xref: /openssl/test/evp_extra_test.c (revision 009fa4f9)
1 /*
2  * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12 
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
34 #include <openssl/proverr.h>
35 #include "testutil.h"
36 #include "internal/nelem.h"
37 #include "internal/sizes.h"
38 #include "crypto/evp.h"
39 #include "fake_rsaprov.h"
40 #include "fake_pipelineprov.h"
41 
42 #ifdef STATIC_LEGACY
43 OSSL_provider_init_fn ossl_legacy_provider_init;
44 #endif
45 
46 static OSSL_LIB_CTX *testctx = NULL;
47 static char *testpropq = NULL;
48 
49 static OSSL_PROVIDER *nullprov = NULL;
50 static OSSL_PROVIDER *deflprov = NULL;
51 static OSSL_PROVIDER *lgcyprov = NULL;
52 
53 /*
54  * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
55  * should never use this key anywhere but in an example.
56  */
57 static const unsigned char kExampleRSAKeyDER[] = {
58     0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
59     0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
60     0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
61     0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
62     0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
63     0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
64     0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
65     0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
66     0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
67     0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
68     0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
69     0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
70     0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
71     0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
72     0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
73     0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
74     0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
75     0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
76     0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
77     0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
78     0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
79     0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
80     0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
81     0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
82     0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
83     0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
84     0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
85     0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
86     0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
87     0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
88     0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
89     0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
90     0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
91     0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
92     0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
93     0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
94     0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
95     0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
96     0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
97     0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
98     0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
99     0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
100     0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
101     0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
102     0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
103     0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
104     0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
105     0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
106     0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
107     0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
108     0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
109 };
110 
111 /* An invalid key whose prime factors exceed modulus n. */
112 static const unsigned char kInvalidRSAKeyDER[] = {
113     0x30, 0x80, 0x02, 0x00, 0x02, 0x02, 0xb6, 0x00, 0x02, 0x02, 0x04, 0x80,
114     0x02, 0x00, 0x02, 0x82, 0x08, 0x01, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00,
115     0x00, 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
116     0x02, 0x00, 0x00, 0x00, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
117     0xff, 0x01, 0x04, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06,
118     0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06,
119     0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0xaa, 0xaa, 0xaa, 0xaa,
120     0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
121     0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x2b,
122     0x31, 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
123     0xaa, 0xaa, 0xaa, 0x29, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02, 0x01,
124     0xc8, 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88, 0xee,
125     0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
126     0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15,
127     0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07,
128     0x07, 0x07, 0x07, 0x07, 0x29, 0x0f, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07,
129     0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
130     0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15,
131     0xec, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
132     0x15, 0xe6, 0x15, 0x15, 0x15, 0x15, 0xff, 0x03, 0x00, 0x0a, 0x00, 0x00,
133     0x00, 0x00, 0x55, 0x15, 0x15, 0x15, 0x15, 0x11, 0x05, 0x15, 0x15, 0x15,
134     0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0xf9, 0xf8, 0xf9,
135     0x02, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07, 0x07,
136     0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
137     0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15,
138     0x00, 0x02, 0x00, 0x6d, 0x61, 0x78, 0x00, 0x02, 0x00, 0x02, 0x15, 0x59,
139     0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
140     0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
141     0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
142     0x59, 0x59, 0x51, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0xa5, 0x59, 0x59,
143     0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
144     0x5d, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
145     0x59, 0x59, 0x59, 0x59, 0x59, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15,
146     0x15, 0x15, 0x00, 0x02, 0x01, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02,
147     0x00, 0x22, 0x00, 0x15, 0x15, 0x15, 0xeb, 0xea, 0xea, 0xea, 0xea, 0xea,
148     0xea, 0xf1, 0x15, 0x15, 0x15, 0x15, 0x15, 0x40, 0x55, 0x15, 0x15, 0x15,
149     0x15, 0x15, 0x05, 0x15, 0x15, 0x30, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07,
150     0x00, 0x00, 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
151     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x11, 0x07, 0x07, 0x07, 0x07,
152     0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
153     0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00,
154     0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x29,
155     0x07, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
156     0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
157     0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
158     0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
159     0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x59,
160     0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
161     0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
162     0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
163     0x59, 0x59, 0x59, 0x02, 0x02, 0xb6, 0x00, 0x02, 0x02, 0x04, 0x80, 0x02,
164     0x00, 0x02, 0x82, 0x08, 0x01, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00, 0x00,
165     0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
166     0x00, 0x00, 0x00, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
167     0x01, 0x04, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06,
168     0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06,
169     0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
170     0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
171     0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x2b, 0x31,
172     0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
173     0xaa, 0xaa, 0x29, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02, 0x01, 0xc8,
174     0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88, 0xee, 0x07,
175     0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
176     0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00,
177     0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07,
178     0x07, 0x07, 0x07, 0x29, 0x0f, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07,
179     0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
180     0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0xec,
181     0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
182     0xe6, 0x15, 0x15, 0x15, 0x15, 0xff, 0x03, 0x00, 0x0a, 0x00, 0x00, 0x00,
183     0x00, 0x55, 0x15, 0x15, 0x15, 0x15, 0x11, 0x05, 0x15, 0x15, 0x15, 0x07,
184     0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0xf9, 0xf8, 0xf9, 0x02,
185     0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07, 0x07, 0x07,
186     0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
187     0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00,
188     0x02, 0x00, 0x6d, 0x61, 0x78, 0x00, 0x02, 0x00, 0x02, 0x15, 0x59, 0x59,
189     0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
190     0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
191     0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
192     0x59, 0x51, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0xa5, 0x59, 0x59, 0x59,
193     0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x5d,
194     0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
195     0x59, 0x59, 0x59, 0x59, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15,
196     0x15, 0x00, 0x02, 0x01, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00,
197     0x22, 0x00, 0x15, 0x15, 0x15, 0xeb, 0xea, 0xea, 0xea, 0xea, 0xea, 0xea,
198     0xf1, 0x15, 0x15, 0x15, 0x15, 0x15, 0x40, 0x55, 0x15, 0x15, 0x15, 0x15,
199     0x15, 0x05, 0x15, 0x15, 0x30, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00,
200     0x00, 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0xff,
201     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x11, 0x07, 0x07, 0x07, 0x07, 0x07,
202     0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
203     0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02,
204     0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x29, 0x07,
205     0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
206     0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
207     0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
208     0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
209     0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x59, 0x59,
210     0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
211     0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
212     0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
213     0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
214     0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
215     0x59, 0x59, 0x59, 0x06, 0xce, 0x15, 0x00, 0xfe, 0xf7, 0x52, 0x53, 0x41,
216     0x31, 0x01, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
217     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
218     0xff, 0xff, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
219     0x2b, 0x31, 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
220     0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02,
221     0x01, 0xc8, 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88,
222     0xee, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
223     0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15,
224     0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15,
225     0x07, 0x07, 0x07, 0x07, 0x07, 0x29, 0x07, 0x07, 0x07, 0x4d, 0x00, 0x07,
226     0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
227     0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15,
228     0x15, 0xec, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
229     0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
230     0x15, 0x15, 0x15, 0x55, 0x15, 0x15, 0x15, 0x15, 0x15, 0x05, 0x15, 0x15,
231     0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0x07, 0x07,
232     0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07,
233     0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
234     0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15,
235     0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15,
236     0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
237     0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x8f,
238     0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f,
239     0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f,
240     0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f,
241     0x8f, 0x8f, 0x8f, 0x8f, 0x59, 0x59, 0x59, 0x00, 0x00, 0x00, 0x00, 0x00,
242     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc1, 0x3d, 0xc1, 0xc1,
243     0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1,
244     0xc1, 0xc1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
245     0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
246     0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x42, 0xa5, 0x02, 0x02, 0x42, 0x02,
247     0x02, 0x51, 0x01, 0x02, 0x02, 0xd2, 0x42, 0x02, 0xe8, 0xe8, 0xe8, 0xe8,
248     0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
249     0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
250     0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
251     0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
252     0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
253     0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0x02,
254     0x02, 0x42, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
255     0x21, 0x2b, 0x02, 0x02, 0x02, 0x02, 0x02, 0x21, 0x02, 0x02, 0x32, 0x80,
256     0x02, 0x02, 0x7f, 0x1b, 0x02, 0x00, 0x1f, 0x04, 0xff, 0x80, 0x02, 0x02,
257     0x02, 0x02, 0x42, 0x02, 0x12, 0x02, 0x42, 0x02, 0x79, 0x70, 0x65, 0x36,
258     0x28, 0xc8, 0x02, 0x01, 0x81, 0x08, 0xfe, 0x00, 0xf9, 0x02, 0x42, 0x10,
259     0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,
260     0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,
261     0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,
262     0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,
263     0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0xa5, 0x02,
264     0x02, 0x42, 0x02, 0x02, 0x51, 0x01, 0x02, 0x02, 0xd2, 0x42, 0x02, 0x02,
265     0x02, 0x42, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
266     0x21, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x32, 0x80, 0x02, 0x02,
267     0x7f, 0x1b, 0x02, 0x00, 0x1f, 0x04, 0xff, 0x80, 0x02, 0x02, 0x02, 0x02,
268     0x42, 0x02, 0x12, 0x02, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
269     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x47,
270     0x4f, 0x53, 0x54, 0x20, 0x52, 0x20, 0x33, 0x34, 0x2e, 0x31, 0x31, 0x2d,
271     0x32, 0x30, 0x31, 0x32, 0x20, 0x77, 0x69, 0x74, 0x68, 0x30, 0x80, 0x60,
272     0x02, 0x82, 0x24, 0x02, 0x02, 0x41, 0x52, 0x49, 0x41, 0x2d, 0x31, 0x32,
273     0x38, 0x2d, 0x43, 0x46, 0x42, 0x38, 0xff, 0xff, 0xff, 0x3a, 0x5b, 0xff,
274     0xff, 0x7f, 0x49, 0x74, 0x84, 0x00, 0x00, 0x70, 0x65, 0x00, 0x00, 0x30,
275     0x80, 0x60, 0x02, 0x82, 0x24, 0x02, 0x02, 0x41, 0x52, 0x49, 0x41, 0x2d,
276     0x31, 0x32, 0x38, 0x2d, 0x43, 0x46, 0x42, 0x38, 0xff, 0xff, 0xff, 0x3a,
277     0x5b, 0xff, 0xff, 0x7f, 0x49, 0x74, 0x84, 0x00, 0x00, 0x70, 0x65, 0x33,
278     0x28, 0xc8, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
279     0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x15, 0x15, 0x15,
280     0x15, 0x05, 0x15, 0x95, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00,
281     0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
282     0x07, 0x0b, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
283     0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
284     0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00,
285     0x02, 0x00, 0x25, 0x02, 0x02, 0x22, 0x3a, 0x02, 0x02, 0x02, 0x42, 0x02,
286     0x02, 0x02, 0x02, 0x02, 0x02, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
287     0xe2, 0x80,
288 };
289 
290 /*
291  * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
292  * should never use this key anywhere but in an example.
293  */
294 #ifndef OPENSSL_NO_DSA
295 static const unsigned char kExampleDSAKeyDER[] = {
296     0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
297     0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
298     0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
299     0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
300     0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
301     0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
302     0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
303     0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
304     0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
305     0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
306     0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
307     0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
308     0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
309     0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
310     0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
311     0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
312     0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
313     0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
314     0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
315     0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
316     0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
317     0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
318     0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
319     0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
320     0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
321     0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
322     0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
323     0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
324     0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
325     0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
326     0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
327     0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
328     0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
329     0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
330     0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
331     0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
332     0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
333     0x40, 0x48
334 };
335 #endif
336 
337 /*
338  * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
339  * components are not correct.
340  */
341 static const unsigned char kExampleBadRSAKeyDER[] = {
342     0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
343     0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
344     0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
345     0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
346     0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
347     0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
348     0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
349     0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
350     0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
351     0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
352     0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
353     0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
354     0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
355     0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
356     0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
357     0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
358     0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
359     0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
360     0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
361     0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
362     0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
363     0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
364     0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
365     0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
366     0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
367     0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
368     0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
369     0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
370     0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
371     0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
372     0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
373     0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
374     0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
375     0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
376     0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
377     0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
378     0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
379     0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
380     0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
381     0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
382     0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
383     0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
384     0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
385     0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
386     0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
387     0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
388     0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
389     0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
390     0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
391     0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
392     0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
393     0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
394     0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
395     0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
396     0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
397     0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
398     0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
399     0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
400     0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
401     0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
402     0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
403     0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
404     0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
405     0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
406     0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
407     0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
408     0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
409     0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
410     0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
411     0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
412     0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
413     0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
414     0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
415     0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
416     0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
417     0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
418     0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
419     0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
420     0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
421     0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
422     0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
423     0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
424     0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
425     0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
426     0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
427     0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
428     0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
429     0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
430     0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
431 };
432 
433 /*
434  * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All
435  * values are 0.
436  */
437 static const unsigned char kExampleBad2RSAKeyDER[] = {
438     0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
439     0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
440     0x01, 0x00, 0x02, 0x01, 0x00
441 };
442 
443 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
444 
445 static const unsigned char kSignature[] = {
446     0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
447     0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
448     0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
449     0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
450     0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
451     0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
452     0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
453     0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
454     0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
455     0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
456     0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
457 };
458 
459 /*
460  * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
461  * PrivateKeyInfo.
462  */
463 static const unsigned char kExampleRSAKeyPKCS8[] = {
464     0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
465     0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
466     0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
467     0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
468     0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
469     0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
470     0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
471     0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
472     0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
473     0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
474     0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
475     0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
476     0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
477     0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
478     0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
479     0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
480     0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
481     0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
482     0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
483     0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
484     0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
485     0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
486     0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
487     0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
488     0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
489     0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
490     0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
491     0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
492     0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
493     0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
494     0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
495     0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
496     0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
497     0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
498     0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
499     0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
500     0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
501     0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
502     0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
503     0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
504     0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
505     0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
506     0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
507     0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
508     0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
509     0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
510     0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
511     0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
512     0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
513     0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
514     0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
515     0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
516     0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
517 };
518 
519 #ifndef OPENSSL_NO_EC
520 /*
521  * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
522  * structure.
523  */
524 static const unsigned char kExampleECKeyDER[] = {
525     0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
526     0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
527     0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
528     0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
529     0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
530     0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
531     0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
532     0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
533     0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
534     0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
535     0xc1,
536 };
537 
538 /*
539  * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
540  * structure. The private key is equal to the order and will fail to import
541  */
542 static const unsigned char kExampleBadECKeyDER[] = {
543     0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
544     0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
545     0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
546     0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
547     0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
548     0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
549     0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
550     0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
551     0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
552 };
553 
554 /* prime256v1 */
555 static const unsigned char kExampleECPubKeyDER[] = {
556     0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
557     0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
558     0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
559     0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
560     0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
561     0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
562     0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
563     0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
564 };
565 
566 /*
567  * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
568  * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
569  */
570 static const unsigned char kExampleBadECPubKeyDER[] = {
571     0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
572     0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
573     0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
574     0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
575     0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
576     0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
577     0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
578     0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
579 };
580 
581 static const unsigned char pExampleECParamDER[] = {
582     0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
583 };
584 
585 # ifndef OPENSSL_NO_ECX
586 static const unsigned char kExampleED25519KeyDER[] = {
587     0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
588     0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
589     0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
590     0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
591 };
592 
593 static const unsigned char kExampleED25519PubKeyDER[] = {
594     0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
595     0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
596     0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
597     0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
598 };
599 
600 # ifndef OPENSSL_NO_DEPRECATED_3_0
601 static const unsigned char kExampleX25519KeyDER[] = {
602     0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
603     0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
604     0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
605     0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
606 };
607 #  endif
608 # endif
609 #endif
610 
611 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
612 #ifndef OPENSSL_NO_DEPRECATED_3_0
613 # ifndef OPENSSL_NO_DH
614 static const unsigned char kExampleDHKeyDER[] = {
615     0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
616     0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
617     0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
618     0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
619     0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
620     0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
621     0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
622     0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
623     0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
624     0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
625     0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
626     0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
627     0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
628     0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
629     0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
630     0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
631     0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
632     0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
633     0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
634     0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
635     0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
636     0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
637     0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
638     0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
639     0x2e, 0x87, 0x2a, 0x0b, 0x7a
640 };
641 # endif
642 #endif
643 
644 static const unsigned char kCFBDefaultKey[] = {
645     0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
646     0x09, 0xCF, 0x4F, 0x3C
647 };
648 
649 static const unsigned char kGCMDefaultKey[32] = { 0 };
650 
651 static const unsigned char kGCMResetKey[] = {
652     0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
653     0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
654     0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
655 };
656 
657 static const unsigned char iCFBIV[] = {
658     0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
659     0x0C, 0x0D, 0x0E, 0x0F
660 };
661 
662 static const unsigned char iGCMDefaultIV[12] = { 0 };
663 
664 static const unsigned char iGCMResetIV1[] = {
665     0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
666 };
667 
668 static const unsigned char iGCMResetIV2[] = {
669     0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
670 };
671 
672 static const unsigned char cfbPlaintext[] = {
673     0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
674     0x73, 0x93, 0x17, 0x2A
675 };
676 static const unsigned char cfbPlaintext_partial[] = {
677     0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
678     0x73, 0x93, 0x17, 0x2A, 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
679 };
680 
681 static const unsigned char gcmDefaultPlaintext[16] = { 0 };
682 
683 static const unsigned char gcmResetPlaintext[] = {
684     0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
685     0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
686     0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
687     0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
688     0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
689 };
690 
691 static const unsigned char cfbCiphertext[] = {
692     0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
693     0xE8, 0x3C, 0xFB, 0x4A
694 };
695 
696 static const unsigned char cfbCiphertext_partial[] = {
697     0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
698     0xE8, 0x3C, 0xFB, 0x4A, 0x0D, 0x4A, 0x71, 0x82, 0x90, 0xF0, 0x9A, 0x35
699 };
700 
701 static const unsigned char ofbCiphertext_partial[] = {
702     0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
703     0xE8, 0x3C, 0xFB, 0x4A, 0xB2, 0x65, 0x64, 0x38, 0x26, 0xD2, 0xBC, 0x09
704 };
705 
706 static const unsigned char gcmDefaultCiphertext[] = {
707     0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
708     0xba, 0xf3, 0x9d, 0x18
709 };
710 
711 static const unsigned char gcmResetCiphertext1[] = {
712     0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
713     0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
714     0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
715     0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
716     0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
717 };
718 
719 static const unsigned char gcmResetCiphertext2[] = {
720     0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
721     0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
722     0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
723     0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
724     0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
725 };
726 
727 static const unsigned char gcmAAD[] = {
728     0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
729     0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
730 };
731 
732 static const unsigned char gcmDefaultTag[] = {
733     0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
734     0xd4, 0x8a, 0xb9, 0x19
735 };
736 
737 static const unsigned char gcmResetTag1[] = {
738     0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
739     0xfe, 0x2e, 0xa8, 0xf2
740 };
741 
742 static const unsigned char gcmResetTag2[] = {
743     0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
744     0xbb, 0x2d, 0x55, 0x1b
745 };
746 
747 typedef struct APK_DATA_st {
748     const unsigned char *kder;
749     size_t size;
750     const char *keytype;
751     int evptype;
752     int check;
753     int pub_check;
754     int param_check;
755     int type; /* 0 for private, 1 for public, 2 for params */
756 } APK_DATA;
757 
758 static APK_DATA keydata[] = {
759     {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
760     {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
761 #ifndef OPENSSL_NO_EC
762     {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
763 #endif
764 };
765 
766 static APK_DATA keycheckdata[] = {
767     {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
768      0},
769     {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
770      0, 1, 1, 0},
771     {kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA,
772      0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0},
773 #ifndef OPENSSL_NO_EC
774     {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
775     /* group is also associated in our pub key */
776     {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
777      1, 1},
778     {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
779      2},
780 # ifndef OPENSSL_NO_ECX
781     {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
782      EVP_PKEY_ED25519, 1, 1, 1, 0},
783     {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
784      EVP_PKEY_ED25519, 0, 1, 1, 1},
785 # endif
786 #endif
787 };
788 
load_example_key(const char * keytype,const unsigned char * data,size_t data_len)789 static EVP_PKEY *load_example_key(const char *keytype,
790                                   const unsigned char *data, size_t data_len)
791 {
792     const unsigned char **pdata = &data;
793     EVP_PKEY *pkey = NULL;
794     OSSL_DECODER_CTX *dctx =
795         OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
796                                       testctx, testpropq);
797 
798     /* |pkey| will be NULL on error */
799     (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
800     OSSL_DECODER_CTX_free(dctx);
801     return pkey;
802 }
803 
load_example_rsa_key(void)804 static EVP_PKEY *load_example_rsa_key(void)
805 {
806     return load_example_key("RSA", kExampleRSAKeyDER,
807                             sizeof(kExampleRSAKeyDER));
808 }
809 
810 #ifndef OPENSSL_NO_DSA
load_example_dsa_key(void)811 static EVP_PKEY *load_example_dsa_key(void)
812 {
813     return load_example_key("DSA", kExampleDSAKeyDER,
814                             sizeof(kExampleDSAKeyDER));
815 }
816 #endif
817 
818 #ifndef OPENSSL_NO_EC
load_example_ec_key(void)819 static EVP_PKEY *load_example_ec_key(void)
820 {
821     return load_example_key("EC", kExampleECKeyDER,
822                             sizeof(kExampleECKeyDER));
823 }
824 #endif
825 
826 #ifndef OPENSSL_NO_DEPRECATED_3_0
827 # ifndef OPENSSL_NO_DH
load_example_dh_key(void)828 static EVP_PKEY *load_example_dh_key(void)
829 {
830     return load_example_key("DH", kExampleDHKeyDER,
831                             sizeof(kExampleDHKeyDER));
832 }
833 # endif
834 
835 # ifndef OPENSSL_NO_ECX
load_example_ed25519_key(void)836 static EVP_PKEY *load_example_ed25519_key(void)
837 {
838     return load_example_key("ED25519", kExampleED25519KeyDER,
839                             sizeof(kExampleED25519KeyDER));
840 }
841 
load_example_x25519_key(void)842 static EVP_PKEY *load_example_x25519_key(void)
843 {
844     return load_example_key("X25519", kExampleX25519KeyDER,
845                             sizeof(kExampleX25519KeyDER));
846 }
847 # endif
848 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
849 
load_example_hmac_key(void)850 static EVP_PKEY *load_example_hmac_key(void)
851 {
852     EVP_PKEY *pkey = NULL;
853     unsigned char key[] = {
854         0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
855         0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
856         0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
857     };
858 
859     pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
860                                            NULL, key, sizeof(key));
861     if (!TEST_ptr(pkey))
862         return NULL;
863 
864     return pkey;
865 }
866 
test_EVP_set_config_properties(void)867 static int test_EVP_set_config_properties(void)
868 {
869     char *fetched_properties = NULL;
870     const char test_propq[] = "test.fizzbuzz=buzzfizz";
871     int res = 0;
872 
873     fetched_properties = EVP_get1_default_properties(OSSL_LIB_CTX_get0_global_default());
874     if (!TEST_ptr(fetched_properties)
875             || !TEST_str_eq(fetched_properties, test_propq))
876         goto err;
877     OPENSSL_free(fetched_properties);
878     fetched_properties = NULL;
879 
880     res = 1;
881 err:
882     OPENSSL_free(fetched_properties);
883     return res;
884 }
885 
test_EVP_set_default_properties(void)886 static int test_EVP_set_default_properties(void)
887 {
888     OSSL_LIB_CTX *ctx;
889     EVP_MD *md = NULL;
890     int res = 0;
891     char *fetched_properties = NULL;
892     const char test_propq[] = "provider=fizzbang";
893     const char test_fips_propq[] = "fips=yes,provider=fizzbang";
894 
895     if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
896             || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
897         goto err;
898     EVP_MD_free(md);
899     md = NULL;
900 
901     if (!TEST_true(EVP_set_default_properties(ctx, test_propq))
902             || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
903             || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
904         goto err;
905     EVP_MD_free(md);
906     md = NULL;
907 
908     fetched_properties = EVP_get1_default_properties(ctx);
909     if (!TEST_ptr(fetched_properties)
910             || !TEST_str_eq(fetched_properties, test_propq))
911         goto err;
912     OPENSSL_free(fetched_properties);
913     fetched_properties = NULL;
914 
915     if (!TEST_true(EVP_default_properties_enable_fips(ctx, 1)))
916         goto err;
917     fetched_properties = EVP_get1_default_properties(ctx);
918     if (!TEST_ptr(fetched_properties)
919             || !TEST_str_eq(fetched_properties, test_fips_propq))
920         goto err;
921     OPENSSL_free(fetched_properties);
922     fetched_properties = NULL;
923 
924     if (!TEST_true(EVP_default_properties_enable_fips(ctx, 0)))
925         goto err;
926 
927     if (!TEST_true(EVP_set_default_properties(ctx, NULL))
928             || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
929         goto err;
930     res = 1;
931 err:
932     OPENSSL_free(fetched_properties);
933     EVP_MD_free(md);
934     OSSL_LIB_CTX_free(ctx);
935     return res;
936 }
937 
938 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
make_key_fromdata(char * keytype,OSSL_PARAM * params)939 static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
940 {
941     EVP_PKEY_CTX *pctx = NULL;
942     EVP_PKEY *tmp_pkey = NULL, *pkey = NULL;
943 
944     if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
945         goto err;
946     if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
947         || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
948                                           params), 0))
949         goto err;
950 
951     if (!TEST_ptr(tmp_pkey))
952         goto err;
953 
954     pkey = tmp_pkey;
955     tmp_pkey = NULL;
956  err:
957     EVP_PKEY_free(tmp_pkey);
958     EVP_PKEY_CTX_free(pctx);
959     return pkey;
960 }
961 
test_selection(EVP_PKEY * pkey,int selection)962 static int test_selection(EVP_PKEY *pkey, int selection)
963 {
964     int testresult = 0;
965     int ret;
966     BIO *bio = BIO_new(BIO_s_mem());
967 
968     ret = PEM_write_bio_PUBKEY(bio, pkey);
969     if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
970         if (!TEST_true(ret))
971             goto err;
972     } else {
973         if (!TEST_false(ret))
974             goto err;
975     }
976     ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
977                                       testctx, NULL);
978     if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
979         if (!TEST_true(ret))
980             goto err;
981     } else {
982         if (!TEST_false(ret))
983             goto err;
984     }
985 
986     testresult = 1;
987  err:
988     BIO_free(bio);
989 
990     return testresult;
991 }
992 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
993 
994 /*
995  * Test combinations of private, public, missing and private + public key
996  * params to ensure they are all accepted
997  */
998 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
test_EVP_PKEY_ffc_priv_pub(char * keytype)999 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
1000 {
1001     OSSL_PARAM_BLD *bld = NULL;
1002     OSSL_PARAM *params = NULL;
1003     EVP_PKEY *just_params = NULL;
1004     EVP_PKEY *params_and_priv = NULL;
1005     EVP_PKEY *params_and_pub = NULL;
1006     EVP_PKEY *params_and_keypair = NULL;
1007     BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
1008     int ret = 0;
1009 
1010     /*
1011      * Setup the parameters for our pkey object. For our purposes they don't
1012      * have to actually be *valid* parameters. We just need to set something.
