1 /*
2 * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
34 #include <openssl/proverr.h>
35 #include "testutil.h"
36 #include "internal/nelem.h"
37 #include "internal/sizes.h"
38 #include "crypto/evp.h"
39 #include "fake_rsaprov.h"
40
41 #ifdef STATIC_LEGACY
42 OSSL_provider_init_fn ossl_legacy_provider_init;
43 #endif
44
45 static OSSL_LIB_CTX *testctx = NULL;
46 static char *testpropq = NULL;
47
48 static OSSL_PROVIDER *nullprov = NULL;
49 static OSSL_PROVIDER *deflprov = NULL;
50 static OSSL_PROVIDER *lgcyprov = NULL;
51
52 /*
53 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
54 * should never use this key anywhere but in an example.
55 */
56 static const unsigned char kExampleRSAKeyDER[] = {
57 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
58 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
59 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
60 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
61 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
62 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
63 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
64 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
65 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
66 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
67 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
68 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
69 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
70 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
71 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
72 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
73 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
74 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
75 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
76 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
77 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
78 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
79 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
80 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
81 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
82 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
83 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
84 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
85 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
86 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
87 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
88 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
89 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
90 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
91 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
92 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
93 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
94 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
95 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
96 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
97 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
98 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
99 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
100 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
101 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
102 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
103 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
104 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
105 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
106 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
107 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
108 };
109
110 /* An invalid key whose prime factors exceed modulus n. */
111 static const unsigned char kInvalidRSAKeyDER[] = {
112 0x30, 0x80, 0x02, 0x00, 0x02, 0x02, 0xb6, 0x00, 0x02, 0x02, 0x04, 0x80,
113 0x02, 0x00, 0x02, 0x82, 0x08, 0x01, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00,
114 0x00, 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
115 0x02, 0x00, 0x00, 0x00, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
116 0xff, 0x01, 0x04, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06,
117 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06,
118 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0xaa, 0xaa, 0xaa, 0xaa,
119 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
120 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x2b,
121 0x31, 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
122 0xaa, 0xaa, 0xaa, 0x29, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02, 0x01,
123 0xc8, 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88, 0xee,
124 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
125 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15,
126 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07,
127 0x07, 0x07, 0x07, 0x07, 0x29, 0x0f, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07,
128 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
129 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15,
130 0xec, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
131 0x15, 0xe6, 0x15, 0x15, 0x15, 0x15, 0xff, 0x03, 0x00, 0x0a, 0x00, 0x00,
132 0x00, 0x00, 0x55, 0x15, 0x15, 0x15, 0x15, 0x11, 0x05, 0x15, 0x15, 0x15,
133 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0xf9, 0xf8, 0xf9,
134 0x02, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07, 0x07,
135 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
136 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15,
137 0x00, 0x02, 0x00, 0x6d, 0x61, 0x78, 0x00, 0x02, 0x00, 0x02, 0x15, 0x59,
138 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
139 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
140 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
141 0x59, 0x59, 0x51, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0xa5, 0x59, 0x59,
142 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
143 0x5d, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
144 0x59, 0x59, 0x59, 0x59, 0x59, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15,
145 0x15, 0x15, 0x00, 0x02, 0x01, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02,
146 0x00, 0x22, 0x00, 0x15, 0x15, 0x15, 0xeb, 0xea, 0xea, 0xea, 0xea, 0xea,
147 0xea, 0xf1, 0x15, 0x15, 0x15, 0x15, 0x15, 0x40, 0x55, 0x15, 0x15, 0x15,
148 0x15, 0x15, 0x05, 0x15, 0x15, 0x30, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07,
149 0x00, 0x00, 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
150 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x11, 0x07, 0x07, 0x07, 0x07,
151 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
152 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00,
153 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x29,
154 0x07, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
155 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
156 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
157 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
158 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x59,
159 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
160 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
161 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
162 0x59, 0x59, 0x59, 0x02, 0x02, 0xb6, 0x00, 0x02, 0x02, 0x04, 0x80, 0x02,
163 0x00, 0x02, 0x82, 0x08, 0x01, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00, 0x00,
164 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
165 0x00, 0x00, 0x00, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
166 0x01, 0x04, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06,
167 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06,
168 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
169 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
170 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x2b, 0x31,
171 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
172 0xaa, 0xaa, 0x29, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02, 0x01, 0xc8,
173 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88, 0xee, 0x07,
174 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
175 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00,
176 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07,
177 0x07, 0x07, 0x07, 0x29, 0x0f, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07,
178 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
179 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0xec,
180 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
181 0xe6, 0x15, 0x15, 0x15, 0x15, 0xff, 0x03, 0x00, 0x0a, 0x00, 0x00, 0x00,
182 0x00, 0x55, 0x15, 0x15, 0x15, 0x15, 0x11, 0x05, 0x15, 0x15, 0x15, 0x07,
183 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0xf9, 0xf8, 0xf9, 0x02,
184 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07, 0x07, 0x07,
185 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
186 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00,
187 0x02, 0x00, 0x6d, 0x61, 0x78, 0x00, 0x02, 0x00, 0x02, 0x15, 0x59, 0x59,
188 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
189 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
190 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
191 0x59, 0x51, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0xa5, 0x59, 0x59, 0x59,
192 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x5d,
193 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
194 0x59, 0x59, 0x59, 0x59, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15,
195 0x15, 0x00, 0x02, 0x01, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00,
196 0x22, 0x00, 0x15, 0x15, 0x15, 0xeb, 0xea, 0xea, 0xea, 0xea, 0xea, 0xea,
197 0xf1, 0x15, 0x15, 0x15, 0x15, 0x15, 0x40, 0x55, 0x15, 0x15, 0x15, 0x15,
198 0x15, 0x05, 0x15, 0x15, 0x30, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00,
199 0x00, 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0xff,
200 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x11, 0x07, 0x07, 0x07, 0x07, 0x07,
201 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
202 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02,
203 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x29, 0x07,
204 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
205 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
206 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
207 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
208 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x59, 0x59,
209 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
210 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
211 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
212 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
213 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
214 0x59, 0x59, 0x59, 0x06, 0xce, 0x15, 0x00, 0xfe, 0xf7, 0x52, 0x53, 0x41,
215 0x31, 0x01, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
216 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
217 0xff, 0xff, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
218 0x2b, 0x31, 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
219 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02,
220 0x01, 0xc8, 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88,
221 0xee, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
222 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15,
223 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15,
224 0x07, 0x07, 0x07, 0x07, 0x07, 0x29, 0x07, 0x07, 0x07, 0x4d, 0x00, 0x07,
225 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
226 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15,
227 0x15, 0xec, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
228 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
229 0x15, 0x15, 0x15, 0x55, 0x15, 0x15, 0x15, 0x15, 0x15, 0x05, 0x15, 0x15,
230 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0x07, 0x07,
231 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07,
232 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
233 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15,
234 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15,
235 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
236 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x8f,
237 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f,
238 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f,
239 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f,
240 0x8f, 0x8f, 0x8f, 0x8f, 0x59, 0x59, 0x59, 0x00, 0x00, 0x00, 0x00, 0x00,
241 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc1, 0x3d, 0xc1, 0xc1,
242 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1,
243 0xc1, 0xc1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
244 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
245 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x42, 0xa5, 0x02, 0x02, 0x42, 0x02,
246 0x02, 0x51, 0x01, 0x02, 0x02, 0xd2, 0x42, 0x02, 0xe8, 0xe8, 0xe8, 0xe8,
247 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
248 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
249 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
250 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
251 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
252 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0x02,
253 0x02, 0x42, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
254 0x21, 0x2b, 0x02, 0x02, 0x02, 0x02, 0x02, 0x21, 0x02, 0x02, 0x32, 0x80,
255 0x02, 0x02, 0x7f, 0x1b, 0x02, 0x00, 0x1f, 0x04, 0xff, 0x80, 0x02, 0x02,
256 0x02, 0x02, 0x42, 0x02, 0x12, 0x02, 0x42, 0x02, 0x79, 0x70, 0x65, 0x36,
257 0x28, 0xc8, 0x02, 0x01, 0x81, 0x08, 0xfe, 0x00, 0xf9, 0x02, 0x42, 0x10,
258 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,
259 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,
260 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,
261 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,
262 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0xa5, 0x02,
263 0x02, 0x42, 0x02, 0x02, 0x51, 0x01, 0x02, 0x02, 0xd2, 0x42, 0x02, 0x02,
264 0x02, 0x42, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
265 0x21, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x32, 0x80, 0x02, 0x02,
266 0x7f, 0x1b, 0x02, 0x00, 0x1f, 0x04, 0xff, 0x80, 0x02, 0x02, 0x02, 0x02,
267 0x42, 0x02, 0x12, 0x02, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
268 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x47,
269 0x4f, 0x53, 0x54, 0x20, 0x52, 0x20, 0x33, 0x34, 0x2e, 0x31, 0x31, 0x2d,
270 0x32, 0x30, 0x31, 0x32, 0x20, 0x77, 0x69, 0x74, 0x68, 0x30, 0x80, 0x60,
271 0x02, 0x82, 0x24, 0x02, 0x02, 0x41, 0x52, 0x49, 0x41, 0x2d, 0x31, 0x32,
272 0x38, 0x2d, 0x43, 0x46, 0x42, 0x38, 0xff, 0xff, 0xff, 0x3a, 0x5b, 0xff,
273 0xff, 0x7f, 0x49, 0x74, 0x84, 0x00, 0x00, 0x70, 0x65, 0x00, 0x00, 0x30,
274 0x80, 0x60, 0x02, 0x82, 0x24, 0x02, 0x02, 0x41, 0x52, 0x49, 0x41, 0x2d,
275 0x31, 0x32, 0x38, 0x2d, 0x43, 0x46, 0x42, 0x38, 0xff, 0xff, 0xff, 0x3a,
276 0x5b, 0xff, 0xff, 0x7f, 0x49, 0x74, 0x84, 0x00, 0x00, 0x70, 0x65, 0x33,
277 0x28, 0xc8, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
278 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x15, 0x15, 0x15,
279 0x15, 0x05, 0x15, 0x95, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00,
280 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
281 0x07, 0x0b, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
282 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
283 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00,
284 0x02, 0x00, 0x25, 0x02, 0x02, 0x22, 0x3a, 0x02, 0x02, 0x02, 0x42, 0x02,
285 0x02, 0x02, 0x02, 0x02, 0x02, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
286 0xe2, 0x80,
287 };
288
289 /*
290 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
291 * should never use this key anywhere but in an example.
292 */
293 #ifndef OPENSSL_NO_DSA
294 static const unsigned char kExampleDSAKeyDER[] = {
295 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
296 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
297 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
298 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
299 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
300 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
301 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
302 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
303 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
304 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
305 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
306 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
307 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
308 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
309 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
310 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
311 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
312 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
313 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
314 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
315 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
316 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
317 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
318 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
319 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
320 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
321 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
322 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
323 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
324 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
325 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
326 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
327 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
328 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
329 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
330 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
331 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
332 0x40, 0x48
333 };
334 #endif
335
336 /*
337 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
338 * components are not correct.
339 */
340 static const unsigned char kExampleBadRSAKeyDER[] = {
341 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
342 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
343 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
344 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
345 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
346 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
347 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
348 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
349 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
350 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
351 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
352 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
353 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
354 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
355 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
356 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
357 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
358 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
359 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
360 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
361 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
362 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
363 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
364 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
365 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
366 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
367 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
368 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
369 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
370 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
371 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
372 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
373 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
374 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
375 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
376 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
377 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
378 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
379 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
380 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
381 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
382 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
383 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
384 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
385 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
386 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
387 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
388 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
389 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
390 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
391 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
392 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
393 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
394 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
395 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
396 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
397 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
398 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
399 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
400 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
401 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
402 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
403 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
404 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
405 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
406 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
407 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
408 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
409 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
410 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
411 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
412 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
413 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
414 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
415 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
416 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
417 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
418 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
419 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
420 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
421 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
422 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
423 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
424 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
425 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
426 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
427 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
428 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
429 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
430 };
431
432 /*
433 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All
434 * values are 0.
435 */
436 static const unsigned char kExampleBad2RSAKeyDER[] = {
437 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
438 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
439 0x01, 0x00, 0x02, 0x01, 0x00
440 };
441
442 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
443
444 static const unsigned char kSignature[] = {
445 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
446 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
447 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
448 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
449 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
450 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
451 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
452 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
453 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
454 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
455 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
456 };
457
458 /*
459 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
460 * PrivateKeyInfo.
461 */
462 static const unsigned char kExampleRSAKeyPKCS8[] = {
463 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
464 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
465 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
466 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
467 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
468 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
469 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
470 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
471 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
472 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
473 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
474 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
475 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
476 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
477 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
478 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
479 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
480 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
481 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
482 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
483 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
484 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
485 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
486 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
487 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
488 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
489 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
490 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
491 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
492 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
493 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
494 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
495 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
496 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
497 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
498 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
499 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
500 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
501 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
502 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
503 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
504 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
505 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
506 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
507 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
508 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
509 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
510 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
511 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
512 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
513 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
514 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
515 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
516 };
517
518 #ifndef OPENSSL_NO_EC
519 /*
520 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
521 * structure.
522 */
523 static const unsigned char kExampleECKeyDER[] = {
524 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
525 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
526 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
527 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
528 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
529 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
530 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
531 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
532 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
533 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
534 0xc1,
535 };
536
537 /*
538 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
539 * structure. The private key is equal to the order and will fail to import
540 */
541 static const unsigned char kExampleBadECKeyDER[] = {
542 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
543 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
544 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
545 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
546 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
547 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
548 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
549 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
550 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
551 };
552
553 /* prime256v1 */
554 static const unsigned char kExampleECPubKeyDER[] = {
555 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
556 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
557 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
558 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
559 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
560 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
561 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
562 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
563 };
564
565 /*
566 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
567 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
568 */
569 static const unsigned char kExampleBadECPubKeyDER[] = {
570 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
571 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
572 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
573 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
574 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
575 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
576 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
577 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
578 };
579
580 static const unsigned char pExampleECParamDER[] = {
581 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
582 };
583
584 # ifndef OPENSSL_NO_ECX
585 static const unsigned char kExampleED25519KeyDER[] = {
586 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
587 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
588 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
589 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
590 };
591
592 static const unsigned char kExampleED25519PubKeyDER[] = {
593 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
594 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
595 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
596 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
597 };
598
599 # ifndef OPENSSL_NO_DEPRECATED_3_0
600 static const unsigned char kExampleX25519KeyDER[] = {
601 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
602 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
603 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
604 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
605 };
606 # endif
607 # endif
608 #endif
609
610 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
611 #ifndef OPENSSL_NO_DEPRECATED_3_0
612 # ifndef OPENSSL_NO_DH
613 static const unsigned char kExampleDHKeyDER[] = {
614 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
615 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
616 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
617 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
618 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
619 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
620 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
621 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
622 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
623 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
624 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
625 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
626 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
627 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
628 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
629 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
630 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
631 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
632 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
633 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
634 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
635 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
636 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
637 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
638 0x2e, 0x87, 0x2a, 0x0b, 0x7a
639 };
640 # endif
641 #endif
642
643 static const unsigned char kCFBDefaultKey[] = {
644 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
645 0x09, 0xCF, 0x4F, 0x3C
646 };
647
648 static const unsigned char kGCMDefaultKey[32] = { 0 };
649
650 static const unsigned char kGCMResetKey[] = {
651 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
652 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
653 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
654 };
655
656 static const unsigned char iCFBIV[] = {
657 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
658 0x0C, 0x0D, 0x0E, 0x0F
659 };
660
661 static const unsigned char iGCMDefaultIV[12] = { 0 };
662
663 static const unsigned char iGCMResetIV1[] = {
664 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
665 };
666
667 static const unsigned char iGCMResetIV2[] = {
668 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
669 };
670
671 static const unsigned char cfbPlaintext[] = {
672 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
673 0x73, 0x93, 0x17, 0x2A
674 };
675 static const unsigned char cfbPlaintext_partial[] = {
676 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
677 0x73, 0x93, 0x17, 0x2A, 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
678 };
679
680 static const unsigned char gcmDefaultPlaintext[16] = { 0 };
681
682 static const unsigned char gcmResetPlaintext[] = {
683 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
684 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
685 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
686 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
687 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
688 };
689
690 static const unsigned char cfbCiphertext[] = {
691 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
692 0xE8, 0x3C, 0xFB, 0x4A
693 };
694
695 static const unsigned char cfbCiphertext_partial[] = {
696 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
697 0xE8, 0x3C, 0xFB, 0x4A, 0x0D, 0x4A, 0x71, 0x82, 0x90, 0xF0, 0x9A, 0x35
698 };
699
700 static const unsigned char ofbCiphertext_partial[] = {
701 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
702 0xE8, 0x3C, 0xFB, 0x4A, 0xB2, 0x65, 0x64, 0x38, 0x26, 0xD2, 0xBC, 0x09
703 };
704
705 static const unsigned char gcmDefaultCiphertext[] = {
706 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
707 0xba, 0xf3, 0x9d, 0x18
708 };
709
710 static const unsigned char gcmResetCiphertext1[] = {
711 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
712 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
713 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
714 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
715 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
716 };
717
718 static const unsigned char gcmResetCiphertext2[] = {
719 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
720 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
721 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
722 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
723 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
724 };
725
726 static const unsigned char gcmAAD[] = {
727 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
728 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
729 };
730
731 static const unsigned char gcmDefaultTag[] = {
732 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
733 0xd4, 0x8a, 0xb9, 0x19
734 };
735
736 static const unsigned char gcmResetTag1[] = {
737 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
738 0xfe, 0x2e, 0xa8, 0xf2
739 };
740
741 static const unsigned char gcmResetTag2[] = {
742 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
743 0xbb, 0x2d, 0x55, 0x1b
744 };
745
746 typedef struct APK_DATA_st {
747 const unsigned char *kder;
748 size_t size;
749 const char *keytype;
750 int evptype;
751 int check;
752 int pub_check;
753 int param_check;
754 int type; /* 0 for private, 1 for public, 2 for params */
755 } APK_DATA;
756
757 static APK_DATA keydata[] = {
758 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
759 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
760 #ifndef OPENSSL_NO_EC
761 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
762 #endif
763 };
764
765 static APK_DATA keycheckdata[] = {
766 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
767 0},
768 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
769 0, 1, 1, 0},
770 {kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA,
771 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0},
772 #ifndef OPENSSL_NO_EC
773 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
774 /* group is also associated in our pub key */
775 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
776 1, 1},
777 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
778 2},
779 # ifndef OPENSSL_NO_ECX
780 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
781 EVP_PKEY_ED25519, 1, 1, 1, 0},
782 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
783 EVP_PKEY_ED25519, 0, 1, 1, 1},
784 # endif
785 #endif
786 };
787
load_example_key(const char * keytype,const unsigned char * data,size_t data_len)788 static EVP_PKEY *load_example_key(const char *keytype,
789 const unsigned char *data, size_t data_len)
790 {
791 const unsigned char **pdata = &data;
792 EVP_PKEY *pkey = NULL;
793 OSSL_DECODER_CTX *dctx =
794 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
795 testctx, testpropq);
796
797 /* |pkey| will be NULL on error */
798 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
799 OSSL_DECODER_CTX_free(dctx);
800 return pkey;
801 }
802
load_example_rsa_key(void)803 static EVP_PKEY *load_example_rsa_key(void)
804 {
805 return load_example_key("RSA", kExampleRSAKeyDER,
806 sizeof(kExampleRSAKeyDER));
807 }
808
809 #ifndef OPENSSL_NO_DSA
load_example_dsa_key(void)810 static EVP_PKEY *load_example_dsa_key(void)
811 {
812 return load_example_key("DSA", kExampleDSAKeyDER,
813 sizeof(kExampleDSAKeyDER));
814 }
815 #endif
816
817 #ifndef OPENSSL_NO_EC
load_example_ec_key(void)818 static EVP_PKEY *load_example_ec_key(void)
819 {
820 return load_example_key("EC", kExampleECKeyDER,
821 sizeof(kExampleECKeyDER));
822 }
823 #endif
824
825 #ifndef OPENSSL_NO_DEPRECATED_3_0
826 # ifndef OPENSSL_NO_DH
load_example_dh_key(void)827 static EVP_PKEY *load_example_dh_key(void)
828 {
829 return load_example_key("DH", kExampleDHKeyDER,
830 sizeof(kExampleDHKeyDER));
831 }
832 # endif
833
834 # ifndef OPENSSL_NO_ECX
load_example_ed25519_key(void)835 static EVP_PKEY *load_example_ed25519_key(void)
836 {
837 return load_example_key("ED25519", kExampleED25519KeyDER,
838 sizeof(kExampleED25519KeyDER));
839 }
840
load_example_x25519_key(void)841 static EVP_PKEY *load_example_x25519_key(void)
842 {
843 return load_example_key("X25519", kExampleX25519KeyDER,
844 sizeof(kExampleX25519KeyDER));
845 }
846 # endif
847 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
848
load_example_hmac_key(void)849 static EVP_PKEY *load_example_hmac_key(void)
850 {
851 EVP_PKEY *pkey = NULL;
852 unsigned char key[] = {
853 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
854 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
855 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
856 };
857
858 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
859 NULL, key, sizeof(key));
860 if (!TEST_ptr(pkey))
861 return NULL;
862
863 return pkey;
864 }
865
test_EVP_set_config_properties(void)866 static int test_EVP_set_config_properties(void)
867 {
868 char *fetched_properties = NULL;
869 const char test_propq[] = "test.fizzbuzz=buzzfizz";
870 int res = 0;
871
872 fetched_properties = EVP_get1_default_properties(OSSL_LIB_CTX_get0_global_default());
873 if (!TEST_ptr(fetched_properties)
874 || !TEST_str_eq(fetched_properties, test_propq))
875 goto err;
876 OPENSSL_free(fetched_properties);
877 fetched_properties = NULL;
878
879 res = 1;
880 err:
881 OPENSSL_free(fetched_properties);
882 return res;
883 }
884
test_EVP_set_default_properties(void)885 static int test_EVP_set_default_properties(void)
886 {
887 OSSL_LIB_CTX *ctx;
888 EVP_MD *md = NULL;
889 int res = 0;
890 char *fetched_properties = NULL;
891 const char test_propq[] = "provider=fizzbang";
892 const char test_fips_propq[] = "fips=yes,provider=fizzbang";
893
894 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
895 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
896 goto err;
897 EVP_MD_free(md);
898 md = NULL;
899
900 if (!TEST_true(EVP_set_default_properties(ctx, test_propq))
901 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
902 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
903 goto err;
904 EVP_MD_free(md);
905 md = NULL;
906
907 fetched_properties = EVP_get1_default_properties(ctx);
908 if (!TEST_ptr(fetched_properties)
909 || !TEST_str_eq(fetched_properties, test_propq))
910 goto err;
911 OPENSSL_free(fetched_properties);
912 fetched_properties = NULL;
913
914 if (!TEST_true(EVP_default_properties_enable_fips(ctx, 1)))
915 goto err;
916 fetched_properties = EVP_get1_default_properties(ctx);
917 if (!TEST_ptr(fetched_properties)
918 || !TEST_str_eq(fetched_properties, test_fips_propq))
919 goto err;
920 OPENSSL_free(fetched_properties);
921 fetched_properties = NULL;
922
923 if (!TEST_true(EVP_default_properties_enable_fips(ctx, 0)))
924 goto err;
925
926 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
927 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
928 goto err;
929 res = 1;
930 err:
931 OPENSSL_free(fetched_properties);
932 EVP_MD_free(md);
933 OSSL_LIB_CTX_free(ctx);
934 return res;
935 }
936
937 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
make_key_fromdata(char * keytype,OSSL_PARAM * params)938 static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
939 {
940 EVP_PKEY_CTX *pctx = NULL;
941 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL;
942
943 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
944 goto err;
945 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
946 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
947 params), 0))
948 goto err;
949
950 if (!TEST_ptr(tmp_pkey))
951 goto err;
952
953 pkey = tmp_pkey;
954 tmp_pkey = NULL;
955 err:
956 EVP_PKEY_free(tmp_pkey);
957 EVP_PKEY_CTX_free(pctx);
958 return pkey;
959 }
960
test_selection(EVP_PKEY * pkey,int selection)961 static int test_selection(EVP_PKEY *pkey, int selection)
962 {
963 int testresult = 0;
964 int ret;
965 BIO *bio = BIO_new(BIO_s_mem());
966
967 ret = PEM_write_bio_PUBKEY(bio, pkey);
968 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
969 if (!TEST_true(ret))
970 goto err;
971 } else {
972 if (!TEST_false(ret))
973 goto err;
974 }
975 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
976 testctx, NULL);
977 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
978 if (!TEST_true(ret))
979 goto err;
980 } else {
981 if (!TEST_false(ret))
982 goto err;
983 }
984
985 testresult = 1;
986 err:
987 BIO_free(bio);
988
989 return testresult;
990 }
991 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
992
993 /*
994 * Test combinations of private, public, missing and private + public key
995 * params to ensure they are all accepted
996 */
997 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
test_EVP_PKEY_ffc_priv_pub(char * keytype)998 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
999 {
1000 OSSL_PARAM_BLD *bld = NULL;
1001 OSSL_PARAM *params = NULL;
1002 EVP_PKEY *just_params = NULL;
1003 EVP_PKEY *params_and_priv = NULL;
1004 EVP_PKEY *params_and_pub = NULL;
1005 EVP_PKEY *params_and_keypair = NULL;
1006 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
1007 int ret = 0;
1008
1009 /*
1010 * Setup the parameters for our pkey object. For our purposes they don't
1011 * have to actually be *valid* parameters. We just need to set something.
