VirtualBox

source: vbox/trunk/src/libs/openssl-3.1.7/test/evp_extra_test.c@ 105945

Last change on this file since 105945 was 105945, checked in by vboxsync, 9 months ago

openssl-3.1.7: Applied and adjusted our OpenSSL changes to 3.1.7. bugref:10757
File size: 184.9 KB
Line 
1/*
2 * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/* We need to use some deprecated APIs */
11#define OPENSSL_SUPPRESS_DEPRECATED
12
13#include <stdio.h>
14#include <stdlib.h>
15#include <string.h>
16#include <openssl/bio.h>
17#include <openssl/conf.h>
18#include <openssl/crypto.h>
19#include <openssl/err.h>
20#include <openssl/evp.h>
21#include <openssl/x509.h>
22#include <openssl/pem.h>
23#include <openssl/kdf.h>
24#include <openssl/provider.h>
25#include <openssl/core_names.h>
26#include <openssl/params.h>
27#include <openssl/param_build.h>
28#include <openssl/dsa.h>
29#include <openssl/dh.h>
30#include <openssl/aes.h>
31#include <openssl/decoder.h>
32#include <openssl/rsa.h>
33#include <openssl/engine.h>
34#include <openssl/proverr.h>
35#include "testutil.h"
36#include "internal/nelem.h"
37#include "internal/sizes.h"
38#include "crypto/evp.h"
39
40#ifdef STATIC_LEGACY
41OSSL_provider_init_fn ossl_legacy_provider_init;
42#endif
43
44static OSSL_LIB_CTX *testctx = NULL;
45static char *testpropq = NULL;
46
47static OSSL_PROVIDER *nullprov = NULL;
48static OSSL_PROVIDER *deflprov = NULL;
49static OSSL_PROVIDER *lgcyprov = NULL;
50
51/*
52 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
53 * should never use this key anywhere but in an example.
54 */
55static const unsigned char kExampleRSAKeyDER[] = {
56 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
57 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
58 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
59 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
60 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
61 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
62 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
63 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
64 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
65 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
66 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
67 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
68 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
69 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
70 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
71 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
72 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
73 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
74 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
75 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
76 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
77 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
78 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
79 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
80 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
81 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
82 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
83 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
84 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
85 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
86 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
87 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
88 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
89 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
90 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
91 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
92 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
93 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
94 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
95 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
96 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
97 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
98 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
99 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
100 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
101 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
102 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
103 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
104 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
105 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
106 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
107};
108
109/*
110* kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
111 * should never use this key anywhere but in an example.
112 */
113#ifndef OPENSSL_NO_DSA
114static const unsigned char kExampleDSAKeyDER[] = {
115 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
116 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
117 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
118 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
119 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
120 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
121 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
122 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
123 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
124 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
125 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
126 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
127 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
128 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
129 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
130 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
131 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
132 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
133 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
134 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
135 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
136 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
137 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
138 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
139 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
140 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
141 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
142 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
143 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
144 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
145 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
146 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
147 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
148 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
149 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
150 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
151 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
152 0x40, 0x48
153};
154#endif
155
156/*
157 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
158 * components are not correct.
159 */
160static const unsigned char kExampleBadRSAKeyDER[] = {
161 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
162 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
163 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
164 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
165 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
166 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
167 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
168 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
169 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
170 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
171 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
172 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
173 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
174 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
175 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
176 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
177 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
178 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
179 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
180 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
181 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
182 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
183 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
184 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
185 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
186 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
187 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
188 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
189 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
190 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
191 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
192 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
193 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
194 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
195 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
196 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
197 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
198 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
199 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
200 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
201 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
202 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
203 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
204 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
205 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
206 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
207 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
208 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
209 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
210 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
211 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
212 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
213 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
214 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
215 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
216 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
217 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
218 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
219 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
220 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
221 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
222 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
223 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
224 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
225 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
226 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
227 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
228 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
229 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
230 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
231 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
232 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
233 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
234 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
235 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
236 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
237 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
238 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
239 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
240 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
241 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
242 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
243 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
244 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
245 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
246 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
247 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
248 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
249 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
250};
251
252/*
253 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All
254 * values are 0.
255 */
256static const unsigned char kExampleBad2RSAKeyDER[] = {
257 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
258 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
259 0x01, 0x00, 0x02, 0x01, 0x00
260};
261
262static const unsigned char kMsg[] = { 1, 2, 3, 4 };
263
264static const unsigned char kSignature[] = {
265 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
266 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
267 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
268 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
269 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
270 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
271 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
272 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
273 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
274 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
275 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
276};
277
278/*
279 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
280 * PrivateKeyInfo.
281 */
282static const unsigned char kExampleRSAKeyPKCS8[] = {
283 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
284 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
285 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
286 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
287 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
288 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
289 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
290 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
291 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
292 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
293 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
294 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
295 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
296 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
297 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
298 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
299 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
300 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
301 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
302 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
303 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
304 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
305 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
306 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
307 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
308 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
309 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
310 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
311 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
312 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
313 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
314 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
315 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
316 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
317 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
318 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
319 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
320 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
321 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
322 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
323 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
324 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
325 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
326 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
327 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
328 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
329 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
330 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
331 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
332 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
333 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
334 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
335 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
336};
337
338#ifndef OPENSSL_NO_EC
339/*
340 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
341 * structure.
342 */
343static const unsigned char kExampleECKeyDER[] = {
344 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
345 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
346 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
347 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
348 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
349 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
350 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
351 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
352 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
353 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
354 0xc1,
355};
356
357/*
358 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
359 * structure. The private key is equal to the order and will fail to import
360 */
361static const unsigned char kExampleBadECKeyDER[] = {
362 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
363 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
364 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
365 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
366 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
367 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
368 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
369 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
370 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
371};
372
373/* prime256v1 */
374static const unsigned char kExampleECPubKeyDER[] = {
375 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
376 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
377 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
378 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
379 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
380 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
381 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
382 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
383};
384
385/*
386 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
387 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
388 */
389static const unsigned char kExampleBadECPubKeyDER[] = {
390 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
391 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
392 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
393 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
394 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
395 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
396 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
397 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
398};
399
400static const unsigned char pExampleECParamDER[] = {
401 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
402};
403
404static const unsigned char kExampleED25519KeyDER[] = {
405 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
406 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
407 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
408 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
409};
410
411static const unsigned char kExampleED25519PubKeyDER[] = {
412 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
413 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
414 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
415 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
416};
417
418# ifndef OPENSSL_NO_DEPRECATED_3_0
419static const unsigned char kExampleX25519KeyDER[] = {
420 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
421 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
422 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
423 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
424};
425# endif
426#endif
427
428/* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
429#ifndef OPENSSL_NO_DEPRECATED_3_0
430# ifndef OPENSSL_NO_DH
431static const unsigned char kExampleDHKeyDER[] = {
432 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
433 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
434 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
435 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
436 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
437 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
438 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
439 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
440 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
441 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
442 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
443 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
444 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
445 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
446 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
447 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
448 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
449 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
450 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
451 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
452 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
453 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
454 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
455 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
456 0x2e, 0x87, 0x2a, 0x0b, 0x7a
457};
458# endif
459#endif
460
461static const unsigned char kCFBDefaultKey[] = {
462 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
463 0x09, 0xCF, 0x4F, 0x3C
464};
465
466static const unsigned char kGCMDefaultKey[32] = { 0 };
467
468static const unsigned char kGCMResetKey[] = {
469 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
470 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
471 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
472};
473
474static const unsigned char iCFBIV[] = {
475 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
476 0x0C, 0x0D, 0x0E, 0x0F
477};
478
479static const unsigned char iGCMDefaultIV[12] = { 0 };
480
481static const unsigned char iGCMResetIV1[] = {
482 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
483};
484
485static const unsigned char iGCMResetIV2[] = {
486 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
487};
488
489static const unsigned char cfbPlaintext[] = {
490 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
491 0x73, 0x93, 0x17, 0x2A
492};
493static const unsigned char cfbPlaintext_partial[] = {
494 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
495 0x73, 0x93, 0x17, 0x2A, 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
496};
497
498static const unsigned char gcmDefaultPlaintext[16] = { 0 };
499
500static const unsigned char gcmResetPlaintext[] = {
501 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
502 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
503 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
504 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
505 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
506};
507
508static const unsigned char cfbCiphertext[] = {
509 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
510 0xE8, 0x3C, 0xFB, 0x4A
511};
512
513static const unsigned char cfbCiphertext_partial[] = {
514 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
515 0xE8, 0x3C, 0xFB, 0x4A, 0x0D, 0x4A, 0x71, 0x82, 0x90, 0xF0, 0x9A, 0x35
516};
517
518static const unsigned char ofbCiphertext_partial[] = {
519 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
520 0xE8, 0x3C, 0xFB, 0x4A, 0xB2, 0x65, 0x64, 0x38, 0x26, 0xD2, 0xBC, 0x09
521};
522
523static const unsigned char gcmDefaultCiphertext[] = {
524 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
525 0xba, 0xf3, 0x9d, 0x18
526};
527
528static const unsigned char gcmResetCiphertext1[] = {
529 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
530 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
531 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
532 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
533 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
534};
535
536static const unsigned char gcmResetCiphertext2[] = {
537 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
538 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
539 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
540 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
541 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
542};
543
544static const unsigned char gcmAAD[] = {
545 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
546 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
547};
548
549static const unsigned char gcmDefaultTag[] = {
550 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
551 0xd4, 0x8a, 0xb9, 0x19
552};
553
554static const unsigned char gcmResetTag1[] = {
555 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
556 0xfe, 0x2e, 0xa8, 0xf2
557};
558
559static const unsigned char gcmResetTag2[] = {
560 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
561 0xbb, 0x2d, 0x55, 0x1b
562};
563
564typedef struct APK_DATA_st {
565 const unsigned char *kder;
566 size_t size;
567 const char *keytype;
568 int evptype;
569 int check;
570 int pub_check;
571 int param_check;
572 int type; /* 0 for private, 1 for public, 2 for params */
573} APK_DATA;
574
575static APK_DATA keydata[] = {
576 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
577 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
578#ifndef OPENSSL_NO_EC
579 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
580#endif
581};
582
583static APK_DATA keycheckdata[] = {
584 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
585 0},
586 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
587 0, 1, 1, 0},
588 {kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA,
589 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0},
590#ifndef OPENSSL_NO_EC
591 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
592 /* group is also associated in our pub key */
593 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
594 1, 1},
595 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
596 2},
597 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
598 EVP_PKEY_ED25519, 1, 1, 1, 0},
599 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
600 EVP_PKEY_ED25519, 0, 1, 1, 1},
601#endif
602};
603
604static EVP_PKEY *load_example_key(const char *keytype,
605 const unsigned char *data, size_t data_len)
606{
607 const unsigned char **pdata = &data;
608 EVP_PKEY *pkey = NULL;
609 OSSL_DECODER_CTX *dctx =
610 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
611 testctx, testpropq);
612
613 /* |pkey| will be NULL on error */
614 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
615 OSSL_DECODER_CTX_free(dctx);
616 return pkey;
617}
618
619static EVP_PKEY *load_example_rsa_key(void)
620{
621 return load_example_key("RSA", kExampleRSAKeyDER,
622 sizeof(kExampleRSAKeyDER));
623}
624
625#ifndef OPENSSL_NO_DSA
626static EVP_PKEY *load_example_dsa_key(void)
627{
628 return load_example_key("DSA", kExampleDSAKeyDER,
629 sizeof(kExampleDSAKeyDER));
630}
631#endif
632
633#ifndef OPENSSL_NO_EC
634static EVP_PKEY *load_example_ec_key(void)
635{
636 return load_example_key("EC", kExampleECKeyDER,
637 sizeof(kExampleECKeyDER));
638}
639#endif
640
641#ifndef OPENSSL_NO_DEPRECATED_3_0
642# ifndef OPENSSL_NO_DH
643static EVP_PKEY *load_example_dh_key(void)
644{
645 return load_example_key("DH", kExampleDHKeyDER,
646 sizeof(kExampleDHKeyDER));
647}
648# endif
649
650# ifndef OPENSSL_NO_EC
651static EVP_PKEY *load_example_ed25519_key(void)
652{
653 return load_example_key("ED25519", kExampleED25519KeyDER,
654 sizeof(kExampleED25519KeyDER));
655}
656
657static EVP_PKEY *load_example_x25519_key(void)
658{
659 return load_example_key("X25519", kExampleX25519KeyDER,
660 sizeof(kExampleX25519KeyDER));
661}
662# endif
663#endif /* OPENSSL_NO_DEPRECATED_3_0 */
664
665static EVP_PKEY *load_example_hmac_key(void)
666{
667 EVP_PKEY *pkey = NULL;
668 unsigned char key[] = {
669 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
670 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
671 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
672 };
673
674 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
675 NULL, key, sizeof(key));
676 if (!TEST_ptr(pkey))
677 return NULL;
678
679 return pkey;
680}
681
682static int test_EVP_set_default_properties(void)
683{
684 OSSL_LIB_CTX *ctx;
685 EVP_MD *md = NULL;
686 int res = 0;
687
688 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
689 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
690 goto err;
691 EVP_MD_free(md);
692 md = NULL;
693
694 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
695 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
696 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
697 goto err;
698 EVP_MD_free(md);
699 md = NULL;
700
701 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
702 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
703 goto err;
704 res = 1;
705err:
706 EVP_MD_free(md);
707 OSSL_LIB_CTX_free(ctx);
708 return res;
709}
710
711#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
712static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
713{
714 EVP_PKEY_CTX *pctx = NULL;
715 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL;
716
717 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
718 goto err;
719 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
720 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
721 params), 0))
722 goto err;
723
724 if (!TEST_ptr(tmp_pkey))
725 goto err;
726
727 pkey = tmp_pkey;
728 tmp_pkey = NULL;
729 err:
730 EVP_PKEY_free(tmp_pkey);
731 EVP_PKEY_CTX_free(pctx);
732 return pkey;
733}
734
735static int test_selection(EVP_PKEY *pkey, int selection)
736{
737 int testresult = 0;
738 int ret;
739 BIO *bio = BIO_new(BIO_s_mem());
740
741 ret = PEM_write_bio_PUBKEY(bio, pkey);
742 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
743 if (!TEST_true(ret))
744 goto err;
745 } else {
746 if (!TEST_false(ret))
747 goto err;
748 }
749 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
750 testctx, NULL);
751 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
752 if (!TEST_true(ret))
753 goto err;
754 } else {
755 if (!TEST_false(ret))
756 goto err;
757 }
758
759 testresult = 1;
760 err:
761 BIO_free(bio);
762
763 return testresult;
764}
765#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
766
767/*
768 * Test combinations of private, public, missing and private + public key
769 * params to ensure they are all accepted
770 */
771#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
772static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
773{
774 OSSL_PARAM_BLD *bld = NULL;
775 OSSL_PARAM *params = NULL;
776 EVP_PKEY *just_params = NULL;
777 EVP_PKEY *params_and_priv = NULL;
778 EVP_PKEY *params_and_pub = NULL;
779 EVP_PKEY *params_and_keypair = NULL;
780 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
781 int ret = 0;
782
783 /*
784 * Setup the parameters for our pkey object. For our purposes they don't
785 * have to actually be *valid* parameters. We just need to set something.