1013      */
1014     if (!TEST_ptr(p = BN_new())
1015         || !TEST_ptr(q = BN_new())
1016         || !TEST_ptr(g = BN_new())
1017         || !TEST_ptr(pub = BN_new())
1018         || !TEST_ptr(priv = BN_new()))
1019         goto err;
1020 
1021     /* Test !priv and !pub */
1022     if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1023         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1024         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1025         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
1026         goto err;
1027     if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1028         || !TEST_ptr(just_params = make_key_fromdata(keytype, params)))
1029         goto err;
1030 
1031     OSSL_PARAM_free(params);
1032     OSSL_PARAM_BLD_free(bld);
1033     params = NULL;
1034     bld = NULL;
1035 
1036     if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
1037         || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
1038         goto err;
1039 
1040     /* Test priv and !pub */
1041     if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1042         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1043         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1044         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1045         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1046                                              priv)))
1047         goto err;
1048     if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1049         || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params)))
1050         goto err;
1051 
1052     OSSL_PARAM_free(params);
1053     OSSL_PARAM_BLD_free(bld);
1054     params = NULL;
1055     bld = NULL;
1056 
1057     if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
1058         || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
1059         goto err;
1060 
1061     /* Test !priv and pub */
1062     if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1063         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1064         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1065         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1066         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
1067                                              pub)))
1068         goto err;
1069     if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1070         || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params)))
1071         goto err;
1072 
1073     OSSL_PARAM_free(params);
1074     OSSL_PARAM_BLD_free(bld);
1075     params = NULL;
1076     bld = NULL;
1077 
1078     if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
1079         || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
1080         goto err;
1081 
1082     /* Test priv and pub */
1083     if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1084         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1085         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1086         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1087         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
1088                                              pub))
1089         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1090                                              priv)))
1091         goto err;
1092     if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1093         || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params)))
1094         goto err;
1095 
1096     if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
1097         goto err;
1098 
1099     ret = 1;
1100  err:
1101     OSSL_PARAM_free(params);
1102     OSSL_PARAM_BLD_free(bld);
1103     EVP_PKEY_free(just_params);
1104     EVP_PKEY_free(params_and_priv);
1105     EVP_PKEY_free(params_and_pub);
1106     EVP_PKEY_free(params_and_keypair);
1107     BN_free(p);
1108     BN_free(q);
1109     BN_free(g);
1110     BN_free(pub);
1111     BN_free(priv);
1112 
1113     return ret;
1114 }
1115 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
1116 
1117 /*
1118  * Test combinations of private, public, missing and private + public key
1119  * params to ensure they are all accepted for EC keys
1120  */
1121 #ifndef OPENSSL_NO_EC
1122 static unsigned char ec_priv[] = {
1123     0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
1124     0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
1125     0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
1126 };
1127 static unsigned char ec_pub[] = {
1128     0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
1129     0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
1130     0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
1131     0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
1132     0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
1133     0x08, 0x09, 0xb8, 0xdb, 0x03
1134 };
1135 
test_EC_priv_pub(void)1136 static int test_EC_priv_pub(void)
1137 {
1138     OSSL_PARAM_BLD *bld = NULL;
1139     OSSL_PARAM *params = NULL;
1140     EVP_PKEY *just_params = NULL;
1141     EVP_PKEY *params_and_priv = NULL;
1142     EVP_PKEY *params_and_pub = NULL;
1143     EVP_PKEY *params_and_keypair = NULL;
1144     BIGNUM *priv = NULL;
1145     int ret = 0;
1146     unsigned char *encoded = NULL;
1147     size_t len = 0;
1148     unsigned char buffer[128];
1149 
1150     /*
1151      * Setup the parameters for our pkey object. For our purposes they don't
1152      * have to actually be *valid* parameters. We just need to set something.
1153      */
1154     if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1155         goto err;
1156 
1157     /* Test !priv and !pub */
1158     if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1159         || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1160                                                       OSSL_PKEY_PARAM_GROUP_NAME,
1161                                                       "P-256", 0)))
1162         goto err;
1163     if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1164         || !TEST_ptr(just_params = make_key_fromdata("EC", params)))
1165         goto err;
1166 
1167     OSSL_PARAM_free(params);
1168     OSSL_PARAM_BLD_free(bld);
1169     params = NULL;
1170     bld = NULL;
1171 
1172     if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
1173         || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
1174         goto err;
1175 
1176     /* Test priv and !pub */
1177     if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1178         || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1179                                                       OSSL_PKEY_PARAM_GROUP_NAME,
1180                                                       "P-256", 0))
1181         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1182                                              priv)))
1183         goto err;
1184     if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1185         || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params)))
1186         goto err;
1187 
1188     OSSL_PARAM_free(params);
1189     OSSL_PARAM_BLD_free(bld);
1190     params = NULL;
1191     bld = NULL;
1192 
1193     /*
1194      * We indicate only parameters here, in spite of having built a key that
1195      * has a private part, because the PEM_write_bio_PrivateKey_ex call is
1196      * expected to fail because it does not support exporting a private EC
1197      * key without a corresponding public key
1198      */
1199     if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
1200         || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
1201         goto err;
1202 
1203     /* Test !priv and pub */
1204     if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1205         || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1206                                                       OSSL_PKEY_PARAM_GROUP_NAME,
1207                                                       "P-256", 0))
1208         || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1209                                                        OSSL_PKEY_PARAM_PUB_KEY,
1210                                                        ec_pub, sizeof(ec_pub))))
1211         goto err;
1212     if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1213         || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params)))
1214         goto err;
1215 
1216     OSSL_PARAM_free(params);
1217     OSSL_PARAM_BLD_free(bld);
1218     params = NULL;
1219     bld = NULL;
1220 
1221     if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
1222         || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
1223         goto err;
1224 
1225     /* Test priv and pub */
1226     if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1227         || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1228                                                       OSSL_PKEY_PARAM_GROUP_NAME,
1229                                                       "P-256", 0))
1230         || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1231                                                        OSSL_PKEY_PARAM_PUB_KEY,
1232                                                        ec_pub, sizeof(ec_pub)))
1233         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1234                                              priv)))
1235         goto err;
1236     if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1237         || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params)))
1238         goto err;
1239 
1240     if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
1241         goto err;
1242 
1243     /* Try key equality */
1244     if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0)
1245         || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub),
1246                         0)
1247         || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv),
1248                         0)
1249         || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair),
1250                         0)
1251         || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0)
1252         || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0)
1253         || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0)
1254         || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0))
1255         goto err;
1256 
1257     /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */
1258     if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0))
1259         goto err;
1260     OPENSSL_free(encoded);
1261     encoded = NULL;
1262     if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) {
1263         OPENSSL_free(encoded);
1264         encoded = NULL;
1265         goto err;
1266     }
1267 
1268     /* Positive and negative testcase for EVP_PKEY_get_octet_string_param */
1269     if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1270                                                      OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1271                                                      buffer, sizeof(buffer), &len), 1)
1272         || !TEST_int_eq(len, 65))
1273         goto err;
1274 
1275     len = 0;
1276     if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1277                                                      OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1278                                                      NULL, 0, &len), 1)
1279         || !TEST_int_eq(len, 65))
1280         goto err;
1281 
1282     /* too-short buffer len*/
1283     if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1284                                                      OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1285                                                      buffer, 10, &len), 0))
1286         goto err;
1287 
1288     ret = 1;
1289  err:
1290     OSSL_PARAM_free(params);
1291     OSSL_PARAM_BLD_free(bld);
1292     EVP_PKEY_free(just_params);
1293     EVP_PKEY_free(params_and_priv);
1294     EVP_PKEY_free(params_and_pub);
1295     EVP_PKEY_free(params_and_keypair);
1296     BN_free(priv);
1297 
1298     return ret;
1299 }
1300 
1301 /* Also test that we can read the EC PUB affine coordinates */
test_evp_get_ec_pub(void)1302 static int test_evp_get_ec_pub(void)
1303 {
1304     OSSL_PARAM_BLD *bld = NULL;
1305     OSSL_PARAM *params = NULL;
1306     unsigned char *pad = NULL;
1307     EVP_PKEY *keypair = NULL;
1308     BIGNUM *priv = NULL;
1309     BIGNUM *x = NULL;
1310     BIGNUM *y = NULL;
1311     int ret = 0;
1312 
1313     if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1314         goto err;
1315 
1316     if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1317         || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1318                                                       OSSL_PKEY_PARAM_GROUP_NAME,
1319                                                       "P-256", 0))
1320         || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1321                                                        OSSL_PKEY_PARAM_PUB_KEY,
1322                                                        ec_pub, sizeof(ec_pub)))
1323         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1324                                              priv)))
1325         goto err;
1326 
1327     if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1328         || !TEST_ptr(keypair = make_key_fromdata("EC", params)))
1329         goto err;
1330 
1331     if (!test_selection(keypair, EVP_PKEY_KEYPAIR))
1332         goto err;
1333 
1334     if (!EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_X, &x)
1335         || !EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_Y, &y))
1336         goto err;
1337 
1338     if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub))))
1339         goto err;
1340 
1341     pad[0] = ec_pub[0];
1342     BN_bn2bin(x, &pad[1]);
1343     BN_bn2bin(y, &pad[33]);
1344     if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0))
1345         goto err;
1346 
1347     ret = 1;
1348 
1349 err:
1350     OSSL_PARAM_free(params);
1351     OSSL_PARAM_BLD_free(bld);
1352     EVP_PKEY_free(keypair);
1353     OPENSSL_free(pad);
1354     BN_free(priv);
1355     BN_free(x);
1356     BN_free(y);
1357     return ret;
1358 }
1359 
1360 /* Test that using a legacy EC key with only a private key in it works */
1361 # ifndef OPENSSL_NO_DEPRECATED_3_0
test_EC_priv_only_legacy(void)1362 static int test_EC_priv_only_legacy(void)
1363 {
1364     BIGNUM *priv = NULL;
1365     int ret = 0;
1366     EC_KEY *eckey = NULL;
1367     EVP_PKEY *pkey = NULL, *dup_pk = NULL;
1368     EVP_MD_CTX *ctx = NULL;
1369 
1370     /* Create the low level EC_KEY */
1371     if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1372         goto err;
1373 
1374     eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1375     if (!TEST_ptr(eckey))
1376         goto err;
1377 
1378     if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1379         goto err;
1380 
1381     pkey = EVP_PKEY_new();
1382     if (!TEST_ptr(pkey))
1383         goto err;
1384 
1385     if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1386         goto err;
1387     eckey = NULL;
1388 
1389     for (;;) {
1390         ret = 0;
1391         ctx = EVP_MD_CTX_new();
1392         if (!TEST_ptr(ctx))
1393             goto err;
1394 
1395         /*
1396          * The EVP_DigestSignInit function should create the key on the
1397          * provider side which is sufficient for this test.
1398          */
1399         if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
1400                                              testpropq, pkey, NULL)))
1401             goto err;
1402         EVP_MD_CTX_free(ctx);
1403         ctx = NULL;
1404 
1405         if (dup_pk != NULL)
1406             break;
1407 
1408         if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
1409             goto err;
1410         /* EVP_PKEY_eq() returns -2 with missing public keys */
1411         ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
1412         EVP_PKEY_free(pkey);
1413         pkey = dup_pk;
1414         if (!ret)
1415             goto err;
1416     }
1417     ret = 1;
1418 
1419  err:
1420     EVP_MD_CTX_free(ctx);
1421     EVP_PKEY_free(pkey);
1422     EC_KEY_free(eckey);
1423     BN_free(priv);
1424 
1425     return ret;
1426 }
1427 
test_evp_get_ec_pub_legacy(void)1428 static int test_evp_get_ec_pub_legacy(void)
1429 {
1430     OSSL_LIB_CTX *libctx = NULL;
1431     unsigned char *pad = NULL;
1432     EVP_PKEY *pkey = NULL;
1433     EC_KEY *eckey = NULL;
1434     BIGNUM *priv = NULL;
1435     BIGNUM *x = NULL;
1436     BIGNUM *y = NULL;
1437     int ret = 0;
1438 
1439     if (!TEST_ptr(libctx = OSSL_LIB_CTX_new()))
1440         goto err;
1441 
1442     /* Create the legacy key */
1443     if (!TEST_ptr(eckey = EC_KEY_new_by_curve_name_ex(libctx, NULL,
1444                                                       NID_X9_62_prime256v1)))
1445         goto err;
1446 
1447     if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1448         goto err;
1449 
1450     if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1451         goto err;
1452 
1453     if (!TEST_ptr(x = BN_bin2bn(&ec_pub[1], 32, NULL)))
1454         goto err;
1455 
1456     if (!TEST_ptr(y = BN_bin2bn(&ec_pub[33], 32, NULL)))
1457         goto err;
1458 
1459     if (!TEST_true(EC_KEY_set_public_key_affine_coordinates(eckey, x, y)))
1460         goto err;
1461 
1462     if (!TEST_ptr(pkey = EVP_PKEY_new()))
1463         goto err;
1464 
1465     /* Transfer the legacy key */
1466     if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1467         goto err;
1468     eckey = NULL;
1469 
1470     if (!TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &x))
1471         || !TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &y)))
1472         goto err;
1473 
1474     if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub))))
1475         goto err;
1476 
1477     pad[0] = ec_pub[0];
1478     BN_bn2bin(x, &pad[1]);
1479     BN_bn2bin(y, &pad[33]);
1480 
1481     if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0))
1482         goto err;
1483 
1484     ret = 1;
1485 
1486 err:
1487     OSSL_LIB_CTX_free(libctx);
1488     EVP_PKEY_free(pkey);
1489     EC_KEY_free(eckey);
1490     OPENSSL_free(pad);
1491     BN_free(priv);
1492     BN_free(x);
1493     BN_free(y);
1494 
1495     return ret;
1496 }
1497 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
1498 #endif /* OPENSSL_NO_EC */
1499 
test_EVP_PKEY_sign(int tst)1500 static int test_EVP_PKEY_sign(int tst)
1501 {
1502     int ret = 0;
1503     EVP_PKEY *pkey = NULL;
1504     unsigned char *sig = NULL;
1505     size_t sig_len = 0, shortsig_len = 1;
1506     EVP_PKEY_CTX *ctx = NULL;
1507     unsigned char tbs[] = {
1508         0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1509         0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1510     };
1511 
1512     if (tst == 0) {
1513         if (!TEST_ptr(pkey = load_example_rsa_key()))
1514             goto out;
1515     } else if (tst == 1) {
1516 #ifndef OPENSSL_NO_DSA
1517         if (!TEST_ptr(pkey = load_example_dsa_key()))
1518             goto out;
1519 #else
1520         ret = 1;
1521         goto out;
1522 #endif
1523     } else {
1524 #ifndef OPENSSL_NO_EC
1525         if (!TEST_ptr(pkey = load_example_ec_key()))
1526             goto out;
1527 #else
1528         ret = 1;
1529         goto out;
1530 #endif
1531     }
1532 
1533     ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1534     if (!TEST_ptr(ctx)
1535             || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1536             || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1537                                           sizeof(tbs)), 0))
1538         goto out;
1539     sig = OPENSSL_malloc(sig_len);
1540     if (!TEST_ptr(sig)
1541             /* Test sending a signature buffer that is too short is rejected */
1542             || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1543                                           sizeof(tbs)), 0)
1544             || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1545                             0)
1546             /* Test the signature round-trips */
1547             || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1548             || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1549                             0))
1550         goto out;
1551 
1552     ret = 1;
1553  out:
1554     EVP_PKEY_CTX_free(ctx);
1555     OPENSSL_free(sig);
1556     EVP_PKEY_free(pkey);
1557     return ret;
1558 }
1559 
1560 #ifndef OPENSSL_NO_DEPRECATED_3_0
test_EVP_PKEY_sign_with_app_method(int tst)1561 static int test_EVP_PKEY_sign_with_app_method(int tst)
1562 {
1563     int ret = 0;
1564     EVP_PKEY *pkey = NULL;
1565     RSA *rsa = NULL;
1566     RSA_METHOD *rsa_meth = NULL;
1567 #ifndef OPENSSL_NO_DSA
1568     DSA *dsa = NULL;
1569     DSA_METHOD *dsa_meth = NULL;
1570 #endif
1571     unsigned char *sig = NULL;
1572     size_t sig_len = 0, shortsig_len = 1;
1573     EVP_PKEY_CTX *ctx = NULL;
1574     unsigned char tbs[] = {
1575         0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1576         0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1577     };
1578 
1579     if (tst == 0) {
1580         if (!TEST_ptr(pkey = load_example_rsa_key()))
1581             goto out;
1582         if (!TEST_ptr(rsa_meth = RSA_meth_dup(RSA_get_default_method())))
1583             goto out;
1584 
1585         if (!TEST_ptr(rsa = EVP_PKEY_get1_RSA(pkey))
1586             || !TEST_int_gt(RSA_set_method(rsa, rsa_meth), 0)
1587             || !TEST_int_gt(EVP_PKEY_assign_RSA(pkey, rsa), 0))
1588             goto out;
1589         rsa = NULL; /* now owned by the pkey */
1590     } else {
1591 #ifndef OPENSSL_NO_DSA
1592         if (!TEST_ptr(pkey = load_example_dsa_key()))
1593                 goto out;
1594         if (!TEST_ptr(dsa_meth = DSA_meth_dup(DSA_get_default_method())))
1595             goto out;
1596 
1597         if (!TEST_ptr(dsa = EVP_PKEY_get1_DSA(pkey))
1598             || !TEST_int_gt(DSA_set_method(dsa, dsa_meth), 0)
1599             || !TEST_int_gt(EVP_PKEY_assign_DSA(pkey, dsa), 0))
1600             goto out;
1601         dsa = NULL; /* now owned by the pkey */
1602 #else
1603         ret = 1;
1604         goto out;
1605 #endif
1606     }
1607 
1608     ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1609     if (!TEST_ptr(ctx)
1610             || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1611             || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1612                                           sizeof(tbs)), 0))
1613         goto out;
1614     sig = OPENSSL_malloc(sig_len);
1615     if (!TEST_ptr(sig)
1616             /* Test sending a signature buffer that is too short is rejected */
1617             || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1618                                           sizeof(tbs)), 0)
1619             || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1620                             0)
1621             /* Test the signature round-trips */
1622             || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1623             || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1624                             0))
1625         goto out;
1626 
1627     ret = 1;
1628  out:
1629     EVP_PKEY_CTX_free(ctx);
1630     OPENSSL_free(sig);
1631     EVP_PKEY_free(pkey);
1632     RSA_free(rsa);
1633     RSA_meth_free(rsa_meth);
1634 #ifndef OPENSSL_NO_DSA
1635     DSA_free(dsa);
1636     DSA_meth_free(dsa_meth);
1637 #endif
1638     return ret;
1639 }
1640 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */
1641 
1642 /*
1643  * n = 0 => test using legacy cipher
1644  * n = 1 => test using fetched cipher
1645  */
test_EVP_Enveloped(int n)1646 static int test_EVP_Enveloped(int n)
1647 {
1648     int ret = 0;
1649     EVP_CIPHER_CTX *ctx = NULL;
1650     EVP_PKEY *keypair = NULL;
1651     unsigned char *kek = NULL;
1652     unsigned char iv[EVP_MAX_IV_LENGTH];
1653     static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1654     int len, kek_len, ciphertext_len, plaintext_len;
1655     unsigned char ciphertext[32], plaintext[16];
1656     EVP_CIPHER *type = NULL;
1657 
1658     if (nullprov != NULL)
1659         return TEST_skip("Test does not support a non-default library context");
1660 
1661     if (n == 0)
1662         type = (EVP_CIPHER *)EVP_aes_256_cbc();
1663     else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1664                                                testpropq)))
1665         goto err;
1666 
1667     if (!TEST_ptr(keypair = load_example_rsa_key())
1668             || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
1669             || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1670             || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1671                                        &keypair, 1))
1672             || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1673                                          msg, sizeof(msg)))
1674             || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1675                                         &len)))
1676         goto err;
1677 
1678     ciphertext_len += len;
1679 
1680     if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1681             || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1682                                          ciphertext, ciphertext_len))
1683             || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1684         goto err;
1685 
1686     plaintext_len += len;
1687     if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1688         goto err;
1689 
1690     ret = 1;
1691 err:
1692     if (n != 0)
1693         EVP_CIPHER_free(type);
1694     OPENSSL_free(kek);
1695     EVP_PKEY_free(keypair);
1696     EVP_CIPHER_CTX_free(ctx);
1697     return ret;
1698 }
1699 
1700 /*
1701  * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1702  * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1703  * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1704  * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1705  * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1706  * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1707  * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1708  * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1709  * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1710  * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1711  * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1712  * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1713  * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1714  * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1715  * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1716  * Test 15-29: Same as above with reinitialization
1717  */
test_EVP_DigestSignInit(int tst)1718 static int test_EVP_DigestSignInit(int tst)
1719 {
1720     int ret = 0;
1721     EVP_PKEY *pkey = NULL;
1722     unsigned char *sig = NULL, *sig2 = NULL;
1723     size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
1724     EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1725     EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1726     BIO *mdbio = NULL, *membio = NULL;
1727     size_t written;
1728     const EVP_MD *md;
1729     EVP_MD *mdexp = NULL;
1730     int reinit = 0;
1731 
1732     if (nullprov != NULL)
1733         return TEST_skip("Test does not support a non-default library context");
1734 
1735     if (tst >= 15) {
1736         reinit = 1;
1737         tst -= 15;
1738     }
1739 
1740     if (tst >= 6 && tst <= 8) {
1741         membio = BIO_new(BIO_s_mem());
1742         mdbio = BIO_new(BIO_f_md());
1743         if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1744             goto out;
1745         BIO_push(mdbio, membio);
1746         if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1747             goto out;
1748     } else {
1749         if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1750                 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1751             goto out;
1752     }
1753 
1754     if (tst % 3 == 0) {
1755         if (!TEST_ptr(pkey = load_example_rsa_key()))
1756                 goto out;
1757     } else if (tst % 3 == 1) {
1758 #ifndef OPENSSL_NO_DSA
1759         if (!TEST_ptr(pkey = load_example_dsa_key()))
1760                 goto out;
1761 #else
1762         ret = 1;
1763         goto out;
1764 #endif
1765     } else {
1766         if (!TEST_ptr(pkey = load_example_hmac_key()))
1767                 goto out;
1768     }
1769 
1770     if (tst >= 3 && tst <= 5)
1771         md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1772     else
1773         md = EVP_sha256();
1774 
1775     if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1776         goto out;
1777 
1778     if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
1779         goto out;
1780 
1781     if (tst >= 6 && tst <= 8) {
1782         if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1783             goto out;
1784     } else if (tst < 6) {
1785         if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1786             goto out;
1787     }
1788 
1789     if (tst >= 9) {
1790         /* Determine the size of the signature. */
1791         if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1792                                       sizeof(kMsg)))
1793                 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1794             goto out;
1795         if (tst <= 11) {
1796             /* Test that supply a short sig buffer fails */
1797             if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1798                                            sizeof(kMsg))))
1799                 goto out;
1800             /*
1801              * We end here because once EVP_DigestSign() has failed you should
1802              * not call it again without re-initing the ctx
1803              */
1804             ret = 1;
1805             goto out;
1806         }
1807         if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1808                                       sizeof(kMsg))))
1809             goto out;
1810     } else {
1811         /* Determine the size of the signature. */
1812         if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1813                 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1814                 /*
1815                     * Trying to create a signature with a deliberately short
1816                     * buffer should fail.
