1 /*
2 * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
34 #include "testutil.h"
35 #include "internal/nelem.h"
36 #include "internal/sizes.h"
37 #include "crypto/evp.h"
38
39 static OSSL_LIB_CTX *testctx = NULL;
40 static char *testpropq = NULL;
41
42 static OSSL_PROVIDER *nullprov = NULL;
43 static OSSL_PROVIDER *deflprov = NULL;
44 static OSSL_PROVIDER *lgcyprov = NULL;
45
46 /*
47 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
48 * should never use this key anywhere but in an example.
49 */
50 static const unsigned char kExampleRSAKeyDER[] = {
51 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
52 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
53 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
54 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
55 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
56 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
57 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
58 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
59 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
60 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
61 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
62 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
63 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
64 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
65 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
66 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
67 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
68 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
69 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
70 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
71 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
72 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
73 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
74 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
75 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
76 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
77 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
78 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
79 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
80 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
81 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
82 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
83 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
84 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
85 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
86 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
87 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
88 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
89 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
90 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
91 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
92 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
93 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
94 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
95 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
96 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
97 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
98 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
99 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
100 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
101 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
102 };
103
104 /*
105 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
106 * should never use this key anywhere but in an example.
107 */
108 #ifndef OPENSSL_NO_DSA
109 static const unsigned char kExampleDSAKeyDER[] = {
110 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
111 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
112 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
113 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
114 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
115 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
116 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
117 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
118 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
119 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
120 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
121 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
122 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
123 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
124 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
125 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
126 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
127 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
128 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
129 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
130 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
131 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
132 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
133 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
134 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
135 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
136 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
137 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
138 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
139 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
140 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
141 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
142 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
143 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
144 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
145 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
146 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
147 0x40, 0x48
148 };
149 #endif
150
151 /*
152 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
153 * components are not correct.
154 */
155 static const unsigned char kExampleBadRSAKeyDER[] = {
156 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
157 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
158 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
159 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
160 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
161 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
162 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
163 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
164 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
165 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
166 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
167 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
168 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
169 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
170 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
171 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
172 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
173 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
174 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
175 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
176 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
177 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
178 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
179 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
180 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
181 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
182 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
183 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
184 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
185 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
186 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
187 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
188 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
189 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
190 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
191 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
192 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
193 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
194 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
195 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
196 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
197 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
198 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
199 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
200 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
201 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
202 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
203 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
204 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
205 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
206 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
207 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
208 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
209 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
210 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
211 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
212 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
213 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
214 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
215 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
216 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
217 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
218 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
219 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
220 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
221 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
222 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
223 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
224 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
225 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
226 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
227 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
228 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
229 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
230 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
231 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
232 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
233 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
234 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
235 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
236 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
237 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
238 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
239 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
240 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
241 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
242 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
243 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
244 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
245 };
246
247 /*
248 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All
249 * values are 0.
250 */
251 static const unsigned char kExampleBad2RSAKeyDER[] = {
252 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
253 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
254 0x01, 0x00, 0x02, 0x01, 0x00
255 };
256
257 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
258
259 static const unsigned char kSignature[] = {
260 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
261 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
262 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
263 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
264 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
265 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
266 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
267 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
268 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
269 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
270 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
271 };
272
273 /*
274 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
275 * PrivateKeyInfo.
276 */
277 static const unsigned char kExampleRSAKeyPKCS8[] = {
278 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
279 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
280 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
281 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
282 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
283 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
284 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
285 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
286 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
287 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
288 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
289 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
290 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
291 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
292 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
293 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
294 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
295 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
296 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
297 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
298 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
299 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
300 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
301 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
302 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
303 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
304 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
305 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
306 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
307 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
308 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
309 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
310 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
311 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
312 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
313 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
314 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
315 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
316 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
317 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
318 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
319 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
320 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
321 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
322 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
323 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
324 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
325 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
326 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
327 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
328 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
329 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
330 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
331 };
332
333 #ifndef OPENSSL_NO_EC
334 /*
335 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
336 * structure.
337 */
338 static const unsigned char kExampleECKeyDER[] = {
339 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
340 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
341 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
342 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
343 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
344 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
345 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
346 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
347 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
348 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
349 0xc1,
350 };
351
352 /*
353 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
354 * structure. The private key is equal to the order and will fail to import
355 */
356 static const unsigned char kExampleBadECKeyDER[] = {
357 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
358 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
359 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
360 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
361 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
362 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
363 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
364 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
365 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
366 };
367
368 /* prime256v1 */
369 static const unsigned char kExampleECPubKeyDER[] = {
370 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
371 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
372 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
373 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
374 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
375 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
376 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
377 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
378 };
379
380 /*
381 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
382 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
383 */
384 static const unsigned char kExampleBadECPubKeyDER[] = {
385 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
386 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
387 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
388 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
389 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
390 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
391 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
392 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
393 };
394
395 static const unsigned char pExampleECParamDER[] = {
396 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
397 };
398
399 static const unsigned char kExampleED25519KeyDER[] = {
400 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
401 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
402 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
403 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
404 };
405
406 static const unsigned char kExampleED25519PubKeyDER[] = {
407 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
408 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
409 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
410 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
411 };
412
413 # ifndef OPENSSL_NO_DEPRECATED_3_0
414 static const unsigned char kExampleX25519KeyDER[] = {
415 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
416 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
417 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
418 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
419 };
420 # endif
421 #endif
422
423 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
424 #ifndef OPENSSL_NO_DEPRECATED_3_0
425 # ifndef OPENSSL_NO_DH
426 static const unsigned char kExampleDHKeyDER[] = {
427 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
428 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
429 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
430 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
431 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
432 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
433 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
434 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
435 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
436 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
437 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
438 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
439 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
440 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
441 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
442 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
443 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
444 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
445 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
446 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
447 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
448 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
449 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
450 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
451 0x2e, 0x87, 0x2a, 0x0b, 0x7a
452 };
453 # endif
454 #endif
455
456 static const unsigned char kCFBDefaultKey[] = {
457 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
458 0x09, 0xCF, 0x4F, 0x3C
459 };
460
461 static const unsigned char kGCMDefaultKey[32] = { 0 };
462
463 static const unsigned char kGCMResetKey[] = {
464 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
465 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
466 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
467 };
468
469 static const unsigned char iCFBIV[] = {
470 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
471 0x0C, 0x0D, 0x0E, 0x0F
472 };
473
474 static const unsigned char iGCMDefaultIV[12] = { 0 };
475
476 static const unsigned char iGCMResetIV1[] = {
477 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
478 };
479
480 static const unsigned char iGCMResetIV2[] = {
481 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
482 };
483
484 static const unsigned char cfbPlaintext[] = {
485 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
486 0x73, 0x93, 0x17, 0x2A
487 };
488
489 static const unsigned char gcmDefaultPlaintext[16] = { 0 };
490
491 static const unsigned char gcmResetPlaintext[] = {
492 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
493 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
494 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
495 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
496 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
497 };
498
499 static const unsigned char cfbCiphertext[] = {
500 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
501 0xE8, 0x3C, 0xFB, 0x4A
502 };
503
504 static const unsigned char gcmDefaultCiphertext[] = {
505 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
506 0xba, 0xf3, 0x9d, 0x18
507 };
508
509 static const unsigned char gcmResetCiphertext1[] = {
510 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
511 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
512 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
513 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
514 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
515 };
516
517 static const unsigned char gcmResetCiphertext2[] = {
518 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
519 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
520 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
521 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
522 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
523 };
524
525 static const unsigned char gcmAAD[] = {
526 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
527 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
528 };
529
530 static const unsigned char gcmDefaultTag[] = {
531 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
532 0xd4, 0x8a, 0xb9, 0x19
533 };
534
535 static const unsigned char gcmResetTag1[] = {
536 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
537 0xfe, 0x2e, 0xa8, 0xf2
538 };
539
540 static const unsigned char gcmResetTag2[] = {
541 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
542 0xbb, 0x2d, 0x55, 0x1b
543 };
544
545 typedef struct APK_DATA_st {
546 const unsigned char *kder;
547 size_t size;
548 const char *keytype;
549 int evptype;
550 int check;
551 int pub_check;
552 int param_check;
553 int type; /* 0 for private, 1 for public, 2 for params */
554 } APK_DATA;
555
556 static APK_DATA keydata[] = {
557 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
558 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
559 #ifndef OPENSSL_NO_EC
560 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
561 #endif
562 };
563
564 static APK_DATA keycheckdata[] = {
565 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
566 0},
567 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
568 0, 1, 1, 0},
569 {kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA,
570 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0},
571 #ifndef OPENSSL_NO_EC
572 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
573 /* group is also associated in our pub key */
574 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
575 1, 1},
576 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
577 2},
578 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
579 EVP_PKEY_ED25519, 1, 1, 1, 0},
580 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
581 EVP_PKEY_ED25519, 0, 1, 1, 1},
582 #endif
583 };
584
load_example_key(const char * keytype,const unsigned char * data,size_t data_len)585 static EVP_PKEY *load_example_key(const char *keytype,
586 const unsigned char *data, size_t data_len)
587 {
588 const unsigned char **pdata = &data;
589 EVP_PKEY *pkey = NULL;
590 OSSL_DECODER_CTX *dctx =
591 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
592 testctx, testpropq);
593
594 /* |pkey| will be NULL on error */
595 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
596 OSSL_DECODER_CTX_free(dctx);
597 return pkey;
598 }
599
load_example_rsa_key(void)600 static EVP_PKEY *load_example_rsa_key(void)
601 {
602 return load_example_key("RSA", kExampleRSAKeyDER,
603 sizeof(kExampleRSAKeyDER));
604 }
605
606 #ifndef OPENSSL_NO_DSA
load_example_dsa_key(void)607 static EVP_PKEY *load_example_dsa_key(void)
608 {
609 return load_example_key("DSA", kExampleDSAKeyDER,
610 sizeof(kExampleDSAKeyDER));
611 }
612 #endif
613
614 #ifndef OPENSSL_NO_EC
load_example_ec_key(void)615 static EVP_PKEY *load_example_ec_key(void)
616 {
617 return load_example_key("EC", kExampleECKeyDER,
618 sizeof(kExampleECKeyDER));
619 }
620 #endif
621
622 #ifndef OPENSSL_NO_DEPRECATED_3_0
623 # ifndef OPENSSL_NO_DH
load_example_dh_key(void)624 static EVP_PKEY *load_example_dh_key(void)
625 {
626 return load_example_key("DH", kExampleDHKeyDER,
627 sizeof(kExampleDHKeyDER));
628 }
629 # endif
630
631 # ifndef OPENSSL_NO_EC
load_example_ed25519_key(void)632 static EVP_PKEY *load_example_ed25519_key(void)
633 {
634 return load_example_key("ED25519", kExampleED25519KeyDER,
635 sizeof(kExampleED25519KeyDER));
636 }
637
load_example_x25519_key(void)638 static EVP_PKEY *load_example_x25519_key(void)
639 {
640 return load_example_key("X25519", kExampleX25519KeyDER,
641 sizeof(kExampleX25519KeyDER));
642 }
643 # endif
644 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
645
load_example_hmac_key(void)646 static EVP_PKEY *load_example_hmac_key(void)
647 {
648 EVP_PKEY *pkey = NULL;
649 unsigned char key[] = {
650 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
651 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
652 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
653 };
654
655 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
656 NULL, key, sizeof(key));
657 if (!TEST_ptr(pkey))
658 return NULL;
659
660 return pkey;
661 }
662
test_EVP_set_default_properties(void)663 static int test_EVP_set_default_properties(void)
664 {
665 OSSL_LIB_CTX *ctx;
666 EVP_MD *md = NULL;
667 int res = 0;
668
669 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
670 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
671 goto err;
672 EVP_MD_free(md);
673 md = NULL;
674
675 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
676 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
677 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
678 goto err;
679 EVP_MD_free(md);
680 md = NULL;
681
682 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
683 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
684 goto err;
685 res = 1;
686 err:
687 EVP_MD_free(md);
688 OSSL_LIB_CTX_free(ctx);
689 return res;
690 }
691
692 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
make_key_fromdata(char * keytype,OSSL_PARAM * params)693 static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
694 {
695 EVP_PKEY_CTX *pctx = NULL;
696 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL;
697
698 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
699 goto err;
700 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
701 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
702 params), 0))
703 goto err;
704
705 if (!TEST_ptr(tmp_pkey))
706 goto err;
707
708 pkey = tmp_pkey;
709 tmp_pkey = NULL;
710 err:
711 EVP_PKEY_free(tmp_pkey);
712 EVP_PKEY_CTX_free(pctx);
713 return pkey;
714 }
715
test_selection(EVP_PKEY * pkey,int selection)716 static int test_selection(EVP_PKEY *pkey, int selection)
717 {
718 int testresult = 0;
719 int ret;
720 BIO *bio = BIO_new(BIO_s_mem());
721
722 ret = PEM_write_bio_PUBKEY(bio, pkey);
723 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
724 if (!TEST_true(ret))
725 goto err;
726 } else {
727 if (!TEST_false(ret))
728 goto err;
729 }
730 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
731 testctx, NULL);
732 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
733 if (!TEST_true(ret))
734 goto err;
735 } else {
736 if (!TEST_false(ret))
737 goto err;
738 }
739
740 testresult = 1;
741 err:
742 BIO_free(bio);
743
744 return testresult;
745 }
746 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
747
748 /*
749 * Test combinations of private, public, missing and private + public key
750 * params to ensure they are all accepted
751 */
752 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
test_EVP_PKEY_ffc_priv_pub(char * keytype)753 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
754 {
755 OSSL_PARAM_BLD *bld = NULL;
756 OSSL_PARAM *params = NULL;
757 EVP_PKEY *just_params = NULL;
758 EVP_PKEY *params_and_priv = NULL;
759 EVP_PKEY *params_and_pub = NULL;
760 EVP_PKEY *params_and_keypair = NULL;
761 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
762 int ret = 0;
763
764 /*
765 * Setup the parameters for our pkey object. For our purposes they don't
766 * have to actually be *valid* parameters. We just need to set something.