786 */
787 if (!TEST_ptr(p = BN_new())
788 || !TEST_ptr(q = BN_new())
789 || !TEST_ptr(g = BN_new())
790 || !TEST_ptr(pub = BN_new())
791 || !TEST_ptr(priv = BN_new()))
792 goto err;
793
794 /* Test !priv and !pub */
795 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
796 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
797 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
798 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
799 goto err;
800 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
801 || !TEST_ptr(just_params = make_key_fromdata(keytype, params)))
802 goto err;
803
804 OSSL_PARAM_free(params);
805 OSSL_PARAM_BLD_free(bld);
806 params = NULL;
807 bld = NULL;
808
809 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
810 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
811 goto err;
812
813 /* Test priv and !pub */
814 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
815 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
816 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
817 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
818 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
819 priv)))
820 goto err;
821 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
822 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params)))
823 goto err;
824
825 OSSL_PARAM_free(params);
826 OSSL_PARAM_BLD_free(bld);
827 params = NULL;
828 bld = NULL;
829
830 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
831 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
832 goto err;
833
834 /* Test !priv and pub */
835 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
836 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
837 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
838 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
839 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
840 pub)))
841 goto err;
842 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
843 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params)))
844 goto err;
845
846 OSSL_PARAM_free(params);
847 OSSL_PARAM_BLD_free(bld);
848 params = NULL;
849 bld = NULL;
850
851 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
852 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
853 goto err;
854
855 /* Test priv and pub */
856 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
857 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
858 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
859 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
860 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
861 pub))
862 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
863 priv)))
864 goto err;
865 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
866 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params)))
867 goto err;
868
869 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
870 goto err;
871
872 ret = 1;
873 err:
874 OSSL_PARAM_free(params);
875 OSSL_PARAM_BLD_free(bld);
876 EVP_PKEY_free(just_params);
877 EVP_PKEY_free(params_and_priv);
878 EVP_PKEY_free(params_and_pub);
879 EVP_PKEY_free(params_and_keypair);
880 BN_free(p);
881 BN_free(q);
882 BN_free(g);
883 BN_free(pub);
884 BN_free(priv);
885
886 return ret;
887}
888#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
889
890/*
891 * Test combinations of private, public, missing and private + public key
892 * params to ensure they are all accepted for EC keys
893 */
894#ifndef OPENSSL_NO_EC
895static unsigned char ec_priv[] = {
896 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
897 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
898 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
899};
900static unsigned char ec_pub[] = {
901 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
902 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
903 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
904 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
905 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
906 0x08, 0x09, 0xb8, 0xdb, 0x03
907};
908
909static int test_EC_priv_pub(void)
910{
911 OSSL_PARAM_BLD *bld = NULL;
912 OSSL_PARAM *params = NULL;
913 EVP_PKEY *just_params = NULL;
914 EVP_PKEY *params_and_priv = NULL;
915 EVP_PKEY *params_and_pub = NULL;
916 EVP_PKEY *params_and_keypair = NULL;
917 BIGNUM *priv = NULL;
918 int ret = 0;
919 unsigned char *encoded = NULL;
920 size_t len = 0;
921 unsigned char buffer[128];
922
923 /*
924 * Setup the parameters for our pkey object. For our purposes they don't
925 * have to actually be *valid* parameters. We just need to set something.
926 */
927 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
928 goto err;
929
930 /* Test !priv and !pub */
931 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
932 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
933 OSSL_PKEY_PARAM_GROUP_NAME,
934 "P-256", 0)))
935 goto err;
936 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
937 || !TEST_ptr(just_params = make_key_fromdata("EC", params)))
938 goto err;
939
940 OSSL_PARAM_free(params);
941 OSSL_PARAM_BLD_free(bld);
942 params = NULL;
943 bld = NULL;
944
945 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
946 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
947 goto err;
948
949 /* Test priv and !pub */
950 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
951 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
952 OSSL_PKEY_PARAM_GROUP_NAME,
953 "P-256", 0))
954 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
955 priv)))
956 goto err;
957 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
958 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params)))
959 goto err;
960
961 OSSL_PARAM_free(params);
962 OSSL_PARAM_BLD_free(bld);
963 params = NULL;
964 bld = NULL;
965
966 /*
967 * We indicate only parameters here, in spite of having built a key that
968 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
969 * expected to fail because it does not support exporting a private EC
970 * key without a corresponding public key
971 */
972 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
973 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
974 goto err;
975
976 /* Test !priv and pub */
977 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
978 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
979 OSSL_PKEY_PARAM_GROUP_NAME,
980 "P-256", 0))
981 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
982 OSSL_PKEY_PARAM_PUB_KEY,
983 ec_pub, sizeof(ec_pub))))
984 goto err;
985 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
986 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params)))
987 goto err;
988
989 OSSL_PARAM_free(params);
990 OSSL_PARAM_BLD_free(bld);
991 params = NULL;
992 bld = NULL;
993
994 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
995 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
996 goto err;
997
998 /* Test priv and pub */
999 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1000 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1001 OSSL_PKEY_PARAM_GROUP_NAME,
1002 "P-256", 0))
1003 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1004 OSSL_PKEY_PARAM_PUB_KEY,
1005 ec_pub, sizeof(ec_pub)))
1006 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1007 priv)))
1008 goto err;
1009 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1010 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params)))
1011 goto err;
1012
1013 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
1014 goto err;
1015
1016 /* Try key equality */
1017 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0)
1018 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub),
1019 0)
1020 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv),
1021 0)
1022 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair),
1023 0)
1024 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0)
1025 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0)
1026 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0)
1027 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0))
1028 goto err;
1029
1030 /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */
1031 if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0))
1032 goto err;
1033 OPENSSL_free(encoded);
1034 encoded = NULL;
1035 if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) {
1036 OPENSSL_free(encoded);
1037 encoded = NULL;
1038 goto err;
1039 }
1040
1041 /* Positive and negative testcase for EVP_PKEY_get_octet_string_param */
1042 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1043 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1044 buffer, sizeof(buffer), &len), 1)
1045 || !TEST_int_eq(len, 65))
1046 goto err;
1047
1048 len = 0;
1049 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1050 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1051 NULL, 0, &len), 1)
1052 || !TEST_int_eq(len, 65))
1053 goto err;
1054
1055 /* too-short buffer len*/
1056 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1057 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1058 buffer, 10, &len), 0))
1059 goto err;
1060
1061 ret = 1;
1062 err:
1063 OSSL_PARAM_free(params);
1064 OSSL_PARAM_BLD_free(bld);
1065 EVP_PKEY_free(just_params);
1066 EVP_PKEY_free(params_and_priv);
1067 EVP_PKEY_free(params_and_pub);
1068 EVP_PKEY_free(params_and_keypair);
1069 BN_free(priv);
1070
1071 return ret;
1072}
1073
1074/* Test that using a legacy EC key with only a private key in it works */
1075# ifndef OPENSSL_NO_DEPRECATED_3_0
1076static int test_EC_priv_only_legacy(void)
1077{
1078 BIGNUM *priv = NULL;
1079 int ret = 0;
1080 EC_KEY *eckey = NULL;
1081 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
1082 EVP_MD_CTX *ctx = NULL;
1083
1084 /* Create the low level EC_KEY */
1085 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1086 goto err;
1087
1088 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1089 if (!TEST_ptr(eckey))
1090 goto err;
1091
1092 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1093 goto err;
1094
1095 pkey = EVP_PKEY_new();
1096 if (!TEST_ptr(pkey))
1097 goto err;
1098
1099 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1100 goto err;
1101 eckey = NULL;
1102
1103 for (;;) {
1104 ret = 0;
1105 ctx = EVP_MD_CTX_new();
1106 if (!TEST_ptr(ctx))
1107 goto err;
1108
1109 /*
1110 * The EVP_DigestSignInit function should create the key on the
1111 * provider side which is sufficient for this test.
1112 */
1113 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
1114 testpropq, pkey, NULL)))
1115 goto err;
1116 EVP_MD_CTX_free(ctx);
1117 ctx = NULL;
1118
1119 if (dup_pk != NULL)
1120 break;
1121
1122 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
1123 goto err;
1124 /* EVP_PKEY_eq() returns -2 with missing public keys */
1125 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
1126 EVP_PKEY_free(pkey);
1127 pkey = dup_pk;
1128 if (!ret)
1129 goto err;
1130 }
1131 ret = 1;
1132
1133 err:
1134 EVP_MD_CTX_free(ctx);
1135 EVP_PKEY_free(pkey);
1136 EC_KEY_free(eckey);
1137 BN_free(priv);
1138
1139 return ret;
1140}
1141# endif /* OPENSSL_NO_DEPRECATED_3_0 */
1142#endif /* OPENSSL_NO_EC */
1143
1144static int test_EVP_PKEY_sign(int tst)
1145{
1146 int ret = 0;
1147 EVP_PKEY *pkey = NULL;
1148 unsigned char *sig = NULL;
1149 size_t sig_len = 0, shortsig_len = 1;
1150 EVP_PKEY_CTX *ctx = NULL;
1151 unsigned char tbs[] = {
1152 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1153 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1154 };
1155
1156 if (tst == 0 ) {
1157 if (!TEST_ptr(pkey = load_example_rsa_key()))
1158 goto out;
1159 } else if (tst == 1) {
1160#ifndef OPENSSL_NO_DSA
1161 if (!TEST_ptr(pkey = load_example_dsa_key()))
1162 goto out;
1163#else
1164 ret = 1;
1165 goto out;
1166#endif
1167 } else {
1168#ifndef OPENSSL_NO_EC
1169 if (!TEST_ptr(pkey = load_example_ec_key()))
1170 goto out;
1171#else
1172 ret = 1;
1173 goto out;
1174#endif
1175 }
1176
1177 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1178 if (!TEST_ptr(ctx)
1179 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1180 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1181 sizeof(tbs)), 0))
1182 goto out;
1183 sig = OPENSSL_malloc(sig_len);
1184 if (!TEST_ptr(sig)
1185 /* Test sending a signature buffer that is too short is rejected */
1186 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1187 sizeof(tbs)), 0)
1188 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1189 0)
1190 /* Test the signature round-trips */
1191 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1192 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1193 0))
1194 goto out;
1195
1196 ret = 1;
1197 out:
1198 EVP_PKEY_CTX_free(ctx);
1199 OPENSSL_free(sig);
1200 EVP_PKEY_free(pkey);
1201 return ret;
1202}
1203
1204#ifndef OPENSSL_NO_DEPRECATED_3_0
1205static int test_EVP_PKEY_sign_with_app_method(int tst)
1206{
1207 int ret = 0;
1208 EVP_PKEY *pkey = NULL;
1209 RSA *rsa = NULL;
1210 RSA_METHOD *rsa_meth = NULL;
1211#ifndef OPENSSL_NO_DSA
1212 DSA *dsa = NULL;
1213 DSA_METHOD *dsa_meth = NULL;
1214#endif
1215 unsigned char *sig = NULL;
1216 size_t sig_len = 0, shortsig_len = 1;
1217 EVP_PKEY_CTX *ctx = NULL;
1218 unsigned char tbs[] = {
1219 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1220 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1221 };
1222
1223 if (tst == 0) {
1224 if (!TEST_ptr(pkey = load_example_rsa_key()))
1225 goto out;
1226 if (!TEST_ptr(rsa_meth = RSA_meth_dup(RSA_get_default_method())))
1227 goto out;
1228
1229 if (!TEST_ptr(rsa = EVP_PKEY_get1_RSA(pkey))
1230 || !TEST_int_gt(RSA_set_method(rsa, rsa_meth), 0)
1231 || !TEST_int_gt(EVP_PKEY_assign_RSA(pkey, rsa), 0))
1232 goto out;
1233 rsa = NULL; /* now owned by the pkey */
1234 } else {
1235#ifndef OPENSSL_NO_DSA
1236 if (!TEST_ptr(pkey = load_example_dsa_key()))
1237 goto out;
1238 if (!TEST_ptr(dsa_meth = DSA_meth_dup(DSA_get_default_method())))
1239 goto out;
1240
1241 if (!TEST_ptr(dsa = EVP_PKEY_get1_DSA(pkey))
1242 || !TEST_int_gt(DSA_set_method(dsa, dsa_meth), 0)
1243 || !TEST_int_gt(EVP_PKEY_assign_DSA(pkey, dsa), 0))
1244 goto out;
1245 dsa = NULL; /* now owned by the pkey */
1246#else
1247 ret = 1;
1248 goto out;
1249#endif
1250 }
1251
1252 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1253 if (!TEST_ptr(ctx)
1254 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1255 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1256 sizeof(tbs)), 0))
1257 goto out;
1258 sig = OPENSSL_malloc(sig_len);
1259 if (!TEST_ptr(sig)
1260 /* Test sending a signature buffer that is too short is rejected */
1261 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1262 sizeof(tbs)), 0)
1263 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1264 0)
1265 /* Test the signature round-trips */
1266 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1267 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1268 0))