1817                     */
1818                 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1819                 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1820             goto out;
1821     }
1822 
1823     /*
1824      * Ensure that the signature round-trips (Verification isn't supported for
1825      * HMAC via EVP_DigestVerify*)
1826      */
1827     if (tst % 3 != 2) {
1828         if (tst >= 6 && tst <= 8) {
1829             if (!TEST_int_gt(BIO_reset(mdbio), 0)
1830                 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1831                 goto out;
1832         }
1833 
1834         if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1835                                             NULL, pkey)))
1836             goto out;
1837 
1838         if (tst >= 6 && tst <= 8) {
1839             if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1840                 goto out;
1841         } else {
1842             if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1843                                                   sizeof(kMsg))))
1844                 goto out;
1845         }
1846         if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1847             goto out;
1848 
1849         /* Multiple calls to EVP_DigestVerifyFinal should work */
1850         if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1851             goto out;
1852     } else {
1853         /*
1854          * For HMAC a doubled call to DigestSignFinal should produce the same
1855          * value as finalization should not happen.
1856          */
1857         if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1858             || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1859             || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1860             goto out;
1861 
1862         if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1863             goto out;
1864     }
1865 
1866     ret = 1;
1867 
1868  out:
1869     BIO_free(membio);
1870     BIO_free(mdbio);
1871     EVP_MD_CTX_free(a_md_ctx);
1872     EVP_MD_CTX_free(a_md_ctx_verify);
1873     EVP_PKEY_free(pkey);
1874     OPENSSL_free(sig);
1875     OPENSSL_free(sig2);
1876     EVP_MD_free(mdexp);
1877 
1878     return ret;
1879 }
1880 
test_EVP_DigestVerifyInit(void)1881 static int test_EVP_DigestVerifyInit(void)
1882 {
1883     int ret = 0;
1884     EVP_PKEY *pkey = NULL;
1885     EVP_MD_CTX *md_ctx = NULL;
1886 
1887     if (nullprov != NULL)
1888         return TEST_skip("Test does not support a non-default library context");
1889 
1890     if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1891             || !TEST_ptr(pkey = load_example_rsa_key()))
1892         goto out;
1893 
1894     if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1895             || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1896             || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1897                                                  sizeof(kSignature)), 0))
1898         goto out;
1899 
1900     /* test with reinitialization */
1901     if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
1902             || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1903             || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1904                                                  sizeof(kSignature)), 0))
1905         goto out;
1906     ret = 1;
1907 
1908  out:
1909     EVP_MD_CTX_free(md_ctx);
1910     EVP_PKEY_free(pkey);
1911     return ret;
1912 }
1913 
1914 #ifndef OPENSSL_NO_SIPHASH
1915 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
test_siphash_digestsign(void)1916 static int test_siphash_digestsign(void)
1917 {
1918     unsigned char key[16];
1919     unsigned char buf[8], digest[8];
1920     unsigned char expected[8] = {
1921         0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1922     };
1923     EVP_PKEY *pkey = NULL;
1924     EVP_MD_CTX *mdctx = NULL;
1925     EVP_PKEY_CTX *ctx = NULL;
1926     int ret = 0;
1927     size_t len = 8;
1928 
1929     if (nullprov != NULL)
1930         return TEST_skip("Test does not support a non-default library context");
1931 
1932     memset(buf, 0, 8);
1933     memset(key, 1, 16);
1934     if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
1935                                                       key, 16)))
1936         goto out;
1937 
1938     if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
1939         goto out;
1940 
1941     if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
1942         goto out;
1943     if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
1944                                        EVP_PKEY_CTRL_SET_DIGEST_SIZE,
1945                                        8, NULL), 1))
1946         goto out;
1947     /* reinitialize */
1948     if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
1949         goto out;
1950     if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
1951         goto out;
1952     if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
1953         goto out;
1954     if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
1955         goto out;
1956 
1957     ret = 1;
1958  out:
1959     EVP_PKEY_free(pkey);
1960     EVP_MD_CTX_free(mdctx);
1961     return ret;
1962 }
1963 #endif
1964 
1965 /*
1966  * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1967  */
test_EVP_Digest(void)1968 static int test_EVP_Digest(void)
1969 {
1970     int ret = 0;
1971     EVP_MD_CTX *md_ctx = NULL;
1972     unsigned char md[EVP_MAX_MD_SIZE];
1973     EVP_MD *sha256 = NULL;
1974     EVP_MD *shake256 = NULL;
1975 
1976     if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1977         goto out;
1978 
1979     if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1980             || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1981         goto out;
1982 
1983     if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1984             || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1985             || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1986             /* EVP_DigestFinal resets the EVP_MD_CTX. */
1987             || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1988         goto out;
1989 
1990     if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1991             || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1992             || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1993             /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1994             || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1995             /*
1996              * EVP_DigestInit_ex with NULL type should work on
1997              * pre-initialized context.
1998              */
1999             || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
2000         goto out;
2001 
2002     if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
2003             || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
2004             || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
2005             /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
2006             || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
2007             || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
2008         goto out;
2009     ret = 1;
2010 
2011  out:
2012     EVP_MD_CTX_free(md_ctx);
2013     EVP_MD_free(sha256);
2014     EVP_MD_free(shake256);
2015     return ret;
2016 }
2017 
test_EVP_md_null(void)2018 static int test_EVP_md_null(void)
2019 {
2020     int ret = 0;
2021     EVP_MD_CTX *md_ctx = NULL;
2022     const EVP_MD *md_null = EVP_md_null();
2023     unsigned char md_value[EVP_MAX_MD_SIZE];
2024     unsigned int md_len = sizeof(md_value);
2025 
2026     if (nullprov != NULL)
2027         return TEST_skip("Test does not support a non-default library context");
2028 
2029     if (!TEST_ptr(md_null)
2030         || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
2031         goto out;
2032 
2033     if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
2034         || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
2035         || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
2036         goto out;
2037 
2038     if (!TEST_uint_eq(md_len, 0))
2039         goto out;
2040 
2041     ret = 1;
2042  out:
2043     EVP_MD_CTX_free(md_ctx);
2044     return ret;
2045 }
2046 
test_d2i_AutoPrivateKey(int i)2047 static int test_d2i_AutoPrivateKey(int i)
2048 {
2049     int ret = 0;
2050     const unsigned char *p;
2051     EVP_PKEY *pkey = NULL;
2052     const APK_DATA *ak = &keydata[i];
2053     const unsigned char *input = ak->kder;
2054     size_t input_len = ak->size;
2055     int expected_id = ak->evptype;
2056 
2057     p = input;
2058     if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
2059             || !TEST_ptr_eq(p, input + input_len)
2060             || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2061         goto done;
2062 
2063     ret = 1;
2064 
2065  done:
2066     EVP_PKEY_free(pkey);
2067     return ret;
2068 }
2069 
2070 #ifndef OPENSSL_NO_EC
2071 
2072 static const unsigned char ec_public_sect163k1_validxy[] = {
2073     0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
2074     0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
2075     0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
2076     0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
2077     0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
2078     0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
2079 };
2080 
2081 static const unsigned char ec_public_sect163k1_badx[] = {
2082     0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
2083     0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
2084     0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
2085     0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
2086     0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
2087     0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
2088 };
2089 
2090 static const unsigned char ec_public_sect163k1_bady[] = {
2091     0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
2092     0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
2093     0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
2094     0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
2095     0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
2096     0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
2097 };
2098 
2099 static struct ec_der_pub_keys_st {
2100     const unsigned char *der;
2101     size_t len;
2102     int valid;
2103 } ec_der_pub_keys[] = {
2104     { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
2105     { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
2106     { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
2107 };
2108 
2109 /*
2110  * Tests the range of the decoded EC char2 public point.
2111  * See ec_GF2m_simple_oct2point().
2112  */
test_invalide_ec_char2_pub_range_decode(int id)2113 static int test_invalide_ec_char2_pub_range_decode(int id)
2114 {
2115     int ret = 0;
2116     EVP_PKEY *pkey;
2117 
2118     pkey = load_example_key("EC", ec_der_pub_keys[id].der,
2119                             ec_der_pub_keys[id].len);
2120 
2121     ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
2122           || TEST_ptr_null(pkey);
2123     EVP_PKEY_free(pkey);
2124     return ret;
2125 }
2126 
2127 /* Tests loading a bad key in PKCS8 format */
test_EVP_PKCS82PKEY(void)2128 static int test_EVP_PKCS82PKEY(void)
2129 {
2130     int ret = 0;
2131     const unsigned char *derp = kExampleBadECKeyDER;
2132     PKCS8_PRIV_KEY_INFO *p8inf = NULL;
2133     EVP_PKEY *pkey = NULL;
2134 
2135     if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
2136                                               sizeof(kExampleBadECKeyDER))))
2137         goto done;
2138 
2139     if (!TEST_ptr_eq(derp,
2140                      kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
2141         goto done;
2142 
2143     if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
2144         goto done;
2145 
2146     ret = 1;
2147 
2148  done:
2149     PKCS8_PRIV_KEY_INFO_free(p8inf);
2150     EVP_PKEY_free(pkey);
2151 
2152     return ret;
2153 }
2154 
2155 #endif
test_EVP_PKCS82PKEY_wrong_tag(void)2156 static int test_EVP_PKCS82PKEY_wrong_tag(void)
2157 {
2158     EVP_PKEY *pkey = NULL;
2159     EVP_PKEY *pkey2 = NULL;
2160     BIO *membio = NULL;
2161     char *membuf = NULL;
2162     PKCS8_PRIV_KEY_INFO *p8inf = NULL;
2163     int ok = 0;
2164 
2165     if (testctx != NULL)
2166         /* test not supported with non-default context */
2167         return 1;
2168 
2169     if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
2170         || !TEST_ptr(pkey = load_example_rsa_key())
2171         || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
2172                                                 NULL, 0, NULL, NULL),
2173                         0)
2174         || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
2175         || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
2176         || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
2177         || !TEST_int_eq(ERR_peek_last_error(), 0)) {
2178         goto done;
2179     }
2180 
2181     ok = 1;
2182  done:
2183     EVP_PKEY_free(pkey);
2184     EVP_PKEY_free(pkey2);
2185     PKCS8_PRIV_KEY_INFO_free(p8inf);
2186     BIO_free_all(membio);
2187     return ok;
2188 }
2189 
2190 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
test_privatekey_to_pkcs8(void)2191 static int test_privatekey_to_pkcs8(void)
2192 {
2193     EVP_PKEY *pkey = NULL;
2194     BIO *membio = NULL;
2195     char *membuf = NULL;
2196     long membuf_len = 0;
2197     int ok = 0;
2198 
2199     if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
2200         || !TEST_ptr(pkey = load_example_rsa_key())
2201         || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
2202                                                 NULL, 0, NULL, NULL),
2203                         0)
2204         || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
2205         || !TEST_ptr(membuf)
2206         || !TEST_mem_eq(membuf, (size_t)membuf_len,
2207                         kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
2208         /*
2209          * We try to write PEM as well, just to see that it doesn't err, but
2210          * assume that the result is correct.
2211          */
2212         || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
2213                                                       NULL, 0, NULL, NULL),
2214                         0))
2215         goto done;
2216 
2217     ok = 1;
2218  done:
2219     EVP_PKEY_free(pkey);
2220     BIO_free_all(membio);
2221     return ok;
2222 }
2223 
2224 #ifndef OPENSSL_NO_EC
2225 static const struct {
2226     int encoding;
2227     const char *encoding_name;
2228 } ec_encodings[] = {
2229     { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
2230     { OPENSSL_EC_NAMED_CURVE,    OSSL_PKEY_EC_ENCODING_GROUP }
2231 };
2232 
ec_export_get_encoding_cb(const OSSL_PARAM params[],void * arg)2233 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
2234 {
2235     const OSSL_PARAM *p;
2236     const char *enc_name = NULL;
2237     int *enc = arg;
2238     size_t i;
2239 
2240     *enc = -1;
2241 
2242     if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
2243                                               OSSL_PKEY_PARAM_EC_ENCODING))
2244         || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
2245         return 0;
2246 
2247     for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
2248         if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
2249             *enc = ec_encodings[i].encoding;
2250             break;
2251         }
2252     }
2253 
2254     return (*enc != -1);
2255 }
2256 
test_EC_keygen_with_enc(int idx)2257 static int test_EC_keygen_with_enc(int idx)
2258 {
2259     EVP_PKEY *params = NULL, *key = NULL;
2260     EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
2261     int enc;
2262     int ret = 0;
2263 
2264     enc = ec_encodings[idx].encoding;
2265 
2266     /* Create key parameters */
2267     if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
2268         || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
2269         || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0)
2270         || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0)
2271         || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
2272         || !TEST_ptr(params))
2273         goto done;
2274 
2275     /* Create key */
2276     if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
2277         || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2278         || !TEST_true(EVP_PKEY_keygen(kctx, &key))
2279         || !TEST_ptr(key))
2280         goto done;
2281 
2282     /* Check that the encoding got all the way into the key */
2283     if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
2284                                            ec_export_get_encoding_cb, &enc))
2285         || !TEST_int_eq(enc, ec_encodings[idx].encoding))
2286         goto done;
2287 
2288     ret = 1;
2289  done:
2290     EVP_PKEY_free(key);
2291     EVP_PKEY_free(params);
2292     EVP_PKEY_CTX_free(kctx);
2293     EVP_PKEY_CTX_free(pctx);
2294     return ret;
2295 }
2296 #endif
2297 
2298 #if !defined(OPENSSL_NO_SM2)
2299 
test_EVP_SM2_verify(void)2300 static int test_EVP_SM2_verify(void)
2301 {
2302     const char *pubkey =
2303         "-----BEGIN PUBLIC KEY-----\n"
2304         "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
2305         "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
2306         "-----END PUBLIC KEY-----\n";
2307 
2308     const char *msg = "message digest";
2309     const char *id = "ALICE123@YAHOO.COM";
2310 
2311     const uint8_t signature[] = {
2312         0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
2313         0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
2314         0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
2315         0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
2316         0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
2317         0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
2318         0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
2319     };
2320 
2321     int rc = 0;
2322     BIO *bio = NULL;
2323     EVP_PKEY *pkey = NULL;
2324     EVP_MD_CTX *mctx = NULL;
2325     EVP_PKEY_CTX *pctx = NULL;
2326     EVP_MD *sm3 = NULL;
2327 
2328     bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
2329     if (!TEST_true(bio != NULL))
2330         goto done;
2331 
2332     pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
2333     if (!TEST_true(pkey != NULL))
2334         goto done;
2335 
2336     if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
2337         goto done;
2338 
2339     if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
2340         goto done;
2341 
2342     if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2343         goto done;
2344 
2345     EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
2346 
2347     if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
2348         goto done;
2349 
2350     if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
2351         goto done;
2352 
2353     if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
2354         goto done;
2355 
2356     if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
2357         goto done;
2358 
2359     if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
2360         goto done;
2361     rc = 1;
2362 
2363  done:
2364     BIO_free(bio);
2365     EVP_PKEY_free(pkey);
2366     EVP_PKEY_CTX_free(pctx);
2367     EVP_MD_CTX_free(mctx);
2368     EVP_MD_free(sm3);
2369     return rc;
2370 }
2371 
test_EVP_SM2(void)2372 static int test_EVP_SM2(void)
2373 {
2374     int ret = 0;
2375     EVP_PKEY *pkey = NULL;
2376     EVP_PKEY *pkeyparams = NULL;
2377     EVP_PKEY_CTX *pctx = NULL;
2378     EVP_PKEY_CTX *kctx = NULL;
2379     EVP_PKEY_CTX *sctx = NULL;
2380     size_t sig_len = 0;
2381     unsigned char *sig = NULL;
2382     EVP_MD_CTX *md_ctx = NULL;
2383     EVP_MD_CTX *md_ctx_verify = NULL;
2384     EVP_PKEY_CTX *cctx = NULL;
2385     EVP_MD *check_md = NULL;
2386 
2387     uint8_t ciphertext[128];
2388     size_t ctext_len = sizeof(ciphertext);
2389 
2390     uint8_t plaintext[8];
2391     size_t ptext_len = sizeof(plaintext);
2392 
2393     uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
2394 
2395     OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
2396     OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
2397     int i;
2398     char mdname[OSSL_MAX_NAME_SIZE];
2399 
2400     if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
2401                                                     "SM2", testpropq)))
2402         goto done;
2403 
2404     if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
2405         goto done;
2406 
2407     if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0))
2408         goto done;
2409 
2410     if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
2411         goto done;
2412 
2413     if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2414                                                     pkeyparams, testpropq)))
2415         goto done;
2416 
2417     if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0))
2418         goto done;
2419 
2420     if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
2421         goto done;
2422 
2423     if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
2424         goto done;
2425 
2426     if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
2427         goto done;
2428 
2429     if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2430         goto done;
2431 
2432     EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
2433     EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
2434 
2435     if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
2436         goto done;
2437 
2438     if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
2439         goto done;
2440 
2441     if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
2442         goto done;
2443 
2444     if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
2445         goto done;
2446 
2447     /* Determine the size of the signature. */
2448     if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
2449         goto done;
2450 
2451     if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
2452         goto done;
2453 
2454     if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
2455         goto done;
2456 
2457     /* Ensure that the signature round-trips. */
2458 
2459     if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
2460                                         pkey)))
2461         goto done;
2462 
2463     if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
2464         goto done;
2465 
2466     if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2467         goto done;
2468 
2469     if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2470         goto done;
2471 
2472     /*
2473      * Try verify again with non-matching 0 length id but ensure that it can
2474      * be set on the context and overrides the previous value.
2475      */
2476 
2477     if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
2478                                         pkey)))
2479         goto done;
2480 
2481     if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0))
2482         goto done;
2483 
2484     if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2485         goto done;
2486 
2487     if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2488         goto done;
2489 
2490     /* now check encryption/decryption */
2491 
2492     gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2493                                                   mdname, sizeof(mdname));
2494     for (i = 0; i < 2; i++) {
2495         const char *mdnames[] = {
2496 #ifndef OPENSSL_NO_SM3
2497             "SM3",
2498 #else
2499             NULL,
2500 #endif
2501             "SHA2-256" };
2502         EVP_PKEY_CTX_free(cctx);
2503 
2504         if (mdnames[i] == NULL)
2505             continue;
2506 
2507         sparams[0] =
2508             OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2509                                              (char *)mdnames[i], 0);
2510 
2511         if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2512                                                         pkey, testpropq)))
2513             goto done;
2514 
2515         if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
2516             goto done;
2517 
2518         if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2519             goto done;
2520 
2521         if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
2522                                         sizeof(kMsg))))
2523             goto done;
2524 
2525         if (!TEST_int_gt(EVP_PKEY_decrypt_init(cctx), 0))
2526             goto done;
2527 
2528         if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2529             goto done;
2530 
2531         if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
2532                                         ctext_len), 0))
2533             goto done;
2534 
2535         if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
2536             goto done;
2537 
2538         /*
2539          * Test we're still using the digest we think we are.
2540          * Because of aliases, the easiest is to fetch the digest and
2541          * check the name with EVP_MD_is_a().