1012 */
1013 if (!TEST_ptr(p = BN_new())
1014 || !TEST_ptr(q = BN_new())
1015 || !TEST_ptr(g = BN_new())
1016 || !TEST_ptr(pub = BN_new())
1017 || !TEST_ptr(priv = BN_new()))
1018 goto err;
1019
1020 /* Test !priv and !pub */
1021 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1022 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1023 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1024 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
1025 goto err;
1026 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1027 || !TEST_ptr(just_params = make_key_fromdata(keytype, params)))
1028 goto err;
1029
1030 OSSL_PARAM_free(params);
1031 OSSL_PARAM_BLD_free(bld);
1032 params = NULL;
1033 bld = NULL;
1034
1035 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
1036 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
1037 goto err;
1038
1039 /* Test priv and !pub */
1040 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1041 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1042 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1043 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1044 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1045 priv)))
1046 goto err;
1047 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1048 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params)))
1049 goto err;
1050
1051 OSSL_PARAM_free(params);
1052 OSSL_PARAM_BLD_free(bld);
1053 params = NULL;
1054 bld = NULL;
1055
1056 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
1057 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
1058 goto err;
1059
1060 /* Test !priv and pub */
1061 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1062 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1063 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1064 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1065 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
1066 pub)))
1067 goto err;
1068 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1069 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params)))
1070 goto err;
1071
1072 OSSL_PARAM_free(params);
1073 OSSL_PARAM_BLD_free(bld);
1074 params = NULL;
1075 bld = NULL;
1076
1077 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
1078 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
1079 goto err;
1080
1081 /* Test priv and pub */
1082 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1083 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1084 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1085 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1086 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
1087 pub))
1088 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1089 priv)))
1090 goto err;
1091 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1092 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params)))
1093 goto err;
1094
1095 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
1096 goto err;
1097
1098 ret = 1;
1099 err:
1100 OSSL_PARAM_free(params);
1101 OSSL_PARAM_BLD_free(bld);
1102 EVP_PKEY_free(just_params);
1103 EVP_PKEY_free(params_and_priv);
1104 EVP_PKEY_free(params_and_pub);
1105 EVP_PKEY_free(params_and_keypair);
1106 BN_free(p);
1107 BN_free(q);
1108 BN_free(g);
1109 BN_free(pub);
1110 BN_free(priv);
1111
1112 return ret;
1113 }
1114 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
1115
1116 /*
1117 * Test combinations of private, public, missing and private + public key
1118 * params to ensure they are all accepted for EC keys
1119 */
1120 #ifndef OPENSSL_NO_EC
1121 static unsigned char ec_priv[] = {
1122 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
1123 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
1124 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
1125 };
1126 static unsigned char ec_pub[] = {
1127 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
1128 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
1129 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
1130 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
1131 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
1132 0x08, 0x09, 0xb8, 0xdb, 0x03
1133 };
1134
test_EC_priv_pub(void)1135 static int test_EC_priv_pub(void)
1136 {
1137 OSSL_PARAM_BLD *bld = NULL;
1138 OSSL_PARAM *params = NULL;
1139 EVP_PKEY *just_params = NULL;
1140 EVP_PKEY *params_and_priv = NULL;
1141 EVP_PKEY *params_and_pub = NULL;
1142 EVP_PKEY *params_and_keypair = NULL;
1143 BIGNUM *priv = NULL;
1144 int ret = 0;
1145 unsigned char *encoded = NULL;
1146 size_t len = 0;
1147 unsigned char buffer[128];
1148
1149 /*
1150 * Setup the parameters for our pkey object. For our purposes they don't
1151 * have to actually be *valid* parameters. We just need to set something.
1152 */
1153 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1154 goto err;
1155
1156 /* Test !priv and !pub */
1157 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1158 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1159 OSSL_PKEY_PARAM_GROUP_NAME,
1160 "P-256", 0)))
1161 goto err;
1162 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1163 || !TEST_ptr(just_params = make_key_fromdata("EC", params)))
1164 goto err;
1165
1166 OSSL_PARAM_free(params);
1167 OSSL_PARAM_BLD_free(bld);
1168 params = NULL;
1169 bld = NULL;
1170
1171 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
1172 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
1173 goto err;
1174
1175 /* Test priv and !pub */
1176 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1177 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1178 OSSL_PKEY_PARAM_GROUP_NAME,
1179 "P-256", 0))
1180 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1181 priv)))
1182 goto err;
1183 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1184 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params)))
1185 goto err;
1186
1187 OSSL_PARAM_free(params);
1188 OSSL_PARAM_BLD_free(bld);
1189 params = NULL;
1190 bld = NULL;
1191
1192 /*
1193 * We indicate only parameters here, in spite of having built a key that
1194 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
1195 * expected to fail because it does not support exporting a private EC
1196 * key without a corresponding public key
1197 */
1198 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
1199 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
1200 goto err;
1201
1202 /* Test !priv and pub */
1203 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1204 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1205 OSSL_PKEY_PARAM_GROUP_NAME,
1206 "P-256", 0))
1207 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1208 OSSL_PKEY_PARAM_PUB_KEY,
1209 ec_pub, sizeof(ec_pub))))
1210 goto err;
1211 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1212 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params)))
1213 goto err;
1214
1215 OSSL_PARAM_free(params);
1216 OSSL_PARAM_BLD_free(bld);
1217 params = NULL;
1218 bld = NULL;
1219
1220 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
1221 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
1222 goto err;
1223
1224 /* Test priv and pub */
1225 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1226 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1227 OSSL_PKEY_PARAM_GROUP_NAME,
1228 "P-256", 0))
1229 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1230 OSSL_PKEY_PARAM_PUB_KEY,
1231 ec_pub, sizeof(ec_pub)))
1232 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1233 priv)))
1234 goto err;
1235 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1236 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params)))
1237 goto err;
1238
1239 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
1240 goto err;
1241
1242 /* Try key equality */
1243 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0)
1244 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub),
1245 0)
1246 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv),
1247 0)
1248 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair),
1249 0)
1250 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0)
1251 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0)
1252 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0)
1253 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0))
1254 goto err;
1255
1256 /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */
1257 if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0))
1258 goto err;
1259 OPENSSL_free(encoded);
1260 encoded = NULL;
1261 if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) {
1262 OPENSSL_free(encoded);
1263 encoded = NULL;
1264 goto err;
1265 }
1266
1267 /* Positive and negative testcase for EVP_PKEY_get_octet_string_param */
1268 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1269 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1270 buffer, sizeof(buffer), &len), 1)
1271 || !TEST_int_eq(len, 65))
1272 goto err;
1273
1274 len = 0;
1275 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1276 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1277 NULL, 0, &len), 1)
1278 || !TEST_int_eq(len, 65))
1279 goto err;
1280
1281 /* too-short buffer len*/
1282 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1283 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1284 buffer, 10, &len), 0))
1285 goto err;
1286
1287 ret = 1;
1288 err:
1289 OSSL_PARAM_free(params);
1290 OSSL_PARAM_BLD_free(bld);
1291 EVP_PKEY_free(just_params);
1292 EVP_PKEY_free(params_and_priv);
1293 EVP_PKEY_free(params_and_pub);
1294 EVP_PKEY_free(params_and_keypair);
1295 BN_free(priv);
1296
1297 return ret;
1298 }
1299
1300 /* Also test that we can read the EC PUB affine coordinates */
test_evp_get_ec_pub(void)1301 static int test_evp_get_ec_pub(void)
1302 {
1303 OSSL_PARAM_BLD *bld = NULL;
1304 OSSL_PARAM *params = NULL;
1305 unsigned char *pad = NULL;
1306 EVP_PKEY *keypair = NULL;
1307 BIGNUM *priv = NULL;
1308 BIGNUM *x = NULL;
1309 BIGNUM *y = NULL;
1310 int ret = 0;
1311
1312 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1313 goto err;
1314
1315 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1316 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1317 OSSL_PKEY_PARAM_GROUP_NAME,
1318 "P-256", 0))
1319 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1320 OSSL_PKEY_PARAM_PUB_KEY,
1321 ec_pub, sizeof(ec_pub)))
1322 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1323 priv)))
1324 goto err;
1325
1326 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1327 || !TEST_ptr(keypair = make_key_fromdata("EC", params)))
1328 goto err;
1329
1330 if (!test_selection(keypair, EVP_PKEY_KEYPAIR))
1331 goto err;
1332
1333 if (!EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_X, &x)
1334 || !EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_Y, &y))
1335 goto err;
1336
1337 if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub))))
1338 goto err;
1339
1340 pad[0] = ec_pub[0];
1341 BN_bn2bin(x, &pad[1]);
1342 BN_bn2bin(y, &pad[33]);
1343 if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0))
1344 goto err;
1345
1346 ret = 1;
1347
1348 err:
1349 OSSL_PARAM_free(params);
1350 OSSL_PARAM_BLD_free(bld);
1351 EVP_PKEY_free(keypair);
1352 OPENSSL_free(pad);
1353 BN_free(priv);
1354 BN_free(x);
1355 BN_free(y);
1356 return ret;
1357 }
1358
1359 /* Test that using a legacy EC key with only a private key in it works */
1360 # ifndef OPENSSL_NO_DEPRECATED_3_0
test_EC_priv_only_legacy(void)1361 static int test_EC_priv_only_legacy(void)
1362 {
1363 BIGNUM *priv = NULL;
1364 int ret = 0;
1365 EC_KEY *eckey = NULL;
1366 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
1367 EVP_MD_CTX *ctx = NULL;
1368
1369 /* Create the low level EC_KEY */
1370 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1371 goto err;
1372
1373 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1374 if (!TEST_ptr(eckey))
1375 goto err;
1376
1377 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1378 goto err;
1379
1380 pkey = EVP_PKEY_new();
1381 if (!TEST_ptr(pkey))
1382 goto err;
1383
1384 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1385 goto err;
1386 eckey = NULL;
1387
1388 for (;;) {
1389 ret = 0;
1390 ctx = EVP_MD_CTX_new();
1391 if (!TEST_ptr(ctx))
1392 goto err;
1393
1394 /*
1395 * The EVP_DigestSignInit function should create the key on the
1396 * provider side which is sufficient for this test.
1397 */
1398 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
1399 testpropq, pkey, NULL)))
1400 goto err;
1401 EVP_MD_CTX_free(ctx);
1402 ctx = NULL;
1403
1404 if (dup_pk != NULL)
1405 break;
1406
1407 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
1408 goto err;
1409 /* EVP_PKEY_eq() returns -2 with missing public keys */
1410 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
1411 EVP_PKEY_free(pkey);
1412 pkey = dup_pk;
1413 if (!ret)
1414 goto err;
1415 }
1416 ret = 1;
1417
1418 err:
1419 EVP_MD_CTX_free(ctx);
1420 EVP_PKEY_free(pkey);
1421 EC_KEY_free(eckey);
1422 BN_free(priv);
1423
1424 return ret;
1425 }
1426
test_evp_get_ec_pub_legacy(void)1427 static int test_evp_get_ec_pub_legacy(void)
1428 {
1429 OSSL_LIB_CTX *libctx = NULL;
1430 unsigned char *pad = NULL;
1431 EVP_PKEY *pkey = NULL;
1432 EC_KEY *eckey = NULL;
1433 BIGNUM *priv = NULL;
1434 BIGNUM *x = NULL;
1435 BIGNUM *y = NULL;
1436 int ret = 0;
1437
1438 if (!TEST_ptr(libctx = OSSL_LIB_CTX_new()))
1439 goto err;
1440
1441 /* Create the legacy key */
1442 if (!TEST_ptr(eckey = EC_KEY_new_by_curve_name_ex(libctx, NULL,
1443 NID_X9_62_prime256v1)))
1444 goto err;
1445
1446 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1447 goto err;
1448
1449 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1450 goto err;
1451
1452 if (!TEST_ptr(x = BN_bin2bn(&ec_pub[1], 32, NULL)))
1453 goto err;
1454
1455 if (!TEST_ptr(y = BN_bin2bn(&ec_pub[33], 32, NULL)))
1456 goto err;
1457
1458 if (!TEST_true(EC_KEY_set_public_key_affine_coordinates(eckey, x, y)))
1459 goto err;
1460
1461 if (!TEST_ptr(pkey = EVP_PKEY_new()))
1462 goto err;
1463
1464 /* Transfer the legacy key */
1465 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1466 goto err;
1467 eckey = NULL;
1468
1469 if (!TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &x))
1470 || !TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &y)))
1471 goto err;
1472
1473 if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub))))
1474 goto err;
1475
1476 pad[0] = ec_pub[0];
1477 BN_bn2bin(x, &pad[1]);
1478 BN_bn2bin(y, &pad[33]);
1479
1480 if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0))
1481 goto err;
1482
1483 ret = 1;
1484
1485 err:
1486 OSSL_LIB_CTX_free(libctx);
1487 EVP_PKEY_free(pkey);
1488 EC_KEY_free(eckey);
1489 OPENSSL_free(pad);
1490 BN_free(priv);
1491 BN_free(x);
1492 BN_free(y);
1493
1494 return ret;
1495 }
1496 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
1497 #endif /* OPENSSL_NO_EC */
1498
test_EVP_PKEY_sign(int tst)1499 static int test_EVP_PKEY_sign(int tst)
1500 {
1501 int ret = 0;
1502 EVP_PKEY *pkey = NULL;
1503 unsigned char *sig = NULL;
1504 size_t sig_len = 0, shortsig_len = 1;
1505 EVP_PKEY_CTX *ctx = NULL;
1506 unsigned char tbs[] = {
1507 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1508 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1509 };
1510
1511 if (tst == 0) {
1512 if (!TEST_ptr(pkey = load_example_rsa_key()))
1513 goto out;
1514 } else if (tst == 1) {
1515 #ifndef OPENSSL_NO_DSA
1516 if (!TEST_ptr(pkey = load_example_dsa_key()))
1517 goto out;
1518 #else
1519 ret = 1;
1520 goto out;
1521 #endif
1522 } else {
1523 #ifndef OPENSSL_NO_EC
1524 if (!TEST_ptr(pkey = load_example_ec_key()))
1525 goto out;
1526 #else
1527 ret = 1;
1528 goto out;
1529 #endif
1530 }
1531
1532 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1533 if (!TEST_ptr(ctx)
1534 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1535 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1536 sizeof(tbs)), 0))
1537 goto out;
1538 sig = OPENSSL_malloc(sig_len);
1539 if (!TEST_ptr(sig)
1540 /* Test sending a signature buffer that is too short is rejected */
1541 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1542 sizeof(tbs)), 0)
1543 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1544 0)
1545 /* Test the signature round-trips */
1546 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1547 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1548 0))
1549 goto out;
1550
1551 ret = 1;
1552 out:
1553 EVP_PKEY_CTX_free(ctx);
1554 OPENSSL_free(sig);
1555 EVP_PKEY_free(pkey);
1556 return ret;
1557 }
1558
1559 #ifndef OPENSSL_NO_DEPRECATED_3_0
test_EVP_PKEY_sign_with_app_method(int tst)1560 static int test_EVP_PKEY_sign_with_app_method(int tst)
1561 {
1562 int ret = 0;
1563 EVP_PKEY *pkey = NULL;
1564 RSA *rsa = NULL;
1565 RSA_METHOD *rsa_meth = NULL;
1566 #ifndef OPENSSL_NO_DSA
1567 DSA *dsa = NULL;
1568 DSA_METHOD *dsa_meth = NULL;
1569 #endif
1570 unsigned char *sig = NULL;
1571 size_t sig_len = 0, shortsig_len = 1;
1572 EVP_PKEY_CTX *ctx = NULL;
1573 unsigned char tbs[] = {
1574 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1575 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1576 };
1577
1578 if (tst == 0) {
1579 if (!TEST_ptr(pkey = load_example_rsa_key()))
1580 goto out;
1581 if (!TEST_ptr(rsa_meth = RSA_meth_dup(RSA_get_default_method())))
1582 goto out;
1583
1584 if (!TEST_ptr(rsa = EVP_PKEY_get1_RSA(pkey))
1585 || !TEST_int_gt(RSA_set_method(rsa, rsa_meth), 0)
1586 || !TEST_int_gt(EVP_PKEY_assign_RSA(pkey, rsa), 0))
1587 goto out;
1588 rsa = NULL; /* now owned by the pkey */
1589 } else {
1590 #ifndef OPENSSL_NO_DSA
1591 if (!TEST_ptr(pkey = load_example_dsa_key()))
1592 goto out;
1593 if (!TEST_ptr(dsa_meth = DSA_meth_dup(DSA_get_default_method())))
1594 goto out;
1595
1596 if (!TEST_ptr(dsa = EVP_PKEY_get1_DSA(pkey))
1597 || !TEST_int_gt(DSA_set_method(dsa, dsa_meth), 0)
1598 || !TEST_int_gt(EVP_PKEY_assign_DSA(pkey, dsa), 0))
1599 goto out;
1600 dsa = NULL; /* now owned by the pkey */
1601 #else
1602 ret = 1;
1603 goto out;
1604 #endif
1605 }
1606
1607 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1608 if (!TEST_ptr(ctx)
1609 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1610 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1611 sizeof(tbs)), 0))
1612 goto out;
1613 sig = OPENSSL_malloc(sig_len);
1614 if (!TEST_ptr(sig)
1615 /* Test sending a signature buffer that is too short is rejected */
1616 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1617 sizeof(tbs)), 0)
1618 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1619 0)
1620 /* Test the signature round-trips */
1621 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1622 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1623 0))
1624 goto out;
1625
1626 ret = 1;
1627 out:
1628 EVP_PKEY_CTX_free(ctx);
1629 OPENSSL_free(sig);
1630 EVP_PKEY_free(pkey);
1631 RSA_free(rsa);
1632 RSA_meth_free(rsa_meth);
1633 #ifndef OPENSSL_NO_DSA
1634 DSA_free(dsa);
1635 DSA_meth_free(dsa_meth);
1636 #endif
1637 return ret;
1638 }
1639 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */
1640
1641 /*
1642 * n = 0 => test using legacy cipher
1643 * n = 1 => test using fetched cipher
1644 */
test_EVP_Enveloped(int n)1645 static int test_EVP_Enveloped(int n)
1646 {
1647 int ret = 0;
1648 EVP_CIPHER_CTX *ctx = NULL;
1649 EVP_PKEY *keypair = NULL;
1650 unsigned char *kek = NULL;
1651 unsigned char iv[EVP_MAX_IV_LENGTH];
1652 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1653 int len, kek_len, ciphertext_len, plaintext_len;
1654 unsigned char ciphertext[32], plaintext[16];
1655 EVP_CIPHER *type = NULL;
1656
1657 if (nullprov != NULL)
1658 return TEST_skip("Test does not support a non-default library context");
1659
1660 if (n == 0)
1661 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1662 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1663 testpropq)))
1664 goto err;
1665
1666 if (!TEST_ptr(keypair = load_example_rsa_key())
1667 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
1668 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1669 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1670 &keypair, 1))
1671 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1672 msg, sizeof(msg)))
1673 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1674 &len)))
1675 goto err;
1676
1677 ciphertext_len += len;
1678
1679 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1680 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1681 ciphertext, ciphertext_len))
1682 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1683 goto err;
1684
1685 plaintext_len += len;
1686 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1687 goto err;
1688
1689 ret = 1;
1690 err:
1691 if (n != 0)
1692 EVP_CIPHER_free(type);
1693 OPENSSL_free(kek);
1694 EVP_PKEY_free(keypair);
1695 EVP_CIPHER_CTX_free(ctx);
1696 return ret;
1697 }
1698
1699 /*
1700 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1701 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1702 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1703 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1704 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1705 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1706 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1707 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1708 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1709 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1710 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1711 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1712 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1713 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1714 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1715 * Test 15-29: Same as above with reinitialization
1716 */
test_EVP_DigestSignInit(int tst)1717 static int test_EVP_DigestSignInit(int tst)
1718 {
1719 int ret = 0;
1720 EVP_PKEY *pkey = NULL;
1721 unsigned char *sig = NULL, *sig2 = NULL;
1722 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
1723 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1724 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1725 BIO *mdbio = NULL, *membio = NULL;
1726 size_t written;
1727 const EVP_MD *md;
1728 EVP_MD *mdexp = NULL;
1729 int reinit = 0;
1730
1731 if (nullprov != NULL)
1732 return TEST_skip("Test does not support a non-default library context");
1733
1734 if (tst >= 15) {
1735 reinit = 1;
1736 tst -= 15;
1737 }
1738
1739 if (tst >= 6 && tst <= 8) {
1740 membio = BIO_new(BIO_s_mem());
1741 mdbio = BIO_new(BIO_f_md());
1742 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1743 goto out;
1744 BIO_push(mdbio, membio);
1745 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1746 goto out;
1747 } else {
1748 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1749 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1750 goto out;
1751 }
1752
1753 if (tst % 3 == 0) {
1754 if (!TEST_ptr(pkey = load_example_rsa_key()))
1755 goto out;
1756 } else if (tst % 3 == 1) {
1757 #ifndef OPENSSL_NO_DSA
1758 if (!TEST_ptr(pkey = load_example_dsa_key()))
1759 goto out;
1760 #else
1761 ret = 1;
1762 goto out;
1763 #endif
1764 } else {
1765 if (!TEST_ptr(pkey = load_example_hmac_key()))
1766 goto out;
1767 }
1768
1769 if (tst >= 3 && tst <= 5)
1770 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1771 else
1772 md = EVP_sha256();
1773
1774 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1775 goto out;
1776
1777 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
1778 goto out;
1779
1780 if (tst >= 6 && tst <= 8) {
1781 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1782 goto out;
1783 } else if (tst < 6) {
1784 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1785 goto out;
1786 }
1787
1788 if (tst >= 9) {
1789 /* Determine the size of the signature. */
1790 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1791 sizeof(kMsg)))
1792 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1793 goto out;
1794 if (tst <= 11) {
1795 /* Test that supply a short sig buffer fails */
1796 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1797 sizeof(kMsg))))
1798 goto out;
1799 /*
1800 * We end here because once EVP_DigestSign() has failed you should
1801 * not call it again without re-initing the ctx
1802 */
1803 ret = 1;
1804 goto out;
1805 }
1806 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1807 sizeof(kMsg))))
1808 goto out;
1809 } else {
1810 /* Determine the size of the signature. */
1811 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1812 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1813 /*
1814 * Trying to create a signature with a deliberately short
1815 * buffer should fail.
