097 OPENSSL_free(plaintext_array[i]);
6098 OPENSSL_free(ciphertext_array_p[i]);
6099 OPENSSL_free(tag_array[i]);
6100 }
6101 OPENSSL_free(exp_plaintext);
6102 OPENSSL_free(ciphertext);
6103 OPENSSL_free(tag);
6104 }
6105 }
6106
6107 testresult = 1;
6108 goto end;
6109
6110 err:
6111 for (i = 0; i < numpipes; i++) {
6112 OPENSSL_free(iv_array[i]);
6113 OPENSSL_free(plaintext_array[i]);
6114 OPENSSL_free(ciphertext_array_p[i]);
6115 OPENSSL_free(tag_array[i]);
6116 }
6117 OPENSSL_free(exp_plaintext);
6118 OPENSSL_free(ciphertext);
6119 OPENSSL_free(tag);
6120 end:
6121 EVP_CIPHER_CTX_free(ctx);
6122 EVP_CIPHER_free(cipher);
6123 EVP_CIPHER_free(pipeline_cipher);
6124 fake_pipeline_finish(fake_pipeline);
6125 return testresult;
6126 }
6127
setup_tests(void)6128 int setup_tests(void)
6129 {
6130 char *config_file = NULL;
6131 OPTION_CHOICE o;
6132
6133 while ((o = opt_next()) != OPT_EOF) {
6134 switch (o) {
6135 case OPT_CONTEXT:
6136 /* Set up an alternate library context */
6137 testctx = OSSL_LIB_CTX_new();
6138 if (!TEST_ptr(testctx))
6139 return 0;
6140 #ifdef STATIC_LEGACY
6141 /*
6142 * This test is always statically linked against libcrypto. We must not
6143 * attempt to load legacy.so that might be dynamically linked against
6144 * libcrypto. Instead we use a built-in version of the legacy provider.
6145 */
6146 if (!OSSL_PROVIDER_add_builtin(testctx, "legacy", ossl_legacy_provider_init))
6147 return 0;
6148 #endif
6149 /* Swap the libctx to test non-default context only */
6150 nullprov = OSSL_PROVIDER_load(NULL, "null");
6151 deflprov = OSSL_PROVIDER_load(testctx, "default");
6152 #ifndef OPENSSL_SYS_TANDEM
6153 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
6154 #endif
6155 break;
6156 case OPT_CONFIG_FILE:
6157 config_file = opt_arg();
6158 if (!test_get_libctx(&testctx, &nullprov, config_file, NULL, NULL))
6159 return 0;
6160 break;
6161 case OPT_TEST_CASES:
6162 break;
6163 default:
6164 return 0;
6165 }
6166 }
6167
6168 if (config_file != NULL) {
6169 ADD_TEST(test_EVP_set_config_properties);
6170 return 1;
6171 }
6172
6173 ADD_TEST(test_EVP_set_default_properties);
6174 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
6175 ADD_TEST(test_EVP_DigestVerifyInit);
6176 #ifndef OPENSSL_NO_SIPHASH
6177 ADD_TEST(test_siphash_digestsign);
6178 #endif
6179 ADD_TEST(test_EVP_Digest);
6180 ADD_TEST(test_EVP_md_null);
6181 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
6182 #ifndef OPENSSL_NO_DEPRECATED_3_0
6183 ADD_ALL_TESTS(test_EVP_PKEY_sign_with_app_method, 2);
6184 #endif
6185 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
6186 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
6187 ADD_TEST(test_privatekey_to_pkcs8);
6188 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
6189 #ifndef OPENSSL_NO_EC
6190 ADD_TEST(test_EVP_PKCS82PKEY);
6191 #endif
6192 #ifndef OPENSSL_NO_EC
6193 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
6194 #endif
6195 #if !defined(OPENSSL_NO_SM2)
6196 ADD_TEST(test_EVP_SM2);
6197 ADD_TEST(test_EVP_SM2_verify);
6198 #endif
6199 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
6200 #ifndef OPENSSL_NO_DEPRECATED_3_0
6201 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
6202 if (!TEST_ptr(custom_pmeth))
6203 return 0;
6204 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
6205 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
6206 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
6207 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
6208 return 0;
6209 #endif
6210 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
6211 #ifndef OPENSSL_NO_CMAC
6212 ADD_TEST(test_CMAC_keygen);
6213 #endif
6214 ADD_TEST(test_HKDF);