767 */
768 if (!TEST_ptr(p = BN_new())
769 || !TEST_ptr(q = BN_new())
770 || !TEST_ptr(g = BN_new())
771 || !TEST_ptr(pub = BN_new())
772 || !TEST_ptr(priv = BN_new()))
773 goto err;
774
775 /* Test !priv and !pub */
776 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
777 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
778 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
779 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
780 goto err;
781 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
782 || !TEST_ptr(just_params = make_key_fromdata(keytype, params)))
783 goto err;
784
785 OSSL_PARAM_free(params);
786 OSSL_PARAM_BLD_free(bld);
787 params = NULL;
788 bld = NULL;
789
790 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
791 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
792 goto err;
793
794 /* Test priv and !pub */
795 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
796 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
797 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
798 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
799 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
800 priv)))
801 goto err;
802 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
803 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params)))
804 goto err;
805
806 OSSL_PARAM_free(params);
807 OSSL_PARAM_BLD_free(bld);
808 params = NULL;
809 bld = NULL;
810
811 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
812 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
813 goto err;
814
815 /* Test !priv and pub */
816 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
817 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
818 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
819 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
820 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
821 pub)))
822 goto err;
823 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
824 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params)))
825 goto err;
826
827 OSSL_PARAM_free(params);
828 OSSL_PARAM_BLD_free(bld);
829 params = NULL;
830 bld = NULL;
831
832 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
833 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
834 goto err;
835
836 /* Test priv and pub */
837 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
838 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
839 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
840 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
841 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
842 pub))
843 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
844 priv)))
845 goto err;
846 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
847 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params)))
848 goto err;
849
850 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
851 goto err;
852
853 ret = 1;
854 err:
855 OSSL_PARAM_free(params);
856 OSSL_PARAM_BLD_free(bld);
857 EVP_PKEY_free(just_params);
858 EVP_PKEY_free(params_and_priv);
859 EVP_PKEY_free(params_and_pub);
860 EVP_PKEY_free(params_and_keypair);
861 BN_free(p);
862 BN_free(q);
863 BN_free(g);
864 BN_free(pub);
865 BN_free(priv);
866
867 return ret;
868 }
869 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
870
871 /*
872 * Test combinations of private, public, missing and private + public key
873 * params to ensure they are all accepted for EC keys
874 */
875 #ifndef OPENSSL_NO_EC
876 static unsigned char ec_priv[] = {
877 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
878 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
879 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
880 };
881 static unsigned char ec_pub[] = {
882 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
883 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
884 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
885 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
886 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
887 0x08, 0x09, 0xb8, 0xdb, 0x03
888 };
889
test_EC_priv_pub(void)890 static int test_EC_priv_pub(void)
891 {
892 OSSL_PARAM_BLD *bld = NULL;
893 OSSL_PARAM *params = NULL;
894 EVP_PKEY *just_params = NULL;
895 EVP_PKEY *params_and_priv = NULL;
896 EVP_PKEY *params_and_pub = NULL;
897 EVP_PKEY *params_and_keypair = NULL;
898 BIGNUM *priv = NULL;
899 int ret = 0;
900 unsigned char *encoded = NULL;
901
902 /*
903 * Setup the parameters for our pkey object. For our purposes they don't
904 * have to actually be *valid* parameters. We just need to set something.
905 */
906 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
907 goto err;
908
909 /* Test !priv and !pub */
910 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
911 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
912 OSSL_PKEY_PARAM_GROUP_NAME,
913 "P-256", 0)))
914 goto err;
915 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
916 || !TEST_ptr(just_params = make_key_fromdata("EC", params)))
917 goto err;
918
919 OSSL_PARAM_free(params);
920 OSSL_PARAM_BLD_free(bld);
921 params = NULL;
922 bld = NULL;
923
924 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
925 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
926 goto err;
927
928 /* Test priv and !pub */
929 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
930 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
931 OSSL_PKEY_PARAM_GROUP_NAME,
932 "P-256", 0))
933 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
934 priv)))
935 goto err;
936 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
937 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params)))
938 goto err;
939
940 OSSL_PARAM_free(params);
941 OSSL_PARAM_BLD_free(bld);
942 params = NULL;
943 bld = NULL;
944
945 /*
946 * We indicate only parameters here, in spite of having built a key that
947 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
948 * expected to fail because it does not support exporting a private EC
949 * key without a corresponding public key
950 */
951 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
952 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
953 goto err;
954
955 /* Test !priv and pub */
956 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
957 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
958 OSSL_PKEY_PARAM_GROUP_NAME,
959 "P-256", 0))
960 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
961 OSSL_PKEY_PARAM_PUB_KEY,
962 ec_pub, sizeof(ec_pub))))
963 goto err;
964 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
965 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params)))
966 goto err;
967
968 OSSL_PARAM_free(params);
969 OSSL_PARAM_BLD_free(bld);
970 params = NULL;
971 bld = NULL;
972
973 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
974 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
975 goto err;
976
977 /* Test priv and pub */
978 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
979 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
980 OSSL_PKEY_PARAM_GROUP_NAME,
981 "P-256", 0))
982 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
983 OSSL_PKEY_PARAM_PUB_KEY,
984 ec_pub, sizeof(ec_pub)))
985 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
986 priv)))
987 goto err;
988 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
989 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params)))
990 goto err;
991
992 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
993 goto err;
994
995 /* Try key equality */
996 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0)
997 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub),
998 0)
999 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv),
1000 0)
1001 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair),
1002 0)
1003 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0)
1004 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0)
1005 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0)
1006 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0))
1007 goto err;
1008
1009 /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */
1010 if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0))
1011 goto err;
1012 OPENSSL_free(encoded);
1013 encoded = NULL;
1014 if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) {
1015 OPENSSL_free(encoded);
1016 encoded = NULL;
1017 goto err;
1018 }
1019
1020 ret = 1;
1021 err:
1022 OSSL_PARAM_free(params);
1023 OSSL_PARAM_BLD_free(bld);
1024 EVP_PKEY_free(just_params);
1025 EVP_PKEY_free(params_and_priv);
1026 EVP_PKEY_free(params_and_pub);
1027 EVP_PKEY_free(params_and_keypair);
1028 BN_free(priv);
1029
1030 return ret;
1031 }
1032
1033 /* Test that using a legacy EC key with only a private key in it works */
1034 # ifndef OPENSSL_NO_DEPRECATED_3_0
test_EC_priv_only_legacy(void)1035 static int test_EC_priv_only_legacy(void)
1036 {
1037 BIGNUM *priv = NULL;
1038 int ret = 0;
1039 EC_KEY *eckey = NULL;
1040 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
1041 EVP_MD_CTX *ctx = NULL;
1042
1043 /* Create the low level EC_KEY */
1044 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1045 goto err;
1046
1047 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1048 if (!TEST_ptr(eckey))
1049 goto err;
1050
1051 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1052 goto err;
1053
1054 pkey = EVP_PKEY_new();
1055 if (!TEST_ptr(pkey))
1056 goto err;
1057
1058 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1059 goto err;
1060 eckey = NULL;
1061
1062 while (dup_pk == NULL) {
1063 ret = 0;
1064 ctx = EVP_MD_CTX_new();
1065 if (!TEST_ptr(ctx))
1066 goto err;
1067
1068 /*
1069 * The EVP_DigestSignInit function should create the key on the
1070 * provider side which is sufficient for this test.
1071 */
1072 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
1073 testpropq, pkey, NULL)))
1074 goto err;
1075 EVP_MD_CTX_free(ctx);
1076 ctx = NULL;
1077
1078 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
1079 goto err;
1080 /* EVP_PKEY_eq() returns -2 with missing public keys */
1081 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
1082 EVP_PKEY_free(pkey);
1083 pkey = dup_pk;
1084 if (!ret)
1085 goto err;
1086 }
1087
1088 err:
1089 EVP_MD_CTX_free(ctx);
1090 EVP_PKEY_free(pkey);
1091 EC_KEY_free(eckey);
1092 BN_free(priv);
1093
1094 return ret;
1095 }
1096 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
1097 #endif /* OPENSSL_NO_EC */
1098
test_EVP_PKEY_sign(int tst)1099 static int test_EVP_PKEY_sign(int tst)
1100 {
1101 int ret = 0;
1102 EVP_PKEY *pkey = NULL;
1103 unsigned char *sig = NULL;
1104 size_t sig_len = 0, shortsig_len = 1;
1105 EVP_PKEY_CTX *ctx = NULL;
1106 unsigned char tbs[] = {
1107 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1108 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1109 };
1110
1111 if (tst == 0) {
1112 if (!TEST_ptr(pkey = load_example_rsa_key()))
1113 goto out;
1114 } else if (tst == 1) {
1115 #ifndef OPENSSL_NO_DSA
1116 if (!TEST_ptr(pkey = load_example_dsa_key()))
1117 goto out;
1118 #else
1119 ret = 1;
1120 goto out;
1121 #endif
1122 } else {
1123 #ifndef OPENSSL_NO_EC
1124 if (!TEST_ptr(pkey = load_example_ec_key()))
1125 goto out;
1126 #else
1127 ret = 1;
1128 goto out;
1129 #endif
1130 }
1131
1132 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1133 if (!TEST_ptr(ctx)
1134 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1135 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1136 sizeof(tbs)), 0))
1137 goto out;
1138 sig = OPENSSL_malloc(sig_len);
1139 if (!TEST_ptr(sig)
1140 /* Test sending a signature buffer that is too short is rejected */
1141 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1142 sizeof(tbs)), 0)
1143 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1144 0)
1145 /* Test the signature round-trips */
1146 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1147 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1148 0))
1149 goto out;
1150
1151 ret = 1;
1152 out:
1153 EVP_PKEY_CTX_free(ctx);
1154 OPENSSL_free(sig);
1155 EVP_PKEY_free(pkey);
1156 return ret;
1157 }
1158
1159 /*
1160 * n = 0 => test using legacy cipher
1161 * n = 1 => test using fetched cipher
1162 */
test_EVP_Enveloped(int n)1163 static int test_EVP_Enveloped(int n)
1164 {
1165 int ret = 0;
1166 EVP_CIPHER_CTX *ctx = NULL;
1167 EVP_PKEY *keypair = NULL;
1168 unsigned char *kek = NULL;
1169 unsigned char iv[EVP_MAX_IV_LENGTH];
1170 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1171 int len, kek_len, ciphertext_len, plaintext_len;
1172 unsigned char ciphertext[32], plaintext[16];
1173 EVP_CIPHER *type = NULL;
1174
1175 if (nullprov != NULL)
1176 return TEST_skip("Test does not support a non-default library context");
1177
1178 if (n == 0)
1179 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1180 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1181 testpropq)))
1182 goto err;
1183
1184 if (!TEST_ptr(keypair = load_example_rsa_key())
1185 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
1186 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1187 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1188 &keypair, 1))
1189 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1190 msg, sizeof(msg)))
1191 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1192 &len)))
1193 goto err;
1194
1195 ciphertext_len += len;
1196
1197 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1198 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1199 ciphertext, ciphertext_len))
1200 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1201 goto err;
1202
1203 plaintext_len += len;
1204 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1205 goto err;
1206
1207 ret = 1;
1208 err:
1209 if (n != 0)
1210 EVP_CIPHER_free(type);
1211 OPENSSL_free(kek);
1212 EVP_PKEY_free(keypair);
1213 EVP_CIPHER_CTX_free(ctx);
1214 return ret;
1215 }
1216
1217 /*
1218 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1219 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1220 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1221 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1222 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1223 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1224 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1225 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1226 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1227 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1228 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1229 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1230 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1231 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1232 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1233 * Test 15-29: Same as above with reinitialization
1234 */
test_EVP_DigestSignInit(int tst)1235 static int test_EVP_DigestSignInit(int tst)
1236 {
1237 int ret = 0;
1238 EVP_PKEY *pkey = NULL;
1239 unsigned char *sig = NULL, *sig2 = NULL;
1240 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
1241 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1242 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1243 BIO *mdbio = NULL, *membio = NULL;
1244 size_t written;
1245 const EVP_MD *md;
1246 EVP_MD *mdexp = NULL;
1247 int reinit = 0;
1248
1249 if (nullprov != NULL)
1250 return TEST_skip("Test does not support a non-default library context");
1251
1252 if (tst >= 15) {
1253 reinit = 1;
1254 tst -= 15;
1255 }
1256
1257 if (tst >= 6 && tst <= 8) {
1258 membio = BIO_new(BIO_s_mem());
1259 mdbio = BIO_new(BIO_f_md());
1260 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1261 goto out;
1262 BIO_push(mdbio, membio);
1263 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1264 goto out;
1265 } else {
1266 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1267 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1268 goto out;
1269 }
1270
1271 if (tst % 3 == 0) {
1272 if (!TEST_ptr(pkey = load_example_rsa_key()))
1273 goto out;
1274 } else if (tst % 3 == 1) {
1275 #ifndef OPENSSL_NO_DSA
1276 if (!TEST_ptr(pkey = load_example_dsa_key()))
1277 goto out;
1278 #else
1279 ret = 1;
1280 goto out;
1281 #endif
1282 } else {
1283 if (!TEST_ptr(pkey = load_example_hmac_key()))
1284 goto out;
1285 }
1286
1287 if (tst >= 3 && tst <= 5)
1288 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1289 else
1290 md = EVP_sha256();
1291
1292 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1293 goto out;
1294
1295 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
1296 goto out;
1297
1298 if (tst >= 6 && tst <= 8) {
1299 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1300 goto out;
1301 } else if (tst < 6) {
1302 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1303 goto out;
1304 }
1305
1306 if (tst >= 9) {
1307 /* Determine the size of the signature. */
1308 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1309 sizeof(kMsg)))
1310 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1311 goto out;
1312 if (tst <= 11) {
1313 /* Test that supply a short sig buffer fails */
1314 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1315 sizeof(kMsg))))
1316 goto out;
1317 /*
1318 * We end here because once EVP_DigestSign() has failed you should
1319 * not call it again without re-initing the ctx
1320 */
1321 ret = 1;
1322 goto out;
1323 }
1324 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1325 sizeof(kMsg))))
1326 goto out;
1327 } else {
1328 /* Determine the size of the signature. */
1329 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1330 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1331 /*
1332 * Trying to create a signature with a deliberately short
1333 * buffer should fail.
1334 */
1335 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1336 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1337 goto out;
1338 }
1339
1340 /*
1341 * Ensure that the signature round-trips (Verification isn't supported for
1342 * HMAC via EVP_DigestVerify*)
1343 */
1344 if (tst % 3 != 2) {
1345 if (tst >= 6 && tst <= 8) {
1346 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1347 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1348 goto out;
1349 }
1350
1351 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1352 NULL, pkey)))
1353 goto out;
1354
1355 if (tst >= 6 && tst <= 8) {
1356 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1357 goto out;
1358 } else {
1359 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1360 sizeof(kMsg))))
1361 goto out;
1362 }
1363 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1364 goto out;
1365
1366 /* Multiple calls to EVP_DigestVerifyFinal should work */
1367 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1368 goto out;
1369 } else {
1370 /*
1371 * For HMAC a doubled call to DigestSignFinal should produce the same
1372 * value as finalization should not happen.