1816 */
1817 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1818 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1819 goto out;
1820 }
1821
1822 /*
1823 * Ensure that the signature round-trips (Verification isn't supported for
1824 * HMAC via EVP_DigestVerify*)
1825 */
1826 if (tst % 3 != 2) {
1827 if (tst >= 6 && tst <= 8) {
1828 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1829 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1830 goto out;
1831 }
1832
1833 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1834 NULL, pkey)))
1835 goto out;
1836
1837 if (tst >= 6 && tst <= 8) {
1838 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1839 goto out;
1840 } else {
1841 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1842 sizeof(kMsg))))
1843 goto out;
1844 }
1845 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1846 goto out;
1847
1848 /* Multiple calls to EVP_DigestVerifyFinal should work */
1849 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1850 goto out;
1851 } else {
1852 /*
1853 * For HMAC a doubled call to DigestSignFinal should produce the same
1854 * value as finalization should not happen.
1855 */
1856 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1857 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1858 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1859 goto out;
1860
1861 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1862 goto out;
1863 }
1864
1865 ret = 1;
1866
1867 out:
1868 BIO_free(membio);
1869 BIO_free(mdbio);
1870 EVP_MD_CTX_free(a_md_ctx);
1871 EVP_MD_CTX_free(a_md_ctx_verify);
1872 EVP_PKEY_free(pkey);
1873 OPENSSL_free(sig);
1874 OPENSSL_free(sig2);
1875 EVP_MD_free(mdexp);
1876
1877 return ret;
1878 }
1879
test_EVP_DigestVerifyInit(void)1880 static int test_EVP_DigestVerifyInit(void)
1881 {
1882 int ret = 0;
1883 EVP_PKEY *pkey = NULL;
1884 EVP_MD_CTX *md_ctx = NULL;
1885
1886 if (nullprov != NULL)
1887 return TEST_skip("Test does not support a non-default library context");
1888
1889 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1890 || !TEST_ptr(pkey = load_example_rsa_key()))
1891 goto out;
1892
1893 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1894 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1895 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1896 sizeof(kSignature)), 0))
1897 goto out;
1898
1899 /* test with reinitialization */
1900 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
1901 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1902 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1903 sizeof(kSignature)), 0))
1904 goto out;
1905 ret = 1;
1906
1907 out:
1908 EVP_MD_CTX_free(md_ctx);
1909 EVP_PKEY_free(pkey);
1910 return ret;
1911 }
1912
1913 #ifndef OPENSSL_NO_SIPHASH
1914 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
test_siphash_digestsign(void)1915 static int test_siphash_digestsign(void)
1916 {
1917 unsigned char key[16];
1918 unsigned char buf[8], digest[8];
1919 unsigned char expected[8] = {
1920 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1921 };
1922 EVP_PKEY *pkey = NULL;
1923 EVP_MD_CTX *mdctx = NULL;
1924 EVP_PKEY_CTX *ctx = NULL;
1925 int ret = 0;
1926 size_t len = 8;
1927
1928 if (nullprov != NULL)
1929 return TEST_skip("Test does not support a non-default library context");
1930
1931 memset(buf, 0, 8);
1932 memset(key, 1, 16);
1933 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
1934 key, 16)))
1935 goto out;
1936
1937 if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
1938 goto out;
1939
1940 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
1941 goto out;
1942 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
1943 EVP_PKEY_CTRL_SET_DIGEST_SIZE,
1944 8, NULL), 1))
1945 goto out;
1946 /* reinitialize */
1947 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
1948 goto out;
1949 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
1950 goto out;
1951 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
1952 goto out;
1953 if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
1954 goto out;
1955
1956 ret = 1;
1957 out:
1958 EVP_PKEY_free(pkey);
1959 EVP_MD_CTX_free(mdctx);
1960 return ret;
1961 }
1962 #endif
1963
1964 /*
1965 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1966 */
test_EVP_Digest(void)1967 static int test_EVP_Digest(void)
1968 {
1969 int ret = 0;
1970 EVP_MD_CTX *md_ctx = NULL;
1971 unsigned char md[EVP_MAX_MD_SIZE];
1972 EVP_MD *sha256 = NULL;
1973 EVP_MD *shake256 = NULL;
1974
1975 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1976 goto out;
1977
1978 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1979 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1980 goto out;
1981
1982 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1983 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1984 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1985 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1986 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1987 goto out;
1988
1989 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1990 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1991 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1992 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1993 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1994 /*
1995 * EVP_DigestInit_ex with NULL type should work on
1996 * pre-initialized context.
1997 */
1998 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1999 goto out;
2000
2001 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
2002 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
2003 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
2004 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
2005 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
2006 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
2007 goto out;
2008 ret = 1;
2009
2010 out:
2011 EVP_MD_CTX_free(md_ctx);
2012 EVP_MD_free(sha256);
2013 EVP_MD_free(shake256);
2014 return ret;
2015 }
2016
test_EVP_md_null(void)2017 static int test_EVP_md_null(void)
2018 {
2019 int ret = 0;
2020 EVP_MD_CTX *md_ctx = NULL;
2021 const EVP_MD *md_null = EVP_md_null();
2022 unsigned char md_value[EVP_MAX_MD_SIZE];
2023 unsigned int md_len = sizeof(md_value);
2024
2025 if (nullprov != NULL)
2026 return TEST_skip("Test does not support a non-default library context");
2027
2028 if (!TEST_ptr(md_null)
2029 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
2030 goto out;
2031
2032 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
2033 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
2034 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
2035 goto out;
2036
2037 if (!TEST_uint_eq(md_len, 0))
2038 goto out;
2039
2040 ret = 1;
2041 out:
2042 EVP_MD_CTX_free(md_ctx);
2043 return ret;
2044 }
2045
test_d2i_AutoPrivateKey(int i)2046 static int test_d2i_AutoPrivateKey(int i)
2047 {
2048 int ret = 0;
2049 const unsigned char *p;
2050 EVP_PKEY *pkey = NULL;
2051 const APK_DATA *ak = &keydata[i];
2052 const unsigned char *input = ak->kder;
2053 size_t input_len = ak->size;
2054 int expected_id = ak->evptype;
2055
2056 p = input;
2057 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
2058 || !TEST_ptr_eq(p, input + input_len)
2059 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2060 goto done;
2061
2062 ret = 1;
2063
2064 done:
2065 EVP_PKEY_free(pkey);
2066 return ret;
2067 }
2068
2069 #ifndef OPENSSL_NO_EC
2070
2071 static const unsigned char ec_public_sect163k1_validxy[] = {
2072 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
2073 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
2074 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
2075 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
2076 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
2077 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
2078 };
2079
2080 static const unsigned char ec_public_sect163k1_badx[] = {
2081 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
2082 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
2083 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
2084 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
2085 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
2086 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
2087 };
2088
2089 static const unsigned char ec_public_sect163k1_bady[] = {
2090 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
2091 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
2092 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
2093 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
2094 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
2095 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
2096 };
2097
2098 static struct ec_der_pub_keys_st {
2099 const unsigned char *der;
2100 size_t len;
2101 int valid;
2102 } ec_der_pub_keys[] = {
2103 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
2104 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
2105 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
2106 };
2107
2108 /*
2109 * Tests the range of the decoded EC char2 public point.
2110 * See ec_GF2m_simple_oct2point().
2111 */
test_invalide_ec_char2_pub_range_decode(int id)2112 static int test_invalide_ec_char2_pub_range_decode(int id)
2113 {
2114 int ret = 0;
2115 EVP_PKEY *pkey;
2116
2117 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
2118 ec_der_pub_keys[id].len);
2119
2120 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
2121 || TEST_ptr_null(pkey);
2122 EVP_PKEY_free(pkey);
2123 return ret;
2124 }
2125
2126 /* Tests loading a bad key in PKCS8 format */
test_EVP_PKCS82PKEY(void)2127 static int test_EVP_PKCS82PKEY(void)
2128 {
2129 int ret = 0;
2130 const unsigned char *derp = kExampleBadECKeyDER;
2131 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
2132 EVP_PKEY *pkey = NULL;
2133
2134 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
2135 sizeof(kExampleBadECKeyDER))))
2136 goto done;
2137
2138 if (!TEST_ptr_eq(derp,
2139 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
2140 goto done;
2141
2142 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
2143 goto done;
2144
2145 ret = 1;
2146
2147 done:
2148 PKCS8_PRIV_KEY_INFO_free(p8inf);
2149 EVP_PKEY_free(pkey);
2150
2151 return ret;
2152 }
2153
2154 #endif
test_EVP_PKCS82PKEY_wrong_tag(void)2155 static int test_EVP_PKCS82PKEY_wrong_tag(void)
2156 {
2157 EVP_PKEY *pkey = NULL;
2158 EVP_PKEY *pkey2 = NULL;
2159 BIO *membio = NULL;
2160 char *membuf = NULL;
2161 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
2162 int ok = 0;
2163
2164 if (testctx != NULL)
2165 /* test not supported with non-default context */
2166 return 1;
2167
2168 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
2169 || !TEST_ptr(pkey = load_example_rsa_key())
2170 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
2171 NULL, 0, NULL, NULL),
2172 0)
2173 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
2174 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
2175 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
2176 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
2177 goto done;
2178 }
2179
2180 ok = 1;
2181 done:
2182 EVP_PKEY_free(pkey);
2183 EVP_PKEY_free(pkey2);
2184 PKCS8_PRIV_KEY_INFO_free(p8inf);
2185 BIO_free_all(membio);
2186 return ok;
2187 }
2188
2189 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
test_privatekey_to_pkcs8(void)2190 static int test_privatekey_to_pkcs8(void)
2191 {
2192 EVP_PKEY *pkey = NULL;
2193 BIO *membio = NULL;
2194 char *membuf = NULL;
2195 long membuf_len = 0;
2196 int ok = 0;
2197
2198 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
2199 || !TEST_ptr(pkey = load_example_rsa_key())
2200 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
2201 NULL, 0, NULL, NULL),
2202 0)
2203 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
2204 || !TEST_ptr(membuf)
2205 || !TEST_mem_eq(membuf, (size_t)membuf_len,
2206 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
2207 /*
2208 * We try to write PEM as well, just to see that it doesn't err, but
2209 * assume that the result is correct.
2210 */
2211 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
2212 NULL, 0, NULL, NULL),
2213 0))
2214 goto done;
2215
2216 ok = 1;
2217 done:
2218 EVP_PKEY_free(pkey);
2219 BIO_free_all(membio);
2220 return ok;
2221 }
2222
2223 #ifndef OPENSSL_NO_EC
2224 static const struct {
2225 int encoding;
2226 const char *encoding_name;
2227 } ec_encodings[] = {
2228 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
2229 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
2230 };
2231
ec_export_get_encoding_cb(const OSSL_PARAM params[],void * arg)2232 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
2233 {
2234 const OSSL_PARAM *p;
2235 const char *enc_name = NULL;
2236 int *enc = arg;
2237 size_t i;
2238
2239 *enc = -1;
2240
2241 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
2242 OSSL_PKEY_PARAM_EC_ENCODING))
2243 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
2244 return 0;
2245
2246 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
2247 if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
2248 *enc = ec_encodings[i].encoding;
2249 break;
2250 }
2251 }
2252
2253 return (*enc != -1);
2254 }
2255
test_EC_keygen_with_enc(int idx)2256 static int test_EC_keygen_with_enc(int idx)
2257 {
2258 EVP_PKEY *params = NULL, *key = NULL;
2259 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
2260 int enc;
2261 int ret = 0;
2262
2263 enc = ec_encodings[idx].encoding;
2264
2265 /* Create key parameters */
2266 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
2267 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
2268 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0)
2269 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0)
2270 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))
2271 || !TEST_ptr(params))
2272 goto done;
2273
2274 /* Create key */
2275 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
2276 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2277 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
2278 || !TEST_ptr(key))
2279 goto done;
2280
2281 /* Check that the encoding got all the way into the key */
2282 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
2283 ec_export_get_encoding_cb, &enc))
2284 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
2285 goto done;
2286
2287 ret = 1;
2288 done:
2289 EVP_PKEY_free(key);
2290 EVP_PKEY_free(params);
2291 EVP_PKEY_CTX_free(kctx);
2292 EVP_PKEY_CTX_free(pctx);
2293 return ret;
2294 }
2295 #endif
2296
2297 #if !defined(OPENSSL_NO_SM2)
2298
test_EVP_SM2_verify(void)2299 static int test_EVP_SM2_verify(void)
2300 {
2301 const char *pubkey =
2302 "-----BEGIN PUBLIC KEY-----\n"
2303 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
2304 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
2305 "-----END PUBLIC KEY-----\n";
2306
2307 const char *msg = "message digest";
2308 const char *id = "ALICE123@YAHOO.COM";
2309
2310 const uint8_t signature[] = {
2311 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
2312 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
2313 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
2314 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
2315 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
2316 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
2317 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
2318 };
2319
2320 int rc = 0;
2321 BIO *bio = NULL;
2322 EVP_PKEY *pkey = NULL;
2323 EVP_MD_CTX *mctx = NULL;
2324 EVP_PKEY_CTX *pctx = NULL;
2325 EVP_MD *sm3 = NULL;
2326
2327 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
2328 if (!TEST_true(bio != NULL))
2329 goto done;
2330
2331 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
2332 if (!TEST_true(pkey != NULL))
2333 goto done;
2334
2335 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
2336 goto done;
2337
2338 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
2339 goto done;
2340
2341 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2342 goto done;
2343
2344 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
2345
2346 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
2347 goto done;
2348
2349 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
2350 goto done;
2351
2352 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
2353 goto done;
2354
2355 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
2356 goto done;
2357
2358 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
2359 goto done;
2360 rc = 1;
2361
2362 done:
2363 BIO_free(bio);
2364 EVP_PKEY_free(pkey);
2365 EVP_PKEY_CTX_free(pctx);
2366 EVP_MD_CTX_free(mctx);
2367 EVP_MD_free(sm3);
2368 return rc;
2369 }
2370
test_EVP_SM2(void)2371 static int test_EVP_SM2(void)
2372 {
2373 int ret = 0;
2374 EVP_PKEY *pkey = NULL;
2375 EVP_PKEY *pkeyparams = NULL;
2376 EVP_PKEY_CTX *pctx = NULL;
2377 EVP_PKEY_CTX *kctx = NULL;
2378 EVP_PKEY_CTX *sctx = NULL;
2379 size_t sig_len = 0;
2380 unsigned char *sig = NULL;
2381 EVP_MD_CTX *md_ctx = NULL;
2382 EVP_MD_CTX *md_ctx_verify = NULL;
2383 EVP_PKEY_CTX *cctx = NULL;
2384 EVP_MD *check_md = NULL;
2385
2386 uint8_t ciphertext[128];
2387 size_t ctext_len = sizeof(ciphertext);
2388
2389 uint8_t plaintext[8];
2390 size_t ptext_len = sizeof(plaintext);
2391
2392 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
2393
2394 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
2395 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
2396 int i;
2397 char mdname[OSSL_MAX_NAME_SIZE];
2398
2399 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
2400 "SM2", testpropq)))
2401 goto done;
2402
2403 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
2404 goto done;
2405
2406 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0))
2407 goto done;
2408
2409 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
2410 goto done;
2411
2412 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2413 pkeyparams, testpropq)))
2414 goto done;
2415
2416 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0))
2417 goto done;
2418
2419 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
2420 goto done;
2421
2422 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
2423 goto done;
2424
2425 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
2426 goto done;
2427
2428 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2429 goto done;
2430
2431 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
2432 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
2433
2434 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
2435 goto done;
2436
2437 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
2438 goto done;
2439
2440 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
2441 goto done;
2442
2443 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
2444 goto done;
2445
2446 /* Determine the size of the signature. */
2447 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
2448 goto done;
2449
2450 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
2451 goto done;
2452
2453 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
2454 goto done;
2455
2456 /* Ensure that the signature round-trips. */
2457
2458 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
2459 pkey)))
2460 goto done;
2461
2462 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
2463 goto done;
2464
2465 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2466 goto done;
2467
2468 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2469 goto done;
2470
2471 /*
2472 * Try verify again with non-matching 0 length id but ensure that it can
2473 * be set on the context and overrides the previous value.
2474 */
2475
2476 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
2477 pkey)))
2478 goto done;
2479
2480 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0))
2481 goto done;
2482
2483 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2484 goto done;
2485
2486 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2487 goto done;
2488
2489 /* now check encryption/decryption */
2490
2491 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2492 mdname, sizeof(mdname));
2493 for (i = 0; i < 2; i++) {
2494 const char *mdnames[] = {
2495 #ifndef OPENSSL_NO_SM3
2496 "SM3",
2497 #else
2498 NULL,
2499 #endif
2500 "SHA2-256" };
2501 EVP_PKEY_CTX_free(cctx);
2502
2503 if (mdnames[i] == NULL)
2504 continue;
2505
2506 sparams[0] =
2507 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2508 (char *)mdnames[i], 0);
2509
2510 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2511 pkey, testpropq)))
2512 goto done;
2513
2514 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
2515 goto done;
2516
2517 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2518 goto done;
2519
2520 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
2521 sizeof(kMsg))))
2522 goto done;
2523
2524 if (!TEST_int_gt(EVP_PKEY_decrypt_init(cctx), 0))
2525 goto done;
2526
2527 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2528 goto done;
2529
2530 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
2531 ctext_len), 0))
2532 goto done;
2533
2534 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
2535 goto done;
2536
2537 /*
2538 * Test we're still using the digest we think we are.
2539 * Because of aliases, the easiest is to fetch the digest and
2540 * check the name with EVP_MD_is_a().