2542          */
2543         EVP_MD_free(check_md);
2544         if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
2545             goto done;
2546         if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
2547             TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
2548             goto done;
2549         }
2550 
2551         if (!TEST_true(ptext_len == sizeof(kMsg)))
2552             goto done;
2553 
2554         if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
2555             goto done;
2556     }
2557 
2558     ret = 1;
2559 done:
2560     EVP_PKEY_CTX_free(pctx);
2561     EVP_PKEY_CTX_free(kctx);
2562     EVP_PKEY_CTX_free(sctx);
2563     EVP_PKEY_CTX_free(cctx);
2564     EVP_PKEY_free(pkey);
2565     EVP_PKEY_free(pkeyparams);
2566     EVP_MD_CTX_free(md_ctx);
2567     EVP_MD_CTX_free(md_ctx_verify);
2568     EVP_MD_free(check_md);
2569     OPENSSL_free(sig);
2570     return ret;
2571 }
2572 
2573 #endif
2574 
2575 static struct keys_st {
2576     int type;
2577     char *priv;
2578     char *pub;
2579 } keys[] = {
2580     {
2581         EVP_PKEY_HMAC, "0123456789", NULL
2582     },
2583     {
2584         EVP_PKEY_HMAC, "", NULL
2585 #ifndef OPENSSL_NO_POLY1305
2586     }, {
2587         EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
2588 #endif
2589 #ifndef OPENSSL_NO_SIPHASH
2590     }, {
2591         EVP_PKEY_SIPHASH, "0123456789012345", NULL
2592 #endif
2593     },
2594 #ifndef OPENSSL_NO_ECX
2595     {
2596         EVP_PKEY_X25519, "01234567890123456789012345678901",
2597         "abcdefghijklmnopqrstuvwxyzabcdef"
2598     }, {
2599         EVP_PKEY_ED25519, "01234567890123456789012345678901",
2600         "abcdefghijklmnopqrstuvwxyzabcdef"
2601     }, {
2602         EVP_PKEY_X448,
2603         "01234567890123456789012345678901234567890123456789012345",
2604         "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2605     }, {
2606         EVP_PKEY_ED448,
2607         "012345678901234567890123456789012345678901234567890123456",
2608         "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2609     }
2610 #endif
2611 };
2612 
test_set_get_raw_keys_int(int tst,int pub,int uselibctx)2613 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
2614 {
2615     int ret = 0;
2616     unsigned char buf[80];
2617     unsigned char *in;
2618     size_t inlen, len = 0, shortlen = 1;
2619     EVP_PKEY *pkey;
2620 
2621     /* Check if this algorithm supports public keys */
2622     if (pub && keys[tst].pub == NULL)
2623         return 1;
2624 
2625     memset(buf, 0, sizeof(buf));
2626 
2627     if (pub) {
2628 #ifndef OPENSSL_NO_EC
2629         inlen = strlen(keys[tst].pub);
2630         in = (unsigned char *)keys[tst].pub;
2631         if (uselibctx) {
2632             pkey = EVP_PKEY_new_raw_public_key_ex(
2633                         testctx,
2634                         OBJ_nid2sn(keys[tst].type),
2635                         NULL,
2636                         in,
2637                         inlen);
2638         } else {
2639             pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
2640                                                NULL,
2641                                                in,
2642                                                inlen);
2643         }
2644 #else
2645         return 1;
2646 #endif
2647     } else {
2648         inlen = strlen(keys[tst].priv);
2649         in = (unsigned char *)keys[tst].priv;
2650         if (uselibctx) {
2651             pkey = EVP_PKEY_new_raw_private_key_ex(
2652                         testctx, OBJ_nid2sn(keys[tst].type),
2653                         NULL,
2654                         in,
2655                         inlen);
2656         } else {
2657             pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
2658                                                 NULL,
2659                                                 in,
2660                                                 inlen);
2661         }
2662     }
2663 
2664     if (!TEST_ptr(pkey)
2665             || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
2666             || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
2667             || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
2668             || !TEST_true(len == inlen))
2669         goto done;
2670     if (tst != 1) {
2671         /*
2672          * Test that supplying a buffer that is too small fails. Doesn't apply
2673          * to HMAC with a zero length key
2674          */
2675         if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
2676                                                                  &shortlen)))
2677                 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
2678                                                                    &shortlen))))
2679             goto done;
2680     }
2681     if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
2682             || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
2683             || !TEST_mem_eq(in, inlen, buf, len))
2684         goto done;
2685 
2686     ret = 1;
2687  done:
2688     EVP_PKEY_free(pkey);
2689     return ret;
2690 }
2691 
test_set_get_raw_keys(int tst)2692 static int test_set_get_raw_keys(int tst)
2693 {
2694     return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
2695            && test_set_get_raw_keys_int(tst, 0, 1)
2696            && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
2697            && test_set_get_raw_keys_int(tst, 1, 1);
2698 }
2699 
2700 #ifndef OPENSSL_NO_DEPRECATED_3_0
pkey_custom_check(EVP_PKEY * pkey)2701 static int pkey_custom_check(EVP_PKEY *pkey)
2702 {
2703     return 0xbeef;
2704 }
2705 
pkey_custom_pub_check(EVP_PKEY * pkey)2706 static int pkey_custom_pub_check(EVP_PKEY *pkey)
2707 {
2708     return 0xbeef;
2709 }
2710 
pkey_custom_param_check(EVP_PKEY * pkey)2711 static int pkey_custom_param_check(EVP_PKEY *pkey)
2712 {
2713     return 0xbeef;
2714 }
2715 
2716 static EVP_PKEY_METHOD *custom_pmeth;
2717 #endif
2718 
test_EVP_PKEY_check(int i)2719 static int test_EVP_PKEY_check(int i)
2720 {
2721     int ret = 0;
2722     EVP_PKEY *pkey = NULL;
2723     EVP_PKEY_CTX *ctx = NULL;
2724 #ifndef OPENSSL_NO_DEPRECATED_3_0
2725     EVP_PKEY_CTX *ctx2 = NULL;
2726 #endif
2727     const APK_DATA *ak = &keycheckdata[i];
2728     const unsigned char *input = ak->kder;
2729     size_t input_len = ak->size;
2730     int expected_id = ak->evptype;
2731     int expected_check = ak->check;
2732     int expected_pub_check = ak->pub_check;
2733     int expected_param_check = ak->param_check;
2734     int type = ak->type;
2735 
2736     if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
2737         goto done;
2738     if (type == 0
2739         && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2740         goto done;
2741 
2742     if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2743         goto done;
2744 
2745     if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
2746         goto done;
2747 
2748     if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
2749         goto done;
2750 
2751     if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
2752         goto done;
2753 
2754 #ifndef OPENSSL_NO_DEPRECATED_3_0
2755     ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
2756     /* assign the pkey directly, as an internal test */
2757     EVP_PKEY_up_ref(pkey);
2758     ctx2->pkey = pkey;
2759 
2760     if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
2761         goto done;
2762 
2763     if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
2764         goto done;
2765 
2766     if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
2767         goto done;
2768 #endif
2769 
2770     ret = 1;
2771 
2772  done:
2773     EVP_PKEY_CTX_free(ctx);
2774 #ifndef OPENSSL_NO_DEPRECATED_3_0
2775     EVP_PKEY_CTX_free(ctx2);
2776 #endif
2777     EVP_PKEY_free(pkey);
2778     return ret;
2779 }
2780 
2781 #ifndef OPENSSL_NO_CMAC
get_cmac_val(EVP_PKEY * pkey,unsigned char * mac)2782 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
2783 {
2784     EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
2785     const char msg[] = "Hello World";
2786     size_t maclen = AES_BLOCK_SIZE;
2787     int ret = 1;
2788 
2789     if (!TEST_ptr(mdctx)
2790             || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
2791                                                 testpropq, pkey, NULL))
2792             || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
2793             || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
2794             || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
2795         ret = 0;
2796 
2797     EVP_MD_CTX_free(mdctx);
2798 
2799     return ret;
2800 }
test_CMAC_keygen(void)2801 static int test_CMAC_keygen(void)
2802 {
2803     static unsigned char key[] = {
2804         0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2805         0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2806         0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2807     };
2808     EVP_PKEY_CTX *kctx = NULL;
2809     int ret = 0;
2810     EVP_PKEY *pkey = NULL;
2811     unsigned char mac[AES_BLOCK_SIZE];
2812 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2813     unsigned char mac2[AES_BLOCK_SIZE];
2814 # endif
2815 
2816     if (nullprov != NULL)
2817         return TEST_skip("Test does not support a non-default library context");
2818 
2819     /*
2820      * This is a legacy method for CMACs, but should still work.
2821      * This verifies that it works without an ENGINE.
2822      */
2823     kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2824 
2825     /* Test a CMAC key created using the "generated" method */
2826     if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2827             || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2828                                             EVP_PKEY_CTRL_CIPHER,
2829                                             0, (void *)EVP_aes_256_cbc()), 0)
2830             || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2831                                             EVP_PKEY_CTRL_SET_MAC_KEY,
2832                                             sizeof(key), (void *)key), 0)
2833             || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2834             || !TEST_ptr(pkey)
2835             || !TEST_true(get_cmac_val(pkey, mac)))
2836         goto done;
2837 
2838 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2839     EVP_PKEY_free(pkey);
2840 
2841     /*
2842      * Test a CMAC key using the direct method, and compare with the mac
2843      * created above.
2844      */
2845     pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_cbc());
2846     if (!TEST_ptr(pkey)
2847             || !TEST_true(get_cmac_val(pkey, mac2))
2848             || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
2849         goto done;
2850 # endif
2851 
2852     ret = 1;
2853 
2854  done:
2855     EVP_PKEY_free(pkey);
2856     EVP_PKEY_CTX_free(kctx);
2857     return ret;
2858 }
2859 #endif
2860 
test_HKDF(void)2861 static int test_HKDF(void)
2862 {
2863     EVP_PKEY_CTX *pctx;
2864     unsigned char out[20];
2865     size_t outlen;
2866     int i, ret = 0;
2867     unsigned char salt[] = "0123456789";
2868     unsigned char key[] = "012345678901234567890123456789";
2869     unsigned char info[] = "infostring";
2870     const unsigned char expected[] = {
2871         0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2872         0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2873     };
2874     size_t expectedlen = sizeof(expected);
2875 
2876     if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2877         goto done;
2878 
2879     /* We do this twice to test reuse of the EVP_PKEY_CTX */
2880     for (i = 0; i < 2; i++) {
2881         outlen = sizeof(out);
2882         memset(out, 0, outlen);
2883 
2884         if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2885                 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2886                 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2887                                                             sizeof(salt) - 1), 0)
2888                 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2889                                                            sizeof(key) - 1), 0)
2890                 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2891                                                             sizeof(info) - 1), 0)
2892                 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2893                 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2894             goto done;
2895     }
2896 
2897     ret = 1;
2898 
2899  done:
2900     EVP_PKEY_CTX_free(pctx);
2901 
2902     return ret;
2903 }
2904 
test_emptyikm_HKDF(void)2905 static int test_emptyikm_HKDF(void)
2906 {
2907     EVP_PKEY_CTX *pctx;
2908     unsigned char out[20];
2909     size_t outlen;
2910     int ret = 0;
2911     unsigned char salt[] = "9876543210";
2912     unsigned char key[] = "";
2913     unsigned char info[] = "stringinfo";
2914     const unsigned char expected[] = {
2915         0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2916         0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2917     };
2918     size_t expectedlen = sizeof(expected);
2919 
2920     if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2921         goto done;
2922 
2923     outlen = sizeof(out);
2924     memset(out, 0, outlen);
2925 
2926     if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2927             || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2928             || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2929                                                         sizeof(salt) - 1), 0)
2930             || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2931                                                        sizeof(key) - 1), 0)
2932             || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2933                                                         sizeof(info) - 1), 0)
2934             || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2935             || !TEST_mem_eq(out, outlen, expected, expectedlen))
2936         goto done;
2937 
2938     ret = 1;
2939 
2940  done:
2941     EVP_PKEY_CTX_free(pctx);
2942 
2943     return ret;
2944 }
2945 
test_empty_salt_info_HKDF(void)2946 static int test_empty_salt_info_HKDF(void)
2947 {
2948     EVP_PKEY_CTX *pctx;
2949     unsigned char out[20];
2950     size_t outlen;
2951     int ret = 0;
2952     unsigned char salt[] = "";
2953     unsigned char key[] = "012345678901234567890123456789";
2954     unsigned char info[] = "";
2955     const unsigned char expected[] = {
2956 	0x67, 0x12, 0xf9, 0x27, 0x8a, 0x8a, 0x3a, 0x8f, 0x7d, 0x2c, 0xa3, 0x6a,
2957 	0xaa, 0xe9, 0xb3, 0xb9, 0x52, 0x5f, 0xe0, 0x06,
2958     };
2959     size_t expectedlen = sizeof(expected);
2960 
2961     if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2962         goto done;
2963 
2964     outlen = sizeof(out);
2965     memset(out, 0, outlen);
2966 
2967     if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2968             || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2969             || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2970                                                         sizeof(salt) - 1), 0)
2971             || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2972                                                        sizeof(key) - 1), 0)
2973             || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2974                                                         sizeof(info) - 1), 0)
2975             || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2976             || !TEST_mem_eq(out, outlen, expected, expectedlen))
2977         goto done;
2978 
2979     ret = 1;
2980 
2981  done:
2982     EVP_PKEY_CTX_free(pctx);
2983 
2984     return ret;
2985 }
2986 
2987 #ifndef OPENSSL_NO_EC
test_X509_PUBKEY_inplace(void)2988 static int test_X509_PUBKEY_inplace(void)
2989 {
2990     int ret = 0;
2991     X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
2992     const unsigned char *p = kExampleECPubKeyDER;
2993     size_t input_len = sizeof(kExampleECPubKeyDER);
2994 
2995     if (!TEST_ptr(xp))
2996         goto done;
2997     if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
2998         goto done;
2999 
3000     if (!TEST_ptr(X509_PUBKEY_get0(xp)))
3001         goto done;
3002 
3003     p = kExampleBadECPubKeyDER;
3004     input_len = sizeof(kExampleBadECPubKeyDER);
3005 
3006     if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
3007         goto done;
3008 
3009     if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
3010         goto done;
3011 
3012     ret = 1;
3013 
3014  done:
3015     X509_PUBKEY_free(xp);
3016     return ret;
3017 }
3018 
test_X509_PUBKEY_dup(void)3019 static int test_X509_PUBKEY_dup(void)
3020 {
3021     int ret = 0;
3022     X509_PUBKEY *xp = NULL, *xq = NULL;
3023     const unsigned char *p = kExampleECPubKeyDER;
3024     size_t input_len = sizeof(kExampleECPubKeyDER);
3025 
3026     xp = X509_PUBKEY_new_ex(testctx, testpropq);
3027     if (!TEST_ptr(xp)
3028             || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
3029             || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
3030             || !TEST_ptr_ne(xp, xq))
3031         goto done;
3032 
3033     if (!TEST_ptr(X509_PUBKEY_get0(xq))
3034             || !TEST_ptr(X509_PUBKEY_get0(xp))
3035             || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
3036         goto done;
3037 
3038     X509_PUBKEY_free(xq);
3039     xq = NULL;
3040     p = kExampleBadECPubKeyDER;
3041     input_len = sizeof(kExampleBadECPubKeyDER);
3042 
3043     if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
3044             || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
3045         goto done;
3046 
3047     X509_PUBKEY_free(xp);
3048     xp = NULL;
3049     if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
3050         goto done;
3051 
3052     ret = 1;
3053 
3054  done:
3055     X509_PUBKEY_free(xp);
3056     X509_PUBKEY_free(xq);
3057     return ret;
3058 }
3059 #endif /* OPENSSL_NO_EC */
3060 
3061 /* Test getting and setting parameters on an EVP_PKEY_CTX */
test_EVP_PKEY_CTX_get_set_params(EVP_PKEY * pkey)3062 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
3063 {
3064     EVP_MD_CTX *mdctx = NULL;
3065     EVP_PKEY_CTX *ctx = NULL;
3066     const OSSL_PARAM *params;
3067     OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
3068     int ret = 0;
3069     const EVP_MD *md;
3070     char mdname[OSSL_MAX_NAME_SIZE];
3071     char ssl3ms[48];
3072 
3073     /* Initialise a sign operation */
3074     ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
3075     if (!TEST_ptr(ctx)
3076             || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
3077         goto err;
3078 
3079     /*
3080      * We should be able to query the parameters now.
3081      */
3082     params = EVP_PKEY_CTX_settable_params(ctx);
3083     if (!TEST_ptr(params)
3084         || !TEST_ptr(OSSL_PARAM_locate_const(params,
3085                                              OSSL_SIGNATURE_PARAM_DIGEST)))
3086         goto err;
3087 
3088     params = EVP_PKEY_CTX_gettable_params(ctx);
3089     if (!TEST_ptr(params)
3090         || !TEST_ptr(OSSL_PARAM_locate_const(params,
3091                                              OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
3092         || !TEST_ptr(OSSL_PARAM_locate_const(params,
3093                                              OSSL_SIGNATURE_PARAM_DIGEST)))
3094         goto err;
3095 
3096     /*
3097      * Test getting and setting params via EVP_PKEY_CTX_set_params() and
3098      * EVP_PKEY_CTX_get_params()
3099      */
3100     strcpy(mdname, "SHA512");
3101     param_md = param;
3102     *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
3103                                                 mdname, 0);
3104     *param++ = OSSL_PARAM_construct_end();
3105 
3106     if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
3107         goto err;
3108 
3109     mdname[0] = '\0';
3110     *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
3111                                                  mdname, sizeof(mdname));
3112     if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
3113             || !TEST_str_eq(mdname, "SHA512"))
3114         goto err;
3115 
3116     /*
3117      * Test the TEST_PKEY_CTX_set_signature_md() and
3118      * TEST_PKEY_CTX_get_signature_md() functions
3119      */
3120     if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
3121             || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
3122             || !TEST_ptr_eq(md, EVP_sha256()))
3123         goto err;
3124 
3125     /*
3126      * Test getting MD parameters via an associated EVP_PKEY_CTX
3127      */
3128     mdctx = EVP_MD_CTX_new();
3129     if (!TEST_ptr(mdctx)
3130         || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
3131                                             pkey, NULL)))
3132         goto err;
3133 
3134     /*
3135      * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
3136      * able to obtain the digest's settable parameters from the provider.
3137      */
3138     params = EVP_MD_CTX_settable_params(mdctx);
3139     if (!TEST_ptr(params)
3140             || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
3141                /* The final key should be NULL */
3142             || !TEST_ptr_null(params[1].key))
3143         goto err;
3144 
3145     param = ourparams;
3146     memset(ssl3ms, 0, sizeof(ssl3ms));
3147     *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
3148                                                  ssl3ms, sizeof(ssl3ms));
3149     *param++ = OSSL_PARAM_construct_end();
3150 
3151     if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
3152         goto err;
3153 
3154     ret = 1;
3155 
3156  err:
3157     EVP_MD_CTX_free(mdctx);
3158     EVP_PKEY_CTX_free(ctx);
3159 
3160     return ret;
3161 }
3162 
3163 #ifndef OPENSSL_NO_DSA
test_DSA_get_set_params(void)3164 static int test_DSA_get_set_params(void)
3165 {
3166     OSSL_PARAM_BLD *bld = NULL;
3167     OSSL_PARAM *params = NULL;
3168     BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
3169     EVP_PKEY_CTX *pctx = NULL;
3170     EVP_PKEY *pkey = NULL;
3171     int ret = 0;
3172 
3173     /*
3174      * Setup the parameters for our DSA object. For our purposes they don't
3175      * have to actually be *valid* parameters. We just need to set something.
3176      */
3177     if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
3178         || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
3179         || !TEST_ptr(p = BN_new())
3180         || !TEST_ptr(q = BN_new())
3181         || !TEST_ptr(g = BN_new())
3182         || !TEST_ptr(pub = BN_new())
3183         || !TEST_ptr(priv = BN_new()))
3184         goto err;
3185     if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
3186         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
3187         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
3188         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
3189                                              pub))
3190         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
3191                                              priv)))
3192         goto err;
3193     if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
3194         goto err;
3195 
3196     if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
3197         || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
3198                                           params), 0))
3199         goto err;
3200 
3201     if (!TEST_ptr(pkey))
3202         goto err;
3203 
3204     ret = test_EVP_PKEY_CTX_get_set_params(pkey);
3205 
3206  err:
3207     EVP_PKEY_free(pkey);
3208     EVP_PKEY_CTX_free(pctx);
3209     OSSL_PARAM_free(params);
3210     OSSL_PARAM_BLD_free(bld);
3211     BN_free(p);
3212     BN_free(q);
3213     BN_free(g);
3214     BN_free(pub);
3215     BN_free(priv);
3216 
3217     return ret;
3218 }
3219 
3220 /*
3221  * Test combinations of private, public, missing and private + public key
3222  * params to ensure they are all accepted
3223  */
test_DSA_priv_pub(void)3224 static int test_DSA_priv_pub(void)
3225 {
3226     return test_EVP_PKEY_ffc_priv_pub("DSA");
3227 }
3228 
3229 #endif /* !OPENSSL_NO_DSA */
3230 
test_RSA_get_set_params(void)3231 static int test_RSA_get_set_params(void)
3232 {
3233     OSSL_PARAM_BLD *bld = NULL;
3234     OSSL_PARAM *params = NULL;
3235     BIGNUM *n = NULL, *e = NULL, *d = NULL;
3236     EVP_PKEY_CTX *pctx = NULL;
3237     EVP_PKEY *pkey = NULL;
3238     int ret = 0;
3239 
3240     /*
3241      * Setup the parameters for our RSA object. For our purposes they don't
3242      * have to actually be *valid* parameters. We just need to set something.
3243      */
3244     if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
3245         || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
3246         || !TEST_ptr(n = BN_new())
3247         || !TEST_ptr(e = BN_new())
3248         || !TEST_ptr(d = BN_new()))
3249         goto err;
3250     if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
3251         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
3252         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
3253         goto err;
3254     if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
3255         goto err;
3256 
3257     if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
3258         || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
3259                                           params), 0))
3260         goto err;
3261 
3262     if (!TEST_ptr(pkey))
3263         goto err;
3264 
3265     ret = test_EVP_PKEY_CTX_get_set_params(pkey);
3266 
3267  err:
3268     EVP_PKEY_free(pkey);
3269     EVP_PKEY_CTX_free(pctx);
3270     OSSL_PARAM_free(params);
3271     OSSL_PARAM_BLD_free(bld);
3272     BN_free(n);
3273     BN_free(e);
3274     BN_free(d);
3275 
3276     return ret;
3277 }
3278 
test_RSA_OAEP_set_get_params(void)3279 static int test_RSA_OAEP_set_get_params(void)
3280 {
3281     int ret = 0;
3282     EVP_PKEY *key = NULL;
3283     EVP_PKEY_CTX *key_ctx = NULL;
3284 
3285     if (nullprov != NULL)
3286         return TEST_skip("Test does not support a non-default library context");
3287 
3288     if (!TEST_ptr(key = load_example_rsa_key())
3289         || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(0, key, 0)))
3290         goto err;
3291 
3292     {
3293         int padding = RSA_PKCS1_OAEP_PADDING;
3294         OSSL_PARAM params[4];
3295 
3296         params[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE, &padding);
3297         params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
3298                                                      OSSL_DIGEST_NAME_SHA2_256, 0);
3299         params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
3300                                                      OSSL_DIGEST_NAME_SHA1, 0);
3301         params[3] = OSSL_PARAM_construct_end();
3302 
3303         if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params),0))
3304             goto err;
3305     }
3306     {
3307         OSSL_PARAM params[3];
3308         char oaepmd[30] = { '\0' };
3309         char mgf1md[30] = { '\0' };
3310 
3311         params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
3312                                                      oaepmd, sizeof(oaepmd));
3313         params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
3314                                                      mgf1md, sizeof(mgf1md));
3315         params[2] = OSSL_PARAM_construct_end();
3316 
3317         if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx, params)))
3318             goto err;
3319 
3320         if (!TEST_str_eq(oaepmd, OSSL_DIGEST_NAME_SHA2_256)
3321             || !TEST_str_eq(mgf1md, OSSL_DIGEST_NAME_SHA1))
3322             goto err;
3323     }
3324 
3325     ret = 1;
3326 
3327  err:
3328     EVP_PKEY_free(key);
3329     EVP_PKEY_CTX_free(key_ctx);
3330 
3331     return ret;
3332 }
3333 
3334 /* https://github.com/openssl/openssl/issues/21288 */
test_RSA_OAEP_set_null_label(void)3335 static int test_RSA_OAEP_set_null_label(void)
3336 {
3337     int ret = 0;
3338     EVP_PKEY *key = NULL;
3339     EVP_PKEY_CTX *key_ctx = NULL;
3340 
3341     if (!TEST_ptr(key = load_example_rsa_key())
3342         || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(testctx, key, NULL))
3343         || !TEST_true(EVP_PKEY_encrypt_init(key_ctx)))
3344         goto err;
3345 
3346     if (!TEST_true(EVP_PKEY_CTX_set_rsa_padding(key_ctx, RSA_PKCS1_OAEP_PADDING)))
3347         goto err;
3348 
3349     if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, OPENSSL_strdup("foo"), 0)))
3350         goto err;
3351 
3352     if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, NULL, 0)))
3353         goto err;
3354 
3355     ret = 1;
3356 
3357  err:
3358     EVP_PKEY_free(key);
3359     EVP_PKEY_CTX_free(key_ctx);
3360 
3361     return ret;
3362 }
3363 
3364 #ifndef OPENSSL_NO_DEPRECATED_3_0
test_RSA_legacy(void)3365 static int test_RSA_legacy(void)
3366 {
3367     int ret = 0;
3368     BIGNUM *p = NULL;
3369     BIGNUM *q = NULL;
3370     BIGNUM *n = NULL;
3371     BIGNUM *e = NULL;
3372     BIGNUM *d = NULL;
3373     const EVP_MD *md = EVP_sha256();
3374     EVP_MD_CTX *ctx = NULL;
3375     EVP_PKEY *pkey = NULL;
3376     RSA *rsa = NULL;
3377 
3378     if (nullprov != NULL)
3379         return TEST_skip("Test does not support a non-default library context");
3380 
3381     if (!TEST_ptr(p = BN_dup(BN_value_one()))
3382         || !TEST_ptr(q = BN_dup(BN_value_one()))
3383         || !TEST_ptr(n = BN_dup(BN_value_one()))
3384         || !TEST_ptr(e = BN_dup(BN_value_one()))
3385         || !TEST_ptr(d = BN_dup(BN_value_one())))
3386         goto err;
3387 
3388     if (!TEST_ptr(rsa = RSA_new())
3389         || !TEST_ptr(pkey = EVP_PKEY_new())
3390         || !TEST_ptr(ctx = EVP_MD_CTX_new()))
3391         goto err;
3392 
3393     if (!TEST_true(RSA_set0_factors(rsa, p, q)))
3394         goto err;
3395     p = NULL;
3396     q = NULL;
3397 
3398     if (!TEST_true(RSA_set0_key(rsa, n, e, d)))
3399         goto err;
3400     n = NULL;
3401     e = NULL;
3402     d = NULL;
3403 
3404     if (!TEST_true(EVP_PKEY_assign_RSA(pkey, rsa)))
3405         goto err;
3406 
3407     rsa = NULL;
3408 
3409     if (!TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey)))
3410         goto err;
3411 
3412     ret = 1;
3413 
3414 err:
3415     RSA_free(rsa);
3416     EVP_MD_CTX_free(ctx);
3417     EVP_PKEY_free(pkey);
3418     BN_free(p);
3419     BN_free(q);
3420     BN_free(n);
3421     BN_free(e);
3422     BN_free(d);
3423 
3424     return ret;
3425 }
3426 #endif
3427 
3428 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
test_decrypt_null_chunks(void)3429 static int test_decrypt_null_chunks(void)
3430 {
3431     EVP_CIPHER_CTX* ctx = NULL;
3432     EVP_CIPHER *cipher = NULL;
3433     const unsigned char key[32] = {
3434         0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
3435         0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
3436         0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
3437     };
3438     unsigned char iv[12] = {
3439         0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
3440     };
3441     unsigned char msg[] = "It was the best of times, it was the worst of times";
3442     unsigned char ciphertext[80];
3443     unsigned char plaintext[80];
3444     /* We initialise tmp to a non zero value on purpose */
3445     int ctlen, ptlen, tmp = 99;
3446     int ret = 0;
3447     const int enc_offset = 10, dec_offset = 20;
3448 
3449     if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
3450             || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
3451             || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
3452                                              key, iv))
3453             || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
3454                                             enc_offset))
3455             /* Deliberate add a zero length update */
3456             || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
3457                                             0))
3458             || !TEST_int_eq(tmp, 0)
3459             || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
3460                                             msg + enc_offset,
3461                                             sizeof(msg) - enc_offset))
3462             || !TEST_int_eq(ctlen += tmp, sizeof(msg))
3463             || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
3464             || !TEST_int_eq(tmp, 0))
3465         goto err;
3466 
3467     /* Deliberately initialise tmp to a non zero value */
3468     tmp = 99;
3469     if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
3470             || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
3471                                             dec_offset))
3472             /*
3473              * Deliberately add a zero length update. We also deliberately do
3474              * this at a different offset than for encryption.