1269 goto out;
1270
1271 ret = 1;
1272 out:
1273 EVP_PKEY_CTX_free(ctx);
1274 OPENSSL_free(sig);
1275 EVP_PKEY_free(pkey);
1276 RSA_free(rsa);
1277 RSA_meth_free(rsa_meth);
1278#ifndef OPENSSL_NO_DSA
1279 DSA_free(dsa);
1280 DSA_meth_free(dsa_meth);
1281#endif
1282 return ret;
1283}
1284#endif /* !OPENSSL_NO_DEPRECATED_3_0 */
1285
1286/*
1287 * n = 0 => test using legacy cipher
1288 * n = 1 => test using fetched cipher
1289 */
1290static int test_EVP_Enveloped(int n)
1291{
1292 int ret = 0;
1293 EVP_CIPHER_CTX *ctx = NULL;
1294 EVP_PKEY *keypair = NULL;
1295 unsigned char *kek = NULL;
1296 unsigned char iv[EVP_MAX_IV_LENGTH];
1297 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1298 int len, kek_len, ciphertext_len, plaintext_len;
1299 unsigned char ciphertext[32], plaintext[16];
1300 EVP_CIPHER *type = NULL;
1301
1302 if (nullprov != NULL)
1303 return TEST_skip("Test does not support a non-default library context");
1304
1305 if (n == 0)
1306 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1307 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1308 testpropq)))
1309 goto err;
1310
1311 if (!TEST_ptr(keypair = load_example_rsa_key())
1312 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
1313 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1314 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1315 &keypair, 1))
1316 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1317 msg, sizeof(msg)))
1318 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1319 &len)))
1320 goto err;
1321
1322 ciphertext_len += len;
1323
1324 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1325 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1326 ciphertext, ciphertext_len))
1327 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1328 goto err;
1329
1330 plaintext_len += len;
1331 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1332 goto err;
1333
1334 ret = 1;
1335err:
1336 if (n != 0)
1337 EVP_CIPHER_free(type);
1338 OPENSSL_free(kek);
1339 EVP_PKEY_free(keypair);
1340 EVP_CIPHER_CTX_free(ctx);
1341 return ret;
1342}
1343
1344/*
1345 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1346 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1347 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1348 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1349 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1350 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1351 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1352 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1353 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1354 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1355 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1356 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1357 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1358 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1359 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1360 * Test 15-29: Same as above with reinitialization
1361 */
1362static int test_EVP_DigestSignInit(int tst)
1363{
1364 int ret = 0;
1365 EVP_PKEY *pkey = NULL;
1366 unsigned char *sig = NULL, *sig2 = NULL;
1367 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
1368 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1369 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1370 BIO *mdbio = NULL, *membio = NULL;
1371 size_t written;
1372 const EVP_MD *md;
1373 EVP_MD *mdexp = NULL;
1374 int reinit = 0;
1375
1376 if (nullprov != NULL)
1377 return TEST_skip("Test does not support a non-default library context");
1378
1379 if (tst >= 15) {
1380 reinit = 1;
1381 tst -= 15;
1382 }
1383
1384 if (tst >= 6 && tst <= 8) {
1385 membio = BIO_new(BIO_s_mem());
1386 mdbio = BIO_new(BIO_f_md());
1387 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1388 goto out;
1389 BIO_push(mdbio, membio);
1390 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1391 goto out;
1392 } else {
1393 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1394 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1395 goto out;
1396 }
1397
1398 if (tst % 3 == 0) {
1399 if (!TEST_ptr(pkey = load_example_rsa_key()))
1400 goto out;
1401 } else if (tst % 3 == 1) {
1402#ifndef OPENSSL_NO_DSA
1403 if (!TEST_ptr(pkey = load_example_dsa_key()))
1404 goto out;
1405#else
1406 ret = 1;
1407 goto out;
1408#endif
1409 } else {
1410 if (!TEST_ptr(pkey = load_example_hmac_key()))
1411 goto out;
1412 }
1413
1414 if (tst >= 3 && tst <= 5)
1415 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1416 else
1417 md = EVP_sha256();
1418
1419 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1420 goto out;
1421
1422 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
1423 goto out;
1424
1425 if (tst >= 6 && tst <= 8) {
1426 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1427 goto out;
1428 } else if (tst < 6) {
1429 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1430 goto out;
1431 }
1432
1433 if (tst >= 9) {
1434 /* Determine the size of the signature. */
1435 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1436 sizeof(kMsg)))
1437 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1438 goto out;
1439 if (tst <= 11) {
1440 /* Test that supply a short sig buffer fails */
1441 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1442 sizeof(kMsg))))
1443 goto out;
1444 /*
1445 * We end here because once EVP_DigestSign() has failed you should
1446 * not call it again without re-initing the ctx
1447 */
1448 ret = 1;
1449 goto out;
1450 }
1451 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1452 sizeof(kMsg))))
1453 goto out;
1454 } else {
1455 /* Determine the size of the signature. */
1456 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1457 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1458 /*
1459 * Trying to create a signature with a deliberately short
1460 * buffer should fail.
1461 */
1462 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1463 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1464 goto out;
1465 }
1466
1467 /*
1468 * Ensure that the signature round-trips (Verification isn't supported for
1469 * HMAC via EVP_DigestVerify*)
1470 */
1471 if (tst % 3 != 2) {
1472 if (tst >= 6 && tst <= 8) {
1473 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1474 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1475 goto out;
1476 }
1477
1478 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1479 NULL, pkey)))
1480 goto out;
1481
1482 if (tst >= 6 && tst <= 8) {
1483 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1484 goto out;
1485 } else {
1486 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1487 sizeof(kMsg))))
1488 goto out;
1489 }
1490 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1491 goto out;
1492
1493 /* Multiple calls to EVP_DigestVerifyFinal should work */
1494 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1495 goto out;
1496 } else {
1497 /*
1498 * For HMAC a doubled call to DigestSignFinal should produce the same
1499 * value as finalization should not happen.
1500 */
1501 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1502 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1503 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1504 goto out;
1505
1506 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1507 goto out;
1508 }
1509
1510 ret = 1;
1511
1512 out:
1513 BIO_free(membio);
1514 BIO_free(mdbio);
1515 EVP_MD_CTX_free(a_md_ctx);
1516 EVP_MD_CTX_free(a_md_ctx_verify);
1517 EVP_PKEY_free(pkey);
1518 OPENSSL_free(sig);
1519 OPENSSL_free(sig2);
1520 EVP_MD_free(mdexp);
1521
1522 return ret;
1523}
1524
1525static int test_EVP_DigestVerifyInit(void)
1526{
1527 int ret = 0;
1528 EVP_PKEY *pkey = NULL;
1529 EVP_MD_CTX *md_ctx = NULL;
1530
1531 if (nullprov != NULL)
1532 return TEST_skip("Test does not support a non-default library context");
1533
1534 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1535 || !TEST_ptr(pkey = load_example_rsa_key()))
1536 goto out;
1537
1538 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1539 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1540 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1541 sizeof(kSignature)), 0))
1542 goto out;
1543
1544 /* test with reinitialization */
1545 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
1546 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1547 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1548 sizeof(kSignature)), 0))
1549 goto out;
1550 ret = 1;
1551
1552 out:
1553 EVP_MD_CTX_free(md_ctx);
1554 EVP_PKEY_free(pkey);
1555 return ret;
1556}
1557
1558#ifndef OPENSSL_NO_SIPHASH
1559/* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
1560static int test_siphash_digestsign(void)
1561{
1562 unsigned char key[16];
1563 unsigned char buf[8], digest[8];
1564 unsigned char expected[8] = {
1565 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1566 };
1567 EVP_PKEY *pkey = NULL;
1568 EVP_MD_CTX *mdctx = NULL;
1569 EVP_PKEY_CTX *ctx = NULL;
1570 int ret = 0;
1571 size_t len = 8;
1572
1573 if (nullprov != NULL)
1574 return TEST_skip("Test does not support a non-default library context");
1575
1576 memset(buf, 0, 8);
1577 memset(key, 1, 16);
1578 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
1579 key, 16)))
1580 goto out;
1581
1582 if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
1583 goto out;
1584
1585 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
1586 goto out;
1587 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
1588 EVP_PKEY_CTRL_SET_DIGEST_SIZE,
1589 8, NULL), 1))
1590 goto out;
1591 /* reinitialize */
1592 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
1593 goto out;
1594 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
1595 goto out;
1596 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
1597 goto out;
1598 if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
1599 goto out;
1600
1601 ret = 1;
1602 out:
1603 EVP_PKEY_free(pkey);
1604 EVP_MD_CTX_free(mdctx);
1605 return ret;
1606}
1607#endif
1608
1609/*
1610 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1611 */
1612static int test_EVP_Digest(void)
1613{
1614 int ret = 0;
1615 EVP_MD_CTX *md_ctx = NULL;
1616 unsigned char md[EVP_MAX_MD_SIZE];
1617 EVP_MD *sha256 = NULL;
1618 EVP_MD *shake256 = NULL;
1619
1620 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1621 goto out;
1622
1623 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1624 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1625 goto out;
1626
1627 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1628 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1629 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1630 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1631 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1632 goto out;
1633
1634 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1635 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1636 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1637 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1638 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1639 /*
1640 * EVP_DigestInit_ex with NULL type should work on
1641 * pre-initialized context.
1642 */
1643 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1644 goto out;
1645
1646 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1647 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1648 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1649 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1650 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1651 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1652 goto out;
1653 ret = 1;
1654
1655 out:
1656 EVP_MD_CTX_free(md_ctx);
1657 EVP_MD_free(sha256);
1658 EVP_MD_free(shake256);
1659 return ret;
1660}
1661
1662static int test_EVP_md_null(void)
1663{
1664 int ret = 0;
1665 EVP_MD_CTX *md_ctx = NULL;
1666 const EVP_MD *md_null = EVP_md_null();
1667 unsigned char md_value[EVP_MAX_MD_SIZE];
1668 unsigned int md_len = sizeof(md_value);
1669
1670 if (nullprov != NULL)
1671 return TEST_skip("Test does not support a non-default library context");
1672
1673 if (!TEST_ptr(md_null)
1674 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1675 goto out;
1676
1677 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
1678 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
1679 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
1680 goto out;
1681
1682 if (!TEST_uint_eq(md_len, 0))
1683 goto out;
1684
1685 ret = 1;
1686 out:
1687 EVP_MD_CTX_free(md_ctx);
1688 return ret;
1689}
1690
1691static int test_d2i_AutoPrivateKey(int i)
1692{
1693 int ret = 0;
1694 const unsigned char *p;
1695 EVP_PKEY *pkey = NULL;
1696 const APK_DATA *ak = &keydata[i];
1697 const unsigned char *input = ak->kder;
1698 size_t input_len = ak->size;
1699 int expected_id = ak->evptype;
1700
1701 p = input;
1702 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1703 || !TEST_ptr_eq(p, input + input_len)
1704 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
1705 goto done;
1706
1707 ret = 1;
1708
1709 done:
1710 EVP_PKEY_free(pkey);
1711 return ret;
1712}
1713
1714#ifndef OPENSSL_NO_EC
1715
1716static const unsigned char ec_public_sect163k1_validxy[] = {
1717 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1718 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1719 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1720 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1721 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1722 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1723};
1724
1725static const unsigned char ec_public_sect163k1_badx[] = {
1726 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1727 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1728 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1729 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1730 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1731 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1732};
1733
1734static const unsigned char ec_public_sect163k1_bady[] = {
1735 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1736 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1737 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1738 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1739 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1740 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1741};
1742
1743static struct ec_der_pub_keys_st {
1744 const unsigned char *der;
1745 size_t len;
1746 int valid;
1747} ec_der_pub_keys[] = {
1748 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1749 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1750 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1751};
1752
1753/*
1754 * Tests the range of the decoded EC char2 public point.
1755 * See ec_GF2m_simple_oct2point().