2541 */
2542 EVP_MD_free(check_md);
2543 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
2544 goto done;
2545 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
2546 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
2547 goto done;
2548 }
2549
2550 if (!TEST_true(ptext_len == sizeof(kMsg)))
2551 goto done;
2552
2553 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
2554 goto done;
2555 }
2556
2557 ret = 1;
2558 done:
2559 EVP_PKEY_CTX_free(pctx);
2560 EVP_PKEY_CTX_free(kctx);
2561 EVP_PKEY_CTX_free(sctx);
2562 EVP_PKEY_CTX_free(cctx);
2563 EVP_PKEY_free(pkey);
2564 EVP_PKEY_free(pkeyparams);
2565 EVP_MD_CTX_free(md_ctx);
2566 EVP_MD_CTX_free(md_ctx_verify);
2567 EVP_MD_free(check_md);
2568 OPENSSL_free(sig);
2569 return ret;
2570 }
2571
2572 #endif
2573
2574 static struct keys_st {
2575 int type;
2576 char *priv;
2577 char *pub;
2578 } keys[] = {
2579 {
2580 EVP_PKEY_HMAC, "0123456789", NULL
2581 },
2582 {
2583 EVP_PKEY_HMAC, "", NULL
2584 #ifndef OPENSSL_NO_POLY1305
2585 }, {
2586 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
2587 #endif
2588 #ifndef OPENSSL_NO_SIPHASH
2589 }, {
2590 EVP_PKEY_SIPHASH, "0123456789012345", NULL
2591 #endif
2592 },
2593 #ifndef OPENSSL_NO_ECX
2594 {
2595 EVP_PKEY_X25519, "01234567890123456789012345678901",
2596 "abcdefghijklmnopqrstuvwxyzabcdef"
2597 }, {
2598 EVP_PKEY_ED25519, "01234567890123456789012345678901",
2599 "abcdefghijklmnopqrstuvwxyzabcdef"
2600 }, {
2601 EVP_PKEY_X448,
2602 "01234567890123456789012345678901234567890123456789012345",
2603 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2604 }, {
2605 EVP_PKEY_ED448,
2606 "012345678901234567890123456789012345678901234567890123456",
2607 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2608 }
2609 #endif
2610 };
2611
test_set_get_raw_keys_int(int tst,int pub,int uselibctx)2612 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
2613 {
2614 int ret = 0;
2615 unsigned char buf[80];
2616 unsigned char *in;
2617 size_t inlen, len = 0, shortlen = 1;
2618 EVP_PKEY *pkey;
2619
2620 /* Check if this algorithm supports public keys */
2621 if (pub && keys[tst].pub == NULL)
2622 return 1;
2623
2624 memset(buf, 0, sizeof(buf));
2625
2626 if (pub) {
2627 #ifndef OPENSSL_NO_EC
2628 inlen = strlen(keys[tst].pub);
2629 in = (unsigned char *)keys[tst].pub;
2630 if (uselibctx) {
2631 pkey = EVP_PKEY_new_raw_public_key_ex(
2632 testctx,
2633 OBJ_nid2sn(keys[tst].type),
2634 NULL,
2635 in,
2636 inlen);
2637 } else {
2638 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
2639 NULL,
2640 in,
2641 inlen);
2642 }
2643 #else
2644 return 1;
2645 #endif
2646 } else {
2647 inlen = strlen(keys[tst].priv);
2648 in = (unsigned char *)keys[tst].priv;
2649 if (uselibctx) {
2650 pkey = EVP_PKEY_new_raw_private_key_ex(
2651 testctx, OBJ_nid2sn(keys[tst].type),
2652 NULL,
2653 in,
2654 inlen);
2655 } else {
2656 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
2657 NULL,
2658 in,
2659 inlen);
2660 }
2661 }
2662
2663 if (!TEST_ptr(pkey)
2664 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
2665 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
2666 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
2667 || !TEST_true(len == inlen))
2668 goto done;
2669 if (tst != 1) {
2670 /*
2671 * Test that supplying a buffer that is too small fails. Doesn't apply
2672 * to HMAC with a zero length key
2673 */
2674 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
2675 &shortlen)))
2676 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
2677 &shortlen))))
2678 goto done;
2679 }
2680 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
2681 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
2682 || !TEST_mem_eq(in, inlen, buf, len))
2683 goto done;
2684
2685 ret = 1;
2686 done:
2687 EVP_PKEY_free(pkey);
2688 return ret;
2689 }
2690
test_set_get_raw_keys(int tst)2691 static int test_set_get_raw_keys(int tst)
2692 {
2693 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
2694 && test_set_get_raw_keys_int(tst, 0, 1)
2695 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
2696 && test_set_get_raw_keys_int(tst, 1, 1);
2697 }
2698
2699 #ifndef OPENSSL_NO_DEPRECATED_3_0
pkey_custom_check(EVP_PKEY * pkey)2700 static int pkey_custom_check(EVP_PKEY *pkey)
2701 {
2702 return 0xbeef;
2703 }
2704
pkey_custom_pub_check(EVP_PKEY * pkey)2705 static int pkey_custom_pub_check(EVP_PKEY *pkey)
2706 {
2707 return 0xbeef;
2708 }
2709
pkey_custom_param_check(EVP_PKEY * pkey)2710 static int pkey_custom_param_check(EVP_PKEY *pkey)
2711 {
2712 return 0xbeef;
2713 }
2714
2715 static EVP_PKEY_METHOD *custom_pmeth;
2716 #endif
2717
test_EVP_PKEY_check(int i)2718 static int test_EVP_PKEY_check(int i)
2719 {
2720 int ret = 0;
2721 EVP_PKEY *pkey = NULL;
2722 EVP_PKEY_CTX *ctx = NULL;
2723 #ifndef OPENSSL_NO_DEPRECATED_3_0
2724 EVP_PKEY_CTX *ctx2 = NULL;
2725 #endif
2726 const APK_DATA *ak = &keycheckdata[i];
2727 const unsigned char *input = ak->kder;
2728 size_t input_len = ak->size;
2729 int expected_id = ak->evptype;
2730 int expected_check = ak->check;
2731 int expected_pub_check = ak->pub_check;
2732 int expected_param_check = ak->param_check;
2733 int type = ak->type;
2734
2735 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
2736 goto done;
2737 if (type == 0
2738 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2739 goto done;
2740
2741 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2742 goto done;
2743
2744 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
2745 goto done;
2746
2747 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
2748 goto done;
2749
2750 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
2751 goto done;
2752
2753 #ifndef OPENSSL_NO_DEPRECATED_3_0
2754 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
2755 /* assign the pkey directly, as an internal test */
2756 EVP_PKEY_up_ref(pkey);
2757 ctx2->pkey = pkey;
2758
2759 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
2760 goto done;
2761
2762 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
2763 goto done;
2764
2765 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
2766 goto done;
2767 #endif
2768
2769 ret = 1;
2770
2771 done:
2772 EVP_PKEY_CTX_free(ctx);
2773 #ifndef OPENSSL_NO_DEPRECATED_3_0
2774 EVP_PKEY_CTX_free(ctx2);
2775 #endif
2776 EVP_PKEY_free(pkey);
2777 return ret;
2778 }
2779
2780 #ifndef OPENSSL_NO_CMAC
get_cmac_val(EVP_PKEY * pkey,unsigned char * mac)2781 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
2782 {
2783 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
2784 const char msg[] = "Hello World";
2785 size_t maclen = AES_BLOCK_SIZE;
2786 int ret = 1;
2787
2788 if (!TEST_ptr(mdctx)
2789 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
2790 testpropq, pkey, NULL))
2791 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
2792 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
2793 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
2794 ret = 0;
2795
2796 EVP_MD_CTX_free(mdctx);
2797
2798 return ret;
2799 }
test_CMAC_keygen(void)2800 static int test_CMAC_keygen(void)
2801 {
2802 static unsigned char key[] = {
2803 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2804 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2805 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2806 };
2807 EVP_PKEY_CTX *kctx = NULL;
2808 int ret = 0;
2809 EVP_PKEY *pkey = NULL;
2810 unsigned char mac[AES_BLOCK_SIZE];
2811 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2812 unsigned char mac2[AES_BLOCK_SIZE];
2813 # endif
2814
2815 if (nullprov != NULL)
2816 return TEST_skip("Test does not support a non-default library context");
2817
2818 /*
2819 * This is a legacy method for CMACs, but should still work.
2820 * This verifies that it works without an ENGINE.
2821 */
2822 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2823
2824 /* Test a CMAC key created using the "generated" method */
2825 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2826 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2827 EVP_PKEY_CTRL_CIPHER,
2828 0, (void *)EVP_aes_256_cbc()), 0)
2829 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2830 EVP_PKEY_CTRL_SET_MAC_KEY,
2831 sizeof(key), (void *)key), 0)
2832 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2833 || !TEST_ptr(pkey)
2834 || !TEST_true(get_cmac_val(pkey, mac)))
2835 goto done;
2836
2837 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2838 EVP_PKEY_free(pkey);
2839
2840 /*
2841 * Test a CMAC key using the direct method, and compare with the mac
2842 * created above.
2843 */
2844 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_cbc());
2845 if (!TEST_ptr(pkey)
2846 || !TEST_true(get_cmac_val(pkey, mac2))
2847 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
2848 goto done;
2849 # endif
2850
2851 ret = 1;
2852
2853 done:
2854 EVP_PKEY_free(pkey);
2855 EVP_PKEY_CTX_free(kctx);
2856 return ret;
2857 }
2858 #endif
2859
test_HKDF(void)2860 static int test_HKDF(void)
2861 {
2862 EVP_PKEY_CTX *pctx;
2863 unsigned char out[20];
2864 size_t outlen;
2865 int i, ret = 0;
2866 unsigned char salt[] = "0123456789";
2867 unsigned char key[] = "012345678901234567890123456789";
2868 unsigned char info[] = "infostring";
2869 const unsigned char expected[] = {
2870 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2871 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2872 };
2873 size_t expectedlen = sizeof(expected);
2874
2875 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2876 goto done;
2877
2878 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2879 for (i = 0; i < 2; i++) {
2880 outlen = sizeof(out);
2881 memset(out, 0, outlen);
2882
2883 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2884 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2885 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2886 sizeof(salt) - 1), 0)
2887 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2888 sizeof(key) - 1), 0)
2889 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2890 sizeof(info) - 1), 0)
2891 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2892 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2893 goto done;
2894 }
2895
2896 ret = 1;
2897
2898 done:
2899 EVP_PKEY_CTX_free(pctx);
2900
2901 return ret;
2902 }
2903
test_emptyikm_HKDF(void)2904 static int test_emptyikm_HKDF(void)
2905 {
2906 EVP_PKEY_CTX *pctx;
2907 unsigned char out[20];
2908 size_t outlen;
2909 int ret = 0;
2910 unsigned char salt[] = "9876543210";
2911 unsigned char key[] = "";
2912 unsigned char info[] = "stringinfo";
2913 const unsigned char expected[] = {
2914 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2915 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2916 };
2917 size_t expectedlen = sizeof(expected);
2918
2919 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2920 goto done;
2921
2922 outlen = sizeof(out);
2923 memset(out, 0, outlen);
2924
2925 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2926 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2927 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2928 sizeof(salt) - 1), 0)
2929 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2930 sizeof(key) - 1), 0)
2931 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2932 sizeof(info) - 1), 0)
2933 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2934 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2935 goto done;
2936
2937 ret = 1;
2938
2939 done:
2940 EVP_PKEY_CTX_free(pctx);
2941
2942 return ret;
2943 }
2944
test_empty_salt_info_HKDF(void)2945 static int test_empty_salt_info_HKDF(void)
2946 {
2947 EVP_PKEY_CTX *pctx;
2948 unsigned char out[20];
2949 size_t outlen;
2950 int ret = 0;
2951 unsigned char salt[] = "";
2952 unsigned char key[] = "012345678901234567890123456789";
2953 unsigned char info[] = "";
2954 const unsigned char expected[] = {
2955 0x67, 0x12, 0xf9, 0x27, 0x8a, 0x8a, 0x3a, 0x8f, 0x7d, 0x2c, 0xa3, 0x6a,
2956 0xaa, 0xe9, 0xb3, 0xb9, 0x52, 0x5f, 0xe0, 0x06,
2957 };
2958 size_t expectedlen = sizeof(expected);
2959
2960 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2961 goto done;
2962
2963 outlen = sizeof(out);
2964 memset(out, 0, outlen);
2965
2966 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2967 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2968 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2969 sizeof(salt) - 1), 0)
2970 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2971 sizeof(key) - 1), 0)
2972 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2973 sizeof(info) - 1), 0)
2974 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2975 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2976 goto done;
2977
2978 ret = 1;
2979
2980 done:
2981 EVP_PKEY_CTX_free(pctx);
2982
2983 return ret;
2984 }
2985
2986 #ifndef OPENSSL_NO_EC
test_X509_PUBKEY_inplace(void)2987 static int test_X509_PUBKEY_inplace(void)
2988 {
2989 int ret = 0;
2990 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
2991 const unsigned char *p = kExampleECPubKeyDER;
2992 size_t input_len = sizeof(kExampleECPubKeyDER);
2993
2994 if (!TEST_ptr(xp))
2995 goto done;
2996 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
2997 goto done;
2998
2999 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
3000 goto done;
3001
3002 p = kExampleBadECPubKeyDER;
3003 input_len = sizeof(kExampleBadECPubKeyDER);
3004
3005 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
3006 goto done;
3007
3008 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
3009 goto done;
3010
3011 ret = 1;
3012
3013 done:
3014 X509_PUBKEY_free(xp);
3015 return ret;
3016 }
3017
test_X509_PUBKEY_dup(void)3018 static int test_X509_PUBKEY_dup(void)
3019 {
3020 int ret = 0;
3021 X509_PUBKEY *xp = NULL, *xq = NULL;
3022 const unsigned char *p = kExampleECPubKeyDER;
3023 size_t input_len = sizeof(kExampleECPubKeyDER);
3024
3025 xp = X509_PUBKEY_new_ex(testctx, testpropq);
3026 if (!TEST_ptr(xp)
3027 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
3028 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
3029 || !TEST_ptr_ne(xp, xq))
3030 goto done;
3031
3032 if (!TEST_ptr(X509_PUBKEY_get0(xq))
3033 || !TEST_ptr(X509_PUBKEY_get0(xp))
3034 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
3035 goto done;
3036
3037 X509_PUBKEY_free(xq);
3038 xq = NULL;
3039 p = kExampleBadECPubKeyDER;
3040 input_len = sizeof(kExampleBadECPubKeyDER);
3041
3042 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
3043 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
3044 goto done;
3045
3046 X509_PUBKEY_free(xp);
3047 xp = NULL;
3048 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
3049 goto done;
3050
3051 ret = 1;
3052
3053 done:
3054 X509_PUBKEY_free(xp);
3055 X509_PUBKEY_free(xq);
3056 return ret;
3057 }
3058 #endif /* OPENSSL_NO_EC */
3059
3060 /* Test getting and setting parameters on an EVP_PKEY_CTX */
test_EVP_PKEY_CTX_get_set_params(EVP_PKEY * pkey)3061 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
3062 {
3063 EVP_MD_CTX *mdctx = NULL;
3064 EVP_PKEY_CTX *ctx = NULL;
3065 const OSSL_PARAM *params;
3066 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
3067 int ret = 0;
3068 const EVP_MD *md;
3069 char mdname[OSSL_MAX_NAME_SIZE];
3070 char ssl3ms[48];
3071
3072 /* Initialise a sign operation */
3073 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
3074 if (!TEST_ptr(ctx)
3075 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
3076 goto err;
3077
3078 /*
3079 * We should be able to query the parameters now.
3080 */
3081 params = EVP_PKEY_CTX_settable_params(ctx);
3082 if (!TEST_ptr(params)
3083 || !TEST_ptr(OSSL_PARAM_locate_const(params,
3084 OSSL_SIGNATURE_PARAM_DIGEST)))
3085 goto err;
3086
3087 params = EVP_PKEY_CTX_gettable_params(ctx);
3088 if (!TEST_ptr(params)
3089 || !TEST_ptr(OSSL_PARAM_locate_const(params,
3090 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
3091 || !TEST_ptr(OSSL_PARAM_locate_const(params,
3092 OSSL_SIGNATURE_PARAM_DIGEST)))
3093 goto err;
3094
3095 /*
3096 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
3097 * EVP_PKEY_CTX_get_params()
3098 */
3099 strcpy(mdname, "SHA512");
3100 param_md = param;
3101 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
3102 mdname, 0);
3103 *param++ = OSSL_PARAM_construct_end();
3104
3105 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
3106 goto err;
3107
3108 mdname[0] = '\0';
3109 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
3110 mdname, sizeof(mdname));
3111 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
3112 || !TEST_str_eq(mdname, "SHA512"))
3113 goto err;
3114
3115 /*
3116 * Test the TEST_PKEY_CTX_set_signature_md() and
3117 * TEST_PKEY_CTX_get_signature_md() functions
3118 */
3119 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
3120 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
3121 || !TEST_ptr_eq(md, EVP_sha256()))
3122 goto err;
3123
3124 /*
3125 * Test getting MD parameters via an associated EVP_PKEY_CTX
3126 */
3127 mdctx = EVP_MD_CTX_new();
3128 if (!TEST_ptr(mdctx)
3129 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
3130 pkey, NULL)))
3131 goto err;
3132
3133 /*
3134 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
3135 * able to obtain the digest's settable parameters from the provider.
3136 */
3137 params = EVP_MD_CTX_settable_params(mdctx);
3138 if (!TEST_ptr(params)
3139 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
3140 /* The final key should be NULL */
3141 || !TEST_ptr_null(params[1].key))
3142 goto err;
3143
3144 param = ourparams;
3145 memset(ssl3ms, 0, sizeof(ssl3ms));
3146 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
3147 ssl3ms, sizeof(ssl3ms));
3148 *param++ = OSSL_PARAM_construct_end();
3149
3150 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
3151 goto err;
3152
3153 ret = 1;
3154
3155 err:
3156 EVP_MD_CTX_free(mdctx);
3157 EVP_PKEY_CTX_free(ctx);
3158
3159 return ret;
3160 }
3161
3162 #ifndef OPENSSL_NO_DSA
test_DSA_get_set_params(void)3163 static int test_DSA_get_set_params(void)
3164 {
3165 OSSL_PARAM_BLD *bld = NULL;
3166 OSSL_PARAM *params = NULL;
3167 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
3168 EVP_PKEY_CTX *pctx = NULL;
3169 EVP_PKEY *pkey = NULL;
3170 int ret = 0;
3171
3172 /*
3173 * Setup the parameters for our DSA object. For our purposes they don't
3174 * have to actually be *valid* parameters. We just need to set something.
3175 */
3176 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
3177 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
3178 || !TEST_ptr(p = BN_new())
3179 || !TEST_ptr(q = BN_new())
3180 || !TEST_ptr(g = BN_new())
3181 || !TEST_ptr(pub = BN_new())
3182 || !TEST_ptr(priv = BN_new()))
3183 goto err;
3184 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
3185 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
3186 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
3187 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
3188 pub))
3189 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
3190 priv)))
3191 goto err;
3192 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
3193 goto err;
3194
3195 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
3196 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
3197 params), 0))
3198 goto err;
3199
3200 if (!TEST_ptr(pkey))
3201 goto err;
3202
3203 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
3204
3205 err:
3206 EVP_PKEY_free(pkey);
3207 EVP_PKEY_CTX_free(pctx);
3208 OSSL_PARAM_free(params);
3209 OSSL_PARAM_BLD_free(bld);
3210 BN_free(p);
3211 BN_free(q);
3212 BN_free(g);
3213 BN_free(pub);
3214 BN_free(priv);
3215
3216 return ret;
3217 }
3218
3219 /*
3220 * Test combinations of private, public, missing and private + public key
3221 * params to ensure they are all accepted
3222 */
test_DSA_priv_pub(void)3223 static int test_DSA_priv_pub(void)
3224 {
3225 return test_EVP_PKEY_ffc_priv_pub("DSA");
3226 }
3227
3228 #endif /* !OPENSSL_NO_DSA */
3229
test_RSA_get_set_params(void)3230 static int test_RSA_get_set_params(void)
3231 {
3232 OSSL_PARAM_BLD *bld = NULL;
3233 OSSL_PARAM *params = NULL;
3234 BIGNUM *n = NULL, *e = NULL, *d = NULL;
3235 EVP_PKEY_CTX *pctx = NULL;
3236 EVP_PKEY *pkey = NULL;
3237 int ret = 0;
3238
3239 /*
3240 * Setup the parameters for our RSA object. For our purposes they don't
3241 * have to actually be *valid* parameters. We just need to set something.