1373 */
1374 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1375 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1376 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1377 goto out;
1378
1379 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1380 goto out;
1381 }
1382
1383 ret = 1;
1384
1385 out:
1386 BIO_free(membio);
1387 BIO_free(mdbio);
1388 EVP_MD_CTX_free(a_md_ctx);
1389 EVP_MD_CTX_free(a_md_ctx_verify);
1390 EVP_PKEY_free(pkey);
1391 OPENSSL_free(sig);
1392 OPENSSL_free(sig2);
1393 EVP_MD_free(mdexp);
1394
1395 return ret;
1396 }
1397
test_EVP_DigestVerifyInit(void)1398 static int test_EVP_DigestVerifyInit(void)
1399 {
1400 int ret = 0;
1401 EVP_PKEY *pkey = NULL;
1402 EVP_MD_CTX *md_ctx = NULL;
1403
1404 if (nullprov != NULL)
1405 return TEST_skip("Test does not support a non-default library context");
1406
1407 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1408 || !TEST_ptr(pkey = load_example_rsa_key()))
1409 goto out;
1410
1411 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1412 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1413 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1414 sizeof(kSignature)), 0))
1415 goto out;
1416
1417 /* test with reinitialization */
1418 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
1419 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1420 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1421 sizeof(kSignature)), 0))
1422 goto out;
1423 ret = 1;
1424
1425 out:
1426 EVP_MD_CTX_free(md_ctx);
1427 EVP_PKEY_free(pkey);
1428 return ret;
1429 }
1430
1431 #ifndef OPENSSL_NO_SIPHASH
1432 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
test_siphash_digestsign(void)1433 static int test_siphash_digestsign(void)
1434 {
1435 unsigned char key[16];
1436 unsigned char buf[8], digest[8];
1437 unsigned char expected[8] = {
1438 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1439 };
1440 EVP_PKEY *pkey = NULL;
1441 EVP_MD_CTX *mdctx = NULL;
1442 EVP_PKEY_CTX *ctx = NULL;
1443 int ret = 0;
1444 size_t len = 8;
1445
1446 if (nullprov != NULL)
1447 return TEST_skip("Test does not support a non-default library context");
1448
1449 memset(buf, 0, 8);
1450 memset(key, 1, 16);
1451 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
1452 key, 16)))
1453 goto out;
1454
1455 if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
1456 goto out;
1457
1458 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
1459 goto out;
1460 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
1461 EVP_PKEY_CTRL_SET_DIGEST_SIZE,
1462 8, NULL), 1))
1463 goto out;
1464 /* reinitialize */
1465 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
1466 goto out;
1467 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
1468 goto out;
1469 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
1470 goto out;
1471 if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
1472 goto out;
1473
1474 ret = 1;
1475 out:
1476 EVP_PKEY_free(pkey);
1477 EVP_MD_CTX_free(mdctx);
1478 return ret;
1479 }
1480 #endif
1481
1482 /*
1483 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1484 */
test_EVP_Digest(void)1485 static int test_EVP_Digest(void)
1486 {
1487 int ret = 0;
1488 EVP_MD_CTX *md_ctx = NULL;
1489 unsigned char md[EVP_MAX_MD_SIZE];
1490 EVP_MD *sha256 = NULL;
1491 EVP_MD *shake256 = NULL;
1492
1493 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1494 goto out;
1495
1496 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1497 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1498 goto out;
1499
1500 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1501 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1502 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1503 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1504 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1505 goto out;
1506
1507 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1508 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1509 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1510 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1511 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1512 /*
1513 * EVP_DigestInit_ex with NULL type should work on
1514 * pre-initialized context.
1515 */
1516 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1517 goto out;
1518
1519 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1520 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1521 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1522 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1523 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1524 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1525 goto out;
1526 ret = 1;
1527
1528 out:
1529 EVP_MD_CTX_free(md_ctx);
1530 EVP_MD_free(sha256);
1531 EVP_MD_free(shake256);
1532 return ret;
1533 }
1534
test_EVP_md_null(void)1535 static int test_EVP_md_null(void)
1536 {
1537 int ret = 0;
1538 EVP_MD_CTX *md_ctx = NULL;
1539 const EVP_MD *md_null = EVP_md_null();
1540 unsigned char md_value[EVP_MAX_MD_SIZE];
1541 unsigned int md_len = sizeof(md_value);
1542
1543 if (nullprov != NULL)
1544 return TEST_skip("Test does not support a non-default library context");
1545
1546 if (!TEST_ptr(md_null)
1547 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1548 goto out;
1549
1550 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
1551 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
1552 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
1553 goto out;
1554
1555 if (!TEST_uint_eq(md_len, 0))
1556 goto out;
1557
1558 ret = 1;
1559 out:
1560 EVP_MD_CTX_free(md_ctx);
1561 return ret;
1562 }
1563
test_d2i_AutoPrivateKey(int i)1564 static int test_d2i_AutoPrivateKey(int i)
1565 {
1566 int ret = 0;
1567 const unsigned char *p;
1568 EVP_PKEY *pkey = NULL;
1569 const APK_DATA *ak = &keydata[i];
1570 const unsigned char *input = ak->kder;
1571 size_t input_len = ak->size;
1572 int expected_id = ak->evptype;
1573
1574 p = input;
1575 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1576 || !TEST_ptr_eq(p, input + input_len)
1577 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
1578 goto done;
1579
1580 ret = 1;
1581
1582 done:
1583 EVP_PKEY_free(pkey);
1584 return ret;
1585 }
1586
1587 #ifndef OPENSSL_NO_EC
1588
1589 static const unsigned char ec_public_sect163k1_validxy[] = {
1590 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1591 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1592 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1593 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1594 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1595 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1596 };
1597
1598 static const unsigned char ec_public_sect163k1_badx[] = {
1599 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1600 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1601 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1602 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1603 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1604 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1605 };
1606
1607 static const unsigned char ec_public_sect163k1_bady[] = {
1608 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1609 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1610 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1611 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1612 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1613 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1614 };
1615
1616 static struct ec_der_pub_keys_st {
1617 const unsigned char *der;
1618 size_t len;
1619 int valid;
1620 } ec_der_pub_keys[] = {
1621 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1622 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1623 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1624 };
1625
1626 /*
1627 * Tests the range of the decoded EC char2 public point.
1628 * See ec_GF2m_simple_oct2point().
1629 */
test_invalide_ec_char2_pub_range_decode(int id)1630 static int test_invalide_ec_char2_pub_range_decode(int id)
1631 {
1632 int ret = 0;
1633 EVP_PKEY *pkey;
1634
1635 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1636 ec_der_pub_keys[id].len);
1637
1638 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1639 || TEST_ptr_null(pkey);
1640 EVP_PKEY_free(pkey);
1641 return ret;
1642 }
1643
1644 /* Tests loading a bad key in PKCS8 format */
test_EVP_PKCS82PKEY(void)1645 static int test_EVP_PKCS82PKEY(void)
1646 {
1647 int ret = 0;
1648 const unsigned char *derp = kExampleBadECKeyDER;
1649 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1650 EVP_PKEY *pkey = NULL;
1651
1652 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1653 sizeof(kExampleBadECKeyDER))))
1654 goto done;
1655
1656 if (!TEST_ptr_eq(derp,
1657 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1658 goto done;
1659
1660 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1661 goto done;
1662
1663 ret = 1;
1664
1665 done:
1666 PKCS8_PRIV_KEY_INFO_free(p8inf);
1667 EVP_PKEY_free(pkey);
1668
1669 return ret;
1670 }
1671
1672 #endif
test_EVP_PKCS82PKEY_wrong_tag(void)1673 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1674 {
1675 EVP_PKEY *pkey = NULL;
1676 EVP_PKEY *pkey2 = NULL;
1677 BIO *membio = NULL;
1678 char *membuf = NULL;
1679 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1680 int ok = 0;
1681
1682 if (testctx != NULL)
1683 /* test not supported with non-default context */
1684 return 1;
1685
1686 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1687 || !TEST_ptr(pkey = load_example_rsa_key())
1688 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1689 NULL, 0, NULL, NULL),
1690 0)
1691 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1692 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1693 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
1694 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1695 goto done;
1696 }
1697
1698 ok = 1;
1699 done:
1700 EVP_PKEY_free(pkey);
1701 EVP_PKEY_free(pkey2);
1702 PKCS8_PRIV_KEY_INFO_free(p8inf);
1703 BIO_free_all(membio);
1704 return ok;
1705 }
1706
1707 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
test_privatekey_to_pkcs8(void)1708 static int test_privatekey_to_pkcs8(void)
1709 {
1710 EVP_PKEY *pkey = NULL;
1711 BIO *membio = NULL;
1712 char *membuf = NULL;
1713 long membuf_len = 0;
1714 int ok = 0;
1715
1716 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1717 || !TEST_ptr(pkey = load_example_rsa_key())
1718 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1719 NULL, 0, NULL, NULL),
1720 0)
1721 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1722 || !TEST_ptr(membuf)
1723 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1724 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1725 /*
1726 * We try to write PEM as well, just to see that it doesn't err, but
1727 * assume that the result is correct.
1728 */
1729 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1730 NULL, 0, NULL, NULL),
1731 0))
1732 goto done;
1733
1734 ok = 1;
1735 done:
1736 EVP_PKEY_free(pkey);
1737 BIO_free_all(membio);
1738 return ok;
1739 }
1740
1741 #ifndef OPENSSL_NO_EC
1742 static const struct {
1743 int encoding;
1744 const char *encoding_name;
1745 } ec_encodings[] = {
1746 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1747 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1748 };
1749
ec_export_get_encoding_cb(const OSSL_PARAM params[],void * arg)1750 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1751 {
1752 const OSSL_PARAM *p;
1753 const char *enc_name = NULL;
1754 int *enc = arg;
1755 size_t i;
1756
1757 *enc = -1;
1758
1759 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1760 OSSL_PKEY_PARAM_EC_ENCODING))
1761 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1762 return 0;
1763
1764 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1765 if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1766 *enc = ec_encodings[i].encoding;
1767 break;
1768 }
1769 }
1770
1771 return (*enc != -1);
1772 }
1773
test_EC_keygen_with_enc(int idx)1774 static int test_EC_keygen_with_enc(int idx)
1775 {
1776 EVP_PKEY *params = NULL, *key = NULL;
1777 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1778 int enc;
1779 int ret = 0;
1780
1781 enc = ec_encodings[idx].encoding;
1782
1783 /* Create key parameters */
1784 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1785 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
1786 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0)
1787 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0)
1788 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))
1789 || !TEST_ptr(params))
1790 goto done;
1791
1792 /* Create key */
1793 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1794 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1795 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1796 || !TEST_ptr(key))
1797 goto done;
1798
1799 /* Check that the encoding got all the way into the key */
1800 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1801 ec_export_get_encoding_cb, &enc))
1802 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1803 goto done;
1804
1805 ret = 1;
1806 done:
1807 EVP_PKEY_free(key);
1808 EVP_PKEY_free(params);
1809 EVP_PKEY_CTX_free(kctx);
1810 EVP_PKEY_CTX_free(pctx);
1811 return ret;
1812 }
1813 #endif
1814
1815 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1816
test_EVP_SM2_verify(void)1817 static int test_EVP_SM2_verify(void)
1818 {
1819 const char *pubkey =
1820 "-----BEGIN PUBLIC KEY-----\n"
1821 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1822 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1823 "-----END PUBLIC KEY-----\n";
1824
1825 const char *msg = "message digest";
1826 const char *id = "ALICE123@YAHOO.COM";
1827
1828 const uint8_t signature[] = {
1829 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1830 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1831 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1832 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1833 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1834 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1835 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1836 };
1837
1838 int rc = 0;
1839 BIO *bio = NULL;
1840 EVP_PKEY *pkey = NULL;
1841 EVP_MD_CTX *mctx = NULL;
1842 EVP_PKEY_CTX *pctx = NULL;
1843 EVP_MD *sm3 = NULL;
1844
1845 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1846 if (!TEST_true(bio != NULL))
1847 goto done;
1848
1849 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
1850 if (!TEST_true(pkey != NULL))
1851 goto done;
1852
1853 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1854 goto done;
1855
1856 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1857 goto done;
1858
1859 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1860 goto done;
1861
1862 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1863
1864 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1865 goto done;
1866
1867 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
1868 goto done;
1869
1870 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1871 goto done;
1872
1873 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1874 goto done;
1875
1876 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
1877 goto done;
1878 rc = 1;
1879
1880 done:
1881 BIO_free(bio);
1882 EVP_PKEY_free(pkey);
1883 EVP_PKEY_CTX_free(pctx);
1884 EVP_MD_CTX_free(mctx);
1885 EVP_MD_free(sm3);
1886 return rc;
1887 }
1888
test_EVP_SM2(void)1889 static int test_EVP_SM2(void)
1890 {
1891 int ret = 0;
1892 EVP_PKEY *pkey = NULL;
1893 EVP_PKEY *pkeyparams = NULL;
1894 EVP_PKEY_CTX *pctx = NULL;
1895 EVP_PKEY_CTX *kctx = NULL;
1896 EVP_PKEY_CTX *sctx = NULL;
1897 size_t sig_len = 0;
1898 unsigned char *sig = NULL;
1899 EVP_MD_CTX *md_ctx = NULL;
1900 EVP_MD_CTX *md_ctx_verify = NULL;
1901 EVP_PKEY_CTX *cctx = NULL;
1902 EVP_MD *check_md = NULL;
1903
1904 uint8_t ciphertext[128];
1905 size_t ctext_len = sizeof(ciphertext);
1906
1907 uint8_t plaintext[8];
1908 size_t ptext_len = sizeof(plaintext);
1909
1910 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1911
1912 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1913 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1914 int i;
1915 char mdname[OSSL_MAX_NAME_SIZE];
1916
1917 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
1918 "SM2", testpropq)))
1919 goto done;
1920
1921 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1922 goto done;
1923
1924 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0))
1925 goto done;
1926
1927 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1928 goto done;
1929
1930 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1931 pkeyparams, testpropq)))
1932 goto done;
1933
1934 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0))
1935 goto done;
1936
1937 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1938 goto done;
1939
1940 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1941 goto done;
1942
1943 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1944 goto done;
1945
1946 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1947 goto done;
1948
1949 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1950 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1951
1952 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
1953 goto done;
1954
1955 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
1956 goto done;
1957
1958 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1959 goto done;
1960
1961 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1962 goto done;
1963
1964 /* Determine the size of the signature. */
1965 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1966 goto done;
1967
1968 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1969 goto done;
1970
1971 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1972 goto done;
1973
1974 /* Ensure that the signature round-trips. */
1975
1976 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1977 pkey)))
1978 goto done;
1979
1980 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1981 goto done;
1982
1983 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1984 goto done;
1985
1986 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1987 goto done;
1988
1989 /*
1990 * Try verify again with non-matching 0 length id but ensure that it can
1991 * be set on the context and overrides the previous value.
1992 */
1993
1994 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1995 pkey)))
1996 goto done;
1997
1998 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0))
1999 goto done;
2000
2001 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2002 goto done;
2003
2004 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2005 goto done;
2006
2007 /* now check encryption/decryption */
2008
2009 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2010 mdname, sizeof(mdname));
2011 for (i = 0; i < 2; i++) {
2012 const char *mdnames[] = {
2013 #ifndef OPENSSL_NO_SM3
2014 "SM3",
2015 #else
2016 NULL,
2017 #endif
2018 "SHA2-256" };
2019 EVP_PKEY_CTX_free(cctx);
2020
2021 if (mdnames[i] == NULL)
2022 continue;
2023
2024 sparams[0] =
2025 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2026 (char *)mdnames[i], 0);
2027
2028 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2029 pkey, testpropq)))
2030 goto done;
2031
2032 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
2033 goto done;
2034
2035 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2036 goto done;
2037
2038 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
2039 sizeof(kMsg))))
2040 goto done;
2041
2042 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
2043 goto done;
2044
2045 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2046 goto done;
2047
2048 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
2049 ctext_len), 0))
2050 goto done;
2051
2052 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
2053 goto done;
2054
2055 /*
2056 * Test we're still using the digest we think we are.