6215 ADD_TEST(test_emptyikm_HKDF);
6216 ADD_TEST(test_empty_salt_info_HKDF);
6217 #ifndef OPENSSL_NO_EC
6218 ADD_TEST(test_X509_PUBKEY_inplace);
6219 ADD_TEST(test_X509_PUBKEY_dup);
6220 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
6221 OSSL_NELEM(ec_der_pub_keys));
6222 #endif
6223 #ifndef OPENSSL_NO_DSA
6224 ADD_TEST(test_DSA_get_set_params);
6225 ADD_TEST(test_DSA_priv_pub);
6226 #endif
6227 ADD_TEST(test_RSA_get_set_params);
6228 ADD_TEST(test_RSA_OAEP_set_get_params);
6229 ADD_TEST(test_RSA_OAEP_set_null_label);
6230 #ifndef OPENSSL_NO_DEPRECATED_3_0
6231 ADD_TEST(test_RSA_legacy);
6232 #endif
6233 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
6234 ADD_TEST(test_decrypt_null_chunks);
6235 #endif
6236 #ifndef OPENSSL_NO_DH
6237 ADD_TEST(test_DH_priv_pub);
6238 # ifndef OPENSSL_NO_DEPRECATED_3_0
6239 ADD_TEST(test_EVP_PKEY_set1_DH);
6240 # endif
6241 #endif
6242 #ifndef OPENSSL_NO_EC
6243 ADD_TEST(test_EC_priv_pub);
6244 ADD_TEST(test_evp_get_ec_pub);
6245 # ifndef OPENSSL_NO_DEPRECATED_3_0
6246 ADD_TEST(test_EC_priv_only_legacy);
6247 ADD_TEST(test_evp_get_ec_pub_legacy);
6248 # endif
6249 #endif
6250 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
6251 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
6252
6253 ADD_TEST(test_rand_agglomeration);
6254 ADD_ALL_TESTS(test_evp_iv_aes, 12);
6255 #ifndef OPENSSL_NO_DES
6256 ADD_ALL_TESTS(test_evp_iv_des, 6);
6257 #endif
6258 #ifndef OPENSSL_NO_BF
6259 ADD_ALL_TESTS(test_evp_bf_default_keylen, 4);
6260 #endif
6261 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
6262 ADD_TEST(test_EVP_rsa_pss_set_saltlen);
6263 ADD_TEST(test_EVP_rsa_invalid_key);
6264 #ifndef OPENSSL_NO_EC
6265 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
6266 #endif
6267
6268 ADD_TEST(test_names_do_all);
6269
6270 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
6271 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
6272 ADD_ALL_TESTS(test_evp_reinit_seq, OSSL_NELEM(evp_reinit_tests));
6273 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
6274 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
6275 ADD_ALL_TESTS(test_ivlen_change, OSSL_NELEM(ivlen_change_ciphers));
6276 if (OSSL_NELEM(keylen_change_ciphers) - 1 > 0)
6277 ADD_ALL_TESTS(test_keylen_change, OSSL_NELEM(keylen_change_ciphers) - 1);
6278
6279 #ifndef OPENSSL_NO_DEPRECATED_3_0
6280 ADD_ALL_TESTS(test_custom_pmeth, 12);
6281 ADD_TEST(test_evp_md_cipher_meth);
6282 ADD_TEST(test_custom_md_meth);
6283 ADD_TEST(test_custom_ciph_meth);
6284
6285 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
6286 /* Tests only support the default libctx */
6287 if (testctx == NULL) {
6288 # ifndef OPENSSL_NO_EC
6289 ADD_ALL_TESTS(test_signatures_with_engine, 3);
6290 # else
6291 ADD_ALL_TESTS(test_signatures_with_engine, 2);
6292 # endif
6293 ADD_TEST(test_cipher_with_engine);
6294 }
6295 # endif
6296 #endif
6297
6298 #ifndef OPENSSL_NO_ECX
6299 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
6300 ADD_ALL_TESTS(test_ecx_not_private_key, OSSL_NELEM(keys));
6301 #endif
6302
6303 ADD_TEST(test_sign_continuation);
6304
6305 /* Test cases for CVE-2023-5363 */
6306 ADD_TEST(test_aes_gcm_ivlen_change_cve_2023_5363);
6307 #ifndef OPENSSL_NO_RC4
6308 ADD_TEST(test_aes_rc4_keylen_change_cve_2023_5363);
6309 #endif
6310
6311 ADD_TEST(test_invalid_ctx_for_digest);
6312
6313 ADD_TEST(test_evp_cipher_pipeline);
6314
6315 return 1;
6316 }
6317
cleanup_tests(void)6318 void cleanup_tests(void)
6319 {
6320 OSSL_PROVIDER_unload(nullprov);
6321 OSSL_PROVIDER_unload(deflprov);
6322 #ifndef OPENSSL_SYS_TANDEM
6323 OSSL_PROVIDER_unload(lgcyprov);
6324 #endif
6325 OSSL_LIB_CTX_free(testctx);
6326 }
6327