3475              */
3476             || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
3477                                             0))
3478             || !TEST_int_eq(tmp, 0)
3479             || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
3480                                             ciphertext + dec_offset,
3481                                             ctlen - dec_offset))
3482             || !TEST_int_eq(ptlen += tmp, sizeof(msg))
3483             || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
3484             || !TEST_int_eq(tmp, 0)
3485             || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
3486         goto err;
3487 
3488     ret = 1;
3489  err:
3490     EVP_CIPHER_CTX_free(ctx);
3491     EVP_CIPHER_free(cipher);
3492     return ret;
3493 }
3494 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
3495 
3496 #ifndef OPENSSL_NO_DH
3497 /*
3498  * Test combinations of private, public, missing and private + public key
3499  * params to ensure they are all accepted
3500  */
test_DH_priv_pub(void)3501 static int test_DH_priv_pub(void)
3502 {
3503     return test_EVP_PKEY_ffc_priv_pub("DH");
3504 }
3505 
3506 # ifndef OPENSSL_NO_DEPRECATED_3_0
test_EVP_PKEY_set1_DH(void)3507 static int test_EVP_PKEY_set1_DH(void)
3508 {
3509     DH *x942dh = NULL, *noqdh = NULL;
3510     EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
3511     int ret = 0;
3512     BIGNUM *p, *g = NULL;
3513     BIGNUM *pubkey = NULL;
3514     unsigned char pub[2048 / 8];
3515     size_t len = 0;
3516 
3517     if (!TEST_ptr(p = BN_new())
3518             || !TEST_ptr(g = BN_new())
3519             || !TEST_ptr(pubkey = BN_new())
3520             || !TEST_true(BN_set_word(p, 9999))
3521             || !TEST_true(BN_set_word(g, 2))
3522             || !TEST_true(BN_set_word(pubkey, 4321))
3523             || !TEST_ptr(noqdh = DH_new())
3524             || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
3525             || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
3526             || !TEST_ptr(pubkey = BN_new())
3527             || !TEST_true(BN_set_word(pubkey, 4321)))
3528         goto err;
3529     p = g = NULL;
3530 
3531     x942dh = DH_get_2048_256();
3532     pkey1 = EVP_PKEY_new();
3533     pkey2 = EVP_PKEY_new();
3534     if (!TEST_ptr(x942dh)
3535             || !TEST_ptr(noqdh)
3536             || !TEST_ptr(pkey1)
3537             || !TEST_ptr(pkey2)
3538             || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
3539         goto err;
3540     pubkey = NULL;
3541 
3542     if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
3543             || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
3544         goto err;
3545 
3546     if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
3547                                          &pubkey))
3548             || !TEST_ptr(pubkey))
3549         goto err;
3550 
3551     if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
3552             || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
3553         goto err;
3554 
3555     if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
3556                                                    OSSL_PKEY_PARAM_PUB_KEY,
3557                                                    pub, sizeof(pub), &len))
3558             || !TEST_size_t_ne(len, 0))
3559         goto err;
3560 
3561     ret = 1;
3562  err:
3563     BN_free(p);
3564     BN_free(g);
3565     BN_free(pubkey);
3566     EVP_PKEY_free(pkey1);
3567     EVP_PKEY_free(pkey2);
3568     DH_free(x942dh);
3569     DH_free(noqdh);
3570 
3571     return ret;
3572 }
3573 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
3574 #endif /* !OPENSSL_NO_DH */
3575 
3576 /*
3577  * We test what happens with an empty template.  For the sake of this test,
3578  * the template must be ignored, and we know that's the case for RSA keys
3579  * (this might arguably be a misfeature, but that's what we currently do,
3580  * even in provider code, since that's how the legacy RSA implementation
3581  * does things)
3582  */
test_keygen_with_empty_template(int n)3583 static int test_keygen_with_empty_template(int n)
3584 {
3585     EVP_PKEY_CTX *ctx = NULL;
3586     EVP_PKEY *pkey = NULL;
3587     EVP_PKEY *tkey = NULL;
3588     int ret = 0;
3589 
3590     if (nullprov != NULL)
3591         return TEST_skip("Test does not support a non-default library context");
3592 
3593     switch (n) {
3594     case 0:
3595         /* We do test with no template at all as well */
3596         if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
3597             goto err;
3598         break;
3599     case 1:
3600         /* Here we create an empty RSA key that serves as our template */
3601         if (!TEST_ptr(tkey = EVP_PKEY_new())
3602             || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
3603             || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
3604             goto err;
3605         break;
3606     }
3607 
3608     if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3609         || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
3610         goto err;
3611 
3612     ret = 1;
3613  err:
3614     EVP_PKEY_CTX_free(ctx);
3615     EVP_PKEY_free(pkey);
3616     EVP_PKEY_free(tkey);
3617     return ret;
3618 }
3619 
3620 /*
3621  * Test that we fail if we attempt to use an algorithm that is not available
3622  * in the current library context (unless we are using an algorithm that
3623  * should be made available via legacy codepaths).
3624  *
3625  * 0:   RSA
3626  * 1:   SM2
3627  */
test_pkey_ctx_fail_without_provider(int tst)3628 static int test_pkey_ctx_fail_without_provider(int tst)
3629 {
3630     OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
3631     OSSL_PROVIDER *tmpnullprov = NULL;
3632     EVP_PKEY_CTX *pctx = NULL;
3633     const char *keytype = NULL;
3634     int expect_null = 0;
3635     int ret = 0;
3636 
3637     if (!TEST_ptr(tmpctx))
3638         goto err;
3639 
3640     tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
3641     if (!TEST_ptr(tmpnullprov))
3642         goto err;
3643 
3644     /*
3645      * We check for certain algos in the null provider.
3646      * If an algo is expected to have a provider keymgmt, constructing an
3647      * EVP_PKEY_CTX is expected to fail (return NULL).
3648      * Otherwise, if it's expected to have legacy support, constructing an
3649      * EVP_PKEY_CTX is expected to succeed (return non-NULL).
3650      */
3651     switch (tst) {
3652     case 0:
3653         keytype = "RSA";
3654         expect_null = 1;
3655         break;
3656     case 1:
3657         keytype = "SM2";
3658         expect_null = 1;
3659 #ifdef OPENSSL_NO_EC
3660         TEST_info("EC disable, skipping SM2 check...");
3661         goto end;
3662 #endif
3663 #ifdef OPENSSL_NO_SM2
3664         TEST_info("SM2 disable, skipping SM2 check...");
3665         goto end;
3666 #endif
3667         break;
3668     default:
3669         TEST_error("No test for case %d", tst);
3670         goto err;
3671     }
3672 
3673     pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
3674     if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
3675         goto err;
3676 
3677 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
3678  end:
3679 #endif
3680     ret = 1;
3681 
3682  err:
3683     EVP_PKEY_CTX_free(pctx);
3684     OSSL_PROVIDER_unload(tmpnullprov);
3685     OSSL_LIB_CTX_free(tmpctx);
3686     return ret;
3687 }
3688 
test_rand_agglomeration(void)3689 static int test_rand_agglomeration(void)
3690 {
3691     EVP_RAND *rand;
3692     EVP_RAND_CTX *ctx;
3693     OSSL_PARAM params[3], *p = params;
3694     int res;
3695     unsigned int step = 7;
3696     static unsigned char seed[] = "It does not matter how slowly you go "
3697                                   "as long as you do not stop.";
3698     unsigned char out[sizeof(seed)];
3699 
3700     if (!TEST_int_ne(sizeof(seed) % step, 0)
3701             || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
3702         return 0;
3703     ctx = EVP_RAND_CTX_new(rand, NULL);
3704     EVP_RAND_free(rand);
3705     if (!TEST_ptr(ctx))
3706         return 0;
3707 
3708     memset(out, 0, sizeof(out));
3709     *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
3710                                              seed, sizeof(seed));
3711     *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
3712     *p = OSSL_PARAM_construct_end();
3713     res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
3714           && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
3715           && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
3716     EVP_RAND_CTX_free(ctx);
3717     return res;
3718 }
3719 
3720 /*
3721  * Test that we correctly return the original or "running" IV after
3722  * an encryption operation.
3723  * Run multiple times for some different relevant algorithms/modes.
3724  */
test_evp_iv_aes(int idx)3725 static int test_evp_iv_aes(int idx)
3726 {
3727     int ret = 0;
3728     EVP_CIPHER_CTX *ctx = NULL;
3729     unsigned char key[16] = {
3730         0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
3731         0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57
3732     };
3733     unsigned char init_iv[EVP_MAX_IV_LENGTH] = {
3734         0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
3735         0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
3736     };
3737     static const unsigned char msg[] = {
3738         1, 2, 3, 4, 5, 6, 7, 8,
3739         9, 10, 11, 12, 13, 14, 15, 16
3740     };
3741     unsigned char ciphertext[32], oiv[16], iv[16];
3742     unsigned char *ref_iv;
3743     unsigned char cbc_state[16] = {
3744         0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
3745         0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e
3746     };
3747 
3748     unsigned char ofb_state[16] = {
3749         0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
3750         0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd
3751     };
3752     unsigned char cfb_state[16] = {
3753         0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
3754         0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed
3755     };
3756     unsigned char gcm_state[12] = {
3757         0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3758         0x98, 0x82, 0x5a, 0x55, 0x91, 0x81
3759     };
3760     unsigned char ccm_state[7] = { 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98 };
3761 #ifndef OPENSSL_NO_OCB
3762     unsigned char ocb_state[12] = {
3763         0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3764         0x98, 0x82, 0x5a, 0x55, 0x91, 0x81
3765     };
3766 #endif
3767     int len = sizeof(ciphertext);
3768     size_t ivlen, ref_len;
3769     const EVP_CIPHER *type = NULL;
3770     int iv_reset = 0;
3771 
3772     if (nullprov != NULL && idx < 6)
3773         return TEST_skip("Test does not support a non-default library context");
3774 
3775     switch (idx) {
3776     case 0:
3777         type = EVP_aes_128_cbc();
3778         /* FALLTHROUGH */
3779     case 6:
3780         type = (type != NULL) ? type :
3781                                 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
3782         ref_iv = cbc_state;
3783         ref_len = sizeof(cbc_state);
3784         iv_reset = 1;
3785         break;
3786     case 1:
3787         type = EVP_aes_128_ofb();
3788         /* FALLTHROUGH */
3789     case 7:
3790         type = (type != NULL) ? type :
3791                                 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
3792         ref_iv = ofb_state;
3793         ref_len = sizeof(ofb_state);
3794         iv_reset = 1;
3795         break;
3796     case 2:
3797         type = EVP_aes_128_cfb();
3798         /* FALLTHROUGH */
3799     case 8:
3800         type = (type != NULL) ? type :
3801                                 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
3802         ref_iv = cfb_state;
3803         ref_len = sizeof(cfb_state);
3804         iv_reset = 1;
3805         break;
3806     case 3:
3807         type = EVP_aes_128_gcm();
3808         /* FALLTHROUGH */
3809     case 9:
3810         type = (type != NULL) ? type :
3811                                 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
3812         ref_iv = gcm_state;
3813         ref_len = sizeof(gcm_state);
3814         break;
3815     case 4:
3816         type = EVP_aes_128_ccm();
3817         /* FALLTHROUGH */
3818     case 10:
3819         type = (type != NULL) ? type :
3820                                 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
3821         ref_iv = ccm_state;
3822         ref_len = sizeof(ccm_state);
3823         break;
3824 #ifdef OPENSSL_NO_OCB
3825     case 5:
3826     case 11:
3827         return 1;
3828 #else
3829     case 5:
3830         type = EVP_aes_128_ocb();
3831         /* FALLTHROUGH */
3832     case 11:
3833         type = (type != NULL) ? type :
3834                                 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
3835         ref_iv = ocb_state;
3836         ref_len = sizeof(ocb_state);
3837         break;
3838 #endif
3839     default:
3840         return 0;
3841     }
3842 
3843     if (!TEST_ptr(type)
3844             || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3845             || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3846             || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3847                           (int)sizeof(msg)))
3848             || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3849             || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3850             || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3851         goto err;
3852     ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3853 
3854     if (!TEST_int_gt(ivlen, 0))
3855         goto err;
3856 
3857     if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3858             || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3859         goto err;
3860 
3861     /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3862     if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3863         || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3864         goto err;
3865     if (iv_reset) {
3866         if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3867             goto err;
3868     } else {
3869         if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
3870             goto err;
3871     }
3872 
3873     ret = 1;
3874 err:
3875     EVP_CIPHER_CTX_free(ctx);
3876     if (idx >= 6)
3877         EVP_CIPHER_free((EVP_CIPHER *)type);
3878     return ret;
3879 }
3880 
3881 #ifndef OPENSSL_NO_DES
test_evp_iv_des(int idx)3882 static int test_evp_iv_des(int idx)
3883 {
3884     int ret = 0;
3885     EVP_CIPHER_CTX *ctx = NULL;
3886     static const unsigned char key[24] = {
3887         0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3888         0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3889         0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3890     };
3891     static const unsigned char init_iv[8] = {
3892         0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3893     };
3894     static const unsigned char msg[] = {
3895         1, 2, 3, 4, 5, 6, 7, 8,
3896         9, 10, 11, 12, 13, 14, 15, 16
3897     };
3898     unsigned char ciphertext[32], oiv[8], iv[8];
3899     unsigned const char *ref_iv;
3900     static const unsigned char cbc_state_des[8] = {
3901         0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3902     };
3903     static const unsigned char cbc_state_3des[8] = {
3904         0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3905     };
3906     static const unsigned char ofb_state_des[8] = {
3907         0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3908     };
3909     static const unsigned char ofb_state_3des[8] = {
3910         0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3911     };
3912     static const unsigned char cfb_state_des[8] = {
3913         0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3914     };
3915     static const unsigned char cfb_state_3des[8] = {
3916         0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3917     };
3918     int len = sizeof(ciphertext);
3919     size_t ivlen, ref_len;
3920     EVP_CIPHER *type = NULL;
3921 
3922     if (lgcyprov == NULL && idx < 3)
3923         return TEST_skip("Test requires legacy provider to be loaded");
3924 
3925     switch (idx) {
3926     case 0:
3927         type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
3928         ref_iv = cbc_state_des;
3929         ref_len = sizeof(cbc_state_des);
3930         break;
3931     case 1:
3932         type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
3933         ref_iv = ofb_state_des;
3934         ref_len = sizeof(ofb_state_des);
3935         break;
3936     case 2:
3937         type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
3938         ref_iv = cfb_state_des;
3939         ref_len = sizeof(cfb_state_des);
3940         break;
3941     case 3:
3942         type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
3943         ref_iv = cbc_state_3des;
3944         ref_len = sizeof(cbc_state_3des);
3945         break;
3946     case 4:
3947         type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
3948         ref_iv = ofb_state_3des;
3949         ref_len = sizeof(ofb_state_3des);
3950         break;
3951     case 5:
3952         type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
3953         ref_iv = cfb_state_3des;
3954         ref_len = sizeof(cfb_state_3des);
3955         break;
3956     default:
3957         return 0;
3958     }
3959 
3960     if (!TEST_ptr(type)
3961             || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3962             || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3963             || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3964                           (int)sizeof(msg)))
3965             || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3966             || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3967             || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3968         goto err;
3969     ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3970 
3971     if (!TEST_int_gt(ivlen, 0))
3972         goto err;
3973 
3974     if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3975             || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3976         goto err;
3977 
3978     if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3979         || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3980         goto err;
3981     if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3982         goto err;
3983 
3984     ret = 1;
3985 err:
3986     EVP_CIPHER_CTX_free(ctx);
3987     EVP_CIPHER_free(type);
3988     return ret;
3989 }
3990 #endif
3991 
3992 #ifndef OPENSSL_NO_BF
test_evp_bf_default_keylen(int idx)3993 static int test_evp_bf_default_keylen(int idx)
3994 {
3995     int ret = 0;
3996     static const char *algos[4] = {
3997         "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb"
3998     };
3999     int ivlen[4] = { 0, 8, 8, 8 };
4000     EVP_CIPHER *cipher = NULL;
4001 
4002     if (lgcyprov == NULL)
4003         return TEST_skip("Test requires legacy provider to be loaded");
4004 
4005     if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq))
4006             || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16)
4007             || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx]))
4008         goto err;
4009 
4010     ret = 1;
4011 err:
4012     EVP_CIPHER_free(cipher);
4013     return ret;
4014 }
4015 #endif
4016 
4017 #ifndef OPENSSL_NO_EC
4018 static int ecpub_nids[] = {
4019     NID_brainpoolP256r1, NID_X9_62_prime256v1,
4020     NID_secp384r1, NID_secp521r1,
4021 # ifndef OPENSSL_NO_EC2M
4022     NID_sect233k1, NID_sect233r1, NID_sect283r1,
4023     NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
4024 # endif
4025     NID_brainpoolP384r1, NID_brainpoolP512r1
4026 };
4027 
test_ecpub(int idx)4028 static int test_ecpub(int idx)
4029 {
4030     int ret = 0, len, savelen;
4031     int nid;
4032     unsigned char buf[1024];
4033     unsigned char *p;
4034     EVP_PKEY *pkey = NULL;
4035     EVP_PKEY_CTX *ctx = NULL;
4036 # ifndef OPENSSL_NO_DEPRECATED_3_0
4037     const unsigned char *q;
4038     EVP_PKEY *pkey2 = NULL;
4039     EC_KEY *ec = NULL;
4040 # endif
4041 
4042     if (nullprov != NULL)
4043         return TEST_skip("Test does not support a non-default library context");
4044 
4045     nid = ecpub_nids[idx];
4046 
4047     ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4048     if (!TEST_ptr(ctx)
4049         || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
4050         || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0)
4051         || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
4052         goto done;
4053     len = i2d_PublicKey(pkey, NULL);
4054     savelen = len;
4055     if (!TEST_int_ge(len, 1)
4056         || !TEST_int_lt(len, 1024))
4057         goto done;
4058     p = buf;
4059     len = i2d_PublicKey(pkey, &p);
4060     if (!TEST_int_ge(len, 1)
4061             || !TEST_int_eq(len, savelen))
4062         goto done;
4063 
4064 # ifndef OPENSSL_NO_DEPRECATED_3_0
4065     /* Now try to decode the just-created DER. */
4066     q = buf;
4067     if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
4068             || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
4069             || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
4070         goto done;
4071     /* EC_KEY ownership transferred */
4072     ec = NULL;
4073     if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
4074         goto done;
4075     /* The keys should match. */
4076     if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
4077         goto done;
4078 # endif
4079 
4080     ret = 1;
4081 
4082  done:
4083     EVP_PKEY_CTX_free(ctx);
4084     EVP_PKEY_free(pkey);
4085 # ifndef OPENSSL_NO_DEPRECATED_3_0
4086     EVP_PKEY_free(pkey2);
4087     EC_KEY_free(ec);
4088 # endif
4089     return ret;
4090 }
4091 #endif
4092 
test_EVP_rsa_pss_with_keygen_bits(void)4093 static int test_EVP_rsa_pss_with_keygen_bits(void)
4094 {
4095     int ret = 0;
4096     EVP_PKEY_CTX *ctx = NULL;
4097     EVP_PKEY *pkey = NULL;
4098     EVP_MD *md;
4099 
4100     md = EVP_MD_fetch(testctx, "sha256", testpropq);
4101     ret = TEST_ptr(md)
4102         && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq)))
4103         && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
4104         && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
4105         && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0)
4106         && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
4107 
4108     EVP_MD_free(md);
4109     EVP_PKEY_free(pkey);
4110     EVP_PKEY_CTX_free(ctx);
4111     return ret;
4112 }
4113 
test_EVP_rsa_pss_set_saltlen(void)4114 static int test_EVP_rsa_pss_set_saltlen(void)
4115 {
4116     int ret = 0;
4117     EVP_PKEY *pkey = NULL;
4118     EVP_PKEY_CTX *pkey_ctx = NULL;
4119     EVP_MD *sha256 = NULL;
4120     EVP_MD_CTX *sha256_ctx = NULL;
4121     int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
4122     const int test_value = 32;
4123 
4124     ret = TEST_ptr(pkey = load_example_rsa_key())
4125         && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
4126         && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
4127         && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
4128         && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
4129         && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0)
4130         && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0)
4131         && TEST_int_eq(saltlen, test_value);
4132 
4133     EVP_MD_CTX_free(sha256_ctx);
4134     EVP_PKEY_free(pkey);
4135     EVP_MD_free(sha256);
4136 
4137     return ret;
4138 }
4139 
test_EVP_rsa_invalid_key(void)4140 static int test_EVP_rsa_invalid_key(void)
4141 {
4142     int ret = 0;
4143     EVP_PKEY *pkey = NULL;
4144 
4145     pkey = load_example_key("RSA", kInvalidRSAKeyDER, sizeof(kInvalidRSAKeyDER));
4146     /* we expect to fail to load bogus key */
4147     ret = !TEST_ptr(pkey);
4148     EVP_PKEY_free(pkey);
4149 
4150     return ret;
4151 }
4152 
4153 static int success = 1;
md_names(const char * name,void * vctx)4154 static void md_names(const char *name, void *vctx)
4155 {
4156     OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
4157     /* Force a namemap update */
4158     EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
4159 
4160     if (!TEST_ptr(aes128))
4161         success = 0;
4162 
4163     EVP_CIPHER_free(aes128);
4164 }
4165 
4166 /*
4167  * Test that changing the namemap in a user callback works in a names_do_all
4168  * function.
4169  */
test_names_do_all(void)4170 static int test_names_do_all(void)
4171 {
4172     /* We use a custom libctx so that we know the state of the namemap */
4173     OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
4174     EVP_MD *sha256 = NULL;
4175     int testresult = 0;
4176 
4177     if (!TEST_ptr(ctx))
4178         goto err;
4179 
4180     sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
4181     if (!TEST_ptr(sha256))
4182         goto err;
4183 
4184     /*
4185      * We loop through all the names for a given digest. This should still work
4186      * even if the namemap changes part way through.