2057 * Because of aliases, the easiest is to fetch the digest and
2058 * check the name with EVP_MD_is_a().
2059 */
2060 EVP_MD_free(check_md);
2061 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
2062 goto done;
2063 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
2064 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
2065 goto done;
2066 }
2067
2068 if (!TEST_true(ptext_len == sizeof(kMsg)))
2069 goto done;
2070
2071 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
2072 goto done;
2073 }
2074
2075 ret = 1;
2076 done:
2077 EVP_PKEY_CTX_free(pctx);
2078 EVP_PKEY_CTX_free(kctx);
2079 EVP_PKEY_CTX_free(sctx);
2080 EVP_PKEY_CTX_free(cctx);
2081 EVP_PKEY_free(pkey);
2082 EVP_PKEY_free(pkeyparams);
2083 EVP_MD_CTX_free(md_ctx);
2084 EVP_MD_CTX_free(md_ctx_verify);
2085 EVP_MD_free(check_md);
2086 OPENSSL_free(sig);
2087 return ret;
2088 }
2089
2090 #endif
2091
2092 static struct keys_st {
2093 int type;
2094 char *priv;
2095 char *pub;
2096 } keys[] = {
2097 {
2098 EVP_PKEY_HMAC, "0123456789", NULL
2099 },
2100 {
2101 EVP_PKEY_HMAC, "", NULL
2102 #ifndef OPENSSL_NO_POLY1305
2103 }, {
2104 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
2105 #endif
2106 #ifndef OPENSSL_NO_SIPHASH
2107 }, {
2108 EVP_PKEY_SIPHASH, "0123456789012345", NULL
2109 #endif
2110 },
2111 #ifndef OPENSSL_NO_EC
2112 {
2113 EVP_PKEY_X25519, "01234567890123456789012345678901",
2114 "abcdefghijklmnopqrstuvwxyzabcdef"
2115 }, {
2116 EVP_PKEY_ED25519, "01234567890123456789012345678901",
2117 "abcdefghijklmnopqrstuvwxyzabcdef"
2118 }, {
2119 EVP_PKEY_X448,
2120 "01234567890123456789012345678901234567890123456789012345",
2121 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2122 }, {
2123 EVP_PKEY_ED448,
2124 "012345678901234567890123456789012345678901234567890123456",
2125 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2126 }
2127 #endif
2128 };
2129
test_set_get_raw_keys_int(int tst,int pub,int uselibctx)2130 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
2131 {
2132 int ret = 0;
2133 unsigned char buf[80];
2134 unsigned char *in;
2135 size_t inlen, len = 0, shortlen = 1;
2136 EVP_PKEY *pkey;
2137
2138 /* Check if this algorithm supports public keys */
2139 if (pub && keys[tst].pub == NULL)
2140 return 1;
2141
2142 memset(buf, 0, sizeof(buf));
2143
2144 if (pub) {
2145 #ifndef OPENSSL_NO_EC
2146 inlen = strlen(keys[tst].pub);
2147 in = (unsigned char *)keys[tst].pub;
2148 if (uselibctx) {
2149 pkey = EVP_PKEY_new_raw_public_key_ex(
2150 testctx,
2151 OBJ_nid2sn(keys[tst].type),
2152 NULL,
2153 in,
2154 inlen);
2155 } else {
2156 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
2157 NULL,
2158 in,
2159 inlen);
2160 }
2161 #else
2162 return 1;
2163 #endif
2164 } else {
2165 inlen = strlen(keys[tst].priv);
2166 in = (unsigned char *)keys[tst].priv;
2167 if (uselibctx) {
2168 pkey = EVP_PKEY_new_raw_private_key_ex(
2169 testctx, OBJ_nid2sn(keys[tst].type),
2170 NULL,
2171 in,
2172 inlen);
2173 } else {
2174 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
2175 NULL,
2176 in,
2177 inlen);
2178 }
2179 }
2180
2181 if (!TEST_ptr(pkey)
2182 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
2183 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
2184 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
2185 || !TEST_true(len == inlen))
2186 goto done;
2187 if (tst != 1) {
2188 /*
2189 * Test that supplying a buffer that is too small fails. Doesn't apply
2190 * to HMAC with a zero length key
2191 */
2192 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
2193 &shortlen)))
2194 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
2195 &shortlen))))
2196 goto done;
2197 }
2198 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
2199 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
2200 || !TEST_mem_eq(in, inlen, buf, len))
2201 goto done;
2202
2203 ret = 1;
2204 done:
2205 EVP_PKEY_free(pkey);
2206 return ret;
2207 }
2208
test_set_get_raw_keys(int tst)2209 static int test_set_get_raw_keys(int tst)
2210 {
2211 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
2212 && test_set_get_raw_keys_int(tst, 0, 1)
2213 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
2214 && test_set_get_raw_keys_int(tst, 1, 1);
2215 }
2216
2217 #ifndef OPENSSL_NO_DEPRECATED_3_0
pkey_custom_check(EVP_PKEY * pkey)2218 static int pkey_custom_check(EVP_PKEY *pkey)
2219 {
2220 return 0xbeef;
2221 }
2222
pkey_custom_pub_check(EVP_PKEY * pkey)2223 static int pkey_custom_pub_check(EVP_PKEY *pkey)
2224 {
2225 return 0xbeef;
2226 }
2227
pkey_custom_param_check(EVP_PKEY * pkey)2228 static int pkey_custom_param_check(EVP_PKEY *pkey)
2229 {
2230 return 0xbeef;
2231 }
2232
2233 static EVP_PKEY_METHOD *custom_pmeth;
2234 #endif
2235
test_EVP_PKEY_check(int i)2236 static int test_EVP_PKEY_check(int i)
2237 {
2238 int ret = 0;
2239 EVP_PKEY *pkey = NULL;
2240 EVP_PKEY_CTX *ctx = NULL;
2241 #ifndef OPENSSL_NO_DEPRECATED_3_0
2242 EVP_PKEY_CTX *ctx2 = NULL;
2243 #endif
2244 const APK_DATA *ak = &keycheckdata[i];
2245 const unsigned char *input = ak->kder;
2246 size_t input_len = ak->size;
2247 int expected_id = ak->evptype;
2248 int expected_check = ak->check;
2249 int expected_pub_check = ak->pub_check;
2250 int expected_param_check = ak->param_check;
2251 int type = ak->type;
2252
2253 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
2254 goto done;
2255 if (type == 0
2256 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2257 goto done;
2258
2259 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2260 goto done;
2261
2262 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
2263 goto done;
2264
2265 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
2266 goto done;
2267
2268 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
2269 goto done;
2270
2271 #ifndef OPENSSL_NO_DEPRECATED_3_0
2272 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
2273 /* assign the pkey directly, as an internal test */
2274 EVP_PKEY_up_ref(pkey);
2275 ctx2->pkey = pkey;
2276
2277 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
2278 goto done;
2279
2280 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
2281 goto done;
2282
2283 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
2284 goto done;
2285 #endif
2286
2287 ret = 1;
2288
2289 done:
2290 EVP_PKEY_CTX_free(ctx);
2291 #ifndef OPENSSL_NO_DEPRECATED_3_0
2292 EVP_PKEY_CTX_free(ctx2);
2293 #endif
2294 EVP_PKEY_free(pkey);
2295 return ret;
2296 }
2297
2298 #ifndef OPENSSL_NO_CMAC
get_cmac_val(EVP_PKEY * pkey,unsigned char * mac)2299 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
2300 {
2301 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
2302 const char msg[] = "Hello World";
2303 size_t maclen = AES_BLOCK_SIZE;
2304 int ret = 1;
2305
2306 if (!TEST_ptr(mdctx)
2307 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
2308 testpropq, pkey, NULL))
2309 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
2310 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
2311 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
2312 ret = 0;
2313
2314 EVP_MD_CTX_free(mdctx);
2315
2316 return ret;
2317 }
test_CMAC_keygen(void)2318 static int test_CMAC_keygen(void)
2319 {
2320 static unsigned char key[] = {
2321 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2322 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2323 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2324 };
2325 EVP_PKEY_CTX *kctx = NULL;
2326 int ret = 0;
2327 EVP_PKEY *pkey = NULL;
2328 unsigned char mac[AES_BLOCK_SIZE];
2329 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2330 unsigned char mac2[AES_BLOCK_SIZE];
2331 # endif
2332
2333 if (nullprov != NULL)
2334 return TEST_skip("Test does not support a non-default library context");
2335
2336 /*
2337 * This is a legacy method for CMACs, but should still work.
2338 * This verifies that it works without an ENGINE.
2339 */
2340 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2341
2342 /* Test a CMAC key created using the "generated" method */
2343 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2344 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2345 EVP_PKEY_CTRL_CIPHER,
2346 0, (void *)EVP_aes_256_ecb()), 0)
2347 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2348 EVP_PKEY_CTRL_SET_MAC_KEY,
2349 sizeof(key), (void *)key), 0)
2350 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2351 || !TEST_ptr(pkey)
2352 || !TEST_true(get_cmac_val(pkey, mac)))
2353 goto done;
2354
2355 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2356 EVP_PKEY_free(pkey);
2357
2358 /*
2359 * Test a CMAC key using the direct method, and compare with the mac
2360 * created above.
2361 */
2362 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
2363 if (!TEST_ptr(pkey)
2364 || !TEST_true(get_cmac_val(pkey, mac2))
2365 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
2366 goto done;
2367 # endif
2368
2369 ret = 1;
2370
2371 done:
2372 EVP_PKEY_free(pkey);
2373 EVP_PKEY_CTX_free(kctx);
2374 return ret;
2375 }
2376 #endif
2377
test_HKDF(void)2378 static int test_HKDF(void)
2379 {
2380 EVP_PKEY_CTX *pctx;
2381 unsigned char out[20];
2382 size_t outlen;
2383 int i, ret = 0;
2384 unsigned char salt[] = "0123456789";
2385 unsigned char key[] = "012345678901234567890123456789";
2386 unsigned char info[] = "infostring";
2387 const unsigned char expected[] = {
2388 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2389 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2390 };
2391 size_t expectedlen = sizeof(expected);
2392
2393 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2394 goto done;
2395
2396 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2397 for (i = 0; i < 2; i++) {
2398 outlen = sizeof(out);
2399 memset(out, 0, outlen);
2400
2401 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2402 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2403 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2404 sizeof(salt) - 1), 0)
2405 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2406 sizeof(key) - 1), 0)
2407 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2408 sizeof(info) - 1), 0)
2409 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2410 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2411 goto done;
2412 }
2413
2414 ret = 1;
2415
2416 done:
2417 EVP_PKEY_CTX_free(pctx);
2418
2419 return ret;
2420 }
2421
test_emptyikm_HKDF(void)2422 static int test_emptyikm_HKDF(void)
2423 {
2424 EVP_PKEY_CTX *pctx;
2425 unsigned char out[20];
2426 size_t outlen;
2427 int ret = 0;
2428 unsigned char salt[] = "9876543210";
2429 unsigned char key[] = "";
2430 unsigned char info[] = "stringinfo";
2431 const unsigned char expected[] = {
2432 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2433 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2434 };
2435 size_t expectedlen = sizeof(expected);
2436
2437 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2438 goto done;
2439
2440 outlen = sizeof(out);
2441 memset(out, 0, outlen);
2442
2443 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2444 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2445 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2446 sizeof(salt) - 1), 0)
2447 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2448 sizeof(key) - 1), 0)
2449 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2450 sizeof(info) - 1), 0)
2451 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2452 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2453 goto done;
2454
2455 ret = 1;
2456
2457 done:
2458 EVP_PKEY_CTX_free(pctx);
2459
2460 return ret;
2461 }
2462
2463 #ifndef OPENSSL_NO_EC
test_X509_PUBKEY_inplace(void)2464 static int test_X509_PUBKEY_inplace(void)
2465 {
2466 int ret = 0;
2467 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
2468 const unsigned char *p = kExampleECPubKeyDER;
2469 size_t input_len = sizeof(kExampleECPubKeyDER);
2470
2471 if (!TEST_ptr(xp))
2472 goto done;
2473 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
2474 goto done;
2475
2476 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2477 goto done;
2478
2479 p = kExampleBadECPubKeyDER;
2480 input_len = sizeof(kExampleBadECPubKeyDER);
2481
2482 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2483 goto done;
2484
2485 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2486 goto done;
2487
2488 ret = 1;
2489
2490 done:
2491 X509_PUBKEY_free(xp);
2492 return ret;
2493 }
2494
test_X509_PUBKEY_dup(void)2495 static int test_X509_PUBKEY_dup(void)
2496 {
2497 int ret = 0;
2498 X509_PUBKEY *xp = NULL, *xq = NULL;
2499 const unsigned char *p = kExampleECPubKeyDER;
2500 size_t input_len = sizeof(kExampleECPubKeyDER);
2501
2502 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2503 if (!TEST_ptr(xp)
2504 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
2505 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2506 || !TEST_ptr_ne(xp, xq))
2507 goto done;
2508
2509 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2510 || !TEST_ptr(X509_PUBKEY_get0(xp))
2511 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
2512 goto done;
2513
2514 X509_PUBKEY_free(xq);
2515 xq = NULL;
2516 p = kExampleBadECPubKeyDER;
2517 input_len = sizeof(kExampleBadECPubKeyDER);
2518
2519 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2520 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2521 goto done;
2522
2523 X509_PUBKEY_free(xp);
2524 xp = NULL;
2525 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2526 goto done;
2527
2528 ret = 1;
2529
2530 done:
2531 X509_PUBKEY_free(xp);
2532 X509_PUBKEY_free(xq);
2533 return ret;
2534 }
2535 #endif /* OPENSSL_NO_EC */
2536
2537 /* Test getting and setting parameters on an EVP_PKEY_CTX */
test_EVP_PKEY_CTX_get_set_params(EVP_PKEY * pkey)2538 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
2539 {
2540 EVP_MD_CTX *mdctx = NULL;
2541 EVP_PKEY_CTX *ctx = NULL;
2542 const OSSL_PARAM *params;
2543 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
2544 int ret = 0;
2545 const EVP_MD *md;
2546 char mdname[OSSL_MAX_NAME_SIZE];
2547 char ssl3ms[48];
2548
2549 /* Initialise a sign operation */
2550 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
2551 if (!TEST_ptr(ctx)
2552 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
2553 goto err;
2554
2555 /*
2556 * We should be able to query the parameters now.