1756 */
1757static int test_invalide_ec_char2_pub_range_decode(int id)
1758{
1759 int ret = 0;
1760 EVP_PKEY *pkey;
1761
1762 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1763 ec_der_pub_keys[id].len);
1764
1765 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1766 || TEST_ptr_null(pkey);
1767 EVP_PKEY_free(pkey);
1768 return ret;
1769}
1770
1771/* Tests loading a bad key in PKCS8 format */
1772static int test_EVP_PKCS82PKEY(void)
1773{
1774 int ret = 0;
1775 const unsigned char *derp = kExampleBadECKeyDER;
1776 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1777 EVP_PKEY *pkey = NULL;
1778
1779 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1780 sizeof(kExampleBadECKeyDER))))
1781 goto done;
1782
1783 if (!TEST_ptr_eq(derp,
1784 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1785 goto done;
1786
1787 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1788 goto done;
1789
1790 ret = 1;
1791
1792 done:
1793 PKCS8_PRIV_KEY_INFO_free(p8inf);
1794 EVP_PKEY_free(pkey);
1795
1796 return ret;
1797}
1798
1799#endif
1800static int test_EVP_PKCS82PKEY_wrong_tag(void)
1801{
1802 EVP_PKEY *pkey = NULL;
1803 EVP_PKEY *pkey2 = NULL;
1804 BIO *membio = NULL;
1805 char *membuf = NULL;
1806 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1807 int ok = 0;
1808
1809 if (testctx != NULL)
1810 /* test not supported with non-default context */
1811 return 1;
1812
1813 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1814 || !TEST_ptr(pkey = load_example_rsa_key())
1815 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1816 NULL, 0, NULL, NULL),
1817 0)
1818 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1819 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1820 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
1821 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1822 goto done;
1823 }
1824
1825 ok = 1;
1826 done:
1827 EVP_PKEY_free(pkey);
1828 EVP_PKEY_free(pkey2);
1829 PKCS8_PRIV_KEY_INFO_free(p8inf);
1830 BIO_free_all(membio);
1831 return ok;
1832}
1833
1834/* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1835static int test_privatekey_to_pkcs8(void)
1836{
1837 EVP_PKEY *pkey = NULL;
1838 BIO *membio = NULL;
1839 char *membuf = NULL;
1840 long membuf_len = 0;
1841 int ok = 0;
1842
1843 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1844 || !TEST_ptr(pkey = load_example_rsa_key())
1845 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1846 NULL, 0, NULL, NULL),
1847 0)
1848 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1849 || !TEST_ptr(membuf)
1850 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1851 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1852 /*
1853 * We try to write PEM as well, just to see that it doesn't err, but
1854 * assume that the result is correct.
1855 */
1856 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1857 NULL, 0, NULL, NULL),
1858 0))
1859 goto done;
1860
1861 ok = 1;
1862 done:
1863 EVP_PKEY_free(pkey);
1864 BIO_free_all(membio);
1865 return ok;
1866}
1867
1868#ifndef OPENSSL_NO_EC
1869static const struct {
1870 int encoding;
1871 const char *encoding_name;
1872} ec_encodings[] = {
1873 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1874 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1875};
1876
1877static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1878{
1879 const OSSL_PARAM *p;
1880 const char *enc_name = NULL;
1881 int *enc = arg;
1882 size_t i;
1883
1884 *enc = -1;
1885
1886 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1887 OSSL_PKEY_PARAM_EC_ENCODING))
1888 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1889 return 0;
1890
1891 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1892 if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1893 *enc = ec_encodings[i].encoding;
1894 break;
1895 }
1896 }
1897
1898 return (*enc != -1);
1899}
1900
1901static int test_EC_keygen_with_enc(int idx)
1902{
1903 EVP_PKEY *params = NULL, *key = NULL;
1904 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1905 int enc;
1906 int ret = 0;
1907
1908 enc = ec_encodings[idx].encoding;
1909
1910 /* Create key parameters */
1911 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1912 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
1913 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0)
1914 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0)
1915 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
1916 || !TEST_ptr(params))
1917 goto done;
1918
1919 /* Create key */
1920 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1921 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1922 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1923 || !TEST_ptr(key))
1924 goto done;
1925
1926 /* Check that the encoding got all the way into the key */
1927 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1928 ec_export_get_encoding_cb, &enc))
1929 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1930 goto done;
1931
1932 ret = 1;
1933 done:
1934 EVP_PKEY_free(key);
1935 EVP_PKEY_free(params);
1936 EVP_PKEY_CTX_free(kctx);
1937 EVP_PKEY_CTX_free(pctx);
1938 return ret;
1939}
1940#endif
1941
1942#if !defined(OPENSSL_NO_SM2)
1943
1944static int test_EVP_SM2_verify(void)
1945{
1946 const char *pubkey =
1947 "-----BEGIN PUBLIC KEY-----\n"
1948 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1949 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1950 "-----END PUBLIC KEY-----\n";
1951
1952 const char *msg = "message digest";
1953 const char *id = "[email protected]";
1954
1955 const uint8_t signature[] = {
1956 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1957 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1958 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1959 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1960 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1961 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1962 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1963 };
1964
1965 int rc = 0;
1966 BIO *bio = NULL;
1967 EVP_PKEY *pkey = NULL;
1968 EVP_MD_CTX *mctx = NULL;
1969 EVP_PKEY_CTX *pctx = NULL;
1970 EVP_MD *sm3 = NULL;
1971
1972 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1973 if (!TEST_true(bio != NULL))
1974 goto done;
1975
1976 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
1977 if (!TEST_true(pkey != NULL))
1978 goto done;
1979
1980 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1981 goto done;
1982
1983 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1984 goto done;
1985
1986 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1987 goto done;
1988
1989 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1990
1991 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1992 goto done;
1993
1994 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
1995 goto done;
1996
1997 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1998 goto done;
1999
2000 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
2001 goto done;
2002
2003 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
2004 goto done;
2005 rc = 1;
2006
2007 done:
2008 BIO_free(bio);
2009 EVP_PKEY_free(pkey);
2010 EVP_PKEY_CTX_free(pctx);
2011 EVP_MD_CTX_free(mctx);
2012 EVP_MD_free(sm3);
2013 return rc;
2014}
2015
2016static int test_EVP_SM2(void)
2017{
2018 int ret = 0;
2019 EVP_PKEY *pkey = NULL;
2020 EVP_PKEY *pkeyparams = NULL;
2021 EVP_PKEY_CTX *pctx = NULL;
2022 EVP_PKEY_CTX *kctx = NULL;
2023 EVP_PKEY_CTX *sctx = NULL;
2024 size_t sig_len = 0;
2025 unsigned char *sig = NULL;
2026 EVP_MD_CTX *md_ctx = NULL;
2027 EVP_MD_CTX *md_ctx_verify = NULL;
2028 EVP_PKEY_CTX *cctx = NULL;
2029 EVP_MD *check_md = NULL;
2030
2031 uint8_t ciphertext[128];
2032 size_t ctext_len = sizeof(ciphertext);
2033
2034 uint8_t plaintext[8];
2035 size_t ptext_len = sizeof(plaintext);
2036
2037 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
2038
2039 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
2040 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
2041 int i;
2042 char mdname[OSSL_MAX_NAME_SIZE];
2043
2044 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
2045 "SM2", testpropq)))
2046 goto done;
2047
2048 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
2049 goto done;
2050
2051 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0))
2052 goto done;
2053
2054 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
2055 goto done;
2056
2057 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2058 pkeyparams, testpropq)))
2059 goto done;
2060
2061 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0))
2062 goto done;
2063
2064 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
2065 goto done;
2066
2067 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
2068 goto done;
2069
2070 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
2071 goto done;
2072
2073 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2074 goto done;
2075
2076 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
2077 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
2078
2079 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
2080 goto done;
2081
2082 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
2083 goto done;
2084
2085 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
2086 goto done;
2087
2088 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
2089 goto done;
2090
2091 /* Determine the size of the signature. */
2092 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
2093 goto done;
2094
2095 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
2096 goto done;
2097
2098 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
2099 goto done;
2100
2101 /* Ensure that the signature round-trips. */
2102
2103 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
2104 pkey)))
2105 goto done;
2106
2107 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
2108 goto done;
2109
2110 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2111 goto done;
2112
2113 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2114 goto done;
2115
2116 /*
2117 * Try verify again with non-matching 0 length id but ensure that it can
2118 * be set on the context and overrides the previous value.
2119 */
2120
2121 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
2122 pkey)))
2123 goto done;
2124
2125 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0))
2126 goto done;
2127
2128 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2129 goto done;
2130
2131 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2132 goto done;
2133
2134 /* now check encryption/decryption */
2135
2136 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2137 mdname, sizeof(mdname));
2138 for (i = 0; i < 2; i++) {
2139 const char *mdnames[] = {
2140#ifndef OPENSSL_NO_SM3
2141 "SM3",
2142#else
2143 NULL,
2144#endif
2145 "SHA2-256" };
2146 EVP_PKEY_CTX_free(cctx);
2147
2148 if (mdnames[i] == NULL)
2149 continue;
2150
2151 sparams[0] =
2152 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2153 (char *)mdnames[i], 0);
2154
2155 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2156 pkey, testpropq)))
2157 goto done;
2158
2159 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
2160 goto done;
2161
2162 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2163 goto done;
2164
2165 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
2166 sizeof(kMsg))))
2167 goto done;
2168
2169 if (!TEST_int_gt(EVP_PKEY_decrypt_init(cctx), 0))
2170 goto done;
2171
2172 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2173 goto done;
2174
2175 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
2176 ctext_len), 0))
2177 goto done;
2178
2179 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
2180 goto done;
2181
2182 /*
2183 * Test we're still using the digest we think we are.
2184 * Because of aliases, the easiest is to fetch the digest and
2185 * check the name with EVP_MD_is_a().
2186 */
2187 EVP_MD_free(check_md);
2188 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
2189 goto done;
2190 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
2191 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
2192 goto done;
2193 }
2194
2195 if (!TEST_true(ptext_len == sizeof(kMsg)))
2196 goto done;
2197
2198 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
2199 goto done;
2200 }
2201
2202 ret = 1;
2203done:
2204 EVP_PKEY_CTX_free(pctx);
2205 EVP_PKEY_CTX_free(kctx);
2206 EVP_PKEY_CTX_free(sctx);
2207 EVP_PKEY_CTX_free(cctx);
2208 EVP_PKEY_free(pkey);
2209 EVP_PKEY_free(pkeyparams);
2210 EVP_MD_CTX_free(md_ctx);
2211 EVP_MD_CTX_free(md_ctx_verify);
2212 EVP_MD_free(check_md);
2213 OPENSSL_free(sig);
2214 return ret;
2215}
2216
2217#endif
2218
2219static struct keys_st {
2220 int type;
2221 char *priv;
2222 char *pub;
2223} keys[] = {
2224 {
2225 EVP_PKEY_HMAC, "0123456789", NULL
2226 },
2227 {
2228 EVP_PKEY_HMAC, "", NULL
2229#ifndef OPENSSL_NO_POLY1305
2230 }, {
2231 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
2232#endif
2233#ifndef OPENSSL_NO_SIPHASH
2234 }, {
2235 EVP_PKEY_SIPHASH, "0123456789012345", NULL
2236#endif
2237 },
2238#ifndef OPENSSL_NO_EC
2239 {
2240 EVP_PKEY_X25519, "01234567890123456789012345678901",
2241 "abcdefghijklmnopqrstuvwxyzabcdef"
2242 }, {
2243 EVP_PKEY_ED25519, "01234567890123456789012345678901",
2244 "abcdefghijklmnopqrstuvwxyzabcdef"
2245 }, {
2246 EVP_PKEY_X448,
2247 "01234567890123456789012345678901234567890123456789012345",
2248 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2249 }, {
2250 EVP_PKEY_ED448,
2251 "012345678901234567890123456789012345678901234567890123456",
2252 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2253 }
2254#endif
2255};
2256
2257static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
2258{
2259 int ret = 0;
2260 unsigned char buf[80];
2261 unsigned char *in;
2262 size_t inlen, len = 0, shortlen = 1;
2263 EVP_PKEY *pkey;
2264
2265 /* Check if this algorithm supports public keys */
2266 if (pub && keys[tst].pub == NULL)
2267 return 1;
2268
2269 memset(buf, 0, sizeof(buf));
2270
2271 if (pub) {
2272#ifndef OPENSSL_NO_EC
2273 inlen = strlen(keys[tst].pub);
2274 in = (unsigned char *)keys[tst].pub;
2275 if (uselibctx) {
2276 pkey = EVP_PKEY_new_raw_public_key_ex(
2277 testctx,
2278 OBJ_nid2sn(keys[tst].type),
2279 NULL,
2280 in,
2281 inlen);
2282 } else {
2283 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
2284 NULL,
2285 in,
2286 inlen);
2287 }
2288#else
2289 return 1;
2290#endif
2291 } else {
2292 inlen = strlen(keys[tst].priv);
2293 in = (unsigned char *)keys[tst].priv;
2294 if (uselibctx) {
2295 pkey = EVP_PKEY_new_raw_private_key_ex(
2296 testctx, OBJ_nid2sn(keys[tst].type),
2297 NULL,
2298 in,
2299 inlen);
2300 } else {
2301 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
2302 NULL,
2303 in,
2304 inlen);
2305 }
2306 }
2307
2308 if (!TEST_ptr(pkey)
2309 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
2310 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
2311 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
2312 || !TEST_true(len == inlen))
2313 goto done;
2314 if (tst != 1) {
2315 /*
2316 * Test that supplying a buffer that is too small fails. Doesn't apply
2317 * to HMAC with a zero length key
2318 */
2319 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
2320 &shortlen)))
2321 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
2322 &shortlen))))
2323 goto done;
2324 }
2325 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
2326 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
2327 || !TEST_mem_eq(in, inlen, buf, len))
2328 goto done;
2329
2330 ret = 1;
2331 done:
2332 EVP_PKEY_free(pkey);
2333 return ret;
2334}
2335
2336static int test_set_get_raw_keys(int tst)
2337{
2338 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
2339 && test_set_get_raw_keys_int(tst, 0, 1)
2340 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
2341 && test_set_get_raw_keys_int(tst, 1, 1);
2342}
2343
2344#ifndef OPENSSL_NO_DEPRECATED_3_0
2345static int pkey_custom_check(EVP_PKEY *pkey)
2346{
2347 return 0xbeef;
2348}
2349
2350static int pkey_custom_pub_check(EVP_PKEY *pkey)
2351{
2352 return 0xbeef;
2353}
2354
2355static int pkey_custom_param_check(EVP_PKEY *pkey)
2356{
2357 return 0xbeef;
2358}
2359
2360static EVP_PKEY_METHOD *custom_pmeth;
2361#endif
2362
2363static int test_EVP_PKEY_check(int i)
2364{
2365 int ret = 0;
2366 EVP_PKEY *pkey = NULL;
2367 EVP_PKEY_CTX *ctx = NULL;
2368#ifndef OPENSSL_NO_DEPRECATED_3_0
2369 EVP_PKEY_CTX *ctx2 = NULL;
2370#endif
2371 const APK_DATA *ak = &keycheckdata[i];
2372 const unsigned char *input = ak->kder;
2373 size_t input_len = ak->size;
2374 int expected_id = ak->evptype;
2375 int expected_check = ak->check;
2376 int expected_pub_check = ak->pub_check;
2377 int expected_param_check = ak->param_check;
2378 int type = ak->type;
2379
2380 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
2381 goto done;
2382 if (type == 0
2383 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2384 goto done;
2385
2386 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2387 goto done;
2388
2389 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
2390 goto done;
2391
2392 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
2393 goto done;
2394
2395 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
2396 goto done;
2397
2398#ifndef OPENSSL_NO_DEPRECATED_3_0
2399 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
2400 /* assign the pkey directly, as an internal test */
2401 EVP_PKEY_up_ref(pkey);
2402 ctx2->pkey = pkey;
2403
2404 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
2405 goto done;
2406
2407 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
2408 goto done;
2409
2410 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
2411 goto done;
2412#endif
2413
2414 ret = 1;
2415
2416 done:
2417 EVP_PKEY_CTX_free(ctx);
2418#ifndef OPENSSL_NO_DEPRECATED_3_0
2419 EVP_PKEY_CTX_free(ctx2);
2420#endif
2421 EVP_PKEY_free(pkey);
2422 return ret;
2423}
2424
2425#ifndef OPENSSL_NO_CMAC
2426static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
2427{
2428 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
2429 const char msg[] = "Hello World";
2430 size_t maclen = AES_BLOCK_SIZE;
2431 int ret = 1;
2432
2433 if (!TEST_ptr(mdctx)
2434 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
2435 testpropq, pkey, NULL))
2436 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
2437 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
2438 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
2439 ret = 0;
2440
2441 EVP_MD_CTX_free(mdctx);
2442
2443 return ret;
2444}
2445static int test_CMAC_keygen(void)
2446{
2447 static unsigned char key[] = {
2448 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2449 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2450 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2451 };
2452 EVP_PKEY_CTX *kctx = NULL;
2453 int ret = 0;
2454 EVP_PKEY *pkey = NULL;
2455 unsigned char mac[AES_BLOCK_SIZE];
2456# if !defined(OPENSSL_NO_DEPRECATED_3_0)
2457 unsigned char mac2[AES_BLOCK_SIZE];
2458# endif
2459
2460 if (nullprov != NULL)
2461 return TEST_skip("Test does not support a non-default library context");
2462
2463 /*
2464 * This is a legacy method for CMACs, but should still work.