4187      */
4188     if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
4189         goto err;
4190 
4191     if (!TEST_true(success))
4192         goto err;
4193 
4194     testresult = 1;
4195  err:
4196     EVP_MD_free(sha256);
4197     OSSL_LIB_CTX_free(ctx);
4198     return testresult;
4199 }
4200 
4201 typedef struct {
4202     const char *cipher;
4203     const unsigned char *key;
4204     const unsigned char *iv;
4205     const unsigned char *input;
4206     const unsigned char *expected;
4207     const unsigned char *tag;
4208     size_t ivlen; /* 0 if we do not need to set a specific IV len */
4209     size_t inlen;
4210     size_t expectedlen;
4211     size_t taglen;
4212     int keyfirst;
4213     int initenc;
4214     int finalenc;
4215 } EVP_INIT_TEST_st;
4216 
4217 static const EVP_INIT_TEST_st evp_init_tests[] = {
4218     {
4219         "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
4220         cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
4221         0, 1, 0, 1
4222     },
4223     {
4224         "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
4225         gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
4226         sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
4227         sizeof(gcmDefaultTag), 1, 0, 1
4228     },
4229     {
4230         "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
4231         cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
4232         0, 0, 0, 1
4233     },
4234     {
4235         "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
4236         gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
4237         sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
4238         sizeof(gcmDefaultTag), 0, 0, 1
4239     },
4240     {
4241         "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
4242         cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
4243         0, 1, 1, 0
4244     },
4245     {
4246         "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
4247         gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
4248         sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
4249         sizeof(gcmDefaultTag), 1, 1, 0
4250     },
4251     {
4252         "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
4253         cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
4254         0, 0, 1, 0
4255     },
4256     {
4257         "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
4258         gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
4259         sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
4260         sizeof(gcmDefaultTag), 0, 1, 0
4261     }
4262 };
4263 
4264 /* use same key, iv and plaintext for cfb and ofb */
4265 static const EVP_INIT_TEST_st evp_reinit_tests[] = {
4266     {
4267         "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial,
4268         cfbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial),
4269         sizeof(cfbCiphertext_partial), 0, 0, 1, 0
4270     },
4271     {
4272         "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext_partial,
4273         cfbPlaintext_partial, NULL, 0, sizeof(cfbCiphertext_partial),
4274         sizeof(cfbPlaintext_partial), 0, 0, 0, 0
4275     },
4276     {
4277         "aes-128-ofb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial,
4278         ofbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial),
4279         sizeof(ofbCiphertext_partial), 0, 0, 1, 0
4280     },
4281     {
4282         "aes-128-ofb", kCFBDefaultKey, iCFBIV, ofbCiphertext_partial,
4283         cfbPlaintext_partial, NULL, 0, sizeof(ofbCiphertext_partial),
4284         sizeof(cfbPlaintext_partial), 0, 0, 0, 0
4285     },
4286 };
4287 
evp_init_seq_set_iv(EVP_CIPHER_CTX * ctx,const EVP_INIT_TEST_st * t)4288 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
4289 {
4290     int res = 0;
4291 
4292     if (t->ivlen != 0) {
4293         if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0))
4294             goto err;
4295     }
4296     if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
4297         goto err;
4298     res = 1;
4299  err:
4300     return res;
4301 }
4302 
4303 /*
4304  * Test step-wise cipher initialization via EVP_CipherInit_ex where the
4305  * arguments are given one at a time and a final adjustment to the enc
4306  * parameter sets the correct operation.
4307  */
test_evp_init_seq(int idx)4308 static int test_evp_init_seq(int idx)
4309 {
4310     int outlen1, outlen2;
4311     int testresult = 0;
4312     unsigned char outbuf[1024];
4313     unsigned char tag[16];
4314     const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
4315     EVP_CIPHER_CTX *ctx = NULL;
4316     EVP_CIPHER *type = NULL;
4317     size_t taglen = sizeof(tag);
4318     char *errmsg = NULL;
4319 
4320     ctx = EVP_CIPHER_CTX_new();
4321     if (ctx == NULL) {
4322         errmsg = "CTX_ALLOC";
4323         goto err;
4324     }
4325     if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
4326         errmsg = "CIPHER_FETCH";
4327         goto err;
4328     }
4329     if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
4330         errmsg = "EMPTY_ENC_INIT";
4331         goto err;
4332     }
4333     if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
4334         errmsg = "PADDING";
4335         goto err;
4336     }
4337     if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
4338         errmsg = "KEY_INIT (before iv)";
4339         goto err;
4340     }
4341     if (!evp_init_seq_set_iv(ctx, t)) {
4342         errmsg = "IV_INIT";
4343         goto err;
4344     }
4345     if (t->keyfirst == 0 &&  !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
4346         errmsg = "KEY_INIT (after iv)";
4347         goto err;
4348     }
4349     if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
4350         errmsg = "FINAL_ENC_INIT";
4351         goto err;
4352     }
4353     if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
4354         errmsg = "CIPHER_UPDATE";
4355         goto err;
4356     }
4357     if (t->finalenc == 0 && t->tag != NULL) {
4358         /* Set expected tag */
4359         if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
4360                                            t->taglen, (void *)t->tag), 0)) {
4361             errmsg = "SET_TAG";
4362             goto err;
4363         }
4364     }
4365     if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4366         errmsg = "CIPHER_FINAL";
4367         goto err;
4368     }
4369     if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
4370         errmsg = "WRONG_RESULT";
4371         goto err;
4372     }
4373     if (t->finalenc != 0 && t->tag != NULL) {
4374         if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4375             errmsg = "GET_TAG";
4376             goto err;
4377         }
4378         if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
4379             errmsg = "TAG_ERROR";
4380             goto err;
4381         }
4382     }
4383     testresult = 1;
4384  err:
4385     if (errmsg != NULL)
4386         TEST_info("evp_init_test %d: %s", idx, errmsg);
4387     EVP_CIPHER_CTX_free(ctx);
4388     EVP_CIPHER_free(type);
4389     return testresult;
4390 }
4391 
4392 /*
4393  * Test re-initialization of cipher context without changing key or iv.
4394  * The result of both iteration should be the same.
4395  */
test_evp_reinit_seq(int idx)4396 static int test_evp_reinit_seq(int idx)
4397 {
4398     int outlen1, outlen2, outlen_final;
4399     int testresult = 0;
4400     unsigned char outbuf1[1024];
4401     unsigned char outbuf2[1024];
4402     const EVP_INIT_TEST_st *t = &evp_reinit_tests[idx];
4403     EVP_CIPHER_CTX *ctx = NULL;
4404     EVP_CIPHER *type = NULL;
4405 
4406     if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4407             || !TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))
4408             /* setup cipher context */
4409             || !TEST_true(EVP_CipherInit_ex2(ctx, type, t->key, t->iv, t->initenc, NULL))
4410             /* first iteration */
4411             || !TEST_true(EVP_CipherUpdate(ctx, outbuf1, &outlen1, t->input, t->inlen))
4412             || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf1, &outlen_final))
4413             /* check test results iteration 1 */
4414             || !TEST_mem_eq(t->expected, t->expectedlen, outbuf1, outlen1 + outlen_final)
4415             /* now re-init the context (same cipher, key and iv) */
4416             || !TEST_true(EVP_CipherInit_ex2(ctx, NULL, NULL, NULL, -1, NULL))
4417             /* second iteration */
4418             || !TEST_true(EVP_CipherUpdate(ctx, outbuf2, &outlen2, t->input, t->inlen))
4419             || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf2, &outlen_final))
4420             /* check test results iteration 2 */
4421             || !TEST_mem_eq(t->expected, t->expectedlen, outbuf2, outlen2 + outlen_final))
4422         goto err;
4423     testresult = 1;
4424  err:
4425     EVP_CIPHER_CTX_free(ctx);
4426     EVP_CIPHER_free(type);
4427     return testresult;
4428 }
4429 
4430 typedef struct {
4431     const unsigned char *input;
4432     const unsigned char *expected;
4433     size_t inlen;
4434     size_t expectedlen;
4435     int enc;
4436 } EVP_RESET_TEST_st;
4437 
4438 static const EVP_RESET_TEST_st evp_reset_tests[] = {
4439     {
4440         cfbPlaintext, cfbCiphertext,
4441         sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
4442     },
4443     {
4444         cfbCiphertext, cfbPlaintext,
4445         sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
4446     }
4447 };
4448 
4449 /*
4450  * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
4451  * been used.
4452  */
test_evp_reset(int idx)4453 static int test_evp_reset(int idx)
4454 {
4455     const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
4456     int outlen1, outlen2;
4457     int testresult = 0;
4458     unsigned char outbuf[1024];
4459     EVP_CIPHER_CTX *ctx = NULL;
4460     EVP_CIPHER *type = NULL;
4461     char *errmsg = NULL;
4462 
4463     if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
4464         errmsg = "CTX_ALLOC";
4465         goto err;
4466     }
4467     if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
4468         errmsg = "CIPHER_FETCH";
4469         goto err;
4470     }
4471     if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
4472         errmsg = "CIPHER_INIT";
4473         goto err;
4474     }
4475     if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
4476         errmsg = "PADDING";
4477         goto err;
4478     }
4479     if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
4480         errmsg = "CIPHER_UPDATE";
4481         goto err;
4482     }
4483     if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4484         errmsg = "CIPHER_FINAL";
4485         goto err;
4486     }
4487     if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
4488         errmsg = "WRONG_RESULT";
4489         goto err;
4490     }
4491     if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
4492         errmsg = "CIPHER_REINIT";
4493         goto err;
4494     }
4495     if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
4496         errmsg = "CIPHER_UPDATE (reinit)";
4497         goto err;
4498     }
4499     if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4500         errmsg = "CIPHER_FINAL (reinit)";
4501         goto err;
4502     }
4503     if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
4504         errmsg = "WRONG_RESULT (reinit)";
4505         goto err;
4506     }
4507     testresult = 1;
4508  err:
4509     if (errmsg != NULL)
4510         TEST_info("test_evp_reset %d: %s", idx, errmsg);
4511     EVP_CIPHER_CTX_free(ctx);
4512     EVP_CIPHER_free(type);
4513     return testresult;
4514 }
4515 
4516 typedef struct {
4517     const char *cipher;
4518     int enc;
4519 } EVP_UPDATED_IV_TEST_st;
4520 
4521 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
4522     {
4523         "aes-128-cfb", 1
4524     },
4525     {
4526         "aes-128-cfb", 0
4527     },
4528     {
4529         "aes-128-cfb1", 1
4530     },
4531     {
4532         "aes-128-cfb1", 0
4533     },
4534     {
4535         "aes-128-cfb8", 1
4536     },
4537     {
4538         "aes-128-cfb8", 0
4539     },
4540     {
4541         "aes-128-ofb", 1
4542     },
4543     {
4544         "aes-128-ofb", 0
4545     },
4546     {
4547         "aes-128-ctr", 1
4548     },
4549     {
4550         "aes-128-ctr", 0
4551     },
4552     {
4553         "aes-128-cbc", 1
4554     },
4555     {
4556         "aes-128-cbc", 0
4557     }
4558 };
4559 
4560 /*
4561  * Test that the IV in the context is updated during a crypto operation for CFB
4562  * and OFB.
4563  */
test_evp_updated_iv(int idx)4564 static int test_evp_updated_iv(int idx)
4565 {
4566     const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
4567     int outlen1, outlen2;
4568     int testresult = 0;
4569     unsigned char outbuf[1024];
4570     EVP_CIPHER_CTX *ctx = NULL;
4571     EVP_CIPHER *type = NULL;
4572     unsigned char updated_iv[EVP_MAX_IV_LENGTH];
4573     int iv_len;
4574     char *errmsg = NULL;
4575 
4576     if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
4577         errmsg = "CTX_ALLOC";
4578         goto err;
4579     }
4580     if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
4581         TEST_info("cipher %s not supported, skipping", t->cipher);
4582         goto ok;
4583     }
4584 
4585     if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
4586         errmsg = "CIPHER_INIT";
4587         goto err;
4588     }
4589     if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
4590         errmsg = "PADDING";
4591         goto err;
4592     }
4593     if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
4594         errmsg = "CIPHER_UPDATE";
4595         goto err;
4596     }
4597     if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
4598         errmsg = "CIPHER_CTX_GET_UPDATED_IV";
4599         goto err;
4600     }
4601     iv_len = EVP_CIPHER_CTX_get_iv_length(ctx);
4602     if (!TEST_int_ge(iv_len,0)) {
4603         errmsg = "CIPHER_CTX_GET_IV_LEN";
4604         goto err;
4605     }
4606     if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
4607         errmsg = "IV_NOT_UPDATED";
4608         goto err;
4609     }
4610     if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4611         errmsg = "CIPHER_FINAL";
4612         goto err;
4613     }
4614  ok:
4615     testresult = 1;
4616  err:
4617     if (errmsg != NULL)
4618         TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
4619     EVP_CIPHER_CTX_free(ctx);
4620     EVP_CIPHER_free(type);
4621     return testresult;
4622 }
4623 
4624 typedef struct {
4625     const unsigned char *iv1;
4626     const unsigned char *iv2;
4627     const unsigned char *expected1;
4628     const unsigned char *expected2;
4629     const unsigned char *tag1;
4630     const unsigned char *tag2;
4631     size_t ivlen1;
4632     size_t ivlen2;
4633     size_t expectedlen1;
4634     size_t expectedlen2;
4635 } TEST_GCM_IV_REINIT_st;
4636 
4637 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
4638     {
4639         iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
4640         gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
4641         sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
4642     },
4643     {
4644         iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
4645         gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
4646         sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
4647     }
4648 };
4649 
test_gcm_reinit(int idx)4650 static int test_gcm_reinit(int idx)
4651 {
4652     int outlen1, outlen2, outlen3;
4653     int testresult = 0;
4654     unsigned char outbuf[1024];
4655     unsigned char tag[16];
4656     const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
4657     EVP_CIPHER_CTX *ctx = NULL;
4658     EVP_CIPHER *type = NULL;
4659     size_t taglen = sizeof(tag);
4660     char *errmsg = NULL;
4661 
4662     if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
4663         errmsg = "CTX_ALLOC";
4664         goto err;
4665     }
4666     if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
4667         errmsg = "CIPHER_FETCH";
4668         goto err;
4669     }
4670     if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
4671         errmsg = "ENC_INIT";
4672         goto err;
4673     }
4674     if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) {
4675         errmsg = "SET_IVLEN1";
4676         goto err;
4677     }
4678     if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
4679         errmsg = "SET_IV1";
4680         goto err;
4681     }
4682     if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
4683         errmsg = "AAD1";
4684         goto err;
4685     }
4686     EVP_CIPHER_CTX_set_padding(ctx, 0);
4687     if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
4688                                     sizeof(gcmResetPlaintext)))) {
4689         errmsg = "CIPHER_UPDATE1";
4690         goto err;
4691     }
4692     if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4693         errmsg = "CIPHER_FINAL1";
4694         goto err;
4695     }
4696     if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
4697         errmsg = "WRONG_RESULT1";
4698         goto err;
4699     }
4700     if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4701         errmsg = "GET_TAG1";
4702         goto err;
4703     }
4704     if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
4705         errmsg = "TAG_ERROR1";
4706         goto err;
4707     }
4708     /* Now reinit */
4709     if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) {
4710         errmsg = "SET_IVLEN2";
4711         goto err;
4712     }
4713     if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
4714         errmsg = "SET_IV2";
4715         goto err;
4716     }
4717     if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
4718         errmsg = "AAD2";
4719         goto err;
4720     }
4721     if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
4722                                     sizeof(gcmResetPlaintext)))) {
4723         errmsg = "CIPHER_UPDATE2";
4724         goto err;
4725     }
4726     if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4727         errmsg = "CIPHER_FINAL2";
4728         goto err;
4729     }
4730     if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
4731         errmsg = "WRONG_RESULT2";
4732         goto err;
4733     }
4734     if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4735         errmsg = "GET_TAG2";
4736         goto err;
4737     }
4738     if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
4739         errmsg = "TAG_ERROR2";
4740         goto err;
4741     }
4742     testresult = 1;
4743  err:
4744     if (errmsg != NULL)
4745         TEST_info("evp_init_test %d: %s", idx, errmsg);
4746     EVP_CIPHER_CTX_free(ctx);
4747     EVP_CIPHER_free(type);
4748     return testresult;
4749 }
4750 
4751 static const char *ivlen_change_ciphers[] = {
4752     "AES-256-GCM",
4753 #ifndef OPENSSL_NO_OCB
4754     "AES-256-OCB",
4755 #endif
4756     "AES-256-CCM"
4757 };
4758 
4759 /* Negative test for ivlen change after iv being set */
test_ivlen_change(int idx)4760 static int test_ivlen_change(int idx)
4761 {
4762     int outlen;
4763     int res = 0;
4764     unsigned char outbuf[1024];
4765     static const unsigned char iv[] = {
4766          0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
4767          0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
4768     };
4769     EVP_CIPHER_CTX *ctx = NULL;
4770     EVP_CIPHER *ciph = NULL;
4771     OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
4772     size_t ivlen = 13; /* non-default IV length */
4773 
4774     if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
4775         goto err;
4776 
4777     if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, ivlen_change_ciphers[idx],
4778                                           testpropq)))
4779         goto err;
4780 
4781     if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, kGCMDefaultKey, iv, 1)))
4782         goto err;
4783 
4784     if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4785                                     sizeof(gcmDefaultPlaintext))))
4786         goto err;
4787 
4788     params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
4789                                             &ivlen);
4790     if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)))
4791         goto err;
4792 
4793     ERR_set_mark();
4794     if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4795                                     sizeof(gcmDefaultPlaintext)))) {
4796         ERR_clear_last_mark();
4797         goto err;
4798     }
4799     ERR_pop_to_mark();
4800 
4801     res = 1;
4802  err:
4803     EVP_CIPHER_CTX_free(ctx);
4804     EVP_CIPHER_free(ciph);
4805     return res;
4806 }
4807 
4808 static const char *keylen_change_ciphers[] = {
4809 #ifndef OPENSSL_NO_BF
4810     "BF-ECB",
4811 #endif
4812 #ifndef OPENSSL_NO_CAST
4813     "CAST5-ECB",
4814 #endif
4815 #ifndef OPENSSL_NO_RC2
4816     "RC2-ECB",
4817 #endif
4818 #ifndef OPENSSL_NO_RC4
4819     "RC4",
4820 #endif
4821 #ifndef OPENSSL_NO_RC5
4822     "RC5-ECB",
4823 #endif
4824     NULL
4825 };
4826 
4827 /* Negative test for keylen change after key was set */
test_keylen_change(int idx)4828 static int test_keylen_change(int idx)
4829 {
4830     int outlen;
4831     int res = 0;
4832     unsigned char outbuf[1024];
4833     static const unsigned char key[] = {
4834          0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
4835          0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
4836     };
4837     EVP_CIPHER_CTX *ctx = NULL;
4838     EVP_CIPHER *ciph = NULL;
4839     OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
4840     size_t keylen = 12; /* non-default key length */
4841 
4842     if (lgcyprov == NULL)
4843         return TEST_skip("Test requires legacy provider to be loaded");
4844 
4845     if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
4846         goto err;
4847 
4848     if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, keylen_change_ciphers[idx],
4849                                           testpropq)))
4850         goto err;
4851 
4852     if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, key, NULL, 1)))
4853         goto err;
4854 
4855     if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4856                                     sizeof(gcmDefaultPlaintext))))
4857         goto err;
4858 
4859     params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
4860                                             &keylen);
4861     if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)))
4862         goto err;
4863 
4864     ERR_set_mark();
4865     if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4866                                     sizeof(gcmDefaultPlaintext)))) {
4867         ERR_clear_last_mark();
4868         goto err;
4869     }
4870     ERR_pop_to_mark();
4871 
4872     res = 1;
4873  err:
4874     EVP_CIPHER_CTX_free(ctx);
4875     EVP_CIPHER_free(ciph);
4876     return res;
4877 }
4878 
4879 #ifndef OPENSSL_NO_DEPRECATED_3_0
4880 static EVP_PKEY_METHOD *custom_pmeth =  NULL;
4881 static const EVP_PKEY_METHOD *orig_pmeth = NULL;
4882 
4883 # define EVP_PKEY_CTRL_MY_COMMAND 9999
4884 
custom_pmeth_init(EVP_PKEY_CTX * ctx)4885 static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
4886 {
4887     int (*pinit)(EVP_PKEY_CTX *ctx);
4888 
4889     EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
4890     return pinit(ctx);
4891 }
4892 
custom_pmeth_cleanup(EVP_PKEY_CTX * ctx)4893 static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
4894 {
4895     void (*pcleanup)(EVP_PKEY_CTX *ctx);
4896 
4897     EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
4898     pcleanup(ctx);
4899 }
4900 
custom_pmeth_sign(EVP_PKEY_CTX * ctx,unsigned char * out,size_t * outlen,const unsigned char * in,size_t inlen)4901 static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
4902                              size_t *outlen, const unsigned char *in,
4903                              size_t inlen)
4904 {
4905     int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
4906                  const unsigned char *tbs, size_t tbslen);
4907 
4908     EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
4909     return psign(ctx, out, outlen, in, inlen);
4910 }
4911 
custom_pmeth_digestsign(EVP_MD_CTX * ctx,unsigned char * sig,size_t * siglen,const unsigned char * tbs,size_t tbslen)4912 static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
4913                                    size_t *siglen, const unsigned char *tbs,
4914                                    size_t tbslen)
4915 {
4916     int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
4917                        const unsigned char *tbs, size_t tbslen);
4918 
4919     EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
4920     return pdigestsign(ctx, sig, siglen, tbs, tbslen);
4921 }
4922 
custom_pmeth_derive(EVP_PKEY_CTX * ctx,unsigned char * key,size_t * keylen)4923 static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
4924                                size_t *keylen)
4925 {
4926     int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
4927 
4928     EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
4929     return pderive(ctx, key, keylen);
4930 }
4931 
custom_pmeth_copy(EVP_PKEY_CTX * dst,const EVP_PKEY_CTX * src)4932 static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
4933 {
4934     int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
4935 
4936     EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
4937     return pcopy(dst, src);
4938 }
4939 
4940 static int ctrl_called;
4941 
custom_pmeth_ctrl(EVP_PKEY_CTX * ctx,int type,int p1,void * p2)4942 static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
4943 {
4944     int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
4945 
4946     EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
4947 
4948     if (type == EVP_PKEY_CTRL_MY_COMMAND) {
4949         ctrl_called = 1;
4950         return 1;
4951     }
4952 
4953     return pctrl(ctx, type, p1, p2);
4954 }
4955 
test_custom_pmeth(int idx)4956 static int test_custom_pmeth(int idx)
4957 {
4958     EVP_PKEY_CTX *pctx = NULL;
4959     EVP_MD_CTX *ctx = NULL;
4960     EVP_PKEY *pkey = NULL;
4961     int id, orig_id, orig_flags;
4962     int testresult = 0;
4963     size_t reslen;
4964     unsigned char *res = NULL;
4965     unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
4966     const EVP_MD *md = EVP_sha256();
4967     int doderive = 0;
4968 
4969     ctrl_called = 0;
4970 
4971     /* We call deprecated APIs so this test doesn't support a custom libctx */
4972     if (testctx != NULL)
4973         return 1;
4974 
4975     switch (idx) {
4976     case 0:
4977     case 6:
4978         id = EVP_PKEY_RSA;
4979         pkey = load_example_rsa_key();
4980         break;
4981     case 1:
4982     case 7:
4983 # ifndef OPENSSL_NO_DSA
4984         id = EVP_PKEY_DSA;
4985         pkey = load_example_dsa_key();
4986         break;
4987 # else
4988         return 1;
4989 # endif
4990     case 2:
4991     case 8:
4992 # ifndef OPENSSL_NO_EC
4993         id = EVP_PKEY_EC;
4994         pkey = load_example_ec_key();
4995         break;
4996 # else
4997         return 1;
4998 # endif
4999     case 3:
5000     case 9:
5001 # ifndef OPENSSL_NO_ECX
5002         id = EVP_PKEY_ED25519;
5003         md = NULL;
5004         pkey = load_example_ed25519_key();
5005         break;
5006 # else
5007         return 1;
5008 # endif
5009     case 4:
5010     case 10:
5011 # ifndef OPENSSL_NO_DH
5012         id = EVP_PKEY_DH;
5013         doderive = 1;
5014         pkey = load_example_dh_key();
5015         break;
5016 # else
5017         return 1;
5018 # endif
5019     case 5:
5020     case 11:
5021 # ifndef OPENSSL_NO_ECX
5022         id = EVP_PKEY_X25519;
5023         doderive = 1;
5024         pkey = load_example_x25519_key();
5025         break;
5026 # else
5027         return 1;
5028 # endif
5029     default:
5030         TEST_error("Should not happen");
5031         goto err;
5032     }
5033 
5034     if (!TEST_ptr(pkey))
5035         goto err;
5036 
5037     if (idx < 6) {
5038         if (!TEST_true(evp_pkey_is_provided(pkey)))
5039             goto err;
5040     } else {
5041         EVP_PKEY *tmp = pkey;
5042 
5043         /* Convert to a legacy key */
5044         pkey = EVP_PKEY_new();
5045         if (!TEST_ptr(pkey)) {
5046             pkey = tmp;
5047             goto err;
5048         }
5049         if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
5050             EVP_PKEY_free(tmp);
5051             goto err;
5052         }
5053         EVP_PKEY_free(tmp);
5054         if (!TEST_true(evp_pkey_is_legacy(pkey)))
5055             goto err;
5056     }
5057 
5058     if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
5059             || !TEST_ptr(pkey))
5060         goto err;
5061 
5062     EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
5063     if (!TEST_int_eq(orig_id, id)
5064             || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
5065         goto err;
5066 
5067     if (id == EVP_PKEY_ED25519) {
5068         EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
5069     } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
5070         EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
5071     } else {
5072         EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
5073     }
5074     if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
5075         EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
5076         EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
5077         EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
5078     }
5079     EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
5080     if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
5081         goto err;
5082 
5083     if (doderive) {
5084         pctx = EVP_PKEY_CTX_new(pkey, NULL);
5085         if (!TEST_ptr(pctx)
5086                 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
5087                 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
5088                                                 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
5089                                 1)
5090                 || !TEST_int_eq(ctrl_called, 1)
5091                 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
5092                 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
5093                 || !TEST_ptr(res = OPENSSL_malloc(reslen))
5094                 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
5095             goto err;
5096     } else {
5097         ctx = EVP_MD_CTX_new();
5098         reslen = EVP_PKEY_size(pkey);
5099         res = OPENSSL_malloc(reslen);
5100         if (!TEST_ptr(ctx)
5101                 || !TEST_ptr(res)
5102                 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
5103                 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
5104                                                 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
5105                                 1)
5106                 || !TEST_int_eq(ctrl_called, 1))
5107             goto err;
5108 
5109         if (id == EVP_PKEY_ED25519) {
5110             if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
5111                 goto err;
5112         } else {
5113             if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
5114                     || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
5115                 goto err;
5116         }
5117     }
5118 
5119     testresult = 1;
5120  err:
5121     OPENSSL_free(res);
5122     EVP_MD_CTX_free(ctx);
5123     if (doderive)
5124         EVP_PKEY_CTX_free(pctx);
5125     EVP_PKEY_free(pkey);
5126     EVP_PKEY_meth_remove(custom_pmeth);
5127     EVP_PKEY_meth_free(custom_pmeth);
5128     custom_pmeth = NULL;
5129     return testresult;
5130 }
5131 
test_evp_md_cipher_meth(void)5132 static int test_evp_md_cipher_meth(void)
5133 {
5134     EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
5135     EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
5136     int testresult = 0;
5137 
5138     if (!TEST_ptr(md) || !TEST_ptr(ciph))
5139         goto err;
5140 
5141     testresult = 1;
5142 
5143  err:
5144     EVP_MD_meth_free(md);
5145     EVP_CIPHER_meth_free(ciph);
5146 
5147     return testresult;
5148 }
5149 
5150 typedef struct {
5151         int data;
5152 } custom_dgst_ctx;
5153 
5154 static int custom_md_init_called = 0;
5155 static int custom_md_cleanup_called = 0;
5156 
custom_md_init(EVP_MD_CTX * ctx)5157 static int custom_md_init(EVP_MD_CTX *ctx)
5158 {
5159     custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
5160 
5161     if (p == NULL)
5162         return 0;
5163 
5164     custom_md_init_called++;
5165     return 1;
5166 }
5167 
custom_md_cleanup(EVP_MD_CTX * ctx)5168 static int custom_md_cleanup(EVP_MD_CTX *ctx)
5169 {
5170     custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
5171 
5172     if (p == NULL)
5173         /* Nothing to do */
5174         return 1;
5175 
5176     custom_md_cleanup_called++;
5177     return 1;
5178 }
5179 
test_custom_md_meth(void)5180 static int test_custom_md_meth(void)
5181 {
5182     ASN1_OBJECT *o = NULL;
5183     EVP_MD_CTX *mdctx = NULL;
5184     EVP_MD *tmp = NULL;
5185     char mess[] = "Test Message\n";
5186     unsigned char md_value[EVP_MAX_MD_SIZE];
5187     unsigned int md_len;
5188     int testresult = 0;
5189     int nid;
5190 
5191     /*
5192      * We are testing deprecated functions. We don't support a non-default
5193      * library context in this test.