2557 */
2558 params = EVP_PKEY_CTX_settable_params(ctx);
2559 if (!TEST_ptr(params)
2560 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2561 OSSL_SIGNATURE_PARAM_DIGEST)))
2562 goto err;
2563
2564 params = EVP_PKEY_CTX_gettable_params(ctx);
2565 if (!TEST_ptr(params)
2566 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2567 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
2568 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2569 OSSL_SIGNATURE_PARAM_DIGEST)))
2570 goto err;
2571
2572 /*
2573 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2574 * EVP_PKEY_CTX_get_params()
2575 */
2576 strcpy(mdname, "SHA512");
2577 param_md = param;
2578 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2579 mdname, 0);
2580 *param++ = OSSL_PARAM_construct_end();
2581
2582 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2583 goto err;
2584
2585 mdname[0] = '\0';
2586 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2587 mdname, sizeof(mdname));
2588 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
2589 || !TEST_str_eq(mdname, "SHA512"))
2590 goto err;
2591
2592 /*
2593 * Test the TEST_PKEY_CTX_set_signature_md() and
2594 * TEST_PKEY_CTX_get_signature_md() functions
2595 */
2596 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2597 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2598 || !TEST_ptr_eq(md, EVP_sha256()))
2599 goto err;
2600
2601 /*
2602 * Test getting MD parameters via an associated EVP_PKEY_CTX
2603 */
2604 mdctx = EVP_MD_CTX_new();
2605 if (!TEST_ptr(mdctx)
2606 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2607 pkey, NULL)))
2608 goto err;
2609
2610 /*
2611 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2612 * able to obtain the digest's settable parameters from the provider.
2613 */
2614 params = EVP_MD_CTX_settable_params(mdctx);
2615 if (!TEST_ptr(params)
2616 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2617 /* The final key should be NULL */
2618 || !TEST_ptr_null(params[1].key))
2619 goto err;
2620
2621 param = ourparams;
2622 memset(ssl3ms, 0, sizeof(ssl3ms));
2623 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2624 ssl3ms, sizeof(ssl3ms));
2625 *param++ = OSSL_PARAM_construct_end();
2626
2627 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2628 goto err;
2629
2630 ret = 1;
2631
2632 err:
2633 EVP_MD_CTX_free(mdctx);
2634 EVP_PKEY_CTX_free(ctx);
2635
2636 return ret;
2637 }
2638
2639 #ifndef OPENSSL_NO_DSA
test_DSA_get_set_params(void)2640 static int test_DSA_get_set_params(void)
2641 {
2642 OSSL_PARAM_BLD *bld = NULL;
2643 OSSL_PARAM *params = NULL;
2644 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2645 EVP_PKEY_CTX *pctx = NULL;
2646 EVP_PKEY *pkey = NULL;
2647 int ret = 0;
2648
2649 /*
2650 * Setup the parameters for our DSA object. For our purposes they don't
2651 * have to actually be *valid* parameters. We just need to set something.
2652 */
2653 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2654 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2655 || !TEST_ptr(p = BN_new())
2656 || !TEST_ptr(q = BN_new())
2657 || !TEST_ptr(g = BN_new())
2658 || !TEST_ptr(pub = BN_new())
2659 || !TEST_ptr(priv = BN_new()))
2660 goto err;
2661 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2662 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2663 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2664 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2665 pub))
2666 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2667 priv)))
2668 goto err;
2669 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2670 goto err;
2671
2672 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2673 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2674 params), 0))
2675 goto err;
2676
2677 if (!TEST_ptr(pkey))
2678 goto err;
2679
2680 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2681
2682 err:
2683 EVP_PKEY_free(pkey);
2684 EVP_PKEY_CTX_free(pctx);
2685 OSSL_PARAM_free(params);
2686 OSSL_PARAM_BLD_free(bld);
2687 BN_free(p);
2688 BN_free(q);
2689 BN_free(g);
2690 BN_free(pub);
2691 BN_free(priv);
2692
2693 return ret;
2694 }
2695
2696 /*
2697 * Test combinations of private, public, missing and private + public key
2698 * params to ensure they are all accepted
2699 */
test_DSA_priv_pub(void)2700 static int test_DSA_priv_pub(void)
2701 {
2702 return test_EVP_PKEY_ffc_priv_pub("DSA");
2703 }
2704
2705 #endif /* !OPENSSL_NO_DSA */
2706
test_RSA_get_set_params(void)2707 static int test_RSA_get_set_params(void)
2708 {
2709 OSSL_PARAM_BLD *bld = NULL;
2710 OSSL_PARAM *params = NULL;
2711 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2712 EVP_PKEY_CTX *pctx = NULL;
2713 EVP_PKEY *pkey = NULL;
2714 int ret = 0;
2715
2716 /*
2717 * Setup the parameters for our RSA object. For our purposes they don't
2718 * have to actually be *valid* parameters. We just need to set something.
2719 */
2720 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2721 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2722 || !TEST_ptr(n = BN_new())
2723 || !TEST_ptr(e = BN_new())
2724 || !TEST_ptr(d = BN_new()))
2725 goto err;
2726 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2727 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2728 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2729 goto err;
2730 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2731 goto err;
2732
2733 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2734 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2735 params), 0))
2736 goto err;
2737
2738 if (!TEST_ptr(pkey))
2739 goto err;
2740
2741 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2742
2743 err:
2744 EVP_PKEY_free(pkey);
2745 EVP_PKEY_CTX_free(pctx);
2746 OSSL_PARAM_free(params);
2747 OSSL_PARAM_BLD_free(bld);
2748 BN_free(n);
2749 BN_free(e);
2750 BN_free(d);
2751
2752 return ret;
2753 }
2754
2755 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
test_decrypt_null_chunks(void)2756 static int test_decrypt_null_chunks(void)
2757 {
2758 EVP_CIPHER_CTX* ctx = NULL;
2759 EVP_CIPHER *cipher = NULL;
2760 const unsigned char key[32] = {
2761 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2762 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2763 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2764 };
2765 unsigned char iv[12] = {
2766 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2767 };
2768 unsigned char msg[] = "It was the best of times, it was the worst of times";
2769 unsigned char ciphertext[80];
2770 unsigned char plaintext[80];
2771 /* We initialise tmp to a non zero value on purpose */
2772 int ctlen, ptlen, tmp = 99;
2773 int ret = 0;
2774 const int enc_offset = 10, dec_offset = 20;
2775
2776 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2777 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2778 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
2779 key, iv))
2780 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2781 enc_offset))
2782 /* Deliberate add a zero length update */
2783 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2784 0))
2785 || !TEST_int_eq(tmp, 0)
2786 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2787 msg + enc_offset,
2788 sizeof(msg) - enc_offset))
2789 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2790 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2791 || !TEST_int_eq(tmp, 0))
2792 goto err;
2793
2794 /* Deliberately initialise tmp to a non zero value */
2795 tmp = 99;
2796 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
2797 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2798 dec_offset))
2799 /*
2800 * Deliberately add a zero length update. We also deliberately do
2801 * this at a different offset than for encryption.
2802 */
2803 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2804 0))
2805 || !TEST_int_eq(tmp, 0)
2806 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2807 ciphertext + dec_offset,
2808 ctlen - dec_offset))
2809 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2810 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2811 || !TEST_int_eq(tmp, 0)
2812 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2813 goto err;
2814
2815 ret = 1;
2816 err:
2817 EVP_CIPHER_CTX_free(ctx);
2818 EVP_CIPHER_free(cipher);
2819 return ret;
2820 }
2821 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2822
2823 #ifndef OPENSSL_NO_DH
2824 /*
2825 * Test combinations of private, public, missing and private + public key
2826 * params to ensure they are all accepted
2827 */
test_DH_priv_pub(void)2828 static int test_DH_priv_pub(void)
2829 {
2830 return test_EVP_PKEY_ffc_priv_pub("DH");
2831 }
2832
2833 # ifndef OPENSSL_NO_DEPRECATED_3_0
test_EVP_PKEY_set1_DH(void)2834 static int test_EVP_PKEY_set1_DH(void)
2835 {
2836 DH *x942dh = NULL, *noqdh = NULL;
2837 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
2838 int ret = 0;
2839 BIGNUM *p, *g = NULL;
2840 BIGNUM *pubkey = NULL;
2841 unsigned char pub[2048 / 8];
2842 size_t len = 0;
2843
2844 if (!TEST_ptr(p = BN_new())
2845 || !TEST_ptr(g = BN_new())
2846 || !TEST_ptr(pubkey = BN_new())
2847 || !TEST_true(BN_set_word(p, 9999))
2848 || !TEST_true(BN_set_word(g, 2))
2849 || !TEST_true(BN_set_word(pubkey, 4321))
2850 || !TEST_ptr(noqdh = DH_new())
2851 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
2852 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
2853 || !TEST_ptr(pubkey = BN_new())
2854 || !TEST_true(BN_set_word(pubkey, 4321)))
2855 goto err;
2856 p = g = NULL;
2857
2858 x942dh = DH_get_2048_256();
2859 pkey1 = EVP_PKEY_new();
2860 pkey2 = EVP_PKEY_new();
2861 if (!TEST_ptr(x942dh)
2862 || !TEST_ptr(noqdh)
2863 || !TEST_ptr(pkey1)
2864 || !TEST_ptr(pkey2)
2865 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
2866 goto err;
2867 pubkey = NULL;
2868
2869 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2870 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
2871 goto err;
2872
2873 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
2874 &pubkey))
2875 || !TEST_ptr(pubkey))
2876 goto err;
2877
2878 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
2879 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
2880 goto err;
2881
2882 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
2883 OSSL_PKEY_PARAM_PUB_KEY,
2884 pub, sizeof(pub), &len))
2885 || !TEST_size_t_ne(len, 0))
2886 goto err;
2887
2888 ret = 1;
2889 err:
2890 BN_free(p);
2891 BN_free(g);
2892 BN_free(pubkey);
2893 EVP_PKEY_free(pkey1);
2894 EVP_PKEY_free(pkey2);
2895 DH_free(x942dh);
2896 DH_free(noqdh);
2897
2898 return ret;
2899 }
2900 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2901 #endif /* !OPENSSL_NO_DH */
2902
2903 /*
2904 * We test what happens with an empty template. For the sake of this test,
2905 * the template must be ignored, and we know that's the case for RSA keys
2906 * (this might arguably be a misfeature, but that's what we currently do,
2907 * even in provider code, since that's how the legacy RSA implementation
2908 * does things)
2909 */
test_keygen_with_empty_template(int n)2910 static int test_keygen_with_empty_template(int n)
2911 {
2912 EVP_PKEY_CTX *ctx = NULL;
2913 EVP_PKEY *pkey = NULL;
2914 EVP_PKEY *tkey = NULL;
2915 int ret = 0;
2916
2917 if (nullprov != NULL)
2918 return TEST_skip("Test does not support a non-default library context");
2919
2920 switch (n) {
2921 case 0:
2922 /* We do test with no template at all as well */
2923 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2924 goto err;
2925 break;
2926 case 1:
2927 /* Here we create an empty RSA key that serves as our template */
2928 if (!TEST_ptr(tkey = EVP_PKEY_new())
2929 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2930 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2931 goto err;
2932 break;
2933 }
2934
2935 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2936 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2937 goto err;
2938
2939 ret = 1;
2940 err:
2941 EVP_PKEY_CTX_free(ctx);
2942 EVP_PKEY_free(pkey);
2943 EVP_PKEY_free(tkey);
2944 return ret;
2945 }
2946
2947 /*
2948 * Test that we fail if we attempt to use an algorithm that is not available
2949 * in the current library context (unless we are using an algorithm that
2950 * should be made available via legacy codepaths).
2951 *
2952 * 0: RSA
2953 * 1: SM2
2954 */
test_pkey_ctx_fail_without_provider(int tst)2955 static int test_pkey_ctx_fail_without_provider(int tst)
2956 {
2957 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
2958 OSSL_PROVIDER *tmpnullprov = NULL;
2959 EVP_PKEY_CTX *pctx = NULL;
2960 const char *keytype = NULL;
2961 int expect_null = 0;
2962 int ret = 0;
2963
2964 if (!TEST_ptr(tmpctx))
2965 goto err;
2966
2967 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
2968 if (!TEST_ptr(tmpnullprov))
2969 goto err;
2970
2971 /*
2972 * We check for certain algos in the null provider.
2973 * If an algo is expected to have a provider keymgmt, constructing an
2974 * EVP_PKEY_CTX is expected to fail (return NULL).
2975 * Otherwise, if it's expected to have legacy support, constructing an
2976 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2977 */
2978 switch (tst) {
2979 case 0:
2980 keytype = "RSA";
2981 expect_null = 1;
2982 break;
2983 case 1:
2984 keytype = "SM2";
2985 expect_null = 1;
2986 #ifdef OPENSSL_NO_EC
2987 TEST_info("EC disable, skipping SM2 check...");
2988 goto end;
2989 #endif
2990 #ifdef OPENSSL_NO_SM2
2991 TEST_info("SM2 disable, skipping SM2 check...");
2992 goto end;
2993 #endif
2994 break;
2995 default:
2996 TEST_error("No test for case %d", tst);
2997 goto err;
2998 }
2999
3000 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
3001 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
3002 goto err;
3003
3004 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
3005 end:
3006 #endif
3007 ret = 1;
3008
3009 err:
3010 EVP_PKEY_CTX_free(pctx);
3011 OSSL_PROVIDER_unload(tmpnullprov);
3012 OSSL_LIB_CTX_free(tmpctx);
3013 return ret;
3014 }
3015
test_rand_agglomeration(void)3016 static int test_rand_agglomeration(void)
3017 {
3018 EVP_RAND *rand;
3019 EVP_RAND_CTX *ctx;
3020 OSSL_PARAM params[3], *p = params;
3021 int res;
3022 unsigned int step = 7;
3023 static unsigned char seed[] = "It does not matter how slowly you go "
3024 "as long as you do not stop.";
3025 unsigned char out[sizeof(seed)];
3026
3027 if (!TEST_int_ne(sizeof(seed) % step, 0)
3028 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
3029 return 0;
3030 ctx = EVP_RAND_CTX_new(rand, NULL);
3031 EVP_RAND_free(rand);
3032 if (!TEST_ptr(ctx))
3033 return 0;
3034
3035 memset(out, 0, sizeof(out));
3036 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
3037 seed, sizeof(seed));
3038 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
3039 *p = OSSL_PARAM_construct_end();
3040 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
3041 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
3042 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
3043 EVP_RAND_CTX_free(ctx);
3044 return res;
3045 }
3046
3047 /*
3048 * Test that we correctly return the original or "running" IV after
3049 * an encryption operation.
3050 * Run multiple times for some different relevant algorithms/modes.