2465 * This verifies that it works without an ENGINE.
2466 */
2467 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2468
2469 /* Test a CMAC key created using the "generated" method */
2470 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2471 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2472 EVP_PKEY_CTRL_CIPHER,
2473 0, (void *)EVP_aes_256_cbc()), 0)
2474 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2475 EVP_PKEY_CTRL_SET_MAC_KEY,
2476 sizeof(key), (void *)key), 0)
2477 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2478 || !TEST_ptr(pkey)
2479 || !TEST_true(get_cmac_val(pkey, mac)))
2480 goto done;
2481
2482# if !defined(OPENSSL_NO_DEPRECATED_3_0)
2483 EVP_PKEY_free(pkey);
2484
2485 /*
2486 * Test a CMAC key using the direct method, and compare with the mac
2487 * created above.
2488 */
2489 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_cbc());
2490 if (!TEST_ptr(pkey)
2491 || !TEST_true(get_cmac_val(pkey, mac2))
2492 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
2493 goto done;
2494# endif
2495
2496 ret = 1;
2497
2498 done:
2499 EVP_PKEY_free(pkey);
2500 EVP_PKEY_CTX_free(kctx);
2501 return ret;
2502}
2503#endif
2504
2505static int test_HKDF(void)
2506{
2507 EVP_PKEY_CTX *pctx;
2508 unsigned char out[20];
2509 size_t outlen;
2510 int i, ret = 0;
2511 unsigned char salt[] = "0123456789";
2512 unsigned char key[] = "012345678901234567890123456789";
2513 unsigned char info[] = "infostring";
2514 const unsigned char expected[] = {
2515 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2516 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2517 };
2518 size_t expectedlen = sizeof(expected);
2519
2520 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2521 goto done;
2522
2523 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2524 for (i = 0; i < 2; i++) {
2525 outlen = sizeof(out);
2526 memset(out, 0, outlen);
2527
2528 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2529 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2530 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2531 sizeof(salt) - 1), 0)
2532 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2533 sizeof(key) - 1), 0)
2534 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2535 sizeof(info) - 1), 0)
2536 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2537 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2538 goto done;
2539 }
2540
2541 ret = 1;
2542
2543 done:
2544 EVP_PKEY_CTX_free(pctx);
2545
2546 return ret;
2547}
2548
2549static int test_emptyikm_HKDF(void)
2550{
2551 EVP_PKEY_CTX *pctx;
2552 unsigned char out[20];
2553 size_t outlen;
2554 int ret = 0;
2555 unsigned char salt[] = "9876543210";
2556 unsigned char key[] = "";
2557 unsigned char info[] = "stringinfo";
2558 const unsigned char expected[] = {
2559 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2560 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2561 };
2562 size_t expectedlen = sizeof(expected);
2563
2564 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2565 goto done;
2566
2567 outlen = sizeof(out);
2568 memset(out, 0, outlen);
2569
2570 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2571 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2572 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2573 sizeof(salt) - 1), 0)
2574 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2575 sizeof(key) - 1), 0)
2576 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2577 sizeof(info) - 1), 0)
2578 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2579 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2580 goto done;
2581
2582 ret = 1;
2583
2584 done:
2585 EVP_PKEY_CTX_free(pctx);
2586
2587 return ret;
2588}
2589
2590static int test_empty_salt_info_HKDF(void)
2591{
2592 EVP_PKEY_CTX *pctx;
2593 unsigned char out[20];
2594 size_t outlen;
2595 int ret = 0;
2596 unsigned char salt[] = "";
2597 unsigned char key[] = "012345678901234567890123456789";
2598 unsigned char info[] = "";
2599 const unsigned char expected[] = {
2600 0x67, 0x12, 0xf9, 0x27, 0x8a, 0x8a, 0x3a, 0x8f, 0x7d, 0x2c, 0xa3, 0x6a,
2601 0xaa, 0xe9, 0xb3, 0xb9, 0x52, 0x5f, 0xe0, 0x06,
2602 };
2603 size_t expectedlen = sizeof(expected);
2604
2605 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2606 goto done;
2607
2608 outlen = sizeof(out);
2609 memset(out, 0, outlen);
2610
2611 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2612 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2613 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2614 sizeof(salt) - 1), 0)
2615 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2616 sizeof(key) - 1), 0)
2617 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2618 sizeof(info) - 1), 0)
2619 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2620 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2621 goto done;
2622
2623 ret = 1;
2624
2625 done:
2626 EVP_PKEY_CTX_free(pctx);
2627
2628 return ret;
2629}
2630
2631#ifndef OPENSSL_NO_EC
2632static int test_X509_PUBKEY_inplace(void)
2633{
2634 int ret = 0;
2635 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
2636 const unsigned char *p = kExampleECPubKeyDER;
2637 size_t input_len = sizeof(kExampleECPubKeyDER);
2638
2639 if (!TEST_ptr(xp))
2640 goto done;
2641 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
2642 goto done;
2643
2644 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2645 goto done;
2646
2647 p = kExampleBadECPubKeyDER;
2648 input_len = sizeof(kExampleBadECPubKeyDER);
2649
2650 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2651 goto done;
2652
2653 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2654 goto done;
2655
2656 ret = 1;
2657
2658 done:
2659 X509_PUBKEY_free(xp);
2660 return ret;
2661}
2662
2663static int test_X509_PUBKEY_dup(void)
2664{
2665 int ret = 0;
2666 X509_PUBKEY *xp = NULL, *xq = NULL;
2667 const unsigned char *p = kExampleECPubKeyDER;
2668 size_t input_len = sizeof(kExampleECPubKeyDER);
2669
2670 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2671 if (!TEST_ptr(xp)
2672 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
2673 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2674 || !TEST_ptr_ne(xp, xq))
2675 goto done;
2676
2677 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2678 || !TEST_ptr(X509_PUBKEY_get0(xp))
2679 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
2680 goto done;
2681
2682 X509_PUBKEY_free(xq);
2683 xq = NULL;
2684 p = kExampleBadECPubKeyDER;
2685 input_len = sizeof(kExampleBadECPubKeyDER);
2686
2687 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2688 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2689 goto done;
2690
2691 X509_PUBKEY_free(xp);
2692 xp = NULL;
2693 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2694 goto done;
2695
2696 ret = 1;
2697
2698 done:
2699 X509_PUBKEY_free(xp);
2700 X509_PUBKEY_free(xq);
2701 return ret;
2702}
2703#endif /* OPENSSL_NO_EC */
2704
2705/* Test getting and setting parameters on an EVP_PKEY_CTX */
2706static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
2707{
2708 EVP_MD_CTX *mdctx = NULL;
2709 EVP_PKEY_CTX *ctx = NULL;
2710 const OSSL_PARAM *params;
2711 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
2712 int ret = 0;
2713 const EVP_MD *md;
2714 char mdname[OSSL_MAX_NAME_SIZE];
2715 char ssl3ms[48];
2716
2717 /* Initialise a sign operation */
2718 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
2719 if (!TEST_ptr(ctx)
2720 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
2721 goto err;
2722
2723 /*
2724 * We should be able to query the parameters now.
2725 */
2726 params = EVP_PKEY_CTX_settable_params(ctx);
2727 if (!TEST_ptr(params)
2728 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2729 OSSL_SIGNATURE_PARAM_DIGEST)))
2730 goto err;
2731
2732 params = EVP_PKEY_CTX_gettable_params(ctx);
2733 if (!TEST_ptr(params)
2734 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2735 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
2736 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2737 OSSL_SIGNATURE_PARAM_DIGEST)))
2738 goto err;
2739
2740 /*
2741 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2742 * EVP_PKEY_CTX_get_params()
2743 */
2744 strcpy(mdname, "SHA512");
2745 param_md = param;
2746 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2747 mdname, 0);
2748 *param++ = OSSL_PARAM_construct_end();
2749
2750 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2751 goto err;
2752
2753 mdname[0] = '\0';
2754 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2755 mdname, sizeof(mdname));
2756 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
2757 || !TEST_str_eq(mdname, "SHA512"))
2758 goto err;
2759
2760 /*
2761 * Test the TEST_PKEY_CTX_set_signature_md() and
2762 * TEST_PKEY_CTX_get_signature_md() functions
2763 */
2764 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2765 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2766 || !TEST_ptr_eq(md, EVP_sha256()))
2767 goto err;
2768
2769 /*
2770 * Test getting MD parameters via an associated EVP_PKEY_CTX
2771 */
2772 mdctx = EVP_MD_CTX_new();
2773 if (!TEST_ptr(mdctx)
2774 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2775 pkey, NULL)))
2776 goto err;
2777
2778 /*
2779 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2780 * able to obtain the digest's settable parameters from the provider.
2781 */
2782 params = EVP_MD_CTX_settable_params(mdctx);
2783 if (!TEST_ptr(params)
2784 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2785 /* The final key should be NULL */
2786 || !TEST_ptr_null(params[1].key))
2787 goto err;
2788
2789 param = ourparams;
2790 memset(ssl3ms, 0, sizeof(ssl3ms));
2791 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2792 ssl3ms, sizeof(ssl3ms));
2793 *param++ = OSSL_PARAM_construct_end();
2794
2795 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2796 goto err;
2797
2798 ret = 1;
2799
2800 err:
2801 EVP_MD_CTX_free(mdctx);
2802 EVP_PKEY_CTX_free(ctx);
2803
2804 return ret;
2805}
2806
2807#ifndef OPENSSL_NO_DSA
2808static int test_DSA_get_set_params(void)
2809{
2810 OSSL_PARAM_BLD *bld = NULL;
2811 OSSL_PARAM *params = NULL;
2812 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2813 EVP_PKEY_CTX *pctx = NULL;
2814 EVP_PKEY *pkey = NULL;
2815 int ret = 0;
2816
2817 /*
2818 * Setup the parameters for our DSA object. For our purposes they don't
2819 * have to actually be *valid* parameters. We just need to set something.