5194      */
5195     if (testctx != NULL)
5196         return TEST_skip("Non-default libctx");
5197 
5198     custom_md_init_called = custom_md_cleanup_called = 0;
5199 
5200     nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
5201     if (!TEST_int_ne(nid, NID_undef))
5202         goto err;
5203     tmp = EVP_MD_meth_new(nid, NID_undef);
5204     if (!TEST_ptr(tmp))
5205         goto err;
5206 
5207     if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init))
5208             || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup))
5209             || !TEST_true(EVP_MD_meth_set_app_datasize(tmp,
5210                                                        sizeof(custom_dgst_ctx))))
5211         goto err;
5212 
5213     mdctx = EVP_MD_CTX_new();
5214     if (!TEST_ptr(mdctx)
5215                /*
5216                 * Initing our custom md and then initing another md should
5217                 * result in the init and cleanup functions of the custom md
5218                 * being called.
5219                 */
5220             || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL))
5221             || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
5222             || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess)))
5223             || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len))
5224             || !TEST_int_eq(custom_md_init_called, 1)
5225             || !TEST_int_eq(custom_md_cleanup_called, 1))
5226         goto err;
5227 
5228     if (!TEST_int_eq(OBJ_create("1.3.6.1.4.1.16604.998866.1",
5229                                 "custom-md", "custom-md"), NID_undef)
5230             || !TEST_int_eq(ERR_GET_LIB(ERR_peek_error()), ERR_LIB_OBJ)
5231             || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), OBJ_R_OID_EXISTS))
5232         goto err;
5233 
5234     o = ASN1_OBJECT_create(nid, (unsigned char *)
5235                                 "\53\6\1\4\1\201\201\134\274\373\122\1", 12,
5236                                 "custom-md", "custom-md");
5237     if (!TEST_int_eq(OBJ_add_object(o), nid))
5238         goto err;
5239 
5240     testresult = 1;
5241  err:
5242     ASN1_OBJECT_free(o);
5243     EVP_MD_CTX_free(mdctx);
5244     EVP_MD_meth_free(tmp);
5245     return testresult;
5246 }
5247 
5248 typedef struct {
5249         int data;
5250 } custom_ciph_ctx;
5251 
5252 static int custom_ciph_init_called = 0;
5253 static int custom_ciph_cleanup_called = 0;
5254 
custom_ciph_init(EVP_CIPHER_CTX * ctx,const unsigned char * key,const unsigned char * iv,int enc)5255 static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
5256                             const unsigned char *iv, int enc)
5257 {
5258     custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
5259 
5260     if (p == NULL)
5261         return 0;
5262 
5263     custom_ciph_init_called++;
5264     return 1;
5265 }
5266 
custom_ciph_cleanup(EVP_CIPHER_CTX * ctx)5267 static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx)
5268 {
5269     custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
5270 
5271     if (p == NULL)
5272         /* Nothing to do */
5273         return 1;
5274 
5275     custom_ciph_cleanup_called++;
5276     return 1;
5277 }
5278 
test_custom_ciph_meth(void)5279 static int test_custom_ciph_meth(void)
5280 {
5281     EVP_CIPHER_CTX *ciphctx = NULL;
5282     EVP_CIPHER *tmp = NULL;
5283     int testresult = 0;
5284     int nid;
5285 
5286     /*
5287      * We are testing deprecated functions. We don't support a non-default
5288      * library context in this test.
5289      */
5290     if (testctx != NULL)
5291         return TEST_skip("Non-default libctx");
5292 
5293     custom_ciph_init_called = custom_ciph_cleanup_called = 0;
5294 
5295     nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph");
5296     if (!TEST_int_ne(nid, NID_undef))
5297         goto err;
5298     tmp = EVP_CIPHER_meth_new(nid, 16, 16);
5299     if (!TEST_ptr(tmp))
5300         goto err;
5301 
5302     if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init))
5303             || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT))
5304             || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup))
5305             || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp,
5306                                                             sizeof(custom_ciph_ctx))))
5307         goto err;
5308 
5309     ciphctx = EVP_CIPHER_CTX_new();
5310     if (!TEST_ptr(ciphctx)
5311             /*
5312              * Initing our custom cipher and then initing another cipher
5313              * should result in the init and cleanup functions of the custom
5314              * cipher being called.
5315              */
5316             || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1))
5317             || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL,
5318                                             NULL, NULL, 1))
5319             || !TEST_int_eq(custom_ciph_init_called, 1)
5320             || !TEST_int_eq(custom_ciph_cleanup_called, 1))
5321         goto err;
5322 
5323     testresult = 1;
5324  err:
5325     EVP_CIPHER_CTX_free(ciphctx);
5326     EVP_CIPHER_meth_free(tmp);
5327     return testresult;
5328 }
5329 
5330 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
5331 /* Test we can create a signature keys with an associated ENGINE */
test_signatures_with_engine(int tst)5332 static int test_signatures_with_engine(int tst)
5333 {
5334     ENGINE *e;
5335     const char *engine_id = "dasync";
5336     EVP_PKEY *pkey = NULL;
5337     const unsigned char badcmackey[] = { 0x00, 0x01 };
5338     const unsigned char cmackey[] = {
5339         0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
5340         0x0c, 0x0d, 0x0e, 0x0f
5341     };
5342     const unsigned char ed25519key[] = {
5343         0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
5344         0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
5345         0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
5346     };
5347     const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
5348     int testresult = 0;
5349     EVP_MD_CTX *ctx = NULL;
5350     unsigned char *mac = NULL;
5351     size_t maclen = 0;
5352     int ret;
5353 
5354 #  ifdef OPENSSL_NO_CMAC
5355     /* Skip CMAC tests in a no-cmac build */
5356     if (tst <= 1)
5357         return 1;
5358 #  endif
5359 #  ifdef OPENSSL_NO_ECX
5360     /* Skip ECX tests in a no-ecx build */
5361     if (tst == 2)
5362         return 1;
5363 #  endif
5364 
5365     if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
5366         return 0;
5367 
5368     if (!TEST_true(ENGINE_init(e))) {
5369         ENGINE_free(e);
5370         return 0;
5371     }
5372 
5373     switch (tst) {
5374     case 0:
5375         pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
5376                                      EVP_aes_128_cbc());
5377         break;
5378     case 1:
5379         pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
5380                                      EVP_aes_128_cbc());
5381         break;
5382     case 2:
5383         pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
5384                                             sizeof(ed25519key));
5385         break;
5386     default:
5387         TEST_error("Invalid test case");
5388         goto err;
5389     }
5390     if (!TEST_ptr(pkey))
5391         goto err;
5392 
5393     if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
5394         goto err;
5395 
5396     ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
5397                              pkey);
5398     if (tst == 0) {
5399         if (!TEST_true(ret))
5400             goto err;
5401 
5402         if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
5403                 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
5404             goto err;
5405 
5406         if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
5407             goto err;
5408 
5409         if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
5410             goto err;
5411     } else {
5412         /* We used a bad key. We expect a failure here */
5413         if (!TEST_false(ret))
5414             goto err;
5415     }
5416 
5417     testresult = 1;
5418  err:
5419     EVP_MD_CTX_free(ctx);
5420     OPENSSL_free(mac);
5421     EVP_PKEY_free(pkey);
5422     ENGINE_finish(e);
5423     ENGINE_free(e);
5424 
5425     return testresult;
5426 }
5427 
test_cipher_with_engine(void)5428 static int test_cipher_with_engine(void)
5429 {
5430     ENGINE *e;
5431     const char *engine_id = "dasync";
5432     const unsigned char keyiv[] = {
5433         0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
5434         0x0c, 0x0d, 0x0e, 0x0f
5435     };
5436     const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
5437     int testresult = 0;
5438     EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
5439     unsigned char buf[AES_BLOCK_SIZE];
5440     int len = 0;
5441 
5442     if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
5443         return 0;
5444 
5445     if (!TEST_true(ENGINE_init(e))) {
5446         ENGINE_free(e);
5447         return 0;
5448     }
5449 
5450     if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
5451             || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
5452         goto err;
5453 
5454     if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
5455         goto err;
5456 
5457     /* Copy the ctx, and complete the operation with the new ctx */
5458     if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
5459         goto err;
5460 
5461     if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
5462             || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
5463         goto err;
5464 
5465     testresult = 1;
5466  err:
5467     EVP_CIPHER_CTX_free(ctx);
5468     EVP_CIPHER_CTX_free(ctx2);
5469     ENGINE_finish(e);
5470     ENGINE_free(e);
5471 
5472     return testresult;
5473 }
5474 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
5475 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
5476 
5477 #ifndef OPENSSL_NO_ECX
5478 static int ecxnids[] = {
5479     NID_X25519,
5480     NID_X448,
5481     NID_ED25519,
5482     NID_ED448
5483 };
5484 
5485 /* Test that creating ECX keys with a short private key fails as expected */
test_ecx_short_keys(int tst)5486 static int test_ecx_short_keys(int tst)
5487 {
5488     unsigned char ecxkeydata = 1;
5489     EVP_PKEY *pkey;
5490 
5491 
5492     pkey = EVP_PKEY_new_raw_private_key_ex(testctx, OBJ_nid2sn(ecxnids[tst]),
5493                                            NULL, &ecxkeydata, 1);
5494     if (!TEST_ptr_null(pkey)) {
5495         EVP_PKEY_free(pkey);
5496         return 0;
5497     }
5498 
5499     return 1;
5500 }
5501 #endif
5502 
5503 typedef enum OPTION_choice {
5504     OPT_ERR = -1,
5505     OPT_EOF = 0,
5506     OPT_CONTEXT,
5507     OPT_CONFIG_FILE,
5508     OPT_TEST_ENUM
5509 } OPTION_CHOICE;
5510 
test_get_options(void)5511 const OPTIONS *test_get_options(void)
5512 {
5513     static const OPTIONS options[] = {
5514         OPT_TEST_OPTIONS_DEFAULT_USAGE,
5515         { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
5516         { "config", OPT_CONFIG_FILE, '<',
5517           "The configuration file to use for the libctx" },
5518         { NULL }
5519     };
5520     return options;
5521 }
5522 
5523 #ifndef OPENSSL_NO_ECX
5524 /* Test that trying to sign with a public key errors out gracefully */
test_ecx_not_private_key(int tst)5525 static int test_ecx_not_private_key(int tst)
5526 {
5527     EVP_PKEY *pkey = NULL;
5528 
5529     const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
5530     int testresult = 0;
5531     EVP_MD_CTX *ctx = NULL;
5532     unsigned char *mac = NULL;
5533     size_t maclen = 0;
5534     unsigned char *pubkey;
5535     size_t pubkeylen;
5536 
5537     switch (keys[tst].type) {
5538     case NID_X25519:
5539     case NID_X448:
5540         return TEST_skip("signing not supported for X25519/X448");
5541     }
5542 
5543     /* Check if this algorithm supports public keys */
5544     if (keys[tst].pub == NULL)
5545         return TEST_skip("no public key present");
5546 
5547     pubkey = (unsigned char *)keys[tst].pub;
5548     pubkeylen = strlen(keys[tst].pub);
5549 
5550     pkey = EVP_PKEY_new_raw_public_key_ex(testctx, OBJ_nid2sn(keys[tst].type),
5551                                           NULL, pubkey, pubkeylen);
5552     if (!TEST_ptr(pkey))
5553         goto err;
5554 
5555     if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
5556         goto err;
5557 
5558     if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey) != 1)
5559         goto check_err;
5560 
5561     if (EVP_DigestSign(ctx, NULL, &maclen, msg, sizeof(msg)) != 1)
5562         goto check_err;
5563 
5564     if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
5565         goto err;
5566 
5567     if (!TEST_int_eq(EVP_DigestSign(ctx, mac, &maclen, msg, sizeof(msg)), 0))
5568         goto err;
5569 
5570  check_err:
5571     /*
5572      * Currently only EVP_DigestSign will throw PROV_R_NOT_A_PRIVATE_KEY,
5573      * but we relax the check to allow error also thrown by
5574      * EVP_DigestSignInit and EVP_DigestSign.
5575      */
5576     if (ERR_GET_REASON(ERR_peek_error()) == PROV_R_NOT_A_PRIVATE_KEY) {
5577         testresult = 1;
5578         ERR_clear_error();
5579     }
5580 
5581  err:
5582     EVP_MD_CTX_free(ctx);
5583     OPENSSL_free(mac);
5584     EVP_PKEY_free(pkey);
5585 
5586     return testresult;
5587 }
5588 #endif /* OPENSSL_NO_ECX */
5589 
test_sign_continuation(void)5590 static int test_sign_continuation(void)
5591 {
5592     OSSL_PROVIDER *fake_rsa = NULL;
5593     int testresult = 0;
5594     EVP_PKEY *pkey = NULL;
5595     EVP_PKEY_CTX *pctx = NULL;
5596     EVP_MD_CTX *mctx = NULL;
5597     const char sigbuf[] = "To Be Signed";
5598     unsigned char signature[256];
5599     size_t siglen = 256;
5600     static int nodupnum = 1;
5601     static const OSSL_PARAM nodup_params[] = {
5602         OSSL_PARAM_int("NO_DUP", &nodupnum),
5603         OSSL_PARAM_END
5604     };
5605 
5606     if (!TEST_ptr(fake_rsa = fake_rsa_start(testctx)))
5607         return 0;
5608 
5609     /* Construct a pkey using precise propq to use our provider */
5610     if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA",
5611                                                     "provider=fake-rsa"))
5612         || !TEST_true(EVP_PKEY_fromdata_init(pctx))
5613         || !TEST_true(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, NULL))
5614         || !TEST_ptr(pkey))
5615         goto end;
5616 
5617     /* First test it continues (classic behavior) */
5618     if (!TEST_ptr(mctx = EVP_MD_CTX_new())
5619         || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx,
5620                                             NULL, pkey, NULL))
5621         || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
5622         || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen))
5623         || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
5624         || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen)))
5625         goto end;
5626 
5627     EVP_MD_CTX_free(mctx);
5628 
5629     /* try again but failing the continuation */
5630     if (!TEST_ptr(mctx = EVP_MD_CTX_new())
5631         || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx,
5632                                             NULL, pkey, nodup_params))
5633         || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
5634         || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen))
5635         || !TEST_false(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
5636         || !TEST_false(EVP_DigestSignFinal(mctx, signature, &siglen)))
5637         goto end;
5638 
5639     testresult = 1;
5640 
5641 end:
5642     EVP_MD_CTX_free(mctx);
5643     EVP_PKEY_free(pkey);
5644     EVP_PKEY_CTX_free(pctx);
5645     fake_rsa_finish(fake_rsa);
5646     return testresult;
5647 }
5648 
aes_gcm_encrypt(const unsigned char * gcm_key,size_t gcm_key_s,const unsigned char * gcm_iv,size_t gcm_ivlen,const unsigned char * gcm_pt,size_t gcm_pt_s,const unsigned char * gcm_aad,size_t gcm_aad_s,const unsigned char * gcm_ct,size_t gcm_ct_s,const unsigned char * gcm_tag,size_t gcm_tag_s)5649 static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s,
5650                            const unsigned char *gcm_iv, size_t gcm_ivlen,
5651                            const unsigned char *gcm_pt, size_t gcm_pt_s,
5652                            const unsigned char *gcm_aad, size_t gcm_aad_s,
5653                            const unsigned char *gcm_ct, size_t gcm_ct_s,
5654                            const unsigned char *gcm_tag, size_t gcm_tag_s)
5655 {
5656     int ret = 0;
5657     EVP_CIPHER_CTX *ctx;
5658     EVP_CIPHER *cipher = NULL;
5659     int outlen, tmplen;
5660     unsigned char outbuf[1024];
5661     unsigned char outtag[16];
5662     OSSL_PARAM params[2] = {
5663         OSSL_PARAM_END, OSSL_PARAM_END
5664     };
5665 
5666     if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
5667             || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")))
5668         goto err;
5669 
5670     params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
5671                                             &gcm_ivlen);
5672 
5673     if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
5674             || (gcm_aad != NULL
5675                 && !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen,
5676                                                 gcm_aad, gcm_aad_s)))
5677             || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen,
5678                                             gcm_pt, gcm_pt_s))
5679             || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)))
5680         goto err;
5681 
5682     params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
5683                                                   outtag, sizeof(outtag));
5684 
5685     if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params))
5686             || !TEST_mem_eq(outbuf, outlen, gcm_ct, gcm_ct_s)
5687             || !TEST_mem_eq(outtag, gcm_tag_s, gcm_tag, gcm_tag_s))
5688         goto err;
5689 
5690     ret = 1;
5691 err:
5692     EVP_CIPHER_free(cipher);
5693     EVP_CIPHER_CTX_free(ctx);
5694 
5695     return ret;
5696 }
5697 
aes_gcm_decrypt(const unsigned char * gcm_key,size_t gcm_key_s,const unsigned char * gcm_iv,size_t gcm_ivlen,const unsigned char * gcm_pt,size_t gcm_pt_s,const unsigned char * gcm_aad,size_t gcm_aad_s,const unsigned char * gcm_ct,size_t gcm_ct_s,const unsigned char * gcm_tag,size_t gcm_tag_s)5698 static int aes_gcm_decrypt(const unsigned char *gcm_key, size_t gcm_key_s,
5699                            const unsigned char *gcm_iv, size_t gcm_ivlen,
5700                            const unsigned char *gcm_pt, size_t gcm_pt_s,
5701                            const unsigned char *gcm_aad, size_t gcm_aad_s,
5702                            const unsigned char *gcm_ct, size_t gcm_ct_s,
5703                            const unsigned char *gcm_tag, size_t gcm_tag_s)
5704 {
5705     int ret = 0;
5706     EVP_CIPHER_CTX *ctx;
5707     EVP_CIPHER *cipher = NULL;
5708     int outlen;
5709     unsigned char outbuf[1024];
5710     OSSL_PARAM params[2] = {
5711         OSSL_PARAM_END, OSSL_PARAM_END
5712     };
5713 
5714     if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
5715         goto err;
5716 
5717     if ((cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")) == NULL)
5718         goto err;
5719 
5720     params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
5721                                             &gcm_ivlen);
5722 
5723     if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
5724             || (gcm_aad != NULL
5725                 && !TEST_true(EVP_DecryptUpdate(ctx, NULL, &outlen,
5726                                                 gcm_aad, gcm_aad_s)))
5727             || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen,
5728                                             gcm_ct, gcm_ct_s))
5729             || !TEST_mem_eq(outbuf, outlen, gcm_pt, gcm_pt_s))
5730         goto err;
5731 
5732     params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
5733                                                   (void*)gcm_tag, gcm_tag_s);
5734 
5735     if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))
5736             ||!TEST_true(EVP_DecryptFinal_ex(ctx, outbuf, &outlen)))
5737         goto err;
5738 
5739     ret = 1;
5740 err:
5741     EVP_CIPHER_free(cipher);
5742     EVP_CIPHER_CTX_free(ctx);
5743 
5744     return ret;
5745 }
5746 
test_aes_gcm_ivlen_change_cve_2023_5363(void)5747 static int test_aes_gcm_ivlen_change_cve_2023_5363(void)
5748 {
5749     /* AES-GCM test data obtained from NIST public test vectors */
5750     static const unsigned char gcm_key[] = {
5751         0xd0, 0xc2, 0x67, 0xc1, 0x9f, 0x30, 0xd8, 0x0b, 0x89, 0x14, 0xbb, 0xbf,
5752         0xb7, 0x2f, 0x73, 0xb8, 0xd3, 0xcd, 0x5f, 0x6a, 0x78, 0x70, 0x15, 0x84,
5753         0x8a, 0x7b, 0x30, 0xe3, 0x8f, 0x16, 0xf1, 0x8b,
5754     };
5755     static const unsigned char gcm_iv[] = {
5756         0xb6, 0xdc, 0xda, 0x95, 0xac, 0x99, 0x77, 0x76, 0x25, 0xae, 0x87, 0xf8,
5757         0xa3, 0xa9, 0xdd, 0x64, 0xd7, 0x9b, 0xbd, 0x5f, 0x4a, 0x0e, 0x54, 0xca,
5758         0x1a, 0x9f, 0xa2, 0xe3, 0xf4, 0x5f, 0x5f, 0xc2, 0xce, 0xa7, 0xb6, 0x14,
5759         0x12, 0x6f, 0xf0, 0xaf, 0xfd, 0x3e, 0x17, 0x35, 0x6e, 0xa0, 0x16, 0x09,
5760         0xdd, 0xa1, 0x3f, 0xd8, 0xdd, 0xf3, 0xdf, 0x4f, 0xcb, 0x18, 0x49, 0xb8,
5761         0xb3, 0x69, 0x2c, 0x5d, 0x4f, 0xad, 0x30, 0x91, 0x08, 0xbc, 0xbe, 0x24,
5762         0x01, 0x0f, 0xbe, 0x9c, 0xfb, 0x4f, 0x5d, 0x19, 0x7f, 0x4c, 0x53, 0xb0,
5763         0x95, 0x90, 0xac, 0x7b, 0x1f, 0x7b, 0xa0, 0x99, 0xe1, 0xf3, 0x48, 0x54,
5764         0xd0, 0xfc, 0xa9, 0xcc, 0x91, 0xf8, 0x1f, 0x9b, 0x6c, 0x9a, 0xe0, 0xdc,
5765         0x63, 0xea, 0x7d, 0x2a, 0x4a, 0x7d, 0xa5, 0xed, 0x68, 0x57, 0x27, 0x6b,
5766         0x68, 0xe0, 0xf2, 0xb8, 0x51, 0x50, 0x8d, 0x3d,
5767     };
5768     static const unsigned char gcm_pt[] = {
5769         0xb8, 0xb6, 0x88, 0x36, 0x44, 0xe2, 0x34, 0xdf, 0x24, 0x32, 0x91, 0x07,
5770         0x4f, 0xe3, 0x6f, 0x81,
5771     };
5772     static const unsigned char gcm_ct[] = {
5773         0xff, 0x4f, 0xb3, 0xf3, 0xf9, 0xa2, 0x51, 0xd4, 0x82, 0xc2, 0xbe, 0xf3,
5774         0xe2, 0xd0, 0xec, 0xed,
5775     };
5776     static const unsigned char gcm_tag[] = {
5777         0xbd, 0x06, 0x38, 0x09, 0xf7, 0xe1, 0xc4, 0x72, 0x0e, 0xf2, 0xea, 0x63,
5778         0xdb, 0x99, 0x6c, 0x21,
5779     };
5780 
5781     return aes_gcm_encrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv),
5782                            gcm_pt, sizeof(gcm_pt), NULL, 0,
5783                            gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag))
5784         && aes_gcm_decrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv),
5785                            gcm_pt, sizeof(gcm_pt), NULL, 0,