3051 */
test_evp_iv_aes(int idx)3052 static int test_evp_iv_aes(int idx)
3053 {
3054 int ret = 0;
3055 EVP_CIPHER_CTX *ctx = NULL;
3056 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
3057 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
3058 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
3059 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
3060 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
3061 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3062 9, 10, 11, 12, 13, 14, 15, 16 };
3063 unsigned char ciphertext[32], oiv[16], iv[16];
3064 unsigned char *ref_iv;
3065 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
3066 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
3067
3068 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
3069 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
3070 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
3071 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
3072 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3073 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3074 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
3075 #ifndef OPENSSL_NO_OCB
3076 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3077 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3078 #endif
3079 int len = sizeof(ciphertext);
3080 size_t ivlen, ref_len;
3081 const EVP_CIPHER *type = NULL;
3082 int iv_reset = 0;
3083
3084 if (nullprov != NULL && idx < 6)
3085 return TEST_skip("Test does not support a non-default library context");
3086
3087 switch (idx) {
3088 case 0:
3089 type = EVP_aes_128_cbc();
3090 /* FALLTHROUGH */
3091 case 6:
3092 type = (type != NULL) ? type :
3093 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
3094 ref_iv = cbc_state;
3095 ref_len = sizeof(cbc_state);
3096 iv_reset = 1;
3097 break;
3098 case 1:
3099 type = EVP_aes_128_ofb();
3100 /* FALLTHROUGH */
3101 case 7:
3102 type = (type != NULL) ? type :
3103 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
3104 ref_iv = ofb_state;
3105 ref_len = sizeof(ofb_state);
3106 iv_reset = 1;
3107 break;
3108 case 2:
3109 type = EVP_aes_128_cfb();
3110 /* FALLTHROUGH */
3111 case 8:
3112 type = (type != NULL) ? type :
3113 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
3114 ref_iv = cfb_state;
3115 ref_len = sizeof(cfb_state);
3116 iv_reset = 1;
3117 break;
3118 case 3:
3119 type = EVP_aes_128_gcm();
3120 /* FALLTHROUGH */
3121 case 9:
3122 type = (type != NULL) ? type :
3123 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
3124 ref_iv = gcm_state;
3125 ref_len = sizeof(gcm_state);
3126 break;
3127 case 4:
3128 type = EVP_aes_128_ccm();
3129 /* FALLTHROUGH */
3130 case 10:
3131 type = (type != NULL) ? type :
3132 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
3133 ref_iv = ccm_state;
3134 ref_len = sizeof(ccm_state);
3135 break;
3136 #ifdef OPENSSL_NO_OCB
3137 case 5:
3138 case 11:
3139 return 1;
3140 #else
3141 case 5:
3142 type = EVP_aes_128_ocb();
3143 /* FALLTHROUGH */
3144 case 11:
3145 type = (type != NULL) ? type :
3146 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
3147 ref_iv = ocb_state;
3148 ref_len = sizeof(ocb_state);
3149 break;
3150 #endif
3151 default:
3152 return 0;
3153 }
3154
3155 if (!TEST_ptr(type)
3156 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3157 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3158 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3159 (int)sizeof(msg)))
3160 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3161 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3162 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3163 goto err;
3164 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3165 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3166 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3167 goto err;
3168
3169 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3170 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3171 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3172 goto err;
3173 if (iv_reset) {
3174 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3175 goto err;
3176 } else {
3177 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
3178 goto err;
3179 }
3180
3181 ret = 1;
3182 err:
3183 EVP_CIPHER_CTX_free(ctx);
3184 if (idx >= 6)
3185 EVP_CIPHER_free((EVP_CIPHER *)type);
3186 return ret;
3187 }
3188
3189 #ifndef OPENSSL_NO_DES
test_evp_iv_des(int idx)3190 static int test_evp_iv_des(int idx)
3191 {
3192 int ret = 0;
3193 EVP_CIPHER_CTX *ctx = NULL;
3194 static const unsigned char key[24] = {
3195 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3196 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3197 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3198 };
3199 static const unsigned char init_iv[8] = {
3200 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3201 };
3202 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3203 9, 10, 11, 12, 13, 14, 15, 16 };
3204 unsigned char ciphertext[32], oiv[8], iv[8];
3205 unsigned const char *ref_iv;
3206 static const unsigned char cbc_state_des[8] = {
3207 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3208 };
3209 static const unsigned char cbc_state_3des[8] = {
3210 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3211 };
3212 static const unsigned char ofb_state_des[8] = {
3213 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3214 };
3215 static const unsigned char ofb_state_3des[8] = {
3216 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3217 };
3218 static const unsigned char cfb_state_des[8] = {
3219 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3220 };
3221 static const unsigned char cfb_state_3des[8] = {
3222 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3223 };
3224 int len = sizeof(ciphertext);
3225 size_t ivlen, ref_len;
3226 EVP_CIPHER *type = NULL;
3227
3228 if (lgcyprov == NULL && idx < 3)
3229 return TEST_skip("Test requires legacy provider to be loaded");
3230
3231 switch (idx) {
3232 case 0:
3233 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
3234 ref_iv = cbc_state_des;
3235 ref_len = sizeof(cbc_state_des);
3236 break;
3237 case 1:
3238 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
3239 ref_iv = ofb_state_des;
3240 ref_len = sizeof(ofb_state_des);
3241 break;
3242 case 2:
3243 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
3244 ref_iv = cfb_state_des;
3245 ref_len = sizeof(cfb_state_des);
3246 break;
3247 case 3:
3248 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
3249 ref_iv = cbc_state_3des;
3250 ref_len = sizeof(cbc_state_3des);
3251 break;
3252 case 4:
3253 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
3254 ref_iv = ofb_state_3des;
3255 ref_len = sizeof(ofb_state_3des);
3256 break;
3257 case 5:
3258 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
3259 ref_iv = cfb_state_3des;
3260 ref_len = sizeof(cfb_state_3des);
3261 break;
3262 default:
3263 return 0;
3264 }
3265
3266 if (!TEST_ptr(type)
3267 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3268 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3269 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3270 (int)sizeof(msg)))
3271 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3272 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3273 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3274 goto err;
3275 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3276 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3277 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3278 goto err;
3279
3280 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3281 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3282 goto err;
3283 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3284 goto err;
3285
3286 ret = 1;
3287 err:
3288 EVP_CIPHER_CTX_free(ctx);
3289 EVP_CIPHER_free(type);
3290 return ret;
3291 }
3292 #endif
3293
3294 #ifndef OPENSSL_NO_BF
test_evp_bf_default_keylen(int idx)3295 static int test_evp_bf_default_keylen(int idx)
3296 {
3297 int ret = 0;
3298 static const char *algos[4] = {
3299 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb"
3300 };
3301 int ivlen[4] = { 0, 8, 8, 8 };
3302 EVP_CIPHER *cipher = NULL;
3303
3304 if (lgcyprov == NULL)
3305 return TEST_skip("Test requires legacy provider to be loaded");
3306
3307 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq))
3308 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16)
3309 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx]))
3310 goto err;
3311
3312 ret = 1;
3313 err:
3314 EVP_CIPHER_free(cipher);
3315 return ret;
3316 }
3317 #endif
3318
3319 #ifndef OPENSSL_NO_EC
3320 static int ecpub_nids[] = {
3321 NID_brainpoolP256r1, NID_X9_62_prime256v1,
3322 NID_secp384r1, NID_secp521r1,
3323 # ifndef OPENSSL_NO_EC2M
3324 NID_sect233k1, NID_sect233r1, NID_sect283r1,
3325 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
3326 # endif
3327 NID_brainpoolP384r1, NID_brainpoolP512r1
3328 };
3329
test_ecpub(int idx)3330 static int test_ecpub(int idx)
3331 {
3332 int ret = 0, len, savelen;
3333 int nid;
3334 unsigned char buf[1024];
3335 unsigned char *p;
3336 EVP_PKEY *pkey = NULL;
3337 EVP_PKEY_CTX *ctx = NULL;
3338 # ifndef OPENSSL_NO_DEPRECATED_3_0
3339 const unsigned char *q;
3340 EVP_PKEY *pkey2 = NULL;
3341 EC_KEY *ec = NULL;
3342 # endif
3343
3344 if (nullprov != NULL)
3345 return TEST_skip("Test does not support a non-default library context");
3346
3347 nid = ecpub_nids[idx];
3348
3349 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
3350 if (!TEST_ptr(ctx)
3351 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3352 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0)
3353 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
3354 goto done;
3355 len = i2d_PublicKey(pkey, NULL);
3356 savelen = len;
3357 if (!TEST_int_ge(len, 1)
3358 || !TEST_int_lt(len, 1024))
3359 goto done;
3360 p = buf;
3361 len = i2d_PublicKey(pkey, &p);
3362 if (!TEST_int_ge(len, 1)
3363 || !TEST_int_eq(len, savelen))
3364 goto done;
3365
3366 # ifndef OPENSSL_NO_DEPRECATED_3_0
3367 /* Now try to decode the just-created DER. */
3368 q = buf;
3369 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
3370 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
3371 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
3372 goto done;
3373 /* EC_KEY ownership transferred */
3374 ec = NULL;
3375 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
3376 goto done;
3377 /* The keys should match. */
3378 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
3379 goto done;
3380 # endif
3381
3382 ret = 1;
3383
3384 done:
3385 EVP_PKEY_CTX_free(ctx);
3386 EVP_PKEY_free(pkey);
3387 # ifndef OPENSSL_NO_DEPRECATED_3_0
3388 EVP_PKEY_free(pkey2);
3389 EC_KEY_free(ec);
3390 # endif
3391 return ret;
3392 }
3393 #endif
3394
test_EVP_rsa_pss_with_keygen_bits(void)3395 static int test_EVP_rsa_pss_with_keygen_bits(void)
3396 {
3397 int ret = 0;
3398 EVP_PKEY_CTX *ctx = NULL;
3399 EVP_PKEY *pkey = NULL;
3400 EVP_MD *md;
3401
3402 md = EVP_MD_fetch(testctx, "sha256", testpropq);
3403 ret = TEST_ptr(md)
3404 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq)))
3405 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3406 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
3407 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0)
3408 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
3409
3410 EVP_MD_free(md);
3411 EVP_PKEY_free(pkey);
3412 EVP_PKEY_CTX_free(ctx);
3413 return ret;
3414 }
3415
test_EVP_rsa_pss_set_saltlen(void)3416 static int test_EVP_rsa_pss_set_saltlen(void)
3417 {
3418 int ret = 0;
3419 EVP_PKEY *pkey = NULL;
3420 EVP_PKEY_CTX *pkey_ctx = NULL;
3421 EVP_MD *sha256 = NULL;
3422 EVP_MD_CTX *sha256_ctx = NULL;
3423 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
3424 const int test_value = 32;
3425
3426 ret = TEST_ptr(pkey = load_example_rsa_key())
3427 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
3428 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
3429 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
3430 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
3431 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0)
3432 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0)
3433 && TEST_int_eq(saltlen, test_value);
3434
3435 EVP_MD_CTX_free(sha256_ctx);
3436 EVP_PKEY_free(pkey);
3437 EVP_MD_free(sha256);
3438
3439 return ret;
3440 }
3441
3442 static int success = 1;
md_names(const char * name,void * vctx)3443 static void md_names(const char *name, void *vctx)
3444 {
3445 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
3446 /* Force a namemap update */
3447 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
3448
3449 if (!TEST_ptr(aes128))
3450 success = 0;
3451
3452 EVP_CIPHER_free(aes128);
3453 }
3454
3455 /*
3456 * Test that changing the namemap in a user callback works in a names_do_all
3457 * function.
3458 */
test_names_do_all(void)3459 static int test_names_do_all(void)
3460 {
3461 /* We use a custom libctx so that we know the state of the namemap */
3462 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
3463 EVP_MD *sha256 = NULL;
3464 int testresult = 0;
3465
3466 if (!TEST_ptr(ctx))
3467 goto err;
3468
3469 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
3470 if (!TEST_ptr(sha256))
3471 goto err;
3472
3473 /*
3474 * We loop through all the names for a given digest. This should still work
3475 * even if the namemap changes part way through.
3476 */
3477 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
3478 goto err;
3479
3480 if (!TEST_true(success))
3481 goto err;
3482
3483 testresult = 1;
3484 err:
3485 EVP_MD_free(sha256);
3486 OSSL_LIB_CTX_free(ctx);
3487 return testresult;
3488 }
3489
3490 typedef struct {
3491 const char *cipher;
3492 const unsigned char *key;
3493 const unsigned char *iv;
3494 const unsigned char *input;
3495 const unsigned char *expected;
3496 const unsigned char *tag;
3497 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3498 size_t inlen;
3499 size_t expectedlen;
3500 size_t taglen;
3501 int keyfirst;
3502 int initenc;
3503 int finalenc;
3504 } EVP_INIT_TEST_st;
3505
3506 static const EVP_INIT_TEST_st evp_init_tests[] = {
3507 {
3508 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3509 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3510 0, 1, 0, 1
3511 },
3512 {
3513 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3514 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3515 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3516 sizeof(gcmDefaultTag), 1, 0, 1
3517 },
3518 {
3519 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3520 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3521 0, 0, 0, 1
3522 },
3523 {
3524 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3525 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3526 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3527 sizeof(gcmDefaultTag), 0, 0, 1
3528 },
3529 {
3530 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3531 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3532 0, 1, 1, 0
3533 },
3534 {
3535 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3536 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3537 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3538 sizeof(gcmDefaultTag), 1, 1, 0
3539 },
3540 {
3541 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3542 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3543 0, 0, 1, 0
3544 },
3545 {
3546 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3547 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3548 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3549 sizeof(gcmDefaultTag), 0, 1, 0
3550 }
3551 };
3552
evp_init_seq_set_iv(EVP_CIPHER_CTX * ctx,const EVP_INIT_TEST_st * t)3553 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
3554 {
3555 int res = 0;
3556
3557 if (t->ivlen != 0) {
3558 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0))
3559 goto err;
3560 }
3561 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
3562 goto err;
3563 res = 1;
3564 err:
3565 return res;
3566 }
3567
3568 /*
3569 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3570 * arguments are given one at a time and a final adjustment to the enc
3571 * parameter sets the correct operation.