3242 */
3243 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
3244 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
3245 || !TEST_ptr(n = BN_new())
3246 || !TEST_ptr(e = BN_new())
3247 || !TEST_ptr(d = BN_new()))
3248 goto err;
3249 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
3250 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
3251 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
3252 goto err;
3253 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
3254 goto err;
3255
3256 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
3257 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
3258 params), 0))
3259 goto err;
3260
3261 if (!TEST_ptr(pkey))
3262 goto err;
3263
3264 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
3265
3266 err:
3267 EVP_PKEY_free(pkey);
3268 EVP_PKEY_CTX_free(pctx);
3269 OSSL_PARAM_free(params);
3270 OSSL_PARAM_BLD_free(bld);
3271 BN_free(n);
3272 BN_free(e);
3273 BN_free(d);
3274
3275 return ret;
3276 }
3277
test_RSA_OAEP_set_get_params(void)3278 static int test_RSA_OAEP_set_get_params(void)
3279 {
3280 int ret = 0;
3281 EVP_PKEY *key = NULL;
3282 EVP_PKEY_CTX *key_ctx = NULL;
3283
3284 if (nullprov != NULL)
3285 return TEST_skip("Test does not support a non-default library context");
3286
3287 if (!TEST_ptr(key = load_example_rsa_key())
3288 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(0, key, 0)))
3289 goto err;
3290
3291 {
3292 int padding = RSA_PKCS1_OAEP_PADDING;
3293 OSSL_PARAM params[4];
3294
3295 params[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE, &padding);
3296 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
3297 OSSL_DIGEST_NAME_SHA2_256, 0);
3298 params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
3299 OSSL_DIGEST_NAME_SHA1, 0);
3300 params[3] = OSSL_PARAM_construct_end();
3301
3302 if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params),0))
3303 goto err;
3304 }
3305 {
3306 OSSL_PARAM params[3];
3307 char oaepmd[30] = { '\0' };
3308 char mgf1md[30] = { '\0' };
3309
3310 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
3311 oaepmd, sizeof(oaepmd));
3312 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
3313 mgf1md, sizeof(mgf1md));
3314 params[2] = OSSL_PARAM_construct_end();
3315
3316 if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx, params)))
3317 goto err;
3318
3319 if (!TEST_str_eq(oaepmd, OSSL_DIGEST_NAME_SHA2_256)
3320 || !TEST_str_eq(mgf1md, OSSL_DIGEST_NAME_SHA1))
3321 goto err;
3322 }
3323
3324 ret = 1;
3325
3326 err:
3327 EVP_PKEY_free(key);
3328 EVP_PKEY_CTX_free(key_ctx);
3329
3330 return ret;
3331 }
3332
3333 /* https://github.com/openssl/openssl/issues/21288 */
test_RSA_OAEP_set_null_label(void)3334 static int test_RSA_OAEP_set_null_label(void)
3335 {
3336 int ret = 0;
3337 EVP_PKEY *key = NULL;
3338 EVP_PKEY_CTX *key_ctx = NULL;
3339
3340 if (!TEST_ptr(key = load_example_rsa_key())
3341 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(testctx, key, NULL))
3342 || !TEST_true(EVP_PKEY_encrypt_init(key_ctx)))
3343 goto err;
3344
3345 if (!TEST_true(EVP_PKEY_CTX_set_rsa_padding(key_ctx, RSA_PKCS1_OAEP_PADDING)))
3346 goto err;
3347
3348 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, OPENSSL_strdup("foo"), 0)))
3349 goto err;
3350
3351 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, NULL, 0)))
3352 goto err;
3353
3354 ret = 1;
3355
3356 err:
3357 EVP_PKEY_free(key);
3358 EVP_PKEY_CTX_free(key_ctx);
3359
3360 return ret;
3361 }
3362
3363 #ifndef OPENSSL_NO_DEPRECATED_3_0
test_RSA_legacy(void)3364 static int test_RSA_legacy(void)
3365 {
3366 int ret = 0;
3367 BIGNUM *p = NULL;
3368 BIGNUM *q = NULL;
3369 BIGNUM *n = NULL;
3370 BIGNUM *e = NULL;
3371 BIGNUM *d = NULL;
3372 const EVP_MD *md = EVP_sha256();
3373 EVP_MD_CTX *ctx = NULL;
3374 EVP_PKEY *pkey = NULL;
3375 RSA *rsa = NULL;
3376
3377 if (nullprov != NULL)
3378 return TEST_skip("Test does not support a non-default library context");
3379
3380 if (!TEST_ptr(p = BN_dup(BN_value_one()))
3381 || !TEST_ptr(q = BN_dup(BN_value_one()))
3382 || !TEST_ptr(n = BN_dup(BN_value_one()))
3383 || !TEST_ptr(e = BN_dup(BN_value_one()))
3384 || !TEST_ptr(d = BN_dup(BN_value_one())))
3385 goto err;
3386
3387 if (!TEST_ptr(rsa = RSA_new())
3388 || !TEST_ptr(pkey = EVP_PKEY_new())
3389 || !TEST_ptr(ctx = EVP_MD_CTX_new()))
3390 goto err;
3391
3392 if (!TEST_true(RSA_set0_factors(rsa, p, q)))
3393 goto err;
3394 p = NULL;
3395 q = NULL;
3396
3397 if (!TEST_true(RSA_set0_key(rsa, n, e, d)))
3398 goto err;
3399 n = NULL;
3400 e = NULL;
3401 d = NULL;
3402
3403 if (!TEST_true(EVP_PKEY_assign_RSA(pkey, rsa)))
3404 goto err;
3405
3406 rsa = NULL;
3407
3408 if (!TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey)))
3409 goto err;
3410
3411 ret = 1;
3412
3413 err:
3414 RSA_free(rsa);
3415 EVP_MD_CTX_free(ctx);
3416 EVP_PKEY_free(pkey);
3417 BN_free(p);
3418 BN_free(q);
3419 BN_free(n);
3420 BN_free(e);
3421 BN_free(d);
3422
3423 return ret;
3424 }
3425 #endif
3426
3427 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
test_decrypt_null_chunks(void)3428 static int test_decrypt_null_chunks(void)
3429 {
3430 EVP_CIPHER_CTX* ctx = NULL;
3431 EVP_CIPHER *cipher = NULL;
3432 const unsigned char key[32] = {
3433 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
3434 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
3435 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
3436 };
3437 unsigned char iv[12] = {
3438 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
3439 };
3440 unsigned char msg[] = "It was the best of times, it was the worst of times";
3441 unsigned char ciphertext[80];
3442 unsigned char plaintext[80];
3443 /* We initialise tmp to a non zero value on purpose */
3444 int ctlen, ptlen, tmp = 99;
3445 int ret = 0;
3446 const int enc_offset = 10, dec_offset = 20;
3447
3448 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
3449 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
3450 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
3451 key, iv))
3452 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
3453 enc_offset))
3454 /* Deliberate add a zero length update */
3455 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
3456 0))
3457 || !TEST_int_eq(tmp, 0)
3458 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
3459 msg + enc_offset,
3460 sizeof(msg) - enc_offset))
3461 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
3462 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
3463 || !TEST_int_eq(tmp, 0))
3464 goto err;
3465
3466 /* Deliberately initialise tmp to a non zero value */
3467 tmp = 99;
3468 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
3469 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
3470 dec_offset))
3471 /*
3472 * Deliberately add a zero length update. We also deliberately do
3473 * this at a different offset than for encryption.
3474 */
3475 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
3476 0))
3477 || !TEST_int_eq(tmp, 0)
3478 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
3479 ciphertext + dec_offset,
3480 ctlen - dec_offset))
3481 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
3482 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
3483 || !TEST_int_eq(tmp, 0)
3484 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
3485 goto err;
3486
3487 ret = 1;
3488 err:
3489 EVP_CIPHER_CTX_free(ctx);
3490 EVP_CIPHER_free(cipher);
3491 return ret;
3492 }
3493 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
3494
3495 #ifndef OPENSSL_NO_DH
3496 /*
3497 * Test combinations of private, public, missing and private + public key
3498 * params to ensure they are all accepted
3499 */
test_DH_priv_pub(void)3500 static int test_DH_priv_pub(void)
3501 {
3502 return test_EVP_PKEY_ffc_priv_pub("DH");
3503 }
3504
3505 # ifndef OPENSSL_NO_DEPRECATED_3_0
test_EVP_PKEY_set1_DH(void)3506 static int test_EVP_PKEY_set1_DH(void)
3507 {
3508 DH *x942dh = NULL, *noqdh = NULL;
3509 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
3510 int ret = 0;
3511 BIGNUM *p, *g = NULL;
3512 BIGNUM *pubkey = NULL;
3513 unsigned char pub[2048 / 8];
3514 size_t len = 0;
3515
3516 if (!TEST_ptr(p = BN_new())
3517 || !TEST_ptr(g = BN_new())
3518 || !TEST_ptr(pubkey = BN_new())
3519 || !TEST_true(BN_set_word(p, 9999))
3520 || !TEST_true(BN_set_word(g, 2))
3521 || !TEST_true(BN_set_word(pubkey, 4321))
3522 || !TEST_ptr(noqdh = DH_new())
3523 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
3524 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
3525 || !TEST_ptr(pubkey = BN_new())
3526 || !TEST_true(BN_set_word(pubkey, 4321)))
3527 goto err;
3528 p = g = NULL;
3529
3530 x942dh = DH_get_2048_256();
3531 pkey1 = EVP_PKEY_new();
3532 pkey2 = EVP_PKEY_new();
3533 if (!TEST_ptr(x942dh)
3534 || !TEST_ptr(noqdh)
3535 || !TEST_ptr(pkey1)
3536 || !TEST_ptr(pkey2)
3537 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
3538 goto err;
3539 pubkey = NULL;
3540
3541 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
3542 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
3543 goto err;
3544
3545 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
3546 &pubkey))
3547 || !TEST_ptr(pubkey))
3548 goto err;
3549
3550 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
3551 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
3552 goto err;
3553
3554 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
3555 OSSL_PKEY_PARAM_PUB_KEY,
3556 pub, sizeof(pub), &len))
3557 || !TEST_size_t_ne(len, 0))
3558 goto err;
3559
3560 ret = 1;
3561 err:
3562 BN_free(p);
3563 BN_free(g);
3564 BN_free(pubkey);
3565 EVP_PKEY_free(pkey1);
3566 EVP_PKEY_free(pkey2);
3567 DH_free(x942dh);
3568 DH_free(noqdh);
3569
3570 return ret;
3571 }
3572 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
3573 #endif /* !OPENSSL_NO_DH */
3574
3575 /*
3576 * We test what happens with an empty template. For the sake of this test,
3577 * the template must be ignored, and we know that's the case for RSA keys
3578 * (this might arguably be a misfeature, but that's what we currently do,
3579 * even in provider code, since that's how the legacy RSA implementation
3580 * does things)
3581 */
test_keygen_with_empty_template(int n)3582 static int test_keygen_with_empty_template(int n)
3583 {
3584 EVP_PKEY_CTX *ctx = NULL;
3585 EVP_PKEY *pkey = NULL;
3586 EVP_PKEY *tkey = NULL;
3587 int ret = 0;
3588
3589 if (nullprov != NULL)
3590 return TEST_skip("Test does not support a non-default library context");
3591
3592 switch (n) {
3593 case 0:
3594 /* We do test with no template at all as well */
3595 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
3596 goto err;
3597 break;
3598 case 1:
3599 /* Here we create an empty RSA key that serves as our template */
3600 if (!TEST_ptr(tkey = EVP_PKEY_new())
3601 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
3602 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
3603 goto err;
3604 break;
3605 }
3606
3607 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3608 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
3609 goto err;
3610
3611 ret = 1;
3612 err:
3613 EVP_PKEY_CTX_free(ctx);
3614 EVP_PKEY_free(pkey);
3615 EVP_PKEY_free(tkey);
3616 return ret;
3617 }
3618
3619 /*
3620 * Test that we fail if we attempt to use an algorithm that is not available
3621 * in the current library context (unless we are using an algorithm that
3622 * should be made available via legacy codepaths).
3623 *
3624 * 0: RSA
3625 * 1: SM2
3626 */
test_pkey_ctx_fail_without_provider(int tst)3627 static int test_pkey_ctx_fail_without_provider(int tst)
3628 {
3629 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
3630 OSSL_PROVIDER *tmpnullprov = NULL;
3631 EVP_PKEY_CTX *pctx = NULL;
3632 const char *keytype = NULL;
3633 int expect_null = 0;
3634 int ret = 0;
3635
3636 if (!TEST_ptr(tmpctx))
3637 goto err;
3638
3639 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
3640 if (!TEST_ptr(tmpnullprov))
3641 goto err;
3642
3643 /*
3644 * We check for certain algos in the null provider.
3645 * If an algo is expected to have a provider keymgmt, constructing an
3646 * EVP_PKEY_CTX is expected to fail (return NULL).
3647 * Otherwise, if it's expected to have legacy support, constructing an
3648 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
3649 */
3650 switch (tst) {
3651 case 0:
3652 keytype = "RSA";
3653 expect_null = 1;
3654 break;
3655 case 1:
3656 keytype = "SM2";
3657 expect_null = 1;
3658 #ifdef OPENSSL_NO_EC
3659 TEST_info("EC disable, skipping SM2 check...");
3660 goto end;
3661 #endif
3662 #ifdef OPENSSL_NO_SM2
3663 TEST_info("SM2 disable, skipping SM2 check...");
3664 goto end;
3665 #endif
3666 break;
3667 default:
3668 TEST_error("No test for case %d", tst);
3669 goto err;
3670 }
3671
3672 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
3673 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
3674 goto err;
3675
3676 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
3677 end:
3678 #endif
3679 ret = 1;
3680
3681 err:
3682 EVP_PKEY_CTX_free(pctx);
3683 OSSL_PROVIDER_unload(tmpnullprov);
3684 OSSL_LIB_CTX_free(tmpctx);
3685 return ret;
3686 }
3687
test_rand_agglomeration(void)3688 static int test_rand_agglomeration(void)
3689 {
3690 EVP_RAND *rand;
3691 EVP_RAND_CTX *ctx;
3692 OSSL_PARAM params[3], *p = params;
3693 int res;
3694 unsigned int step = 7;
3695 static unsigned char seed[] = "It does not matter how slowly you go "
3696 "as long as you do not stop.";
3697 unsigned char out[sizeof(seed)];
3698
3699 if (!TEST_int_ne(sizeof(seed) % step, 0)
3700 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
3701 return 0;
3702 ctx = EVP_RAND_CTX_new(rand, NULL);
3703 EVP_RAND_free(rand);
3704 if (!TEST_ptr(ctx))
3705 return 0;
3706
3707 memset(out, 0, sizeof(out));
3708 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
3709 seed, sizeof(seed));
3710 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
3711 *p = OSSL_PARAM_construct_end();
3712 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
3713 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
3714 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
3715 EVP_RAND_CTX_free(ctx);
3716 return res;
3717 }
3718
3719 /*
3720 * Test that we correctly return the original or "running" IV after
3721 * an encryption operation.
3722 * Run multiple times for some different relevant algorithms/modes.
3723 */
test_evp_iv_aes(int idx)3724 static int test_evp_iv_aes(int idx)
3725 {
3726 int ret = 0;
3727 EVP_CIPHER_CTX *ctx = NULL;
3728 unsigned char key[16] = {
3729 0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
3730 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57
3731 };
3732 unsigned char init_iv[EVP_MAX_IV_LENGTH] = {
3733 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
3734 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
3735 };
3736 static const unsigned char msg[] = {
3737 1, 2, 3, 4, 5, 6, 7, 8,
3738 9, 10, 11, 12, 13, 14, 15, 16
3739 };
3740 unsigned char ciphertext[32], oiv[16], iv[16];
3741 unsigned char *ref_iv;
3742 unsigned char cbc_state[16] = {
3743 0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
3744 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e
3745 };
3746
3747 unsigned char ofb_state[16] = {
3748 0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
3749 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd
3750 };
3751 unsigned char cfb_state[16] = {
3752 0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
3753 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed
3754 };
3755 unsigned char gcm_state[12] = {
3756 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3757 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81
3758 };
3759 unsigned char ccm_state[7] = { 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98 };
3760 #ifndef OPENSSL_NO_OCB
3761 unsigned char ocb_state[12] = {
3762 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3763 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81
3764 };
3765 #endif
3766 int len = sizeof(ciphertext);
3767 size_t ivlen, ref_len;
3768 const EVP_CIPHER *type = NULL;
3769 int iv_reset = 0;
3770
3771 if (nullprov != NULL && idx < 6)
3772 return TEST_skip("Test does not support a non-default library context");
3773
3774 switch (idx) {
3775 case 0:
3776 type = EVP_aes_128_cbc();
3777 /* FALLTHROUGH */
3778 case 6:
3779 type = (type != NULL) ? type :
3780 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
3781 ref_iv = cbc_state;
3782 ref_len = sizeof(cbc_state);
3783 iv_reset = 1;
3784 break;
3785 case 1:
3786 type = EVP_aes_128_ofb();
3787 /* FALLTHROUGH */
3788 case 7:
3789 type = (type != NULL) ? type :
3790 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
3791 ref_iv = ofb_state;
3792 ref_len = sizeof(ofb_state);
3793 iv_reset = 1;
3794 break;
3795 case 2:
3796 type = EVP_aes_128_cfb();
3797 /* FALLTHROUGH */
3798 case 8:
3799 type = (type != NULL) ? type :
3800 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
3801 ref_iv = cfb_state;
3802 ref_len = sizeof(cfb_state);
3803 iv_reset = 1;
3804 break;
3805 case 3:
3806 type = EVP_aes_128_gcm();
3807 /* FALLTHROUGH */
3808 case 9:
3809 type = (type != NULL) ? type :
3810 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
3811 ref_iv = gcm_state;
3812 ref_len = sizeof(gcm_state);
3813 break;
3814 case 4:
3815 type = EVP_aes_128_ccm();
3816 /* FALLTHROUGH */
3817 case 10:
3818 type = (type != NULL) ? type :
3819 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
3820 ref_iv = ccm_state;
3821 ref_len = sizeof(ccm_state);
3822 break;
3823 #ifdef OPENSSL_NO_OCB
3824 case 5:
3825 case 11:
3826 return 1;
3827 #else
3828 case 5:
3829 type = EVP_aes_128_ocb();
3830 /* FALLTHROUGH */
3831 case 11:
3832 type = (type != NULL) ? type :
3833 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
3834 ref_iv = ocb_state;
3835 ref_len = sizeof(ocb_state);
3836 break;
3837 #endif
3838 default:
3839 return 0;
3840 }
3841
3842 if (!TEST_ptr(type)
3843 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3844 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3845 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3846 (int)sizeof(msg)))
3847 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3848 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3849 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3850 goto err;
3851 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3852
3853 if (!TEST_int_gt(ivlen, 0))
3854 goto err;
3855
3856 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3857 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3858 goto err;
3859
3860 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3861 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3862 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3863 goto err;
3864 if (iv_reset) {
3865 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3866 goto err;
3867 } else {
3868 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
3869 goto err;
3870 }
3871
3872 ret = 1;
3873 err:
3874 EVP_CIPHER_CTX_free(ctx);
3875 if (idx >= 6)
3876 EVP_CIPHER_free((EVP_CIPHER *)type);
3877 return ret;
3878 }
3879
3880 #ifndef OPENSSL_NO_DES
test_evp_iv_des(int idx)3881 static int test_evp_iv_des(int idx)
3882 {
3883 int ret = 0;
3884 EVP_CIPHER_CTX *ctx = NULL;
3885 static const unsigned char key[24] = {
3886 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3887 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3888 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3889 };
3890 static const unsigned char init_iv[8] = {
3891 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3892 };
3893 static const unsigned char msg[] = {
3894 1, 2, 3, 4, 5, 6, 7, 8,
3895 9, 10, 11, 12, 13, 14, 15, 16
3896 };
3897 unsigned char ciphertext[32], oiv[8], iv[8];
3898 unsigned const char *ref_iv;
3899 static const unsigned char cbc_state_des[8] = {
3900 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3901 };
3902 static const unsigned char cbc_state_3des[8] = {
3903 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3904 };
3905 static const unsigned char ofb_state_des[8] = {
3906 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3907 };
3908 static const unsigned char ofb_state_3des[8] = {
3909 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3910 };
3911 static const unsigned char cfb_state_des[8] = {
3912 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3913 };
3914 static const unsigned char cfb_state_3des[8] = {
3915 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3916 };
3917 int len = sizeof(ciphertext);
3918 size_t ivlen, ref_len;
3919 EVP_CIPHER *type = NULL;
3920
3921 if (lgcyprov == NULL && idx < 3)
3922 return TEST_skip("Test requires legacy provider to be loaded");
3923
3924 switch (idx) {
3925 case 0:
3926 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
3927 ref_iv = cbc_state_des;
3928 ref_len = sizeof(cbc_state_des);
3929 break;
3930 case 1:
3931 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
3932 ref_iv = ofb_state_des;
3933 ref_len = sizeof(ofb_state_des);
3934 break;
3935 case 2:
3936 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
3937 ref_iv = cfb_state_des;
3938 ref_len = sizeof(cfb_state_des);
3939 break;
3940 case 3:
3941 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
3942 ref_iv = cbc_state_3des;
3943 ref_len = sizeof(cbc_state_3des);
3944 break;
3945 case 4:
3946 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
3947 ref_iv = ofb_state_3des;
3948 ref_len = sizeof(ofb_state_3des);
3949 break;
3950 case 5:
3951 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
3952 ref_iv = cfb_state_3des;
3953 ref_len = sizeof(cfb_state_3des);
3954 break;
3955 default:
3956 return 0;
3957 }
3958
3959 if (!TEST_ptr(type)
3960 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3961 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3962 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3963 (int)sizeof(msg)))
3964 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3965 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3966 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3967 goto err;
3968 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3969
3970 if (!TEST_int_gt(ivlen, 0))
3971 goto err;
3972
3973 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3974 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3975 goto err;
3976
3977 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3978 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3979 goto err;
3980 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3981 goto err;
3982
3983 ret = 1;
3984 err:
3985 EVP_CIPHER_CTX_free(ctx);
3986 EVP_CIPHER_free(type);
3987 return ret;
3988 }
3989 #endif
3990
3991 #ifndef OPENSSL_NO_BF
test_evp_bf_default_keylen(int idx)3992 static int test_evp_bf_default_keylen(int idx)
3993 {
3994 int ret = 0;
3995 static const char *algos[4] = {
3996 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb"
3997 };
3998 int ivlen[4] = { 0, 8, 8, 8 };
3999 EVP_CIPHER *cipher = NULL;
4000
4001 if (lgcyprov == NULL)
4002 return TEST_skip("Test requires legacy provider to be loaded");
4003
4004 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq))
4005 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16)
4006 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx]))
4007 goto err;
4008
4009 ret = 1;
4010 err:
4011 EVP_CIPHER_free(cipher);
4012 return ret;
4013 }
4014 #endif
4015
4016 #ifndef OPENSSL_NO_EC
4017 static int ecpub_nids[] = {
4018 NID_brainpoolP256r1, NID_X9_62_prime256v1,
4019 NID_secp384r1, NID_secp521r1,
4020 # ifndef OPENSSL_NO_EC2M
4021 NID_sect233k1, NID_sect233r1, NID_sect283r1,
4022 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
4023 # endif
4024 NID_brainpoolP384r1, NID_brainpoolP512r1
4025 };
4026
test_ecpub(int idx)4027 static int test_ecpub(int idx)
4028 {
4029 int ret = 0, len, savelen;
4030 int nid;
4031 unsigned char buf[1024];
4032 unsigned char *p;
4033 EVP_PKEY *pkey = NULL;
4034 EVP_PKEY_CTX *ctx = NULL;
4035 # ifndef OPENSSL_NO_DEPRECATED_3_0
4036 const unsigned char *q;
4037 EVP_PKEY *pkey2 = NULL;
4038 EC_KEY *ec = NULL;
4039 # endif
4040
4041 if (nullprov != NULL)
4042 return TEST_skip("Test does not support a non-default library context");
4043
4044 nid = ecpub_nids[idx];
4045
4046 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4047 if (!TEST_ptr(ctx)
4048 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
4049 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0)
4050 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
4051 goto done;
4052 len = i2d_PublicKey(pkey, NULL);
4053 savelen = len;
4054 if (!TEST_int_ge(len, 1)
4055 || !TEST_int_lt(len, 1024))
4056 goto done;
4057 p = buf;
4058 len = i2d_PublicKey(pkey, &p);
4059 if (!TEST_int_ge(len, 1)
4060 || !TEST_int_eq(len, savelen))
4061 goto done;
4062
4063 # ifndef OPENSSL_NO_DEPRECATED_3_0
4064 /* Now try to decode the just-created DER. */
4065 q = buf;
4066 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
4067 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
4068 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
4069 goto done;
4070 /* EC_KEY ownership transferred */
4071 ec = NULL;
4072 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
4073 goto done;
4074 /* The keys should match. */
4075 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
4076 goto done;
4077 # endif
4078
4079 ret = 1;
4080
4081 done:
4082 EVP_PKEY_CTX_free(ctx);
4083 EVP_PKEY_free(pkey);
4084 # ifndef OPENSSL_NO_DEPRECATED_3_0
4085 EVP_PKEY_free(pkey2);
4086 EC_KEY_free(ec);
4087 # endif
4088 return ret;
4089 }
4090 #endif
4091
test_EVP_rsa_pss_with_keygen_bits(void)4092 static int test_EVP_rsa_pss_with_keygen_bits(void)
4093 {
4094 int ret = 0;
4095 EVP_PKEY_CTX *ctx = NULL;
4096 EVP_PKEY *pkey = NULL;
4097 EVP_MD *md;
4098
4099 md = EVP_MD_fetch(testctx, "sha256", testpropq);
4100 ret = TEST_ptr(md)
4101 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq)))
4102 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
4103 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
4104 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0)
4105 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
4106
4107 EVP_MD_free(md);
4108 EVP_PKEY_free(pkey);
4109 EVP_PKEY_CTX_free(ctx);
4110 return ret;
4111 }
4112
test_EVP_rsa_pss_set_saltlen(void)4113 static int test_EVP_rsa_pss_set_saltlen(void)
4114 {
4115 int ret = 0;
4116 EVP_PKEY *pkey = NULL;
4117 EVP_PKEY_CTX *pkey_ctx = NULL;
4118 EVP_MD *sha256 = NULL;
4119 EVP_MD_CTX *sha256_ctx = NULL;
4120 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
4121 const int test_value = 32;
4122
4123 ret = TEST_ptr(pkey = load_example_rsa_key())
4124 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
4125 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
4126 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
4127 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
4128 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0)
4129 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0)
4130 && TEST_int_eq(saltlen, test_value);
4131
4132 EVP_MD_CTX_free(sha256_ctx);
4133 EVP_PKEY_free(pkey);
4134 EVP_MD_free(sha256);
4135
4136 return ret;
4137 }
4138
test_EVP_rsa_invalid_key(void)4139 static int test_EVP_rsa_invalid_key(void)
4140 {
4141 int ret = 0;
4142 EVP_PKEY *pkey = NULL;
4143
4144 pkey = load_example_key("RSA", kInvalidRSAKeyDER, sizeof(kInvalidRSAKeyDER));
4145 /* we expect to fail to load bogus key */
4146 ret = !TEST_ptr(pkey);
4147 EVP_PKEY_free(pkey);
4148
4149 return ret;
4150 }
4151
4152 static int success = 1;
md_names(const char * name,void * vctx)4153 static void md_names(const char *name, void *vctx)
4154 {
4155 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
4156 /* Force a namemap update */
4157 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
4158
4159 if (!TEST_ptr(aes128))
4160 success = 0;
4161
4162 EVP_CIPHER_free(aes128);
4163 }
4164
4165 /*
4166 * Test that changing the namemap in a user callback works in a names_do_all
4167 * function.