2820 */
2821 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2822 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2823 || !TEST_ptr(p = BN_new())
2824 || !TEST_ptr(q = BN_new())
2825 || !TEST_ptr(g = BN_new())
2826 || !TEST_ptr(pub = BN_new())
2827 || !TEST_ptr(priv = BN_new()))
2828 goto err;
2829 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2830 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2831 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2832 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2833 pub))
2834 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2835 priv)))
2836 goto err;
2837 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2838 goto err;
2839
2840 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2841 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2842 params), 0))
2843 goto err;
2844
2845 if (!TEST_ptr(pkey))
2846 goto err;
2847
2848 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2849
2850 err:
2851 EVP_PKEY_free(pkey);
2852 EVP_PKEY_CTX_free(pctx);
2853 OSSL_PARAM_free(params);
2854 OSSL_PARAM_BLD_free(bld);
2855 BN_free(p);
2856 BN_free(q);
2857 BN_free(g);
2858 BN_free(pub);
2859 BN_free(priv);
2860
2861 return ret;
2862}
2863
2864/*
2865 * Test combinations of private, public, missing and private + public key
2866 * params to ensure they are all accepted
2867 */
2868static int test_DSA_priv_pub(void)
2869{
2870 return test_EVP_PKEY_ffc_priv_pub("DSA");
2871}
2872
2873#endif /* !OPENSSL_NO_DSA */
2874
2875static int test_RSA_get_set_params(void)
2876{
2877 OSSL_PARAM_BLD *bld = NULL;
2878 OSSL_PARAM *params = NULL;
2879 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2880 EVP_PKEY_CTX *pctx = NULL;
2881 EVP_PKEY *pkey = NULL;
2882 int ret = 0;
2883
2884 /*
2885 * Setup the parameters for our RSA object. For our purposes they don't
2886 * have to actually be *valid* parameters. We just need to set something.
2887 */
2888 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2889 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2890 || !TEST_ptr(n = BN_new())
2891 || !TEST_ptr(e = BN_new())
2892 || !TEST_ptr(d = BN_new()))
2893 goto err;
2894 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2895 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2896 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2897 goto err;
2898 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2899 goto err;
2900
2901 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2902 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2903 params), 0))
2904 goto err;
2905
2906 if (!TEST_ptr(pkey))
2907 goto err;
2908
2909 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2910
2911 err:
2912 EVP_PKEY_free(pkey);
2913 EVP_PKEY_CTX_free(pctx);
2914 OSSL_PARAM_free(params);
2915 OSSL_PARAM_BLD_free(bld);
2916 BN_free(n);
2917 BN_free(e);
2918 BN_free(d);
2919
2920 return ret;
2921}
2922
2923static int test_RSA_OAEP_set_get_params(void)
2924{
2925 int ret = 0;
2926 EVP_PKEY *key = NULL;
2927 EVP_PKEY_CTX *key_ctx = NULL;
2928
2929 if (nullprov != NULL)
2930 return TEST_skip("Test does not support a non-default library context");
2931
2932 if (!TEST_ptr(key = load_example_rsa_key())
2933 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(0, key, 0)))
2934 goto err;
2935
2936 {
2937 int padding = RSA_PKCS1_OAEP_PADDING;
2938 OSSL_PARAM params[4];
2939
2940 params[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE, &padding);
2941 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
2942 OSSL_DIGEST_NAME_SHA2_256, 0);
2943 params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
2944 OSSL_DIGEST_NAME_SHA1, 0);
2945 params[3] = OSSL_PARAM_construct_end();
2946
2947 if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params),0))
2948 goto err;
2949 }
2950 {
2951 OSSL_PARAM params[3];
2952 char oaepmd[30] = { '\0' };
2953 char mgf1md[30] = { '\0' };
2954
2955 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
2956 oaepmd, sizeof(oaepmd));
2957 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
2958 mgf1md, sizeof(mgf1md));
2959 params[2] = OSSL_PARAM_construct_end();
2960
2961 if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx, params)))
2962 goto err;
2963
2964 if (!TEST_str_eq(oaepmd, OSSL_DIGEST_NAME_SHA2_256)
2965 || !TEST_str_eq(mgf1md, OSSL_DIGEST_NAME_SHA1))
2966 goto err;
2967 }
2968
2969 ret = 1;
2970
2971 err:
2972 EVP_PKEY_free(key);
2973 EVP_PKEY_CTX_free(key_ctx);
2974
2975 return ret;
2976}
2977
2978/* https://github.com/openssl/openssl/issues/21288 */
2979static int test_RSA_OAEP_set_null_label(void)
2980{
2981 int ret = 0;
2982 EVP_PKEY *key = NULL;
2983 EVP_PKEY_CTX *key_ctx = NULL;
2984
2985 if (!TEST_ptr(key = load_example_rsa_key())
2986 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(testctx, key, NULL))
2987 || !TEST_true(EVP_PKEY_encrypt_init(key_ctx)))
2988 goto err;
2989
2990 if (!TEST_true(EVP_PKEY_CTX_set_rsa_padding(key_ctx, RSA_PKCS1_OAEP_PADDING)))
2991 goto err;
2992
2993 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, OPENSSL_strdup("foo"), 0)))
2994 goto err;
2995
2996 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, NULL, 0)))
2997 goto err;
2998
2999 ret = 1;
3000
3001 err:
3002 EVP_PKEY_free(key);
3003 EVP_PKEY_CTX_free(key_ctx);
3004
3005 return ret;
3006}
3007
3008#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
3009static int test_decrypt_null_chunks(void)
3010{
3011 EVP_CIPHER_CTX* ctx = NULL;
3012 EVP_CIPHER *cipher = NULL;
3013 const unsigned char key[32] = {
3014 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
3015 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
3016 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
3017 };
3018 unsigned char iv[12] = {
3019 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
3020 };
3021 unsigned char msg[] = "It was the best of times, it was the worst of times";
3022 unsigned char ciphertext[80];
3023 unsigned char plaintext[80];
3024 /* We initialise tmp to a non zero value on purpose */
3025 int ctlen, ptlen, tmp = 99;
3026 int ret = 0;
3027 const int enc_offset = 10, dec_offset = 20;
3028
3029 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
3030 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
3031 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
3032 key, iv))
3033 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
3034 enc_offset))
3035 /* Deliberate add a zero length update */
3036 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
3037 0))
3038 || !TEST_int_eq(tmp, 0)
3039 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
3040 msg + enc_offset,
3041 sizeof(msg) - enc_offset))
3042 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
3043 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
3044 || !TEST_int_eq(tmp, 0))
3045 goto err;
3046
3047 /* Deliberately initialise tmp to a non zero value */
3048 tmp = 99;
3049 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
3050 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
3051 dec_offset))
3052 /*
3053 * Deliberately add a zero length update. We also deliberately do
3054 * this at a different offset than for encryption.
3055 */
3056 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
3057 0))
3058 || !TEST_int_eq(tmp, 0)
3059 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
3060 ciphertext + dec_offset,
3061 ctlen - dec_offset))
3062 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
3063 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
3064 || !TEST_int_eq(tmp, 0)
3065 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
3066 goto err;
3067
3068 ret = 1;
3069 err:
3070 EVP_CIPHER_CTX_free(ctx);
3071 EVP_CIPHER_free(cipher);
3072 return ret;
3073}
3074#endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
3075
3076#ifndef OPENSSL_NO_DH
3077/*
3078 * Test combinations of private, public, missing and private + public key
3079 * params to ensure they are all accepted
3080 */
3081static int test_DH_priv_pub(void)
3082{
3083 return test_EVP_PKEY_ffc_priv_pub("DH");
3084}
3085
3086# ifndef OPENSSL_NO_DEPRECATED_3_0
3087static int test_EVP_PKEY_set1_DH(void)
3088{
3089 DH *x942dh = NULL, *noqdh = NULL;
3090 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
3091 int ret = 0;
3092 BIGNUM *p, *g = NULL;
3093 BIGNUM *pubkey = NULL;
3094 unsigned char pub[2048 / 8];
3095 size_t len = 0;
3096
3097 if (!TEST_ptr(p = BN_new())
3098 || !TEST_ptr(g = BN_new())
3099 || !TEST_ptr(pubkey = BN_new())
3100 || !TEST_true(BN_set_word(p, 9999))
3101 || !TEST_true(BN_set_word(g, 2))
3102 || !TEST_true(BN_set_word(pubkey, 4321))
3103 || !TEST_ptr(noqdh = DH_new())
3104 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
3105 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
3106 || !TEST_ptr(pubkey = BN_new())
3107 || !TEST_true(BN_set_word(pubkey, 4321)))
3108 goto err;
3109 p = g = NULL;
3110
3111 x942dh = DH_get_2048_256();
3112 pkey1 = EVP_PKEY_new();
3113 pkey2 = EVP_PKEY_new();
3114 if (!TEST_ptr(x942dh)
3115 || !TEST_ptr(noqdh)
3116 || !TEST_ptr(pkey1)
3117 || !TEST_ptr(pkey2)
3118 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
3119 goto err;
3120 pubkey = NULL;
3121
3122 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
3123 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
3124 goto err;
3125
3126 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
3127 &pubkey))
3128 || !TEST_ptr(pubkey))
3129 goto err;
3130
3131 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
3132 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
3133 goto err;
3134
3135 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
3136 OSSL_PKEY_PARAM_PUB_KEY,
3137 pub, sizeof(pub), &len))
3138 || !TEST_size_t_ne(len, 0))
3139 goto err;
3140
3141 ret = 1;
3142 err:
3143 BN_free(p);
3144 BN_free(g);
3145 BN_free(pubkey);
3146 EVP_PKEY_free(pkey1);
3147 EVP_PKEY_free(pkey2);
3148 DH_free(x942dh);
3149 DH_free(noqdh);
3150
3151 return ret;
3152}
3153# endif /* !OPENSSL_NO_DEPRECATED_3_0 */
3154#endif /* !OPENSSL_NO_DH */
3155
3156/*
3157 * We test what happens with an empty template. For the sake of this test,
3158 * the template must be ignored, and we know that's the case for RSA keys
3159 * (this might arguably be a misfeature, but that's what we currently do,
3160 * even in provider code, since that's how the legacy RSA implementation
3161 * does things)
3162 */
3163static int test_keygen_with_empty_template(int n)
3164{
3165 EVP_PKEY_CTX *ctx = NULL;
3166 EVP_PKEY *pkey = NULL;
3167 EVP_PKEY *tkey = NULL;
3168 int ret = 0;
3169
3170 if (nullprov != NULL)
3171 return TEST_skip("Test does not support a non-default library context");
3172
3173 switch (n) {
3174 case 0:
3175 /* We do test with no template at all as well */
3176 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
3177 goto err;
3178 break;
3179 case 1:
3180 /* Here we create an empty RSA key that serves as our template */
3181 if (!TEST_ptr(tkey = EVP_PKEY_new())
3182 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
3183 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
3184 goto err;
3185 break;
3186 }
3187
3188 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3189 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
3190 goto err;
3191
3192 ret = 1;
3193 err:
3194 EVP_PKEY_CTX_free(ctx);
3195 EVP_PKEY_free(pkey);
3196 EVP_PKEY_free(tkey);
3197 return ret;
3198}
3199
3200/*
3201 * Test that we fail if we attempt to use an algorithm that is not available
3202 * in the current library context (unless we are using an algorithm that
3203 * should be made available via legacy codepaths).
3204 *
3205 * 0: RSA
3206 * 1: SM2
3207 */
3208static int test_pkey_ctx_fail_without_provider(int tst)
3209{
3210 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
3211 OSSL_PROVIDER *tmpnullprov = NULL;
3212 EVP_PKEY_CTX *pctx = NULL;
3213 const char *keytype = NULL;
3214 int expect_null = 0;
3215 int ret = 0;
3216
3217 if (!TEST_ptr(tmpctx))
3218 goto err;
3219
3220 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
3221 if (!TEST_ptr(tmpnullprov))
3222 goto err;
3223
3224 /*
3225 * We check for certain algos in the null provider.
3226 * If an algo is expected to have a provider keymgmt, constructing an
3227 * EVP_PKEY_CTX is expected to fail (return NULL).
3228 * Otherwise, if it's expected to have legacy support, constructing an
3229 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
3230 */
3231 switch (tst) {
3232 case 0:
3233 keytype = "RSA";
3234 expect_null = 1;
3235 break;
3236 case 1:
3237 keytype = "SM2";
3238 expect_null = 1;
3239#ifdef OPENSSL_NO_EC
3240 TEST_info("EC disable, skipping SM2 check...");
3241 goto end;
3242#endif
3243#ifdef OPENSSL_NO_SM2
3244 TEST_info("SM2 disable, skipping SM2 check...");
3245 goto end;
3246#endif
3247 break;
3248 default:
3249 TEST_error("No test for case %d", tst);
3250 goto err;
3251 }
3252
3253 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
3254 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
3255 goto err;
3256
3257#if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
3258 end:
3259#endif
3260 ret = 1;
3261
3262 err:
3263 EVP_PKEY_CTX_free(pctx);
3264 OSSL_PROVIDER_unload(tmpnullprov);
3265 OSSL_LIB_CTX_free(tmpctx);
3266 return ret;
3267}
3268
3269static int test_rand_agglomeration(void)
3270{
3271 EVP_RAND *rand;
3272 EVP_RAND_CTX *ctx;
3273 OSSL_PARAM params[3], *p = params;
3274 int res;
3275 unsigned int step = 7;
3276 static unsigned char seed[] = "It does not matter how slowly you go "
3277 "as long as you do not stop.";
3278 unsigned char out[sizeof(seed)];
3279
3280 if (!TEST_int_ne(sizeof(seed) % step, 0)
3281 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
3282 return 0;
3283 ctx = EVP_RAND_CTX_new(rand, NULL);
3284 EVP_RAND_free(rand);
3285 if (!TEST_ptr(ctx))
3286 return 0;
3287
3288 memset(out, 0, sizeof(out));
3289 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
3290 seed, sizeof(seed));
3291 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
3292 *p = OSSL_PARAM_construct_end();
3293 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
3294 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
3295 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
3296 EVP_RAND_CTX_free(ctx);
3297 return res;
3298}
3299
3300/*
3301 * Test that we correctly return the original or "running" IV after
3302 * an encryption operation.
3303 * Run multiple times for some different relevant algorithms/modes.