3572 */
test_evp_init_seq(int idx)3573 static int test_evp_init_seq(int idx)
3574 {
3575 int outlen1, outlen2;
3576 int testresult = 0;
3577 unsigned char outbuf[1024];
3578 unsigned char tag[16];
3579 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
3580 EVP_CIPHER_CTX *ctx = NULL;
3581 EVP_CIPHER *type = NULL;
3582 size_t taglen = sizeof(tag);
3583 char *errmsg = NULL;
3584
3585 ctx = EVP_CIPHER_CTX_new();
3586 if (ctx == NULL) {
3587 errmsg = "CTX_ALLOC";
3588 goto err;
3589 }
3590 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
3591 errmsg = "CIPHER_FETCH";
3592 goto err;
3593 }
3594 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
3595 errmsg = "EMPTY_ENC_INIT";
3596 goto err;
3597 }
3598 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3599 errmsg = "PADDING";
3600 goto err;
3601 }
3602 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3603 errmsg = "KEY_INIT (before iv)";
3604 goto err;
3605 }
3606 if (!evp_init_seq_set_iv(ctx, t)) {
3607 errmsg = "IV_INIT";
3608 goto err;
3609 }
3610 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3611 errmsg = "KEY_INIT (after iv)";
3612 goto err;
3613 }
3614 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
3615 errmsg = "FINAL_ENC_INIT";
3616 goto err;
3617 }
3618 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3619 errmsg = "CIPHER_UPDATE";
3620 goto err;
3621 }
3622 if (t->finalenc == 0 && t->tag != NULL) {
3623 /* Set expected tag */
3624 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
3625 t->taglen, (void *)t->tag), 0)) {
3626 errmsg = "SET_TAG";
3627 goto err;
3628 }
3629 }
3630 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3631 errmsg = "CIPHER_FINAL";
3632 goto err;
3633 }
3634 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3635 errmsg = "WRONG_RESULT";
3636 goto err;
3637 }
3638 if (t->finalenc != 0 && t->tag != NULL) {
3639 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
3640 errmsg = "GET_TAG";
3641 goto err;
3642 }
3643 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
3644 errmsg = "TAG_ERROR";
3645 goto err;
3646 }
3647 }
3648 testresult = 1;
3649 err:
3650 if (errmsg != NULL)
3651 TEST_info("evp_init_test %d: %s", idx, errmsg);
3652 EVP_CIPHER_CTX_free(ctx);
3653 EVP_CIPHER_free(type);
3654 return testresult;
3655 }
3656
3657 typedef struct {
3658 const unsigned char *input;
3659 const unsigned char *expected;
3660 size_t inlen;
3661 size_t expectedlen;
3662 int enc;
3663 } EVP_RESET_TEST_st;
3664
3665 static const EVP_RESET_TEST_st evp_reset_tests[] = {
3666 {
3667 cfbPlaintext, cfbCiphertext,
3668 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
3669 },
3670 {
3671 cfbCiphertext, cfbPlaintext,
3672 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
3673 }
3674 };
3675
3676 /*
3677 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3678 * been used.
3679 */
test_evp_reset(int idx)3680 static int test_evp_reset(int idx)
3681 {
3682 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
3683 int outlen1, outlen2;
3684 int testresult = 0;
3685 unsigned char outbuf[1024];
3686 EVP_CIPHER_CTX *ctx = NULL;
3687 EVP_CIPHER *type = NULL;
3688 char *errmsg = NULL;
3689
3690 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3691 errmsg = "CTX_ALLOC";
3692 goto err;
3693 }
3694 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
3695 errmsg = "CIPHER_FETCH";
3696 goto err;
3697 }
3698 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3699 errmsg = "CIPHER_INIT";
3700 goto err;
3701 }
3702 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3703 errmsg = "PADDING";
3704 goto err;
3705 }
3706 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3707 errmsg = "CIPHER_UPDATE";
3708 goto err;
3709 }
3710 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3711 errmsg = "CIPHER_FINAL";
3712 goto err;
3713 }
3714 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3715 errmsg = "WRONG_RESULT";
3716 goto err;
3717 }
3718 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
3719 errmsg = "CIPHER_REINIT";
3720 goto err;
3721 }
3722 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3723 errmsg = "CIPHER_UPDATE (reinit)";
3724 goto err;
3725 }
3726 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3727 errmsg = "CIPHER_FINAL (reinit)";
3728 goto err;
3729 }
3730 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3731 errmsg = "WRONG_RESULT (reinit)";
3732 goto err;
3733 }
3734 testresult = 1;
3735 err:
3736 if (errmsg != NULL)
3737 TEST_info("test_evp_reset %d: %s", idx, errmsg);
3738 EVP_CIPHER_CTX_free(ctx);
3739 EVP_CIPHER_free(type);
3740 return testresult;
3741 }
3742
3743 typedef struct {
3744 const char *cipher;
3745 int enc;
3746 } EVP_UPDATED_IV_TEST_st;
3747
3748 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
3749 {
3750 "aes-128-cfb", 1
3751 },
3752 {
3753 "aes-128-cfb", 0
3754 },
3755 {
3756 "aes-128-cfb1", 1
3757 },
3758 {
3759 "aes-128-cfb1", 0
3760 },
3761 {
3762 "aes-128-cfb8", 1
3763 },
3764 {
3765 "aes-128-cfb8", 0
3766 },
3767 {
3768 "aes-128-ofb", 1
3769 },
3770 {
3771 "aes-128-ofb", 0
3772 },
3773 {
3774 "aes-128-ctr", 1
3775 },
3776 {
3777 "aes-128-ctr", 0
3778 },
3779 {
3780 "aes-128-cbc", 1
3781 },
3782 {
3783 "aes-128-cbc", 0
3784 }
3785 };
3786
3787 /*
3788 * Test that the IV in the context is updated during a crypto operation for CFB
3789 * and OFB.
3790 */
test_evp_updated_iv(int idx)3791 static int test_evp_updated_iv(int idx)
3792 {
3793 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
3794 int outlen1, outlen2;
3795 int testresult = 0;
3796 unsigned char outbuf[1024];
3797 EVP_CIPHER_CTX *ctx = NULL;
3798 EVP_CIPHER *type = NULL;
3799 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
3800 int iv_len;
3801 char *errmsg = NULL;
3802
3803 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3804 errmsg = "CTX_ALLOC";
3805 goto err;
3806 }
3807 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
3808 TEST_info("cipher %s not supported, skipping", t->cipher);
3809 goto ok;
3810 }
3811
3812 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3813 errmsg = "CIPHER_INIT";
3814 goto err;
3815 }
3816 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3817 errmsg = "PADDING";
3818 goto err;
3819 }
3820 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
3821 errmsg = "CIPHER_UPDATE";
3822 goto err;
3823 }
3824 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
3825 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
3826 goto err;
3827 }
3828 if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) {
3829 errmsg = "CIPHER_CTX_GET_IV_LEN";
3830 goto err;
3831 }
3832 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
3833 errmsg = "IV_NOT_UPDATED";
3834 goto err;
3835 }
3836 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3837 errmsg = "CIPHER_FINAL";
3838 goto err;
3839 }
3840 ok:
3841 testresult = 1;
3842 err:
3843 if (errmsg != NULL)
3844 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
3845 EVP_CIPHER_CTX_free(ctx);
3846 EVP_CIPHER_free(type);
3847 return testresult;
3848 }
3849
3850 typedef struct {
3851 const unsigned char *iv1;
3852 const unsigned char *iv2;
3853 const unsigned char *expected1;
3854 const unsigned char *expected2;
3855 const unsigned char *tag1;
3856 const unsigned char *tag2;
3857 size_t ivlen1;
3858 size_t ivlen2;
3859 size_t expectedlen1;
3860 size_t expectedlen2;
3861 } TEST_GCM_IV_REINIT_st;
3862
3863 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
3864 {
3865 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
3866 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
3867 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
3868 },
3869 {
3870 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
3871 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
3872 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
3873 }
3874 };
3875
test_gcm_reinit(int idx)3876 static int test_gcm_reinit(int idx)
3877 {
3878 int outlen1, outlen2, outlen3;
3879 int testresult = 0;
3880 unsigned char outbuf[1024];
3881 unsigned char tag[16];
3882 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
3883 EVP_CIPHER_CTX *ctx = NULL;
3884 EVP_CIPHER *type = NULL;
3885 size_t taglen = sizeof(tag);
3886 char *errmsg = NULL;
3887
3888 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3889 errmsg = "CTX_ALLOC";
3890 goto err;
3891 }
3892 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
3893 errmsg = "CIPHER_FETCH";
3894 goto err;
3895 }
3896 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
3897 errmsg = "ENC_INIT";
3898 goto err;
3899 }
3900 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) {
3901 errmsg = "SET_IVLEN1";
3902 goto err;
3903 }
3904 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
3905 errmsg = "SET_IV1";
3906 goto err;
3907 }
3908 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3909 errmsg = "AAD1";
3910 goto err;
3911 }
3912 EVP_CIPHER_CTX_set_padding(ctx, 0);
3913 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3914 sizeof(gcmResetPlaintext)))) {
3915 errmsg = "CIPHER_UPDATE1";
3916 goto err;
3917 }
3918 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3919 errmsg = "CIPHER_FINAL1";
3920 goto err;
3921 }
3922 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
3923 errmsg = "WRONG_RESULT1";
3924 goto err;
3925 }
3926 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
3927 errmsg = "GET_TAG1";
3928 goto err;
3929 }
3930 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
3931 errmsg = "TAG_ERROR1";
3932 goto err;
3933 }
3934 /* Now reinit */
3935 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) {
3936 errmsg = "SET_IVLEN2";
3937 goto err;
3938 }
3939 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
3940 errmsg = "SET_IV2";
3941 goto err;
3942 }
3943 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3944 errmsg = "AAD2";
3945 goto err;
3946 }
3947 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3948 sizeof(gcmResetPlaintext)))) {
3949 errmsg = "CIPHER_UPDATE2";
3950 goto err;
3951 }
3952 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3953 errmsg = "CIPHER_FINAL2";
3954 goto err;
3955 }
3956 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
3957 errmsg = "WRONG_RESULT2";
3958 goto err;
3959 }
3960 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
3961 errmsg = "GET_TAG2";
3962 goto err;
3963 }
3964 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
3965 errmsg = "TAG_ERROR2";
3966 goto err;
3967 }
3968 testresult = 1;
3969 err:
3970 if (errmsg != NULL)
3971 TEST_info("evp_init_test %d: %s", idx, errmsg);
3972 EVP_CIPHER_CTX_free(ctx);
3973 EVP_CIPHER_free(type);
3974 return testresult;
3975 }
3976
3977 #ifndef OPENSSL_NO_DEPRECATED_3_0
3978 static EVP_PKEY_METHOD *custom_pmeth = NULL;
3979 static const EVP_PKEY_METHOD *orig_pmeth = NULL;
3980
3981 # define EVP_PKEY_CTRL_MY_COMMAND 9999
3982
custom_pmeth_init(EVP_PKEY_CTX * ctx)3983 static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
3984 {
3985 int (*pinit)(EVP_PKEY_CTX *ctx);
3986
3987 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
3988 return pinit(ctx);
3989 }
3990
custom_pmeth_cleanup(EVP_PKEY_CTX * ctx)3991 static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
3992 {
3993 void (*pcleanup)(EVP_PKEY_CTX *ctx);
3994
3995 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
3996 pcleanup(ctx);
3997 }
3998
custom_pmeth_sign(EVP_PKEY_CTX * ctx,unsigned char * out,size_t * outlen,const unsigned char * in,size_t inlen)3999 static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
4000 size_t *outlen, const unsigned char *in,
4001 size_t inlen)
4002 {
4003 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
4004 const unsigned char *tbs, size_t tbslen);
4005
4006 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
4007 return psign(ctx, out, outlen, in, inlen);
4008 }
4009
custom_pmeth_digestsign(EVP_MD_CTX * ctx,unsigned char * sig,size_t * siglen,const unsigned char * tbs,size_t tbslen)4010 static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
4011 size_t *siglen, const unsigned char *tbs,
4012 size_t tbslen)
4013 {
4014 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
4015 const unsigned char *tbs, size_t tbslen);
4016
4017 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
4018 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
4019 }
4020
custom_pmeth_derive(EVP_PKEY_CTX * ctx,unsigned char * key,size_t * keylen)4021 static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
4022 size_t *keylen)
4023 {
4024 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
4025
4026 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
4027 return pderive(ctx, key, keylen);
4028 }
4029
custom_pmeth_copy(EVP_PKEY_CTX * dst,const EVP_PKEY_CTX * src)4030 static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
4031 {
4032 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
4033
4034 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
4035 return pcopy(dst, src);
4036 }
4037
4038 static int ctrl_called;
4039
custom_pmeth_ctrl(EVP_PKEY_CTX * ctx,int type,int p1,void * p2)4040 static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
4041 {
4042 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
4043
4044 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
4045
4046 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
4047 ctrl_called = 1;
4048 return 1;
4049 }
4050
4051 return pctrl(ctx, type, p1, p2);
4052 }
4053
test_custom_pmeth(int idx)4054 static int test_custom_pmeth(int idx)
4055 {
4056 EVP_PKEY_CTX *pctx = NULL;
4057 EVP_MD_CTX *ctx = NULL;
4058 EVP_PKEY *pkey = NULL;
4059 int id, orig_id, orig_flags;
4060 int testresult = 0;
4061 size_t reslen;
4062 unsigned char *res = NULL;
4063 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
4064 const EVP_MD *md = EVP_sha256();
4065 int doderive = 0;
4066
4067 ctrl_called = 0;
4068
4069 /* We call deprecated APIs so this test doesn't support a custom libctx */
4070 if (testctx != NULL)
4071 return 1;
4072
4073 switch (idx) {
4074 case 0:
4075 case 6:
4076 id = EVP_PKEY_RSA;
4077 pkey = load_example_rsa_key();
4078 break;
4079 case 1:
4080 case 7:
4081 # ifndef OPENSSL_NO_DSA
4082 id = EVP_PKEY_DSA;
4083 pkey = load_example_dsa_key();
4084 break;
4085 # else
4086 return 1;
4087 # endif
4088 case 2:
4089 case 8:
4090 # ifndef OPENSSL_NO_EC
4091 id = EVP_PKEY_EC;
4092 pkey = load_example_ec_key();
4093 break;
4094 # else
4095 return 1;
4096 # endif
4097 case 3:
4098 case 9:
4099 # ifndef OPENSSL_NO_EC
4100 id = EVP_PKEY_ED25519;
4101 md = NULL;
4102 pkey = load_example_ed25519_key();
4103 break;
4104 # else
4105 return 1;
4106 # endif
4107 case 4:
4108 case 10:
4109 # ifndef OPENSSL_NO_DH
4110 id = EVP_PKEY_DH;
4111 doderive = 1;
4112 pkey = load_example_dh_key();
4113 break;
4114 # else
4115 return 1;
4116 # endif
4117 case 5:
4118 case 11:
4119 # ifndef OPENSSL_NO_EC
4120 id = EVP_PKEY_X25519;
4121 doderive = 1;
4122 pkey = load_example_x25519_key();
4123 break;
4124 # else
4125 return 1;
4126 # endif
4127 default:
4128 TEST_error("Should not happen");
4129 goto err;
4130 }
4131
4132 if (!TEST_ptr(pkey))
4133 goto err;
4134
4135 if (idx < 6) {
4136 if (!TEST_true(evp_pkey_is_provided(pkey)))
4137 goto err;
4138 } else {
4139 EVP_PKEY *tmp = pkey;
4140
4141 /* Convert to a legacy key */
4142 pkey = EVP_PKEY_new();
4143 if (!TEST_ptr(pkey)) {
4144 pkey = tmp;
4145 goto err;
4146 }
4147 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
4148 EVP_PKEY_free(tmp);
4149 goto err;
4150 }
4151 EVP_PKEY_free(tmp);
4152 if (!TEST_true(evp_pkey_is_legacy(pkey)))
4153 goto err;
4154 }
4155
4156 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
4157 || !TEST_ptr(pkey))
4158 goto err;
4159
4160 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
4161 if (!TEST_int_eq(orig_id, id)
4162 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
4163 goto err;
4164
4165 if (id == EVP_PKEY_ED25519) {
4166 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
4167 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
4168 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
4169 } else {
4170 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
4171 }
4172 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
4173 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
4174 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
4175 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
4176 }
4177 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
4178 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
4179 goto err;
4180
4181 if (doderive) {
4182 pctx = EVP_PKEY_CTX_new(pkey, NULL);
4183 if (!TEST_ptr(pctx)
4184 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
4185 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4186 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4187 1)
4188 || !TEST_int_eq(ctrl_called, 1)
4189 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
4190 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
4191 || !TEST_ptr(res = OPENSSL_malloc(reslen))
4192 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
4193 goto err;
4194 } else {
4195 ctx = EVP_MD_CTX_new();
4196 reslen = EVP_PKEY_size(pkey);
4197 res = OPENSSL_malloc(reslen);
4198 if (!TEST_ptr(ctx)
4199 || !TEST_ptr(res)
4200 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
4201 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4202 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4203 1)
4204 || !TEST_int_eq(ctrl_called, 1))
4205 goto err;
4206
4207 if (id == EVP_PKEY_ED25519) {
4208 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
4209 goto err;
4210 } else {
4211 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
4212 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
4213 goto err;
4214 }
4215 }
4216
4217 testresult = 1;
4218 err:
4219 OPENSSL_free(res);
4220 EVP_MD_CTX_free(ctx);
4221 if (doderive)
4222 EVP_PKEY_CTX_free(pctx);
4223 EVP_PKEY_free(pkey);
4224 EVP_PKEY_meth_remove(custom_pmeth);
4225 EVP_PKEY_meth_free(custom_pmeth);
4226 custom_pmeth = NULL;
4227 return testresult;
4228 }
4229
test_evp_md_cipher_meth(void)4230 static int test_evp_md_cipher_meth(void)
4231 {
4232 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
4233 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
4234 int testresult = 0;
4235
4236 if (!TEST_ptr(md) || !TEST_ptr(ciph))
4237 goto err;
4238
4239 testresult = 1;
4240
4241 err:
4242 EVP_MD_meth_free(md);
4243 EVP_CIPHER_meth_free(ciph);
4244
4245 return testresult;
4246 }
4247
4248 typedef struct {
4249 int data;
4250 } custom_dgst_ctx;
4251
4252 static int custom_md_init_called = 0;
4253 static int custom_md_cleanup_called = 0;
4254
custom_md_init(EVP_MD_CTX * ctx)4255 static int custom_md_init(EVP_MD_CTX *ctx)
4256 {
4257 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4258
4259 if (p == NULL)
4260 return 0;
4261
4262 custom_md_init_called++;
4263 return 1;
4264 }
4265
custom_md_cleanup(EVP_MD_CTX * ctx)4266 static int custom_md_cleanup(EVP_MD_CTX *ctx)
4267 {
4268 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4269
4270 if (p == NULL)
4271 /* Nothing to do */
4272 return 1;
4273
4274 custom_md_cleanup_called++;
4275 return 1;
4276 }
4277
test_custom_md_meth(void)4278 static int test_custom_md_meth(void)
4279 {
4280 EVP_MD_CTX *mdctx = NULL;
4281 EVP_MD *tmp = NULL;
4282 char mess[] = "Test Message\n";
4283 unsigned char md_value[EVP_MAX_MD_SIZE];
4284 unsigned int md_len;
4285 int testresult = 0;
4286 int nid;
4287
4288 /*
4289 * We are testing deprecated functions. We don't support a non-default
4290 * library context in this test.