4168 */
test_names_do_all(void)4169 static int test_names_do_all(void)
4170 {
4171 /* We use a custom libctx so that we know the state of the namemap */
4172 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
4173 EVP_MD *sha256 = NULL;
4174 int testresult = 0;
4175
4176 if (!TEST_ptr(ctx))
4177 goto err;
4178
4179 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
4180 if (!TEST_ptr(sha256))
4181 goto err;
4182
4183 /*
4184 * We loop through all the names for a given digest. This should still work
4185 * even if the namemap changes part way through.
4186 */
4187 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
4188 goto err;
4189
4190 if (!TEST_true(success))
4191 goto err;
4192
4193 testresult = 1;
4194 err:
4195 EVP_MD_free(sha256);
4196 OSSL_LIB_CTX_free(ctx);
4197 return testresult;
4198 }
4199
4200 typedef struct {
4201 const char *cipher;
4202 const unsigned char *key;
4203 const unsigned char *iv;
4204 const unsigned char *input;
4205 const unsigned char *expected;
4206 const unsigned char *tag;
4207 size_t ivlen; /* 0 if we do not need to set a specific IV len */
4208 size_t inlen;
4209 size_t expectedlen;
4210 size_t taglen;
4211 int keyfirst;
4212 int initenc;
4213 int finalenc;
4214 } EVP_INIT_TEST_st;
4215
4216 static const EVP_INIT_TEST_st evp_init_tests[] = {
4217 {
4218 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
4219 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
4220 0, 1, 0, 1
4221 },
4222 {
4223 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
4224 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
4225 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
4226 sizeof(gcmDefaultTag), 1, 0, 1
4227 },
4228 {
4229 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
4230 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
4231 0, 0, 0, 1
4232 },
4233 {
4234 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
4235 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
4236 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
4237 sizeof(gcmDefaultTag), 0, 0, 1
4238 },
4239 {
4240 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
4241 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
4242 0, 1, 1, 0
4243 },
4244 {
4245 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
4246 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
4247 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
4248 sizeof(gcmDefaultTag), 1, 1, 0
4249 },
4250 {
4251 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
4252 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
4253 0, 0, 1, 0
4254 },
4255 {
4256 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
4257 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
4258 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
4259 sizeof(gcmDefaultTag), 0, 1, 0
4260 }
4261 };
4262
4263 /* use same key, iv and plaintext for cfb and ofb */
4264 static const EVP_INIT_TEST_st evp_reinit_tests[] = {
4265 {
4266 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial,
4267 cfbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial),
4268 sizeof(cfbCiphertext_partial), 0, 0, 1, 0
4269 },
4270 {
4271 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext_partial,
4272 cfbPlaintext_partial, NULL, 0, sizeof(cfbCiphertext_partial),
4273 sizeof(cfbPlaintext_partial), 0, 0, 0, 0
4274 },
4275 {
4276 "aes-128-ofb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial,
4277 ofbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial),
4278 sizeof(ofbCiphertext_partial), 0, 0, 1, 0
4279 },
4280 {
4281 "aes-128-ofb", kCFBDefaultKey, iCFBIV, ofbCiphertext_partial,
4282 cfbPlaintext_partial, NULL, 0, sizeof(ofbCiphertext_partial),
4283 sizeof(cfbPlaintext_partial), 0, 0, 0, 0
4284 },
4285 };
4286
evp_init_seq_set_iv(EVP_CIPHER_CTX * ctx,const EVP_INIT_TEST_st * t)4287 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
4288 {
4289 int res = 0;
4290
4291 if (t->ivlen != 0) {
4292 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0))
4293 goto err;
4294 }
4295 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
4296 goto err;
4297 res = 1;
4298 err:
4299 return res;
4300 }
4301
4302 /*
4303 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
4304 * arguments are given one at a time and a final adjustment to the enc
4305 * parameter sets the correct operation.
4306 */
test_evp_init_seq(int idx)4307 static int test_evp_init_seq(int idx)
4308 {
4309 int outlen1, outlen2;
4310 int testresult = 0;
4311 unsigned char outbuf[1024];
4312 unsigned char tag[16];
4313 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
4314 EVP_CIPHER_CTX *ctx = NULL;
4315 EVP_CIPHER *type = NULL;
4316 size_t taglen = sizeof(tag);
4317 char *errmsg = NULL;
4318
4319 ctx = EVP_CIPHER_CTX_new();
4320 if (ctx == NULL) {
4321 errmsg = "CTX_ALLOC";
4322 goto err;
4323 }
4324 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
4325 errmsg = "CIPHER_FETCH";
4326 goto err;
4327 }
4328 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
4329 errmsg = "EMPTY_ENC_INIT";
4330 goto err;
4331 }
4332 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
4333 errmsg = "PADDING";
4334 goto err;
4335 }
4336 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
4337 errmsg = "KEY_INIT (before iv)";
4338 goto err;
4339 }
4340 if (!evp_init_seq_set_iv(ctx, t)) {
4341 errmsg = "IV_INIT";
4342 goto err;
4343 }
4344 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
4345 errmsg = "KEY_INIT (after iv)";
4346 goto err;
4347 }
4348 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
4349 errmsg = "FINAL_ENC_INIT";
4350 goto err;
4351 }
4352 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
4353 errmsg = "CIPHER_UPDATE";
4354 goto err;
4355 }
4356 if (t->finalenc == 0 && t->tag != NULL) {
4357 /* Set expected tag */
4358 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
4359 t->taglen, (void *)t->tag), 0)) {
4360 errmsg = "SET_TAG";
4361 goto err;
4362 }
4363 }
4364 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4365 errmsg = "CIPHER_FINAL";
4366 goto err;
4367 }
4368 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
4369 errmsg = "WRONG_RESULT";
4370 goto err;
4371 }
4372 if (t->finalenc != 0 && t->tag != NULL) {
4373 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4374 errmsg = "GET_TAG";
4375 goto err;
4376 }
4377 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
4378 errmsg = "TAG_ERROR";
4379 goto err;
4380 }
4381 }
4382 testresult = 1;
4383 err:
4384 if (errmsg != NULL)
4385 TEST_info("evp_init_test %d: %s", idx, errmsg);
4386 EVP_CIPHER_CTX_free(ctx);
4387 EVP_CIPHER_free(type);
4388 return testresult;
4389 }
4390
4391 /*
4392 * Test re-initialization of cipher context without changing key or iv.
4393 * The result of both iteration should be the same.
4394 */
test_evp_reinit_seq(int idx)4395 static int test_evp_reinit_seq(int idx)
4396 {
4397 int outlen1, outlen2, outlen_final;
4398 int testresult = 0;
4399 unsigned char outbuf1[1024];
4400 unsigned char outbuf2[1024];
4401 const EVP_INIT_TEST_st *t = &evp_reinit_tests[idx];
4402 EVP_CIPHER_CTX *ctx = NULL;
4403 EVP_CIPHER *type = NULL;
4404
4405 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4406 || !TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))
4407 /* setup cipher context */
4408 || !TEST_true(EVP_CipherInit_ex2(ctx, type, t->key, t->iv, t->initenc, NULL))
4409 /* first iteration */
4410 || !TEST_true(EVP_CipherUpdate(ctx, outbuf1, &outlen1, t->input, t->inlen))
4411 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf1, &outlen_final))
4412 /* check test results iteration 1 */
4413 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf1, outlen1 + outlen_final)
4414 /* now re-init the context (same cipher, key and iv) */
4415 || !TEST_true(EVP_CipherInit_ex2(ctx, NULL, NULL, NULL, -1, NULL))
4416 /* second iteration */
4417 || !TEST_true(EVP_CipherUpdate(ctx, outbuf2, &outlen2, t->input, t->inlen))
4418 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf2, &outlen_final))
4419 /* check test results iteration 2 */
4420 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf2, outlen2 + outlen_final))
4421 goto err;
4422 testresult = 1;
4423 err:
4424 EVP_CIPHER_CTX_free(ctx);
4425 EVP_CIPHER_free(type);
4426 return testresult;
4427 }
4428
4429 typedef struct {
4430 const unsigned char *input;
4431 const unsigned char *expected;
4432 size_t inlen;
4433 size_t expectedlen;
4434 int enc;
4435 } EVP_RESET_TEST_st;
4436
4437 static const EVP_RESET_TEST_st evp_reset_tests[] = {
4438 {
4439 cfbPlaintext, cfbCiphertext,
4440 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
4441 },
4442 {
4443 cfbCiphertext, cfbPlaintext,
4444 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
4445 }
4446 };
4447
4448 /*
4449 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
4450 * been used.
4451 */
test_evp_reset(int idx)4452 static int test_evp_reset(int idx)
4453 {
4454 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
4455 int outlen1, outlen2;
4456 int testresult = 0;
4457 unsigned char outbuf[1024];
4458 EVP_CIPHER_CTX *ctx = NULL;
4459 EVP_CIPHER *type = NULL;
4460 char *errmsg = NULL;
4461
4462 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
4463 errmsg = "CTX_ALLOC";
4464 goto err;
4465 }
4466 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
4467 errmsg = "CIPHER_FETCH";
4468 goto err;
4469 }
4470 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
4471 errmsg = "CIPHER_INIT";
4472 goto err;
4473 }
4474 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
4475 errmsg = "PADDING";
4476 goto err;
4477 }
4478 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
4479 errmsg = "CIPHER_UPDATE";
4480 goto err;
4481 }
4482 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4483 errmsg = "CIPHER_FINAL";
4484 goto err;
4485 }
4486 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
4487 errmsg = "WRONG_RESULT";
4488 goto err;
4489 }
4490 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
4491 errmsg = "CIPHER_REINIT";
4492 goto err;
4493 }
4494 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
4495 errmsg = "CIPHER_UPDATE (reinit)";
4496 goto err;
4497 }
4498 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4499 errmsg = "CIPHER_FINAL (reinit)";
4500 goto err;
4501 }
4502 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
4503 errmsg = "WRONG_RESULT (reinit)";
4504 goto err;
4505 }
4506 testresult = 1;
4507 err:
4508 if (errmsg != NULL)
4509 TEST_info("test_evp_reset %d: %s", idx, errmsg);
4510 EVP_CIPHER_CTX_free(ctx);
4511 EVP_CIPHER_free(type);
4512 return testresult;
4513 }
4514
4515 typedef struct {
4516 const char *cipher;
4517 int enc;
4518 } EVP_UPDATED_IV_TEST_st;
4519
4520 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
4521 {
4522 "aes-128-cfb", 1
4523 },
4524 {
4525 "aes-128-cfb", 0
4526 },
4527 {
4528 "aes-128-cfb1", 1
4529 },
4530 {
4531 "aes-128-cfb1", 0
4532 },
4533 {
4534 "aes-128-cfb8", 1
4535 },
4536 {
4537 "aes-128-cfb8", 0
4538 },
4539 {
4540 "aes-128-ofb", 1
4541 },
4542 {
4543 "aes-128-ofb", 0
4544 },
4545 {
4546 "aes-128-ctr", 1
4547 },
4548 {
4549 "aes-128-ctr", 0
4550 },
4551 {
4552 "aes-128-cbc", 1
4553 },
4554 {
4555 "aes-128-cbc", 0
4556 }
4557 };
4558
4559 /*
4560 * Test that the IV in the context is updated during a crypto operation for CFB
4561 * and OFB.
4562 */
test_evp_updated_iv(int idx)4563 static int test_evp_updated_iv(int idx)
4564 {
4565 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
4566 int outlen1, outlen2;
4567 int testresult = 0;
4568 unsigned char outbuf[1024];
4569 EVP_CIPHER_CTX *ctx = NULL;
4570 EVP_CIPHER *type = NULL;
4571 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
4572 int iv_len;
4573 char *errmsg = NULL;
4574
4575 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
4576 errmsg = "CTX_ALLOC";
4577 goto err;
4578 }
4579 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
4580 TEST_info("cipher %s not supported, skipping", t->cipher);
4581 goto ok;
4582 }
4583
4584 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
4585 errmsg = "CIPHER_INIT";
4586 goto err;
4587 }
4588 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
4589 errmsg = "PADDING";
4590 goto err;
4591 }
4592 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
4593 errmsg = "CIPHER_UPDATE";
4594 goto err;
4595 }
4596 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
4597 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
4598 goto err;
4599 }
4600 iv_len = EVP_CIPHER_CTX_get_iv_length(ctx);
4601 if (!TEST_int_ge(iv_len,0)) {
4602 errmsg = "CIPHER_CTX_GET_IV_LEN";
4603 goto err;
4604 }
4605 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
4606 errmsg = "IV_NOT_UPDATED";
4607 goto err;
4608 }
4609 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4610 errmsg = "CIPHER_FINAL";
4611 goto err;
4612 }
4613 ok:
4614 testresult = 1;
4615 err:
4616 if (errmsg != NULL)
4617 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
4618 EVP_CIPHER_CTX_free(ctx);
4619 EVP_CIPHER_free(type);
4620 return testresult;
4621 }
4622
4623 typedef struct {
4624 const unsigned char *iv1;
4625 const unsigned char *iv2;
4626 const unsigned char *expected1;
4627 const unsigned char *expected2;
4628 const unsigned char *tag1;
4629 const unsigned char *tag2;
4630 size_t ivlen1;
4631 size_t ivlen2;
4632 size_t expectedlen1;
4633 size_t expectedlen2;
4634 } TEST_GCM_IV_REINIT_st;
4635
4636 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
4637 {
4638 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
4639 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
4640 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
4641 },
4642 {
4643 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
4644 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
4645 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
4646 }
4647 };
4648
test_gcm_reinit(int idx)4649 static int test_gcm_reinit(int idx)
4650 {
4651 int outlen1, outlen2, outlen3;
4652 int testresult = 0;
4653 unsigned char outbuf[1024];
4654 unsigned char tag[16];
4655 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
4656 EVP_CIPHER_CTX *ctx = NULL;
4657 EVP_CIPHER *type = NULL;
4658 size_t taglen = sizeof(tag);
4659 char *errmsg = NULL;
4660
4661 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
4662 errmsg = "CTX_ALLOC";
4663 goto err;
4664 }
4665 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
4666 errmsg = "CIPHER_FETCH";
4667 goto err;
4668 }
4669 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
4670 errmsg = "ENC_INIT";
4671 goto err;
4672 }
4673 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) {
4674 errmsg = "SET_IVLEN1";
4675 goto err;
4676 }
4677 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
4678 errmsg = "SET_IV1";
4679 goto err;
4680 }
4681 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
4682 errmsg = "AAD1";
4683 goto err;
4684 }
4685 EVP_CIPHER_CTX_set_padding(ctx, 0);
4686 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
4687 sizeof(gcmResetPlaintext)))) {
4688 errmsg = "CIPHER_UPDATE1";
4689 goto err;
4690 }
4691 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4692 errmsg = "CIPHER_FINAL1";
4693 goto err;
4694 }
4695 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
4696 errmsg = "WRONG_RESULT1";
4697 goto err;
4698 }
4699 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4700 errmsg = "GET_TAG1";
4701 goto err;
4702 }
4703 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
4704 errmsg = "TAG_ERROR1";
4705 goto err;
4706 }
4707 /* Now reinit */
4708 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) {
4709 errmsg = "SET_IVLEN2";
4710 goto err;
4711 }
4712 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
4713 errmsg = "SET_IV2";
4714 goto err;
4715 }
4716 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
4717 errmsg = "AAD2";
4718 goto err;
4719 }
4720 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
4721 sizeof(gcmResetPlaintext)))) {
4722 errmsg = "CIPHER_UPDATE2";
4723 goto err;
4724 }
4725 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4726 errmsg = "CIPHER_FINAL2";
4727 goto err;
4728 }
4729 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
4730 errmsg = "WRONG_RESULT2";
4731 goto err;
4732 }
4733 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4734 errmsg = "GET_TAG2";
4735 goto err;
4736 }
4737 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
4738 errmsg = "TAG_ERROR2";
4739 goto err;
4740 }
4741 testresult = 1;
4742 err:
4743 if (errmsg != NULL)
4744 TEST_info("evp_init_test %d: %s", idx, errmsg);
4745 EVP_CIPHER_CTX_free(ctx);
4746 EVP_CIPHER_free(type);
4747 return testresult;
4748 }
4749
4750 static const char *ivlen_change_ciphers[] = {
4751 "AES-256-GCM",
4752 #ifndef OPENSSL_NO_OCB
4753 "AES-256-OCB",
4754 #endif
4755 "AES-256-CCM"
4756 };
4757
4758 /* Negative test for ivlen change after iv being set */
test_ivlen_change(int idx)4759 static int test_ivlen_change(int idx)
4760 {
4761 int outlen;
4762 int res = 0;
4763 unsigned char outbuf[1024];
4764 static const unsigned char iv[] = {
4765 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
4766 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
4767 };
4768 EVP_CIPHER_CTX *ctx = NULL;
4769 EVP_CIPHER *ciph = NULL;
4770 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
4771 size_t ivlen = 13; /* non-default IV length */
4772
4773 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
4774 goto err;
4775
4776 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, ivlen_change_ciphers[idx],
4777 testpropq)))
4778 goto err;
4779
4780 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, kGCMDefaultKey, iv, 1)))
4781 goto err;
4782
4783 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4784 sizeof(gcmDefaultPlaintext))))
4785 goto err;
4786
4787 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
4788 &ivlen);
4789 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)))
4790 goto err;
4791
4792 ERR_set_mark();
4793 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4794 sizeof(gcmDefaultPlaintext)))) {
4795 ERR_clear_last_mark();
4796 goto err;
4797 }
4798 ERR_pop_to_mark();
4799
4800 res = 1;
4801 err:
4802 EVP_CIPHER_CTX_free(ctx);
4803 EVP_CIPHER_free(ciph);
4804 return res;
4805 }
4806
4807 static const char *keylen_change_ciphers[] = {
4808 #ifndef OPENSSL_NO_BF
4809 "BF-ECB",
4810 #endif
4811 #ifndef OPENSSL_NO_CAST
4812 "CAST5-ECB",
4813 #endif
4814 #ifndef OPENSSL_NO_RC2
4815 "RC2-ECB",
4816 #endif
4817 #ifndef OPENSSL_NO_RC4
4818 "RC4",
4819 #endif
4820 #ifndef OPENSSL_NO_RC5
4821 "RC5-ECB",
4822 #endif
4823 NULL
4824 };
4825
4826 /* Negative test for keylen change after key was set */
test_keylen_change(int idx)4827 static int test_keylen_change(int idx)
4828 {
4829 int outlen;
4830 int res = 0;
4831 unsigned char outbuf[1024];
4832 static const unsigned char key[] = {
4833 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
4834 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
4835 };
4836 EVP_CIPHER_CTX *ctx = NULL;
4837 EVP_CIPHER *ciph = NULL;
4838 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
4839 size_t keylen = 12; /* non-default key length */
4840
4841 if (lgcyprov == NULL)
4842 return TEST_skip("Test requires legacy provider to be loaded");
4843
4844 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
4845 goto err;
4846
4847 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, keylen_change_ciphers[idx],
4848 testpropq)))
4849 goto err;
4850
4851 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, key, NULL, 1)))
4852 goto err;
4853
4854 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4855 sizeof(gcmDefaultPlaintext))))
4856 goto err;
4857
4858 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
4859 &keylen);
4860 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)))
4861 goto err;
4862
4863 ERR_set_mark();
4864 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4865 sizeof(gcmDefaultPlaintext)))) {
4866 ERR_clear_last_mark();
4867 goto err;
4868 }
4869 ERR_pop_to_mark();
4870
4871 res = 1;
4872 err:
4873 EVP_CIPHER_CTX_free(ctx);
4874 EVP_CIPHER_free(ciph);
4875 return res;