3304 */
3305static int test_evp_iv_aes(int idx)
3306{
3307 int ret = 0;
3308 EVP_CIPHER_CTX *ctx = NULL;
3309 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
3310 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
3311 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
3312 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
3313 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
3314 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3315 9, 10, 11, 12, 13, 14, 15, 16 };
3316 unsigned char ciphertext[32], oiv[16], iv[16];
3317 unsigned char *ref_iv;
3318 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
3319 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
3320
3321 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
3322 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
3323 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
3324 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
3325 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3326 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3327 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
3328#ifndef OPENSSL_NO_OCB
3329 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3330 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3331#endif
3332 int len = sizeof(ciphertext);
3333 size_t ivlen, ref_len;
3334 const EVP_CIPHER *type = NULL;
3335 int iv_reset = 0;
3336
3337 if (nullprov != NULL && idx < 6)
3338 return TEST_skip("Test does not support a non-default library context");
3339
3340 switch(idx) {
3341 case 0:
3342 type = EVP_aes_128_cbc();
3343 /* FALLTHROUGH */
3344 case 6:
3345 type = (type != NULL) ? type :
3346 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
3347 ref_iv = cbc_state;
3348 ref_len = sizeof(cbc_state);
3349 iv_reset = 1;
3350 break;
3351 case 1:
3352 type = EVP_aes_128_ofb();
3353 /* FALLTHROUGH */
3354 case 7:
3355 type = (type != NULL) ? type :
3356 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
3357 ref_iv = ofb_state;
3358 ref_len = sizeof(ofb_state);
3359 iv_reset = 1;
3360 break;
3361 case 2:
3362 type = EVP_aes_128_cfb();
3363 /* FALLTHROUGH */
3364 case 8:
3365 type = (type != NULL) ? type :
3366 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
3367 ref_iv = cfb_state;
3368 ref_len = sizeof(cfb_state);
3369 iv_reset = 1;
3370 break;
3371 case 3:
3372 type = EVP_aes_128_gcm();
3373 /* FALLTHROUGH */
3374 case 9:
3375 type = (type != NULL) ? type :
3376 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
3377 ref_iv = gcm_state;
3378 ref_len = sizeof(gcm_state);
3379 break;
3380 case 4:
3381 type = EVP_aes_128_ccm();
3382 /* FALLTHROUGH */
3383 case 10:
3384 type = (type != NULL) ? type :
3385 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
3386 ref_iv = ccm_state;
3387 ref_len = sizeof(ccm_state);
3388 break;
3389#ifdef OPENSSL_NO_OCB
3390 case 5:
3391 case 11:
3392 return 1;
3393#else
3394 case 5:
3395 type = EVP_aes_128_ocb();
3396 /* FALLTHROUGH */
3397 case 11:
3398 type = (type != NULL) ? type :
3399 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
3400 ref_iv = ocb_state;
3401 ref_len = sizeof(ocb_state);
3402 break;
3403#endif
3404 default:
3405 return 0;
3406 }
3407
3408 if (!TEST_ptr(type)
3409 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3410 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3411 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3412 (int)sizeof(msg)))
3413 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3414 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3415 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3416 goto err;
3417 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3418 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3419 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3420 goto err;
3421
3422 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3423 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3424 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3425 goto err;
3426 if (iv_reset) {
3427 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3428 goto err;
3429 } else {
3430 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
3431 goto err;
3432 }
3433
3434 ret = 1;
3435err:
3436 EVP_CIPHER_CTX_free(ctx);
3437 if (idx >= 6)
3438 EVP_CIPHER_free((EVP_CIPHER *)type);
3439 return ret;
3440}
3441
3442#ifndef OPENSSL_NO_DES
3443static int test_evp_iv_des(int idx)
3444{
3445 int ret = 0;
3446 EVP_CIPHER_CTX *ctx = NULL;
3447 static const unsigned char key[24] = {
3448 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3449 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3450 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3451 };
3452 static const unsigned char init_iv[8] = {
3453 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3454 };
3455 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3456 9, 10, 11, 12, 13, 14, 15, 16 };
3457 unsigned char ciphertext[32], oiv[8], iv[8];
3458 unsigned const char *ref_iv;
3459 static const unsigned char cbc_state_des[8] = {
3460 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3461 };
3462 static const unsigned char cbc_state_3des[8] = {
3463 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3464 };
3465 static const unsigned char ofb_state_des[8] = {
3466 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3467 };
3468 static const unsigned char ofb_state_3des[8] = {
3469 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3470 };
3471 static const unsigned char cfb_state_des[8] = {
3472 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3473 };
3474 static const unsigned char cfb_state_3des[8] = {
3475 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3476 };
3477 int len = sizeof(ciphertext);
3478 size_t ivlen, ref_len;
3479 EVP_CIPHER *type = NULL;
3480
3481 if (lgcyprov == NULL && idx < 3)
3482 return TEST_skip("Test requires legacy provider to be loaded");
3483
3484 switch(idx) {
3485 case 0:
3486 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
3487 ref_iv = cbc_state_des;
3488 ref_len = sizeof(cbc_state_des);
3489 break;
3490 case 1:
3491 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
3492 ref_iv = ofb_state_des;
3493 ref_len = sizeof(ofb_state_des);
3494 break;
3495 case 2:
3496 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
3497 ref_iv = cfb_state_des;
3498 ref_len = sizeof(cfb_state_des);
3499 break;
3500 case 3:
3501 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
3502 ref_iv = cbc_state_3des;
3503 ref_len = sizeof(cbc_state_3des);
3504 break;
3505 case 4:
3506 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
3507 ref_iv = ofb_state_3des;
3508 ref_len = sizeof(ofb_state_3des);
3509 break;
3510 case 5:
3511 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
3512 ref_iv = cfb_state_3des;
3513 ref_len = sizeof(cfb_state_3des);
3514 break;
3515 default:
3516 return 0;
3517 }
3518
3519 if (!TEST_ptr(type)
3520 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3521 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3522 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3523 (int)sizeof(msg)))
3524 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3525 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3526 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3527 goto err;
3528 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3529 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3530 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3531 goto err;
3532
3533 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3534 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3535 goto err;
3536 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3537 goto err;
3538
3539 ret = 1;
3540err:
3541 EVP_CIPHER_CTX_free(ctx);
3542 EVP_CIPHER_free(type);
3543 return ret;
3544}
3545#endif
3546
3547#ifndef OPENSSL_NO_BF
3548static int test_evp_bf_default_keylen(int idx)
3549{
3550 int ret = 0;
3551 static const char *algos[4] = {
3552 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb"
3553 };
3554 int ivlen[4] = { 0, 8, 8, 8 };
3555 EVP_CIPHER *cipher = NULL;
3556
3557 if (lgcyprov == NULL)
3558 return TEST_skip("Test requires legacy provider to be loaded");
3559
3560 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq))
3561 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16)
3562 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx]))
3563 goto err;
3564
3565 ret = 1;
3566err:
3567 EVP_CIPHER_free(cipher);
3568 return ret;
3569}
3570#endif
3571
3572#ifndef OPENSSL_NO_EC
3573static int ecpub_nids[] = {
3574 NID_brainpoolP256r1, NID_X9_62_prime256v1,
3575 NID_secp384r1, NID_secp521r1,
3576# ifndef OPENSSL_NO_EC2M
3577 NID_sect233k1, NID_sect233r1, NID_sect283r1,
3578 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
3579# endif
3580 NID_brainpoolP384r1, NID_brainpoolP512r1
3581};
3582
3583static int test_ecpub(int idx)
3584{
3585 int ret = 0, len, savelen;
3586 int nid;
3587 unsigned char buf[1024];
3588 unsigned char *p;
3589 EVP_PKEY *pkey = NULL;
3590 EVP_PKEY_CTX *ctx = NULL;
3591# ifndef OPENSSL_NO_DEPRECATED_3_0
3592 const unsigned char *q;
3593 EVP_PKEY *pkey2 = NULL;
3594 EC_KEY *ec = NULL;
3595# endif
3596
3597 if (nullprov != NULL)
3598 return TEST_skip("Test does not support a non-default library context");
3599
3600 nid = ecpub_nids[idx];
3601
3602 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
3603 if (!TEST_ptr(ctx)
3604 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3605 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0)
3606 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
3607 goto done;
3608 len = i2d_PublicKey(pkey, NULL);
3609 savelen = len;
3610 if (!TEST_int_ge(len, 1)
3611 || !TEST_int_lt(len, 1024))
3612 goto done;
3613 p = buf;
3614 len = i2d_PublicKey(pkey, &p);
3615 if (!TEST_int_ge(len, 1)
3616 || !TEST_int_eq(len, savelen))
3617 goto done;
3618
3619# ifndef OPENSSL_NO_DEPRECATED_3_0
3620 /* Now try to decode the just-created DER. */
3621 q = buf;
3622 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
3623 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
3624 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
3625 goto done;
3626 /* EC_KEY ownership transferred */
3627 ec = NULL;
3628 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
3629 goto done;
3630 /* The keys should match. */
3631 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
3632 goto done;
3633# endif
3634
3635 ret = 1;
3636
3637 done:
3638 EVP_PKEY_CTX_free(ctx);
3639 EVP_PKEY_free(pkey);
3640# ifndef OPENSSL_NO_DEPRECATED_3_0
3641 EVP_PKEY_free(pkey2);
3642 EC_KEY_free(ec);
3643# endif
3644 return ret;
3645}
3646#endif
3647
3648static int test_EVP_rsa_pss_with_keygen_bits(void)
3649{
3650 int ret = 0;
3651 EVP_PKEY_CTX *ctx = NULL;
3652 EVP_PKEY *pkey = NULL;
3653 EVP_MD *md;
3654
3655 md = EVP_MD_fetch(testctx, "sha256", testpropq);
3656 ret = TEST_ptr(md)
3657 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq)))
3658 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3659 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
3660 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0)
3661 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
3662
3663 EVP_MD_free(md);
3664 EVP_PKEY_free(pkey);
3665 EVP_PKEY_CTX_free(ctx);
3666 return ret;
3667}
3668
3669static int test_EVP_rsa_pss_set_saltlen(void)
3670{
3671 int ret = 0;
3672 EVP_PKEY *pkey = NULL;
3673 EVP_PKEY_CTX *pkey_ctx = NULL;
3674 EVP_MD *sha256 = NULL;
3675 EVP_MD_CTX *sha256_ctx = NULL;
3676 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
3677 const int test_value = 32;
3678
3679 ret = TEST_ptr(pkey = load_example_rsa_key())
3680 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
3681 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
3682 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
3683 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
3684 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0)
3685 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0)
3686 && TEST_int_eq(saltlen, test_value);
3687
3688 EVP_MD_CTX_free(sha256_ctx);
3689 EVP_PKEY_free(pkey);
3690 EVP_MD_free(sha256);
3691
3692 return ret;
3693}
3694
3695static int success = 1;
3696static void md_names(const char *name, void *vctx)
3697{
3698 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
3699 /* Force a namemap update */
3700 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
3701
3702 if (!TEST_ptr(aes128))
3703 success = 0;
3704
3705 EVP_CIPHER_free(aes128);
3706}
3707
3708/*
3709 * Test that changing the namemap in a user callback works in a names_do_all
3710 * function.
3711 */
3712static int test_names_do_all(void)
3713{
3714 /* We use a custom libctx so that we know the state of the namemap */
3715 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
3716 EVP_MD *sha256 = NULL;
3717 int testresult = 0;
3718
3719 if (!TEST_ptr(ctx))
3720 goto err;
3721
3722 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
3723 if (!TEST_ptr(sha256))
3724 goto err;
3725
3726 /*
3727 * We loop through all the names for a given digest. This should still work
3728 * even if the namemap changes part way through.
3729 */
3730 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
3731 goto err;
3732
3733 if (!TEST_true(success))
3734 goto err;
3735
3736 testresult = 1;
3737 err:
3738 EVP_MD_free(sha256);
3739 OSSL_LIB_CTX_free(ctx);
3740 return testresult;
3741}
3742
3743typedef struct {
3744 const char *cipher;
3745 const unsigned char *key;
3746 const unsigned char *iv;
3747 const unsigned char *input;
3748 const unsigned char *expected;
3749 const unsigned char *tag;
3750 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3751 size_t inlen;
3752 size_t expectedlen;
3753 size_t taglen;
3754 int keyfirst;
3755 int initenc;
3756 int finalenc;
3757} EVP_INIT_TEST_st;
3758
3759static const EVP_INIT_TEST_st evp_init_tests[] = {
3760 {
3761 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3762 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3763 0, 1, 0, 1
3764 },
3765 {
3766 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3767 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3768 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3769 sizeof(gcmDefaultTag), 1, 0, 1
3770 },
3771 {
3772 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3773 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3774 0, 0, 0, 1
3775 },
3776 {
3777 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3778 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3779 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3780 sizeof(gcmDefaultTag), 0, 0, 1
3781 },
3782 {
3783 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3784 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3785 0, 1, 1, 0
3786 },
3787 {
3788 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3789 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3790 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3791 sizeof(gcmDefaultTag), 1, 1, 0
3792 },
3793 {
3794 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3795 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3796 0, 0, 1, 0
3797 },
3798 {
3799 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3800 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3801 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3802 sizeof(gcmDefaultTag), 0, 1, 0
3803 }
3804};
3805
3806/* use same key, iv and plaintext for cfb and ofb */
3807static const EVP_INIT_TEST_st evp_reinit_tests[] = {
3808 {
3809 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial,
3810 cfbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial),
3811 sizeof(cfbCiphertext_partial), 0, 0, 1, 0
3812 },
3813 {
3814 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext_partial,
3815 cfbPlaintext_partial, NULL, 0, sizeof(cfbCiphertext_partial),
3816 sizeof(cfbPlaintext_partial), 0, 0, 0, 0
3817 },
3818 {
3819 "aes-128-ofb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial,
3820 ofbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial),
3821 sizeof(ofbCiphertext_partial), 0, 0, 1, 0
3822 },
3823 {
3824 "aes-128-ofb", kCFBDefaultKey, iCFBIV, ofbCiphertext_partial,
3825 cfbPlaintext_partial, NULL, 0, sizeof(ofbCiphertext_partial),
3826 sizeof(cfbPlaintext_partial), 0, 0, 0, 0
3827 },
3828};
3829
3830static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
3831{
3832 int res = 0;
3833
3834 if (t->ivlen != 0) {
3835 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0))
3836 goto err;
3837 }
3838 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
3839 goto err;
3840 res = 1;
3841 err:
3842 return res;
3843}
3844
3845/*
3846 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3847 * arguments are given one at a time and a final adjustment to the enc
3848 * parameter sets the correct operation.