4291 */
4292 if (testctx != NULL)
4293 return 1;
4294
4295 custom_md_init_called = custom_md_cleanup_called = 0;
4296
4297 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
4298 if (!TEST_int_ne(nid, NID_undef))
4299 goto err;
4300 tmp = EVP_MD_meth_new(nid, NID_undef);
4301 if (!TEST_ptr(tmp))
4302 goto err;
4303
4304 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init))
4305 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup))
4306 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp,
4307 sizeof(custom_dgst_ctx))))
4308 goto err;
4309
4310 mdctx = EVP_MD_CTX_new();
4311 if (!TEST_ptr(mdctx)
4312 /*
4313 * Initing our custom md and then initing another md should
4314 * result in the init and cleanup functions of the custom md
4315 * from being called.
4316 */
4317 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL))
4318 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
4319 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess)))
4320 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len))
4321 || !TEST_int_eq(custom_md_init_called, 1)
4322 || !TEST_int_eq(custom_md_cleanup_called, 1))
4323 goto err;
4324
4325 testresult = 1;
4326 err:
4327 EVP_MD_CTX_free(mdctx);
4328 EVP_MD_meth_free(tmp);
4329 return testresult;
4330 }
4331
4332 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4333 /* Test we can create a signature keys with an associated ENGINE */
test_signatures_with_engine(int tst)4334 static int test_signatures_with_engine(int tst)
4335 {
4336 ENGINE *e;
4337 const char *engine_id = "dasync";
4338 EVP_PKEY *pkey = NULL;
4339 const unsigned char badcmackey[] = { 0x00, 0x01 };
4340 const unsigned char cmackey[] = {
4341 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4342 0x0c, 0x0d, 0x0e, 0x0f
4343 };
4344 const unsigned char ed25519key[] = {
4345 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4346 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4347 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
4348 };
4349 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4350 int testresult = 0;
4351 EVP_MD_CTX *ctx = NULL;
4352 unsigned char *mac = NULL;
4353 size_t maclen = 0;
4354 int ret;
4355
4356 # ifdef OPENSSL_NO_CMAC
4357 /* Skip CMAC tests in a no-cmac build */
4358 if (tst <= 1)
4359 return 1;
4360 # endif
4361
4362 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4363 return 0;
4364
4365 if (!TEST_true(ENGINE_init(e))) {
4366 ENGINE_free(e);
4367 return 0;
4368 }
4369
4370 switch (tst) {
4371 case 0:
4372 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
4373 EVP_aes_128_cbc());
4374 break;
4375 case 1:
4376 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
4377 EVP_aes_128_cbc());
4378 break;
4379 case 2:
4380 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
4381 sizeof(ed25519key));
4382 break;
4383 default:
4384 TEST_error("Invalid test case");
4385 goto err;
4386 }
4387 if (!TEST_ptr(pkey))
4388 goto err;
4389
4390 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
4391 goto err;
4392
4393 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
4394 pkey);
4395 if (tst == 0) {
4396 if (!TEST_true(ret))
4397 goto err;
4398
4399 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
4400 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
4401 goto err;
4402
4403 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
4404 goto err;
4405
4406 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
4407 goto err;
4408 } else {
4409 /* We used a bad key. We expect a failure here */
4410 if (!TEST_false(ret))
4411 goto err;
4412 }
4413
4414 testresult = 1;
4415 err:
4416 EVP_MD_CTX_free(ctx);
4417 OPENSSL_free(mac);
4418 EVP_PKEY_free(pkey);
4419 ENGINE_finish(e);
4420 ENGINE_free(e);
4421
4422 return testresult;
4423 }
4424
test_cipher_with_engine(void)4425 static int test_cipher_with_engine(void)
4426 {
4427 ENGINE *e;
4428 const char *engine_id = "dasync";
4429 const unsigned char keyiv[] = {
4430 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4431 0x0c, 0x0d, 0x0e, 0x0f
4432 };
4433 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4434 int testresult = 0;
4435 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
4436 unsigned char buf[AES_BLOCK_SIZE];
4437 int len = 0;
4438
4439 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4440 return 0;
4441
4442 if (!TEST_true(ENGINE_init(e))) {
4443 ENGINE_free(e);
4444 return 0;
4445 }
4446
4447 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4448 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
4449 goto err;
4450
4451 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
4452 goto err;
4453
4454 /* Copy the ctx, and complete the operation with the new ctx */
4455 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
4456 goto err;
4457
4458 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
4459 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
4460 goto err;
4461
4462 testresult = 1;
4463 err:
4464 EVP_CIPHER_CTX_free(ctx);
4465 EVP_CIPHER_CTX_free(ctx2);
4466 ENGINE_finish(e);
4467 ENGINE_free(e);
4468
4469 return testresult;
4470 }
4471 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
4472 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
4473
4474 static int ecxnids[] = {
4475 NID_X25519,
4476 NID_X448,
4477 NID_ED25519,
4478 NID_ED448
4479 };
4480
4481 /* Test that creating ECX keys with a short private key fails as expected */
test_ecx_short_keys(int tst)4482 static int test_ecx_short_keys(int tst)
4483 {
4484 unsigned char ecxkeydata = 1;
4485 EVP_PKEY *pkey;
4486
4487
4488 pkey = EVP_PKEY_new_raw_private_key(ecxnids[tst], NULL, &ecxkeydata, 1);
4489 if (!TEST_ptr_null(pkey)) {
4490 EVP_PKEY_free(pkey);
4491 return 0;
4492 }
4493 return 1;
4494 }
4495
4496 typedef enum OPTION_choice {
4497 OPT_ERR = -1,
4498 OPT_EOF = 0,
4499 OPT_CONTEXT,
4500 OPT_TEST_ENUM
4501 } OPTION_CHOICE;
4502
test_get_options(void)4503 const OPTIONS *test_get_options(void)
4504 {
4505 static const OPTIONS options[] = {
4506 OPT_TEST_OPTIONS_DEFAULT_USAGE,
4507 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
4508 { NULL }
4509 };
4510 return options;
4511 }
4512
setup_tests(void)4513 int setup_tests(void)
4514 {
4515 OPTION_CHOICE o;
4516
4517 while ((o = opt_next()) != OPT_EOF) {
4518 switch (o) {
4519 case OPT_CONTEXT:
4520 /* Set up an alternate library context */
4521 testctx = OSSL_LIB_CTX_new();
4522 if (!TEST_ptr(testctx))
4523 return 0;
4524 /* Swap the libctx to test non-default context only */
4525 nullprov = OSSL_PROVIDER_load(NULL, "null");
4526 deflprov = OSSL_PROVIDER_load(testctx, "default");
4527 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
4528 break;
4529 case OPT_TEST_CASES:
4530 break;
4531 default:
4532 return 0;
4533 }
4534 }
4535
4536 ADD_TEST(test_EVP_set_default_properties);
4537 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
4538 ADD_TEST(test_EVP_DigestVerifyInit);
4539 #ifndef OPENSSL_NO_SIPHASH
4540 ADD_TEST(test_siphash_digestsign);
4541 #endif
4542 ADD_TEST(test_EVP_Digest);
4543 ADD_TEST(test_EVP_md_null);
4544 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
4545 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
4546 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
4547 ADD_TEST(test_privatekey_to_pkcs8);
4548 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
4549 #ifndef OPENSSL_NO_EC
4550 ADD_TEST(test_EVP_PKCS82PKEY);
4551 #endif
4552 #ifndef OPENSSL_NO_EC
4553 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
4554 #endif
4555 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
4556 ADD_TEST(test_EVP_SM2);
4557 ADD_TEST(test_EVP_SM2_verify);
4558 #endif
4559 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
4560 #ifndef OPENSSL_NO_DEPRECATED_3_0
4561 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
4562 if (!TEST_ptr(custom_pmeth))
4563 return 0;
4564 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
4565 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
4566 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
4567 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
4568 return 0;
4569 #endif
4570 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
4571 #ifndef OPENSSL_NO_CMAC
4572 ADD_TEST(test_CMAC_keygen);
4573 #endif
4574 ADD_TEST(test_HKDF);
4575 ADD_TEST(test_emptyikm_HKDF);
4576 #ifndef OPENSSL_NO_EC
4577 ADD_TEST(test_X509_PUBKEY_inplace);
4578 ADD_TEST(test_X509_PUBKEY_dup);
4579 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
4580 OSSL_NELEM(ec_der_pub_keys));
4581 #endif
4582 #ifndef OPENSSL_NO_DSA
4583 ADD_TEST(test_DSA_get_set_params);
4584 ADD_TEST(test_DSA_priv_pub);
4585 #endif
4586 ADD_TEST(test_RSA_get_set_params);
4587 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
4588 ADD_TEST(test_decrypt_null_chunks);
4589 #endif
4590 #ifndef OPENSSL_NO_DH
4591 ADD_TEST(test_DH_priv_pub);
4592 # ifndef OPENSSL_NO_DEPRECATED_3_0
4593 ADD_TEST(test_EVP_PKEY_set1_DH);
4594 # endif
4595 #endif
4596 #ifndef OPENSSL_NO_EC
4597 ADD_TEST(test_EC_priv_pub);
4598 # ifndef OPENSSL_NO_DEPRECATED_3_0
4599 ADD_TEST(test_EC_priv_only_legacy);
4600 # endif
4601 #endif
4602 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
4603 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
4604
4605 ADD_TEST(test_rand_agglomeration);
4606 ADD_ALL_TESTS(test_evp_iv_aes, 12);
4607 #ifndef OPENSSL_NO_DES
4608 ADD_ALL_TESTS(test_evp_iv_des, 6);
4609 #endif
4610 #ifndef OPENSSL_NO_BF
4611 ADD_ALL_TESTS(test_evp_bf_default_keylen, 4);
4612 #endif
4613 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
4614 ADD_TEST(test_EVP_rsa_pss_set_saltlen);
4615 #ifndef OPENSSL_NO_EC
4616 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
4617 #endif
4618
4619 ADD_TEST(test_names_do_all);
4620
4621 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
4622 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
4623 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
4624 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
4625
4626 #ifndef OPENSSL_NO_DEPRECATED_3_0
4627 ADD_ALL_TESTS(test_custom_pmeth, 12);
4628 ADD_TEST(test_evp_md_cipher_meth);
4629 ADD_TEST(test_custom_md_meth);
4630
4631 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4632 /* Tests only support the default libctx */
4633 if (testctx == NULL) {
4634 # ifndef OPENSSL_NO_EC
4635 ADD_ALL_TESTS(test_signatures_with_engine, 3);
4636 # else
4637 ADD_ALL_TESTS(test_signatures_with_engine, 2);
4638 # endif
4639 ADD_TEST(test_cipher_with_engine);
4640 }
4641 # endif
4642 #endif
4643
4644 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
4645
4646 return 1;
4647 }
4648
cleanup_tests(void)4649 void cleanup_tests(void)
4650 {
4651 OSSL_PROVIDER_unload(nullprov);
4652 OSSL_PROVIDER_unload(deflprov);
4653 OSSL_PROVIDER_unload(lgcyprov);
4654 OSSL_LIB_CTX_free(testctx);
4655 }
4656