4876 }
4877
4878 #ifndef OPENSSL_NO_DEPRECATED_3_0
4879 static EVP_PKEY_METHOD *custom_pmeth = NULL;
4880 static const EVP_PKEY_METHOD *orig_pmeth = NULL;
4881
4882 # define EVP_PKEY_CTRL_MY_COMMAND 9999
4883
custom_pmeth_init(EVP_PKEY_CTX * ctx)4884 static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
4885 {
4886 int (*pinit)(EVP_PKEY_CTX *ctx);
4887
4888 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
4889 return pinit(ctx);
4890 }
4891
custom_pmeth_cleanup(EVP_PKEY_CTX * ctx)4892 static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
4893 {
4894 void (*pcleanup)(EVP_PKEY_CTX *ctx);
4895
4896 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
4897 pcleanup(ctx);
4898 }
4899
custom_pmeth_sign(EVP_PKEY_CTX * ctx,unsigned char * out,size_t * outlen,const unsigned char * in,size_t inlen)4900 static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
4901 size_t *outlen, const unsigned char *in,
4902 size_t inlen)
4903 {
4904 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
4905 const unsigned char *tbs, size_t tbslen);
4906
4907 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
4908 return psign(ctx, out, outlen, in, inlen);
4909 }
4910
custom_pmeth_digestsign(EVP_MD_CTX * ctx,unsigned char * sig,size_t * siglen,const unsigned char * tbs,size_t tbslen)4911 static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
4912 size_t *siglen, const unsigned char *tbs,
4913 size_t tbslen)
4914 {
4915 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
4916 const unsigned char *tbs, size_t tbslen);
4917
4918 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
4919 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
4920 }
4921
custom_pmeth_derive(EVP_PKEY_CTX * ctx,unsigned char * key,size_t * keylen)4922 static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
4923 size_t *keylen)
4924 {
4925 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
4926
4927 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
4928 return pderive(ctx, key, keylen);
4929 }
4930
custom_pmeth_copy(EVP_PKEY_CTX * dst,const EVP_PKEY_CTX * src)4931 static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
4932 {
4933 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
4934
4935 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
4936 return pcopy(dst, src);
4937 }
4938
4939 static int ctrl_called;
4940
custom_pmeth_ctrl(EVP_PKEY_CTX * ctx,int type,int p1,void * p2)4941 static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
4942 {
4943 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
4944
4945 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
4946
4947 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
4948 ctrl_called = 1;
4949 return 1;
4950 }
4951
4952 return pctrl(ctx, type, p1, p2);
4953 }
4954
test_custom_pmeth(int idx)4955 static int test_custom_pmeth(int idx)
4956 {
4957 EVP_PKEY_CTX *pctx = NULL;
4958 EVP_MD_CTX *ctx = NULL;
4959 EVP_PKEY *pkey = NULL;
4960 int id, orig_id, orig_flags;
4961 int testresult = 0;
4962 size_t reslen;
4963 unsigned char *res = NULL;
4964 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
4965 const EVP_MD *md = EVP_sha256();
4966 int doderive = 0;
4967
4968 ctrl_called = 0;
4969
4970 /* We call deprecated APIs so this test doesn't support a custom libctx */
4971 if (testctx != NULL)
4972 return 1;
4973
4974 switch (idx) {
4975 case 0:
4976 case 6:
4977 id = EVP_PKEY_RSA;
4978 pkey = load_example_rsa_key();
4979 break;
4980 case 1:
4981 case 7:
4982 # ifndef OPENSSL_NO_DSA
4983 id = EVP_PKEY_DSA;
4984 pkey = load_example_dsa_key();
4985 break;
4986 # else
4987 return 1;
4988 # endif
4989 case 2:
4990 case 8:
4991 # ifndef OPENSSL_NO_EC
4992 id = EVP_PKEY_EC;
4993 pkey = load_example_ec_key();
4994 break;
4995 # else
4996 return 1;
4997 # endif
4998 case 3:
4999 case 9:
5000 # ifndef OPENSSL_NO_ECX
5001 id = EVP_PKEY_ED25519;
5002 md = NULL;
5003 pkey = load_example_ed25519_key();
5004 break;
5005 # else
5006 return 1;
5007 # endif
5008 case 4:
5009 case 10:
5010 # ifndef OPENSSL_NO_DH
5011 id = EVP_PKEY_DH;
5012 doderive = 1;
5013 pkey = load_example_dh_key();
5014 break;
5015 # else
5016 return 1;
5017 # endif
5018 case 5:
5019 case 11:
5020 # ifndef OPENSSL_NO_ECX
5021 id = EVP_PKEY_X25519;
5022 doderive = 1;
5023 pkey = load_example_x25519_key();
5024 break;
5025 # else
5026 return 1;
5027 # endif
5028 default:
5029 TEST_error("Should not happen");
5030 goto err;
5031 }
5032
5033 if (!TEST_ptr(pkey))
5034 goto err;
5035
5036 if (idx < 6) {
5037 if (!TEST_true(evp_pkey_is_provided(pkey)))
5038 goto err;
5039 } else {
5040 EVP_PKEY *tmp = pkey;
5041
5042 /* Convert to a legacy key */
5043 pkey = EVP_PKEY_new();
5044 if (!TEST_ptr(pkey)) {
5045 pkey = tmp;
5046 goto err;
5047 }
5048 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
5049 EVP_PKEY_free(tmp);
5050 goto err;
5051 }
5052 EVP_PKEY_free(tmp);
5053 if (!TEST_true(evp_pkey_is_legacy(pkey)))
5054 goto err;
5055 }
5056
5057 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
5058 || !TEST_ptr(pkey))
5059 goto err;
5060
5061 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
5062 if (!TEST_int_eq(orig_id, id)
5063 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
5064 goto err;
5065
5066 if (id == EVP_PKEY_ED25519) {
5067 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
5068 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
5069 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
5070 } else {
5071 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
5072 }
5073 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
5074 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
5075 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
5076 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
5077 }
5078 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
5079 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
5080 goto err;
5081
5082 if (doderive) {
5083 pctx = EVP_PKEY_CTX_new(pkey, NULL);
5084 if (!TEST_ptr(pctx)
5085 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
5086 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
5087 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
5088 1)
5089 || !TEST_int_eq(ctrl_called, 1)
5090 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
5091 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
5092 || !TEST_ptr(res = OPENSSL_malloc(reslen))
5093 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
5094 goto err;
5095 } else {
5096 ctx = EVP_MD_CTX_new();
5097 reslen = EVP_PKEY_size(pkey);
5098 res = OPENSSL_malloc(reslen);
5099 if (!TEST_ptr(ctx)
5100 || !TEST_ptr(res)
5101 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
5102 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
5103 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
5104 1)
5105 || !TEST_int_eq(ctrl_called, 1))
5106 goto err;
5107
5108 if (id == EVP_PKEY_ED25519) {
5109 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
5110 goto err;
5111 } else {
5112 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
5113 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
5114 goto err;
5115 }
5116 }
5117
5118 testresult = 1;
5119 err:
5120 OPENSSL_free(res);
5121 EVP_MD_CTX_free(ctx);
5122 if (doderive)
5123 EVP_PKEY_CTX_free(pctx);
5124 EVP_PKEY_free(pkey);
5125 EVP_PKEY_meth_remove(custom_pmeth);
5126 EVP_PKEY_meth_free(custom_pmeth);
5127 custom_pmeth = NULL;
5128 return testresult;
5129 }
5130
test_evp_md_cipher_meth(void)5131 static int test_evp_md_cipher_meth(void)
5132 {
5133 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
5134 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
5135 int testresult = 0;
5136
5137 if (!TEST_ptr(md) || !TEST_ptr(ciph))
5138 goto err;
5139
5140 testresult = 1;
5141
5142 err:
5143 EVP_MD_meth_free(md);
5144 EVP_CIPHER_meth_free(ciph);
5145
5146 return testresult;
5147 }
5148
5149 typedef struct {
5150 int data;
5151 } custom_dgst_ctx;
5152
5153 static int custom_md_init_called = 0;
5154 static int custom_md_cleanup_called = 0;
5155
custom_md_init(EVP_MD_CTX * ctx)5156 static int custom_md_init(EVP_MD_CTX *ctx)
5157 {
5158 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
5159
5160 if (p == NULL)
5161 return 0;
5162
5163 custom_md_init_called++;
5164 return 1;
5165 }
5166
custom_md_cleanup(EVP_MD_CTX * ctx)5167 static int custom_md_cleanup(EVP_MD_CTX *ctx)
5168 {
5169 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
5170
5171 if (p == NULL)
5172 /* Nothing to do */
5173 return 1;
5174
5175 custom_md_cleanup_called++;
5176 return 1;
5177 }
5178
test_custom_md_meth(void)5179 static int test_custom_md_meth(void)
5180 {
5181 ASN1_OBJECT *o = NULL;
5182 EVP_MD_CTX *mdctx = NULL;
5183 EVP_MD *tmp = NULL;
5184 char mess[] = "Test Message\n";
5185 unsigned char md_value[EVP_MAX_MD_SIZE];
5186 unsigned int md_len;
5187 int testresult = 0;
5188 int nid;
5189
5190 /*
5191 * We are testing deprecated functions. We don't support a non-default
5192 * library context in this test.
5193 */
5194 if (testctx != NULL)
5195 return TEST_skip("Non-default libctx");
5196
5197 custom_md_init_called = custom_md_cleanup_called = 0;
5198
5199 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
5200 if (!TEST_int_ne(nid, NID_undef))
5201 goto err;
5202 tmp = EVP_MD_meth_new(nid, NID_undef);
5203 if (!TEST_ptr(tmp))
5204 goto err;
5205
5206 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init))
5207 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup))
5208 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp,
5209 sizeof(custom_dgst_ctx))))
5210 goto err;
5211
5212 mdctx = EVP_MD_CTX_new();
5213 if (!TEST_ptr(mdctx)
5214 /*
5215 * Initing our custom md and then initing another md should
5216 * result in the init and cleanup functions of the custom md
5217 * being called.
5218 */
5219 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL))
5220 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
5221 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess)))
5222 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len))
5223 || !TEST_int_eq(custom_md_init_called, 1)
5224 || !TEST_int_eq(custom_md_cleanup_called, 1))
5225 goto err;
5226
5227 if (!TEST_int_eq(OBJ_create("1.3.6.1.4.1.16604.998866.1",
5228 "custom-md", "custom-md"), NID_undef)
5229 || !TEST_int_eq(ERR_GET_LIB(ERR_peek_error()), ERR_LIB_OBJ)
5230 || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), OBJ_R_OID_EXISTS))
5231 goto err;
5232
5233 o = ASN1_OBJECT_create(nid, (unsigned char *)
5234 "\53\6\1\4\1\201\201\134\274\373\122\1", 12,
5235 "custom-md", "custom-md");
5236 if (!TEST_int_eq(OBJ_add_object(o), nid))
5237 goto err;
5238
5239 testresult = 1;
5240 err:
5241 ASN1_OBJECT_free(o);
5242 EVP_MD_CTX_free(mdctx);
5243 EVP_MD_meth_free(tmp);
5244 return testresult;
5245 }
5246
5247 typedef struct {
5248 int data;
5249 } custom_ciph_ctx;
5250
5251 static int custom_ciph_init_called = 0;
5252 static int custom_ciph_cleanup_called = 0;
5253
custom_ciph_init(EVP_CIPHER_CTX * ctx,const unsigned char * key,const unsigned char * iv,int enc)5254 static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
5255 const unsigned char *iv, int enc)
5256 {
5257 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
5258
5259 if (p == NULL)
5260 return 0;
5261
5262 custom_ciph_init_called++;
5263 return 1;
5264 }
5265
custom_ciph_cleanup(EVP_CIPHER_CTX * ctx)5266 static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx)
5267 {
5268 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
5269
5270 if (p == NULL)
5271 /* Nothing to do */
5272 return 1;
5273
5274 custom_ciph_cleanup_called++;
5275 return 1;
5276 }
5277
test_custom_ciph_meth(void)5278 static int test_custom_ciph_meth(void)
5279 {
5280 EVP_CIPHER_CTX *ciphctx = NULL;
5281 EVP_CIPHER *tmp = NULL;
5282 int testresult = 0;
5283 int nid;
5284
5285 /*
5286 * We are testing deprecated functions. We don't support a non-default
5287 * library context in this test.
5288 */
5289 if (testctx != NULL)
5290 return TEST_skip("Non-default libctx");
5291
5292 custom_ciph_init_called = custom_ciph_cleanup_called = 0;
5293
5294 nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph");
5295 if (!TEST_int_ne(nid, NID_undef))
5296 goto err;
5297 tmp = EVP_CIPHER_meth_new(nid, 16, 16);
5298 if (!TEST_ptr(tmp))
5299 goto err;
5300
5301 if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init))
5302 || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT))
5303 || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup))
5304 || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp,
5305 sizeof(custom_ciph_ctx))))
5306 goto err;
5307
5308 ciphctx = EVP_CIPHER_CTX_new();
5309 if (!TEST_ptr(ciphctx)
5310 /*
5311 * Initing our custom cipher and then initing another cipher
5312 * should result in the init and cleanup functions of the custom
5313 * cipher being called.
5314 */
5315 || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1))
5316 || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL,
5317 NULL, NULL, 1))
5318 || !TEST_int_eq(custom_ciph_init_called, 1)
5319 || !TEST_int_eq(custom_ciph_cleanup_called, 1))
5320 goto err;
5321
5322 testresult = 1;
5323 err:
5324 EVP_CIPHER_CTX_free(ciphctx);
5325 EVP_CIPHER_meth_free(tmp);
5326 return testresult;
5327 }
5328
5329 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
5330 /* Test we can create a signature keys with an associated ENGINE */
test_signatures_with_engine(int tst)5331 static int test_signatures_with_engine(int tst)
5332 {
5333 ENGINE *e;
5334 const char *engine_id = "dasync";
5335 EVP_PKEY *pkey = NULL;
5336 const unsigned char badcmackey[] = { 0x00, 0x01 };
5337 const unsigned char cmackey[] = {
5338 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
5339 0x0c, 0x0d, 0x0e, 0x0f
5340 };
5341 const unsigned char ed25519key[] = {
5342 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
5343 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
5344 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
5345 };
5346 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
5347 int testresult = 0;
5348 EVP_MD_CTX *ctx = NULL;
5349 unsigned char *mac = NULL;
5350 size_t maclen = 0;
5351 int ret;
5352
5353 # ifdef OPENSSL_NO_CMAC
5354 /* Skip CMAC tests in a no-cmac build */
5355 if (tst <= 1)
5356 return 1;
5357 # endif
5358 # ifdef OPENSSL_NO_ECX
5359 /* Skip ECX tests in a no-ecx build */
5360 if (tst == 2)
5361 return 1;
5362 # endif
5363
5364 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
5365 return 0;
5366
5367 if (!TEST_true(ENGINE_init(e))) {
5368 ENGINE_free(e);
5369 return 0;
5370 }
5371
5372 switch (tst) {
5373 case 0:
5374 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
5375 EVP_aes_128_cbc());
5376 break;
5377 case 1:
5378 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
5379 EVP_aes_128_cbc());
5380 break;
5381 case 2:
5382 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
5383 sizeof(ed25519key));
5384 break;
5385 default:
5386 TEST_error("Invalid test case");
5387 goto err;
5388 }
5389 if (!TEST_ptr(pkey))
5390 goto err;
5391
5392 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
5393 goto err;
5394
5395 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
5396 pkey);
5397 if (tst == 0) {
5398 if (!TEST_true(ret))
5399 goto err;
5400
5401 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
5402 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
5403 goto err;
5404
5405 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
5406 goto err;
5407
5408 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
5409 goto err;
5410 } else {
5411 /* We used a bad key. We expect a failure here */
5412 if (!TEST_false(ret))
5413 goto err;
5414 }
5415
5416 testresult = 1;
5417 err:
5418 EVP_MD_CTX_free(ctx);
5419 OPENSSL_free(mac);
5420 EVP_PKEY_free(pkey);
5421 ENGINE_finish(e);
5422 ENGINE_free(e);
5423
5424 return testresult;
5425 }
5426
test_cipher_with_engine(void)5427 static int test_cipher_with_engine(void)
5428 {
5429 ENGINE *e;
5430 const char *engine_id = "dasync";
5431 const unsigned char keyiv[] = {
5432 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
5433 0x0c, 0x0d, 0x0e, 0x0f
5434 };
5435 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
5436 int testresult = 0;
5437 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
5438 unsigned char buf[AES_BLOCK_SIZE];
5439 int len = 0;
5440
5441 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
5442 return 0;
5443
5444 if (!TEST_true(ENGINE_init(e))) {
5445 ENGINE_free(e);
5446 return 0;
5447 }
5448
5449 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
5450 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
5451 goto err;
5452
5453 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
5454 goto err;
5455
5456 /* Copy the ctx, and complete the operation with the new ctx */
5457 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
5458 goto err;
5459
5460 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
5461 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
5462 goto err;
5463
5464 testresult = 1;
5465 err:
5466 EVP_CIPHER_CTX_free(ctx);
5467 EVP_CIPHER_CTX_free(ctx2);
5468 ENGINE_finish(e);
5469 ENGINE_free(e);
5470
5471 return testresult;
5472 }
5473 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
5474 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
5475
5476 #ifndef OPENSSL_NO_ECX
5477 static int ecxnids[] = {
5478 NID_X25519,
5479 NID_X448,
5480 NID_ED25519,
5481 NID_ED448
5482 };
5483
5484 /* Test that creating ECX keys with a short private key fails as expected */
test_ecx_short_keys(int tst)5485 static int test_ecx_short_keys(int tst)
5486 {
5487 unsigned char ecxkeydata = 1;
5488 EVP_PKEY *pkey;
5489
5490
5491 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, OBJ_nid2sn(ecxnids[tst]),
5492 NULL, &ecxkeydata, 1);
5493 if (!TEST_ptr_null(pkey)) {
5494 EVP_PKEY_free(pkey);
5495 return 0;
5496 }
5497
5498 return 1;
5499 }
5500 #endif
5501
5502 typedef enum OPTION_choice {
5503 OPT_ERR = -1,
5504 OPT_EOF = 0,
5505 OPT_CONTEXT,
5506 OPT_CONFIG_FILE,
5507 OPT_TEST_ENUM
5508 } OPTION_CHOICE;
5509
test_get_options(void)5510 const OPTIONS *test_get_options(void)
5511 {
5512 static const OPTIONS options[] = {
5513 OPT_TEST_OPTIONS_DEFAULT_USAGE,
5514 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
5515 { "config", OPT_CONFIG_FILE, '<',
5516 "The configuration file to use for the libctx" },
5517 { NULL }
5518 };
5519 return options;
5520 }
5521
5522 #ifndef OPENSSL_NO_ECX
5523 /* Test that trying to sign with a public key errors out gracefully */
test_ecx_not_private_key(int tst)5524 static int test_ecx_not_private_key(int tst)
5525 {
5526 EVP_PKEY *pkey = NULL;
5527
5528 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
5529 int testresult = 0;
5530 EVP_MD_CTX *ctx = NULL;
5531 unsigned char *mac = NULL;
5532 size_t maclen = 0;
5533 unsigned char *pubkey;
5534 size_t pubkeylen;
5535
5536 switch (keys[tst].type) {
5537 case NID_X25519:
5538 case NID_X448:
5539 return TEST_skip("signing not supported for X25519/X448");
5540 }
5541
5542 /* Check if this algorithm supports public keys */
5543 if (keys[tst].pub == NULL)
5544 return TEST_skip("no public key present");
5545
5546 pubkey = (unsigned char *)keys[tst].pub;
5547 pubkeylen = strlen(keys[tst].pub);
5548
5549 pkey = EVP_PKEY_new_raw_public_key_ex(testctx, OBJ_nid2sn(keys[tst].type),
5550 NULL, pubkey, pubkeylen);
5551 if (!TEST_ptr(pkey))
5552 goto err;
5553
5554 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
5555 goto err;
5556
5557 if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey) != 1)
5558 goto check_err;
5559
5560 if (EVP_DigestSign(ctx, NULL, &maclen, msg, sizeof(msg)) != 1)
5561 goto check_err;
5562
5563 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
5564 goto err;
5565
5566 if (!TEST_int_eq(EVP_DigestSign(ctx, mac, &maclen, msg, sizeof(msg)), 0))
5567 goto err;
5568
5569 check_err:
5570 /*
5571 * Currently only EVP_DigestSign will throw PROV_R_NOT_A_PRIVATE_KEY,
5572 * but we relax the check to allow error also thrown by
5573 * EVP_DigestSignInit and EVP_DigestSign.