5786                            gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag));
5787 }
5788 
5789 #ifndef OPENSSL_NO_RC4
rc4_encrypt(const unsigned char * rc4_key,size_t rc4_key_s,const unsigned char * rc4_pt,size_t rc4_pt_s,const unsigned char * rc4_ct,size_t rc4_ct_s)5790 static int rc4_encrypt(const unsigned char *rc4_key, size_t rc4_key_s,
5791                        const unsigned char *rc4_pt, size_t rc4_pt_s,
5792                        const unsigned char *rc4_ct, size_t rc4_ct_s)
5793 {
5794     int ret = 0;
5795     EVP_CIPHER_CTX *ctx;
5796     EVP_CIPHER *cipher = NULL;
5797     int outlen, tmplen;
5798     unsigned char outbuf[1024];
5799     OSSL_PARAM params[2] = {
5800         OSSL_PARAM_END, OSSL_PARAM_END
5801     };
5802 
5803     if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
5804             || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "RC4", "")))
5805         goto err;
5806 
5807     params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
5808                                             &rc4_key_s);
5809 
5810     if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, rc4_key, NULL, params))
5811             || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen,
5812                                             rc4_pt, rc4_pt_s))
5813             || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)))
5814         goto err;
5815 
5816     if (!TEST_mem_eq(outbuf, outlen, rc4_ct, rc4_ct_s))
5817         goto err;
5818 
5819     ret = 1;
5820 err:
5821     EVP_CIPHER_free(cipher);
5822     EVP_CIPHER_CTX_free(ctx);
5823 
5824     return ret;
5825 }
5826 
rc4_decrypt(const unsigned char * rc4_key,size_t rc4_key_s,const unsigned char * rc4_pt,size_t rc4_pt_s,const unsigned char * rc4_ct,size_t rc4_ct_s)5827 static int rc4_decrypt(const unsigned char *rc4_key, size_t rc4_key_s,
5828                        const unsigned char *rc4_pt, size_t rc4_pt_s,
5829                        const unsigned char *rc4_ct, size_t rc4_ct_s)
5830 {
5831     int ret = 0;
5832     EVP_CIPHER_CTX *ctx;
5833     EVP_CIPHER *cipher = NULL;
5834     int outlen;
5835     unsigned char outbuf[1024];
5836     OSSL_PARAM params[2] = {
5837         OSSL_PARAM_END, OSSL_PARAM_END
5838     };
5839 
5840     if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
5841         goto err;
5842 
5843     if ((cipher = EVP_CIPHER_fetch(testctx, "RC4", "")) == NULL)
5844         goto err;
5845 
5846     params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
5847                                             &rc4_key_s);
5848 
5849     if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, rc4_key, NULL, params))
5850             || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen,
5851                                             rc4_ct, rc4_ct_s))
5852             || !TEST_mem_eq(outbuf, outlen, rc4_pt, rc4_pt_s))
5853         goto err;
5854 
5855     ret = 1;
5856 err:
5857     EVP_CIPHER_free(cipher);
5858     EVP_CIPHER_CTX_free(ctx);
5859 
5860     return ret;
5861 }
5862 
test_aes_rc4_keylen_change_cve_2023_5363(void)5863 static int test_aes_rc4_keylen_change_cve_2023_5363(void)
5864 {
5865     /* RC4 test data obtained from RFC 6229 */
5866     static const struct {
5867         unsigned char key[5];
5868         unsigned char padding[11];
5869     } rc4_key = {
5870         {   /* Five bytes of key material */
5871             0x83, 0x32, 0x22, 0x77, 0x2a,
5872         },
5873         {   /* Random padding to 16 bytes */
5874             0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 0xaa, 0x32, 0x91
5875         }
5876     };
5877     static const unsigned char rc4_pt[] = {
5878         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5879         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
5880     };
5881     static const unsigned char rc4_ct[] = {
5882         0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a,
5883         0x2e, 0x87, 0x9e, 0x92, 0xa4, 0x97, 0xef, 0xda
5884     };
5885 
5886     if (lgcyprov == NULL)
5887         return TEST_skip("Test requires legacy provider to be loaded");
5888 
5889     return rc4_encrypt(rc4_key.key, sizeof(rc4_key.key),
5890                        rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct))
5891         && rc4_decrypt(rc4_key.key, sizeof(rc4_key.key),
5892                        rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct));
5893 }
5894 #endif
5895 
test_invalid_ctx_for_digest(void)5896 static int test_invalid_ctx_for_digest(void)
5897 {
5898     int ret;
5899     EVP_MD_CTX *mdctx;
5900 
5901     mdctx = EVP_MD_CTX_new();
5902     if (!TEST_ptr(mdctx))
5903         return 0;
5904 
5905     if (!TEST_int_eq(EVP_DigestUpdate(mdctx, "test", sizeof("test") - 1), 0))
5906         ret = 0;
5907     else
5908         ret = 1;
5909 
5910     EVP_MD_CTX_free(mdctx);
5911 
5912     return ret;
5913 }
5914 
test_evp_cipher_pipeline(void)5915 static int test_evp_cipher_pipeline(void)
5916 {
5917     OSSL_PROVIDER *fake_pipeline = NULL;
5918     int testresult = 0;
5919     EVP_CIPHER *cipher = NULL;
5920     EVP_CIPHER *pipeline_cipher = NULL;
5921     EVP_CIPHER_CTX *ctx = NULL;
5922     unsigned char key[32];
5923     size_t keylen = 32;
5924     size_t ivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_FIXED_IV_LEN;
5925     size_t taglen = EVP_GCM_TLS_TAG_LEN;
5926     unsigned char *iv_array[EVP_MAX_PIPES], *tag_array[EVP_MAX_PIPES];
5927     unsigned char *plaintext_array[EVP_MAX_PIPES];
5928     unsigned char *ciphertext_array_p[EVP_MAX_PIPES];
5929     void **aead_tags = (void **)&tag_array;
5930     unsigned char *temp[EVP_MAX_PIPES];
5931     size_t outsize_array[EVP_MAX_PIPES], outlen_array[EVP_MAX_PIPES];
5932     size_t ciphertextlen_array[EVP_MAX_PIPES];
5933     size_t inlen_array[EVP_MAX_PIPES];
5934     OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
5935     unsigned char *ciphertext, *exp_plaintext, *tag;
5936     size_t numpipes, plaintextlen, i;
5937 
5938     if (!TEST_ptr(fake_pipeline = fake_pipeline_start(testctx)))
5939         return 0;
5940     if (!TEST_ptr(pipeline_cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM",
5941                                                      "provider=fake-pipeline"))
5942         || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", testpropq))
5943         || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
5944         goto end;
5945     memset(key, 0x01, sizeof(key));
5946 
5947     /* Negative tests */
5948     if (!TEST_false(EVP_CIPHER_can_pipeline(cipher, 1)))
5949         goto end;
5950     if (!TEST_false(EVP_CIPHER_can_pipeline(EVP_aes_256_gcm(), 1)))
5951         goto end;
5952     if (!TEST_false(EVP_CipherPipelineEncryptInit(ctx, pipeline_cipher,
5953                                                   key, keylen,
5954                                                   EVP_MAX_PIPES + 1, NULL, 0)))
5955         goto end;
5956 
5957     /* Positive tests */
5958     for (numpipes = 1; numpipes <= EVP_MAX_PIPES; numpipes++) {
5959         for (plaintextlen = 1; plaintextlen <= 256; plaintextlen++) {
5960             size_t ciphertextlen = 0;
5961             int outlen = 0;
5962 
5963             /* Cleanup to be able to error out */
5964             memset(iv_array, 0, sizeof(iv_array));
5965             memset(plaintext_array, 0, sizeof(plaintext_array));
5966             memset(ciphertext_array_p, 0, sizeof(ciphertext_array_p));
5967             memset(tag_array, 0, sizeof(tag_array));
5968             ciphertext = NULL;
5969             exp_plaintext = NULL;
5970             tag = NULL;
5971 
5972             /* Allocate fresh buffers with exact size to catch buffer overwrites */
5973             for (i = 0; i < numpipes; i++) {
5974                 if (!TEST_ptr(iv_array[i] = OPENSSL_malloc(ivlen))
5975                     || !TEST_ptr(plaintext_array[i] = OPENSSL_malloc(plaintextlen))
5976                     || !TEST_ptr(ciphertext_array_p[i] =
5977                                  OPENSSL_malloc(plaintextlen + EVP_MAX_BLOCK_LENGTH))
5978                     || !TEST_ptr(tag_array[i] = OPENSSL_malloc(taglen)))
5979                     goto err;
5980 
5981                 memset(iv_array[i], i + 33, ivlen);
5982                 memset(plaintext_array[i], i + 1, plaintextlen);
5983                 inlen_array[i] = plaintextlen;
5984                 outlen_array[i] = 0;
5985                 ciphertextlen_array[i] = 0;
5986                 outsize_array[i] = plaintextlen + EVP_MAX_BLOCK_LENGTH;
5987             }
5988             if (!TEST_ptr(ciphertext =
5989                           OPENSSL_malloc(plaintextlen + EVP_MAX_BLOCK_LENGTH))
5990                 || !TEST_ptr(tag = OPENSSL_malloc(taglen))
5991                 || !TEST_ptr(exp_plaintext = OPENSSL_malloc(plaintextlen)))
5992                 goto err;
5993 
5994             /* Encrypt using pipeline API */
5995             if (!TEST_true(EVP_CIPHER_CTX_reset(ctx))
5996                 || !TEST_true(EVP_CIPHER_can_pipeline(pipeline_cipher, 1))
5997                 || !TEST_true(EVP_CipherPipelineEncryptInit(ctx, pipeline_cipher,
5998                                                             key, keylen, numpipes,
5999                                                             (const unsigned char **)iv_array,
6000                                                             ivlen))
6001                 /* reuse plaintext for AAD as it won't affect test */
6002                 || !TEST_true(EVP_CipherPipelineUpdate(ctx, NULL, outlen_array, NULL,
6003                                                        (const unsigned char **)plaintext_array,
6004                                                        inlen_array))
6005                 || !TEST_true(EVP_CipherPipelineUpdate(ctx, ciphertext_array_p,
6006                                                        outlen_array, outsize_array,
6007                                                        (const unsigned char **)plaintext_array,
6008                                                        inlen_array)))
6009                 goto err;
6010 
6011             for (i = 0; i < numpipes; i++) {
6012                 ciphertextlen_array[i] = outlen_array[i];
6013                 temp[i] = ciphertext_array_p[i] + ciphertextlen_array[i];
6014                 outsize_array[i] = outsize_array[i] - ciphertextlen_array[i];
6015             }
6016 
6017             if (!TEST_true(EVP_CipherPipelineFinal(ctx, temp, outlen_array, outsize_array)))
6018                 goto err;
6019 
6020             for (i = 0; i < numpipes; i++)
6021                 ciphertextlen_array[i] += outlen_array[i];
6022 
6023             params[0] = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_PIPELINE_AEAD_TAG,
6024                                                        (void **)&aead_tags, taglen);
6025             if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params)))
6026                 goto err;
6027 
6028             /* Encrypt using non-pipeline API and compare */
6029             if (!TEST_true(EVP_CIPHER_CTX_reset(ctx)))
6030                 goto err;
6031 
6032             for (i = 0; i < numpipes; i++) {
6033                 if (!TEST_true(EVP_EncryptInit(ctx, cipher, key, iv_array[i]))
6034                     || !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen,
6035                                                     plaintext_array[i],
6036                                                     plaintextlen))
6037                     || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &outlen,
6038                                                     plaintext_array[i],
6039                                                     plaintextlen)))
6040                     goto err;
6041                 ciphertextlen = outlen;
6042 
6043                 if (!TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext + outlen, &outlen)))
6044                     goto err;
6045                 ciphertextlen += outlen;
6046 
6047                 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
6048                                                               (void *)tag, taglen);
6049                 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params)))
6050                     goto err;
6051 
6052                 if (!TEST_mem_eq(ciphertext_array_p[i], ciphertextlen_array[i],
6053                                  ciphertext, ciphertextlen)
6054                     || !TEST_mem_eq(tag_array[i], taglen, tag, taglen))
6055                     goto err;
6056             }
6057 
6058             for (i = 0; i < numpipes; i++)
6059                 outsize_array[i] = plaintextlen;
6060 
6061             /* Decrypt using pipeline API and compare */
6062             params[0] = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_PIPELINE_AEAD_TAG,
6063                                                        (void **)&aead_tags, taglen);
6064             if (!TEST_true(EVP_CIPHER_CTX_reset(ctx))
6065                 || !TEST_true(EVP_CIPHER_can_pipeline(pipeline_cipher, 0))
6066                 || !TEST_true(EVP_CipherPipelineDecryptInit(ctx, pipeline_cipher,
6067                                                             key, keylen, numpipes,
6068                                                             (const unsigned char **)iv_array,
6069                                                             ivlen))
6070                 || !TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))
6071                 || !TEST_true(EVP_CipherPipelineUpdate(ctx, NULL, outlen_array, NULL,
6072                                                        (const unsigned char **)plaintext_array,
6073                                                        inlen_array))
6074                 || !TEST_true(EVP_CipherPipelineUpdate(ctx, plaintext_array,
6075                                                        outlen_array, outsize_array,
6076                                                        (const unsigned char **)ciphertext_array_p,
6077                                                        ciphertextlen_array)))
6078                 goto err;
6079 
6080             for (i = 0; i < numpipes; i++) {
6081                 temp[i] = plaintext_array[i] + outlen_array[i];
6082                 outsize_array[i] = outsize_array[i] - outlen_array[i];
6083             }
6084 
6085             if (!TEST_true(EVP_CipherPipelineFinal(ctx, temp, outlen_array, outsize_array)))
6086                 goto err;
6087 
6088             for (i = 0; i < numpipes; i++) {
6089                 memset(exp_plaintext, i + 1, plaintextlen);
6090                 if (!TEST_mem_eq(plaintext_array[i], plaintextlen,
6091                                  exp_plaintext, plaintextlen))
6092                     goto err;
6093             }
6094 
6095             for (i = 0; i < numpipes; i++) {
6096                 OPENSSL_free(iv_array[i]);
6097                 OPENSSL_free(plaintext_array[i]);
6098                 OPENSSL_free(ciphertext_array_p[i]);
6099                 OPENSSL_free(tag_array[i]);
6100             }
6101             OPENSSL_free(exp_plaintext);
6102             OPENSSL_free(ciphertext);
6103             OPENSSL_free(tag);
6104         }
6105     }
6106 
6107     testresult = 1;
6108     goto end;
6109 
6110 err:
6111     for (i = 0; i < numpipes; i++) {
6112         OPENSSL_free(iv_array[i]);
6113         OPENSSL_free(plaintext_array[i]);
6114         OPENSSL_free(ciphertext_array_p[i]);
6115         OPENSSL_free(tag_array[i]);
6116     }
6117     OPENSSL_free(exp_plaintext);
6118     OPENSSL_free(ciphertext);
6119     OPENSSL_free(tag);
6120 end:
6121     EVP_CIPHER_CTX_free(ctx);
6122     EVP_CIPHER_free(cipher);
6123     EVP_CIPHER_free(pipeline_cipher);
6124     fake_pipeline_finish(fake_pipeline);
6125     return testresult;
6126 }
6127 
setup_tests(void)6128 int setup_tests(void)
6129 {
6130     char *config_file = NULL;
6131     OPTION_CHOICE o;
6132 
6133     while ((o = opt_next()) != OPT_EOF) {
6134         switch (o) {
6135         case OPT_CONTEXT:
6136             /* Set up an alternate library context */
6137             testctx = OSSL_LIB_CTX_new();
6138             if (!TEST_ptr(testctx))
6139                 return 0;
6140 #ifdef STATIC_LEGACY
6141             /*
6142              * This test is always statically linked against libcrypto. We must not
6143              * attempt to load legacy.so that might be dynamically linked against
6144              * libcrypto. Instead we use a built-in version of the legacy provider.
6145              */
6146             if (!OSSL_PROVIDER_add_builtin(testctx, "legacy", ossl_legacy_provider_init))
6147                 return 0;
6148 #endif
6149             /* Swap the libctx to test non-default context only */
6150             nullprov = OSSL_PROVIDER_load(NULL, "null");
6151             deflprov = OSSL_PROVIDER_load(testctx, "default");
6152 #ifndef OPENSSL_SYS_TANDEM
6153             lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
6154 #endif
6155             break;
6156         case OPT_CONFIG_FILE:
6157             config_file = opt_arg();
6158             if (!test_get_libctx(&testctx, &nullprov, config_file, NULL, NULL))
6159                 return 0;
6160             break;
6161         case OPT_TEST_CASES:
6162             break;
6163         default:
6164             return 0;
6165         }
6166     }
6167 
6168     if (config_file != NULL) {
6169         ADD_TEST(test_EVP_set_config_properties);
6170         return 1;
6171     }
6172 
6173     ADD_TEST(test_EVP_set_default_properties);
6174     ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
6175     ADD_TEST(test_EVP_DigestVerifyInit);
6176 #ifndef OPENSSL_NO_SIPHASH
6177     ADD_TEST(test_siphash_digestsign);
6178 #endif
6179     ADD_TEST(test_EVP_Digest);
6180     ADD_TEST(test_EVP_md_null);
6181     ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
6182 #ifndef OPENSSL_NO_DEPRECATED_3_0
6183     ADD_ALL_TESTS(test_EVP_PKEY_sign_with_app_method, 2);
6184 #endif
6185     ADD_ALL_TESTS(test_EVP_Enveloped, 2);
6186     ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
6187     ADD_TEST(test_privatekey_to_pkcs8);
6188     ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
6189 #ifndef OPENSSL_NO_EC
6190     ADD_TEST(test_EVP_PKCS82PKEY);
6191 #endif
6192 #ifndef OPENSSL_NO_EC
6193     ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
6194 #endif
6195 #if !defined(OPENSSL_NO_SM2)
6196     ADD_TEST(test_EVP_SM2);
6197     ADD_TEST(test_EVP_SM2_verify);
6198 #endif
6199     ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
6200 #ifndef OPENSSL_NO_DEPRECATED_3_0
6201     custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
6202     if (!TEST_ptr(custom_pmeth))
6203         return 0;
6204     EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
6205     EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
6206     EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
6207     if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
6208         return 0;
6209 #endif
6210     ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
6211 #ifndef OPENSSL_NO_CMAC
6212     ADD_TEST(test_CMAC_keygen);
6213 #endif
6214     ADD_TEST(test_HKDF);
6215     ADD_TEST(test_emptyikm_HKDF);
6216     ADD_TEST(test_empty_salt_info_HKDF);
6217 #ifndef OPENSSL_NO_EC
6218     ADD_TEST(test_X509_PUBKEY_inplace);
6219     ADD_TEST(test_X509_PUBKEY_dup);
6220     ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
6221                   OSSL_NELEM(ec_der_pub_keys));
6222 #endif
6223 #ifndef OPENSSL_NO_DSA
6224     ADD_TEST(test_DSA_get_set_params);
6225     ADD_TEST(test_DSA_priv_pub);
6226 #endif
6227     ADD_TEST(test_RSA_get_set_params);
6228     ADD_TEST(test_RSA_OAEP_set_get_params);
6229     ADD_TEST(test_RSA_OAEP_set_null_label);
6230 #ifndef OPENSSL_NO_DEPRECATED_3_0
6231     ADD_TEST(test_RSA_legacy);
6232 #endif
6233 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
6234     ADD_TEST(test_decrypt_null_chunks);
6235 #endif
6236 #ifndef OPENSSL_NO_DH
6237     ADD_TEST(test_DH_priv_pub);
6238 # ifndef OPENSSL_NO_DEPRECATED_3_0
6239     ADD_TEST(test_EVP_PKEY_set1_DH);
6240 # endif
6241 #endif
6242 #ifndef OPENSSL_NO_EC
6243     ADD_TEST(test_EC_priv_pub);
6244     ADD_TEST(test_evp_get_ec_pub);
6245 # ifndef OPENSSL_NO_DEPRECATED_3_0
6246     ADD_TEST(test_EC_priv_only_legacy);
6247     ADD_TEST(test_evp_get_ec_pub_legacy);
6248 # endif
6249 #endif
6250     ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
6251     ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
6252 
6253     ADD_TEST(test_rand_agglomeration);
6254     ADD_ALL_TESTS(test_evp_iv_aes, 12);
6255 #ifndef OPENSSL_NO_DES
6256     ADD_ALL_TESTS(test_evp_iv_des, 6);
6257 #endif
6258 #ifndef OPENSSL_NO_BF
6259     ADD_ALL_TESTS(test_evp_bf_default_keylen, 4);
6260 #endif
6261     ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
6262     ADD_TEST(test_EVP_rsa_pss_set_saltlen);
6263     ADD_TEST(test_EVP_rsa_invalid_key);
6264 #ifndef OPENSSL_NO_EC
6265     ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
6266 #endif
6267 
6268     ADD_TEST(test_names_do_all);
6269 
6270     ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
6271     ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
6272     ADD_ALL_TESTS(test_evp_reinit_seq, OSSL_NELEM(evp_reinit_tests));
6273     ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
6274     ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
6275     ADD_ALL_TESTS(test_ivlen_change, OSSL_NELEM(ivlen_change_ciphers));
6276     if (OSSL_NELEM(keylen_change_ciphers) - 1 > 0)
6277         ADD_ALL_TESTS(test_keylen_change, OSSL_NELEM(keylen_change_ciphers) - 1);
6278 
6279 #ifndef OPENSSL_NO_DEPRECATED_3_0
6280     ADD_ALL_TESTS(test_custom_pmeth, 12);
6281     ADD_TEST(test_evp_md_cipher_meth);
6282     ADD_TEST(test_custom_md_meth);
6283     ADD_TEST(test_custom_ciph_meth);
6284 
6285 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
6286     /* Tests only support the default libctx */
6287     if (testctx == NULL) {
6288 #  ifndef OPENSSL_NO_EC
6289         ADD_ALL_TESTS(test_signatures_with_engine, 3);
6290 #  else
6291         ADD_ALL_TESTS(test_signatures_with_engine, 2);
6292 #  endif
6293         ADD_TEST(test_cipher_with_engine);
6294     }
6295 # endif
6296 #endif
6297 
6298 #ifndef OPENSSL_NO_ECX
6299     ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
6300     ADD_ALL_TESTS(test_ecx_not_private_key, OSSL_NELEM(keys));
6301 #endif
6302 
6303     ADD_TEST(test_sign_continuation);
6304 
6305     /* Test cases for CVE-2023-5363 */
6306     ADD_TEST(test_aes_gcm_ivlen_change_cve_2023_5363);
6307 #ifndef OPENSSL_NO_RC4
6308     ADD_TEST(test_aes_rc4_keylen_change_cve_2023_5363);
6309 #endif
6310 
6311     ADD_TEST(test_invalid_ctx_for_digest);
6312 
6313     ADD_TEST(test_evp_cipher_pipeline);
6314 
6315     return 1;
6316 }
6317 
cleanup_tests(void)6318 void cleanup_tests(void)
6319 {
6320     OSSL_PROVIDER_unload(nullprov);
6321     OSSL_PROVIDER_unload(deflprov);
6322 #ifndef OPENSSL_SYS_TANDEM
6323     OSSL_PROVIDER_unload(lgcyprov);
6324 #endif
6325     OSSL_LIB_CTX_free(testctx);
6326 }
6327