5574 */
5575 if (ERR_GET_REASON(ERR_peek_error()) == PROV_R_NOT_A_PRIVATE_KEY) {
5576 testresult = 1;
5577 ERR_clear_error();
5578 }
5579
5580 err:
5581 EVP_MD_CTX_free(ctx);
5582 OPENSSL_free(mac);
5583 EVP_PKEY_free(pkey);
5584
5585 return testresult;
5586 }
5587 #endif /* OPENSSL_NO_ECX */
5588
test_sign_continuation(void)5589 static int test_sign_continuation(void)
5590 {
5591 OSSL_PROVIDER *fake_rsa = NULL;
5592 int testresult = 0;
5593 EVP_PKEY *pkey = NULL;
5594 EVP_PKEY_CTX *pctx = NULL;
5595 EVP_MD_CTX *mctx = NULL;
5596 const char sigbuf[] = "To Be Signed";
5597 unsigned char signature[256];
5598 size_t siglen = 256;
5599 static int nodupnum = 1;
5600 static const OSSL_PARAM nodup_params[] = {
5601 OSSL_PARAM_int("NO_DUP", &nodupnum),
5602 OSSL_PARAM_END
5603 };
5604
5605 if (!TEST_ptr(fake_rsa = fake_rsa_start(testctx)))
5606 return 0;
5607
5608 /* Construct a pkey using precise propq to use our provider */
5609 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA",
5610 "provider=fake-rsa"))
5611 || !TEST_true(EVP_PKEY_fromdata_init(pctx))
5612 || !TEST_true(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, NULL))
5613 || !TEST_ptr(pkey))
5614 goto end;
5615
5616 /* First test it continues (classic behavior) */
5617 if (!TEST_ptr(mctx = EVP_MD_CTX_new())
5618 || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx,
5619 NULL, pkey, NULL))
5620 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
5621 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen))
5622 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
5623 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen)))
5624 goto end;
5625
5626 EVP_MD_CTX_free(mctx);
5627
5628 /* try again but failing the continuation */
5629 if (!TEST_ptr(mctx = EVP_MD_CTX_new())
5630 || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx,
5631 NULL, pkey, nodup_params))
5632 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
5633 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen))
5634 || !TEST_false(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
5635 || !TEST_false(EVP_DigestSignFinal(mctx, signature, &siglen)))
5636 goto end;
5637
5638 testresult = 1;
5639
5640 end:
5641 EVP_MD_CTX_free(mctx);
5642 EVP_PKEY_free(pkey);
5643 EVP_PKEY_CTX_free(pctx);
5644 fake_rsa_finish(fake_rsa);
5645 return testresult;
5646 }
5647
aes_gcm_encrypt(const unsigned char * gcm_key,size_t gcm_key_s,const unsigned char * gcm_iv,size_t gcm_ivlen,const unsigned char * gcm_pt,size_t gcm_pt_s,const unsigned char * gcm_aad,size_t gcm_aad_s,const unsigned char * gcm_ct,size_t gcm_ct_s,const unsigned char * gcm_tag,size_t gcm_tag_s)5648 static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s,
5649 const unsigned char *gcm_iv, size_t gcm_ivlen,
5650 const unsigned char *gcm_pt, size_t gcm_pt_s,
5651 const unsigned char *gcm_aad, size_t gcm_aad_s,
5652 const unsigned char *gcm_ct, size_t gcm_ct_s,
5653 const unsigned char *gcm_tag, size_t gcm_tag_s)
5654 {
5655 int ret = 0;
5656 EVP_CIPHER_CTX *ctx;
5657 EVP_CIPHER *cipher = NULL;
5658 int outlen, tmplen;
5659 unsigned char outbuf[1024];
5660 unsigned char outtag[16];
5661 OSSL_PARAM params[2] = {
5662 OSSL_PARAM_END, OSSL_PARAM_END
5663 };
5664
5665 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
5666 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")))
5667 goto err;
5668
5669 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
5670 &gcm_ivlen);
5671
5672 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
5673 || (gcm_aad != NULL
5674 && !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen,
5675 gcm_aad, gcm_aad_s)))
5676 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen,
5677 gcm_pt, gcm_pt_s))
5678 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)))
5679 goto err;
5680
5681 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
5682 outtag, sizeof(outtag));
5683
5684 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params))
5685 || !TEST_mem_eq(outbuf, outlen, gcm_ct, gcm_ct_s)
5686 || !TEST_mem_eq(outtag, gcm_tag_s, gcm_tag, gcm_tag_s))
5687 goto err;
5688
5689 ret = 1;
5690 err:
5691 EVP_CIPHER_free(cipher);
5692 EVP_CIPHER_CTX_free(ctx);
5693
5694 return ret;
5695 }
5696
aes_gcm_decrypt(const unsigned char * gcm_key,size_t gcm_key_s,const unsigned char * gcm_iv,size_t gcm_ivlen,const unsigned char * gcm_pt,size_t gcm_pt_s,const unsigned char * gcm_aad,size_t gcm_aad_s,const unsigned char * gcm_ct,size_t gcm_ct_s,const unsigned char * gcm_tag,size_t gcm_tag_s)5697 static int aes_gcm_decrypt(const unsigned char *gcm_key, size_t gcm_key_s,
5698 const unsigned char *gcm_iv, size_t gcm_ivlen,
5699 const unsigned char *gcm_pt, size_t gcm_pt_s,
5700 const unsigned char *gcm_aad, size_t gcm_aad_s,
5701 const unsigned char *gcm_ct, size_t gcm_ct_s,
5702 const unsigned char *gcm_tag, size_t gcm_tag_s)
5703 {
5704 int ret = 0;
5705 EVP_CIPHER_CTX *ctx;
5706 EVP_CIPHER *cipher = NULL;
5707 int outlen;
5708 unsigned char outbuf[1024];
5709 OSSL_PARAM params[2] = {
5710 OSSL_PARAM_END, OSSL_PARAM_END
5711 };
5712
5713 if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
5714 goto err;
5715
5716 if ((cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")) == NULL)
5717 goto err;
5718
5719 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
5720 &gcm_ivlen);
5721
5722 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
5723 || (gcm_aad != NULL
5724 && !TEST_true(EVP_DecryptUpdate(ctx, NULL, &outlen,
5725 gcm_aad, gcm_aad_s)))
5726 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen,
5727 gcm_ct, gcm_ct_s))
5728 || !TEST_mem_eq(outbuf, outlen, gcm_pt, gcm_pt_s))
5729 goto err;
5730
5731 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
5732 (void*)gcm_tag, gcm_tag_s);
5733
5734 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))
5735 ||!TEST_true(EVP_DecryptFinal_ex(ctx, outbuf, &outlen)))
5736 goto err;
5737
5738 ret = 1;
5739 err:
5740 EVP_CIPHER_free(cipher);
5741 EVP_CIPHER_CTX_free(ctx);
5742
5743 return ret;
5744 }
5745
test_aes_gcm_ivlen_change_cve_2023_5363(void)5746 static int test_aes_gcm_ivlen_change_cve_2023_5363(void)
5747 {
5748 /* AES-GCM test data obtained from NIST public test vectors */
5749 static const unsigned char gcm_key[] = {
5750 0xd0, 0xc2, 0x67, 0xc1, 0x9f, 0x30, 0xd8, 0x0b, 0x89, 0x14, 0xbb, 0xbf,
5751 0xb7, 0x2f, 0x73, 0xb8, 0xd3, 0xcd, 0x5f, 0x6a, 0x78, 0x70, 0x15, 0x84,
5752 0x8a, 0x7b, 0x30, 0xe3, 0x8f, 0x16, 0xf1, 0x8b,
5753 };
5754 static const unsigned char gcm_iv[] = {
5755 0xb6, 0xdc, 0xda, 0x95, 0xac, 0x99, 0x77, 0x76, 0x25, 0xae, 0x87, 0xf8,
5756 0xa3, 0xa9, 0xdd, 0x64, 0xd7, 0x9b, 0xbd, 0x5f, 0x4a, 0x0e, 0x54, 0xca,
5757 0x1a, 0x9f, 0xa2, 0xe3, 0xf4, 0x5f, 0x5f, 0xc2, 0xce, 0xa7, 0xb6, 0x14,
5758 0x12, 0x6f, 0xf0, 0xaf, 0xfd, 0x3e, 0x17, 0x35, 0x6e, 0xa0, 0x16, 0x09,
5759 0xdd, 0xa1, 0x3f, 0xd8, 0xdd, 0xf3, 0xdf, 0x4f, 0xcb, 0x18, 0x49, 0xb8,
5760 0xb3, 0x69, 0x2c, 0x5d, 0x4f, 0xad, 0x30, 0x91, 0x08, 0xbc, 0xbe, 0x24,
5761 0x01, 0x0f, 0xbe, 0x9c, 0xfb, 0x4f, 0x5d, 0x19, 0x7f, 0x4c, 0x53, 0xb0,
5762 0x95, 0x90, 0xac, 0x7b, 0x1f, 0x7b, 0xa0, 0x99, 0xe1, 0xf3, 0x48, 0x54,
5763 0xd0, 0xfc, 0xa9, 0xcc, 0x91, 0xf8, 0x1f, 0x9b, 0x6c, 0x9a, 0xe0, 0xdc,
5764 0x63, 0xea, 0x7d, 0x2a, 0x4a, 0x7d, 0xa5, 0xed, 0x68, 0x57, 0x27, 0x6b,
5765 0x68, 0xe0, 0xf2, 0xb8, 0x51, 0x50, 0x8d, 0x3d,
5766 };
5767 static const unsigned char gcm_pt[] = {
5768 0xb8, 0xb6, 0x88, 0x36, 0x44, 0xe2, 0x34, 0xdf, 0x24, 0x32, 0x91, 0x07,
5769 0x4f, 0xe3, 0x6f, 0x81,
5770 };
5771 static const unsigned char gcm_ct[] = {
5772 0xff, 0x4f, 0xb3, 0xf3, 0xf9, 0xa2, 0x51, 0xd4, 0x82, 0xc2, 0xbe, 0xf3,
5773 0xe2, 0xd0, 0xec, 0xed,
5774 };
5775 static const unsigned char gcm_tag[] = {
5776 0xbd, 0x06, 0x38, 0x09, 0xf7, 0xe1, 0xc4, 0x72, 0x0e, 0xf2, 0xea, 0x63,
5777 0xdb, 0x99, 0x6c, 0x21,
5778 };
5779
5780 return aes_gcm_encrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv),
5781 gcm_pt, sizeof(gcm_pt), NULL, 0,
5782 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag))
5783 && aes_gcm_decrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv),
5784 gcm_pt, sizeof(gcm_pt), NULL, 0,
5785 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag));
5786 }
5787
5788 #ifndef OPENSSL_NO_RC4
rc4_encrypt(const unsigned char * rc4_key,size_t rc4_key_s,const unsigned char * rc4_pt,size_t rc4_pt_s,const unsigned char * rc4_ct,size_t rc4_ct_s)5789 static int rc4_encrypt(const unsigned char *rc4_key, size_t rc4_key_s,
5790 const unsigned char *rc4_pt, size_t rc4_pt_s,
5791 const unsigned char *rc4_ct, size_t rc4_ct_s)
5792 {
5793 int ret = 0;
5794 EVP_CIPHER_CTX *ctx;
5795 EVP_CIPHER *cipher = NULL;
5796 int outlen, tmplen;
5797 unsigned char outbuf[1024];
5798 OSSL_PARAM params[2] = {
5799 OSSL_PARAM_END, OSSL_PARAM_END
5800 };
5801
5802 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
5803 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "RC4", "")))
5804 goto err;
5805
5806 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
5807 &rc4_key_s);
5808
5809 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, rc4_key, NULL, params))
5810 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen,
5811 rc4_pt, rc4_pt_s))
5812 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)))
5813 goto err;
5814
5815 if (!TEST_mem_eq(outbuf, outlen, rc4_ct, rc4_ct_s))
5816 goto err;
5817
5818 ret = 1;
5819 err:
5820 EVP_CIPHER_free(cipher);
5821 EVP_CIPHER_CTX_free(ctx);
5822
5823 return ret;
5824 }
5825
rc4_decrypt(const unsigned char * rc4_key,size_t rc4_key_s,const unsigned char * rc4_pt,size_t rc4_pt_s,const unsigned char * rc4_ct,size_t rc4_ct_s)5826 static int rc4_decrypt(const unsigned char *rc4_key, size_t rc4_key_s,
5827 const unsigned char *rc4_pt, size_t rc4_pt_s,
5828 const unsigned char *rc4_ct, size_t rc4_ct_s)
5829 {
5830 int ret = 0;
5831 EVP_CIPHER_CTX *ctx;
5832 EVP_CIPHER *cipher = NULL;
5833 int outlen;
5834 unsigned char outbuf[1024];
5835 OSSL_PARAM params[2] = {
5836 OSSL_PARAM_END, OSSL_PARAM_END
5837 };
5838
5839 if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
5840 goto err;
5841
5842 if ((cipher = EVP_CIPHER_fetch(testctx, "RC4", "")) == NULL)
5843 goto err;
5844
5845 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
5846 &rc4_key_s);
5847
5848 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, rc4_key, NULL, params))
5849 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen,
5850 rc4_ct, rc4_ct_s))
5851 || !TEST_mem_eq(outbuf, outlen, rc4_pt, rc4_pt_s))
5852 goto err;
5853
5854 ret = 1;
5855 err:
5856 EVP_CIPHER_free(cipher);
5857 EVP_CIPHER_CTX_free(ctx);
5858
5859 return ret;
5860 }
5861
test_aes_rc4_keylen_change_cve_2023_5363(void)5862 static int test_aes_rc4_keylen_change_cve_2023_5363(void)
5863 {
5864 /* RC4 test data obtained from RFC 6229 */
5865 static const struct {
5866 unsigned char key[5];
5867 unsigned char padding[11];
5868 } rc4_key = {
5869 { /* Five bytes of key material */
5870 0x83, 0x32, 0x22, 0x77, 0x2a,
5871 },
5872 { /* Random padding to 16 bytes */
5873 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 0xaa, 0x32, 0x91
5874 }
5875 };
5876 static const unsigned char rc4_pt[] = {
5877 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5878 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
5879 };
5880 static const unsigned char rc4_ct[] = {
5881 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a,
5882 0x2e, 0x87, 0x9e, 0x92, 0xa4, 0x97, 0xef, 0xda
5883 };
5884
5885 if (lgcyprov == NULL)
5886 return TEST_skip("Test requires legacy provider to be loaded");
5887
5888 return rc4_encrypt(rc4_key.key, sizeof(rc4_key.key),
5889 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct))
5890 && rc4_decrypt(rc4_key.key, sizeof(rc4_key.key),
5891 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct));
5892 }
5893 #endif
5894
test_invalid_ctx_for_digest(void)5895 static int test_invalid_ctx_for_digest(void)
5896 {
5897 int ret;
5898 EVP_MD_CTX *mdctx;
5899
5900 mdctx = EVP_MD_CTX_new();
5901 if (!TEST_ptr(mdctx))
5902 return 0;
5903
5904 if (!TEST_int_eq(EVP_DigestUpdate(mdctx, "test", sizeof("test") - 1), 0))
5905 ret = 0;
5906 else
5907 ret = 1;
5908
5909 EVP_MD_CTX_free(mdctx);
5910
5911 return ret;
5912 }
5913
setup_tests(void)5914 int setup_tests(void)
5915 {
5916 char *config_file = NULL;
5917 OPTION_CHOICE o;
5918
5919 while ((o = opt_next()) != OPT_EOF) {
5920 switch (o) {
5921 case OPT_CONTEXT:
5922 /* Set up an alternate library context */
5923 testctx = OSSL_LIB_CTX_new();
5924 if (!TEST_ptr(testctx))
5925 return 0;
5926 #ifdef STATIC_LEGACY
5927 /*
5928 * This test is always statically linked against libcrypto. We must not
5929 * attempt to load legacy.so that might be dynamically linked against
5930 * libcrypto. Instead we use a built-in version of the legacy provider.
5931 */
5932 if (!OSSL_PROVIDER_add_builtin(testctx, "legacy", ossl_legacy_provider_init))
5933 return 0;
5934 #endif
5935 /* Swap the libctx to test non-default context only */
5936 nullprov = OSSL_PROVIDER_load(NULL, "null");
5937 deflprov = OSSL_PROVIDER_load(testctx, "default");
5938 #ifndef OPENSSL_SYS_TANDEM
5939 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
5940 #endif
5941 break;
5942 case OPT_CONFIG_FILE:
5943 config_file = opt_arg();
5944 if (!test_get_libctx(&testctx, &nullprov, config_file, NULL, NULL))
5945 return 0;
5946 break;
5947 case OPT_TEST_CASES:
5948 break;
5949 default:
5950 return 0;
5951 }
5952 }
5953
5954 if (config_file != NULL) {
5955 ADD_TEST(test_EVP_set_config_properties);
5956 return 1;
5957 }
5958
5959 ADD_TEST(test_EVP_set_default_properties);
5960 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
5961 ADD_TEST(test_EVP_DigestVerifyInit);
5962 #ifndef OPENSSL_NO_SIPHASH
5963 ADD_TEST(test_siphash_digestsign);
5964 #endif
5965 ADD_TEST(test_EVP_Digest);
5966 ADD_TEST(test_EVP_md_null);
5967 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
5968 #ifndef OPENSSL_NO_DEPRECATED_3_0
5969 ADD_ALL_TESTS(test_EVP_PKEY_sign_with_app_method, 2);
5970 #endif
5971 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
5972 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
5973 ADD_TEST(test_privatekey_to_pkcs8);
5974 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
5975 #ifndef OPENSSL_NO_EC
5976 ADD_TEST(test_EVP_PKCS82PKEY);
5977 #endif
5978 #ifndef OPENSSL_NO_EC
5979 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
5980 #endif
5981 #if !defined(OPENSSL_NO_SM2)
5982 ADD_TEST(test_EVP_SM2);
5983 ADD_TEST(test_EVP_SM2_verify);
5984 #endif
5985 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
5986 #ifndef OPENSSL_NO_DEPRECATED_3_0
5987 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
5988 if (!TEST_ptr(custom_pmeth))
5989 return 0;
5990 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
5991 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
5992 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
5993 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
5994 return 0;
5995 #endif
5996 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
5997 #ifndef OPENSSL_NO_CMAC
5998 ADD_TEST(test_CMAC_keygen);
5999 #endif
6000 ADD_TEST(test_HKDF);
6001 ADD_TEST(test_emptyikm_HKDF);
6002 ADD_TEST(test_empty_salt_info_HKDF);
6003 #ifndef OPENSSL_NO_EC
6004 ADD_TEST(test_X509_PUBKEY_inplace);
6005 ADD_TEST(test_X509_PUBKEY_dup);
6006 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
6007 OSSL_NELEM(ec_der_pub_keys));
6008 #endif
6009 #ifndef OPENSSL_NO_DSA
6010 ADD_TEST(test_DSA_get_set_params);
6011 ADD_TEST(test_DSA_priv_pub);
6012 #endif
6013 ADD_TEST(test_RSA_get_set_params);
6014 ADD_TEST(test_RSA_OAEP_set_get_params);
6015 ADD_TEST(test_RSA_OAEP_set_null_label);
6016 #ifndef OPENSSL_NO_DEPRECATED_3_0
6017 ADD_TEST(test_RSA_legacy);
6018 #endif
6019 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
6020 ADD_TEST(test_decrypt_null_chunks);
6021 #endif
6022 #ifndef OPENSSL_NO_DH
6023 ADD_TEST(test_DH_priv_pub);
6024 # ifndef OPENSSL_NO_DEPRECATED_3_0
6025 ADD_TEST(test_EVP_PKEY_set1_DH);
6026 # endif
6027 #endif
6028 #ifndef OPENSSL_NO_EC
6029 ADD_TEST(test_EC_priv_pub);
6030 ADD_TEST(test_evp_get_ec_pub);
6031 # ifndef OPENSSL_NO_DEPRECATED_3_0
6032 ADD_TEST(test_EC_priv_only_legacy);
6033 ADD_TEST(test_evp_get_ec_pub_legacy);
6034 # endif
6035 #endif
6036 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
6037 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
6038
6039 ADD_TEST(test_rand_agglomeration);
6040 ADD_ALL_TESTS(test_evp_iv_aes, 12);
6041 #ifndef OPENSSL_NO_DES
6042 ADD_ALL_TESTS(test_evp_iv_des, 6);
6043 #endif
6044 #ifndef OPENSSL_NO_BF
6045 ADD_ALL_TESTS(test_evp_bf_default_keylen, 4);
6046 #endif
6047 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
6048 ADD_TEST(test_EVP_rsa_pss_set_saltlen);
6049 ADD_TEST(test_EVP_rsa_invalid_key);
6050 #ifndef OPENSSL_NO_EC
6051 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
6052 #endif
6053
6054 ADD_TEST(test_names_do_all);
6055
6056 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
6057 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
6058 ADD_ALL_TESTS(test_evp_reinit_seq, OSSL_NELEM(evp_reinit_tests));
6059 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
6060 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
6061 ADD_ALL_TESTS(test_ivlen_change, OSSL_NELEM(ivlen_change_ciphers));
6062 if (OSSL_NELEM(keylen_change_ciphers) - 1 > 0)
6063 ADD_ALL_TESTS(test_keylen_change, OSSL_NELEM(keylen_change_ciphers) - 1);
6064
6065 #ifndef OPENSSL_NO_DEPRECATED_3_0
6066 ADD_ALL_TESTS(test_custom_pmeth, 12);
6067 ADD_TEST(test_evp_md_cipher_meth);
6068 ADD_TEST(test_custom_md_meth);
6069 ADD_TEST(test_custom_ciph_meth);
6070
6071 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
6072 /* Tests only support the default libctx */
6073 if (testctx == NULL) {
6074 # ifndef OPENSSL_NO_EC
6075 ADD_ALL_TESTS(test_signatures_with_engine, 3);
6076 # else
6077 ADD_ALL_TESTS(test_signatures_with_engine, 2);
6078 # endif
6079 ADD_TEST(test_cipher_with_engine);
6080 }
6081 # endif
6082 #endif
6083
6084 #ifndef OPENSSL_NO_ECX
6085 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
6086 ADD_ALL_TESTS(test_ecx_not_private_key, OSSL_NELEM(keys));
6087 #endif
6088
6089 ADD_TEST(test_sign_continuation);
6090
6091 /* Test cases for CVE-2023-5363 */
6092 ADD_TEST(test_aes_gcm_ivlen_change_cve_2023_5363);
6093 #ifndef OPENSSL_NO_RC4
6094 ADD_TEST(test_aes_rc4_keylen_change_cve_2023_5363);
6095 #endif
6096
6097 ADD_TEST(test_invalid_ctx_for_digest);
6098
6099 return 1;
6100 }
6101
cleanup_tests(void)6102 void cleanup_tests(void)
6103 {
6104 OSSL_PROVIDER_unload(nullprov);
6105 OSSL_PROVIDER_unload(deflprov);
6106 #ifndef OPENSSL_SYS_TANDEM
6107 OSSL_PROVIDER_unload(lgcyprov);
6108 #endif
6109 OSSL_LIB_CTX_free(testctx);
6110 }
6111