3849 */
3850static int test_evp_init_seq(int idx)
3851{
3852 int outlen1, outlen2;
3853 int testresult = 0;
3854 unsigned char outbuf[1024];
3855 unsigned char tag[16];
3856 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
3857 EVP_CIPHER_CTX *ctx = NULL;
3858 EVP_CIPHER *type = NULL;
3859 size_t taglen = sizeof(tag);
3860 char *errmsg = NULL;
3861
3862 ctx = EVP_CIPHER_CTX_new();
3863 if (ctx == NULL) {
3864 errmsg = "CTX_ALLOC";
3865 goto err;
3866 }
3867 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
3868 errmsg = "CIPHER_FETCH";
3869 goto err;
3870 }
3871 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
3872 errmsg = "EMPTY_ENC_INIT";
3873 goto err;
3874 }
3875 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3876 errmsg = "PADDING";
3877 goto err;
3878 }
3879 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3880 errmsg = "KEY_INIT (before iv)";
3881 goto err;
3882 }
3883 if (!evp_init_seq_set_iv(ctx, t)) {
3884 errmsg = "IV_INIT";
3885 goto err;
3886 }
3887 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3888 errmsg = "KEY_INIT (after iv)";
3889 goto err;
3890 }
3891 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
3892 errmsg = "FINAL_ENC_INIT";
3893 goto err;
3894 }
3895 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3896 errmsg = "CIPHER_UPDATE";
3897 goto err;
3898 }
3899 if (t->finalenc == 0 && t->tag != NULL) {
3900 /* Set expected tag */
3901 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
3902 t->taglen, (void *)t->tag), 0)) {
3903 errmsg = "SET_TAG";
3904 goto err;
3905 }
3906 }
3907 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3908 errmsg = "CIPHER_FINAL";
3909 goto err;
3910 }
3911 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3912 errmsg = "WRONG_RESULT";
3913 goto err;
3914 }
3915 if (t->finalenc != 0 && t->tag != NULL) {
3916 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
3917 errmsg = "GET_TAG";
3918 goto err;
3919 }
3920 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
3921 errmsg = "TAG_ERROR";
3922 goto err;
3923 }
3924 }
3925 testresult = 1;
3926 err:
3927 if (errmsg != NULL)
3928 TEST_info("evp_init_test %d: %s", idx, errmsg);
3929 EVP_CIPHER_CTX_free(ctx);
3930 EVP_CIPHER_free(type);
3931 return testresult;
3932}
3933
3934/*
3935 * Test re-initialization of cipher context without changing key or iv.
3936 * The result of both iteration should be the same.
3937 */
3938static int test_evp_reinit_seq(int idx)
3939{
3940 int outlen1, outlen2, outlen_final;
3941 int testresult = 0;
3942 unsigned char outbuf1[1024];
3943 unsigned char outbuf2[1024];
3944 const EVP_INIT_TEST_st *t = &evp_reinit_tests[idx];
3945 EVP_CIPHER_CTX *ctx = NULL;
3946 EVP_CIPHER *type = NULL;
3947
3948 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
3949 || !TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))
3950 /* setup cipher context */
3951 || !TEST_true(EVP_CipherInit_ex2(ctx, type, t->key, t->iv, t->initenc, NULL))
3952 /* first iteration */
3953 || !TEST_true(EVP_CipherUpdate(ctx, outbuf1, &outlen1, t->input, t->inlen))
3954 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf1, &outlen_final))
3955 /* check test results iteration 1 */
3956 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf1, outlen1 + outlen_final)
3957 /* now re-init the context (same cipher, key and iv) */
3958 || !TEST_true(EVP_CipherInit_ex2(ctx, NULL, NULL, NULL, -1, NULL))
3959 /* second iteration */
3960 || !TEST_true(EVP_CipherUpdate(ctx, outbuf2, &outlen2, t->input, t->inlen))
3961 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf2, &outlen_final))
3962 /* check test results iteration 2 */
3963 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf2, outlen2 + outlen_final))
3964 goto err;
3965 testresult = 1;
3966 err:
3967 EVP_CIPHER_CTX_free(ctx);
3968 EVP_CIPHER_free(type);
3969 return testresult;
3970}
3971
3972typedef struct {
3973 const unsigned char *input;
3974 const unsigned char *expected;
3975 size_t inlen;
3976 size_t expectedlen;
3977 int enc;
3978} EVP_RESET_TEST_st;
3979
3980static const EVP_RESET_TEST_st evp_reset_tests[] = {
3981 {
3982 cfbPlaintext, cfbCiphertext,
3983 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
3984 },
3985 {
3986 cfbCiphertext, cfbPlaintext,
3987 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
3988 }
3989};
3990
3991/*
3992 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3993 * been used.
3994 */
3995static int test_evp_reset(int idx)
3996{
3997 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
3998 int outlen1, outlen2;
3999 int testresult = 0;
4000 unsigned char outbuf[1024];
4001 EVP_CIPHER_CTX *ctx = NULL;
4002 EVP_CIPHER *type = NULL;
4003 char *errmsg = NULL;
4004
4005 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
4006 errmsg = "CTX_ALLOC";
4007 goto err;
4008 }
4009 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
4010 errmsg = "CIPHER_FETCH";
4011 goto err;
4012 }
4013 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
4014 errmsg = "CIPHER_INIT";
4015 goto err;
4016 }
4017 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
4018 errmsg = "PADDING";
4019 goto err;
4020 }
4021 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
4022 errmsg = "CIPHER_UPDATE";
4023 goto err;
4024 }
4025 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4026 errmsg = "CIPHER_FINAL";
4027 goto err;
4028 }
4029 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
4030 errmsg = "WRONG_RESULT";
4031 goto err;
4032 }
4033 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
4034 errmsg = "CIPHER_REINIT";
4035 goto err;
4036 }
4037 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
4038 errmsg = "CIPHER_UPDATE (reinit)";
4039 goto err;
4040 }
4041 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4042 errmsg = "CIPHER_FINAL (reinit)";
4043 goto err;
4044 }
4045 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
4046 errmsg = "WRONG_RESULT (reinit)";
4047 goto err;
4048 }
4049 testresult = 1;
4050 err:
4051 if (errmsg != NULL)
4052 TEST_info("test_evp_reset %d: %s", idx, errmsg);
4053 EVP_CIPHER_CTX_free(ctx);
4054 EVP_CIPHER_free(type);
4055 return testresult;
4056}
4057
4058typedef struct {
4059 const char *cipher;
4060 int enc;
4061} EVP_UPDATED_IV_TEST_st;
4062
4063static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
4064 {
4065 "aes-128-cfb", 1
4066 },
4067 {
4068 "aes-128-cfb", 0
4069 },
4070 {
4071 "aes-128-cfb1", 1
4072 },
4073 {
4074 "aes-128-cfb1", 0
4075 },
4076 {
4077 "aes-128-cfb8", 1
4078 },
4079 {
4080 "aes-128-cfb8", 0
4081 },
4082 {
4083 "aes-128-ofb", 1
4084 },
4085 {
4086 "aes-128-ofb", 0
4087 },
4088 {
4089 "aes-128-ctr", 1
4090 },
4091 {
4092 "aes-128-ctr", 0
4093 },
4094 {
4095 "aes-128-cbc", 1
4096 },
4097 {
4098 "aes-128-cbc", 0
4099 }
4100};
4101
4102/*
4103 * Test that the IV in the context is updated during a crypto operation for CFB
4104 * and OFB.
4105 */
4106static int test_evp_updated_iv(int idx)
4107{
4108 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
4109 int outlen1, outlen2;
4110 int testresult = 0;
4111 unsigned char outbuf[1024];
4112 EVP_CIPHER_CTX *ctx = NULL;
4113 EVP_CIPHER *type = NULL;
4114 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
4115 int iv_len;
4116 char *errmsg = NULL;
4117
4118 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
4119 errmsg = "CTX_ALLOC";
4120 goto err;
4121 }
4122 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
4123 TEST_info("cipher %s not supported, skipping", t->cipher);
4124 goto ok;
4125 }
4126
4127 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
4128 errmsg = "CIPHER_INIT";
4129 goto err;
4130 }
4131 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
4132 errmsg = "PADDING";
4133 goto err;
4134 }
4135 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
4136 errmsg = "CIPHER_UPDATE";
4137 goto err;
4138 }
4139 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
4140 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
4141 goto err;
4142 }
4143 if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) {
4144 errmsg = "CIPHER_CTX_GET_IV_LEN";
4145 goto err;
4146 }
4147 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
4148 errmsg = "IV_NOT_UPDATED";
4149 goto err;
4150 }
4151 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4152 errmsg = "CIPHER_FINAL";
4153 goto err;
4154 }
4155 ok:
4156 testresult = 1;
4157 err:
4158 if (errmsg != NULL)
4159 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
4160 EVP_CIPHER_CTX_free(ctx);
4161 EVP_CIPHER_free(type);
4162 return testresult;
4163}
4164
4165typedef struct {
4166 const unsigned char *iv1;
4167 const unsigned char *iv2;
4168 const unsigned char *expected1;
4169 const unsigned char *expected2;
4170 const unsigned char *tag1;
4171 const unsigned char *tag2;
4172 size_t ivlen1;
4173 size_t ivlen2;
4174 size_t expectedlen1;
4175 size_t expectedlen2;
4176} TEST_GCM_IV_REINIT_st;
4177
4178static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
4179 {
4180 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
4181 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
4182 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
4183 },
4184 {
4185 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
4186 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
4187 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
4188 }
4189};
4190
4191static int test_gcm_reinit(int idx)
4192{
4193 int outlen1, outlen2, outlen3;
4194 int testresult = 0;
4195 unsigned char outbuf[1024];
4196 unsigned char tag[16];
4197 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
4198 EVP_CIPHER_CTX *ctx = NULL;
4199 EVP_CIPHER *type = NULL;
4200 size_t taglen = sizeof(tag);
4201 char *errmsg = NULL;
4202
4203 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
4204 errmsg = "CTX_ALLOC";
4205 goto err;
4206 }
4207 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
4208 errmsg = "CIPHER_FETCH";
4209 goto err;
4210 }
4211 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
4212 errmsg = "ENC_INIT";
4213 goto err;
4214 }
4215 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) {
4216 errmsg = "SET_IVLEN1";
4217 goto err;
4218 }
4219 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
4220 errmsg = "SET_IV1";
4221 goto err;
4222 }
4223 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
4224 errmsg = "AAD1";
4225 goto err;
4226 }
4227 EVP_CIPHER_CTX_set_padding(ctx, 0);
4228 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
4229 sizeof(gcmResetPlaintext)))) {
4230 errmsg = "CIPHER_UPDATE1";
4231 goto err;
4232 }
4233 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4234 errmsg = "CIPHER_FINAL1";
4235 goto err;
4236 }
4237 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
4238 errmsg = "WRONG_RESULT1";
4239 goto err;
4240 }
4241 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4242 errmsg = "GET_TAG1";
4243 goto err;
4244 }
4245 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
4246 errmsg = "TAG_ERROR1";
4247 goto err;
4248 }
4249 /* Now reinit */
4250 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) {
4251 errmsg = "SET_IVLEN2";
4252 goto err;
4253 }
4254 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
4255 errmsg = "SET_IV2";
4256 goto err;
4257 }
4258 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
4259 errmsg = "AAD2";
4260 goto err;
4261 }
4262 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
4263 sizeof(gcmResetPlaintext)))) {
4264 errmsg = "CIPHER_UPDATE2";
4265 goto err;
4266 }
4267 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4268 errmsg = "CIPHER_FINAL2";
4269 goto err;
4270 }
4271 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
4272 errmsg = "WRONG_RESULT2";
4273 goto err;
4274 }
4275 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4276 errmsg = "GET_TAG2";
4277 goto err;
4278 }
4279 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
4280 errmsg = "TAG_ERROR2";
4281 goto err;
4282 }
4283 testresult = 1;
4284 err:
4285 if (errmsg != NULL)
4286 TEST_info("evp_init_test %d: %s", idx, errmsg);
4287 EVP_CIPHER_CTX_free(ctx);
4288 EVP_CIPHER_free(type);
4289 return testresult;
4290}
4291
4292static const char *ivlen_change_ciphers[] = {
4293 "AES-256-GCM",
4294#ifndef OPENSSL_NO_OCB
4295 "AES-256-OCB",
4296#endif
4297 "AES-256-CCM"
4298};
4299
4300/* Negative test for ivlen change after iv being set */
4301static int test_ivlen_change(int idx)
4302{
4303 int outlen;
4304 int res = 0;
4305 unsigned char outbuf[1024];
4306 static const unsigned char iv[] = {
4307 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
4308 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
4309 };
4310 EVP_CIPHER_CTX *ctx = NULL;
4311 EVP_CIPHER *ciph = NULL;
4312 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
4313 size_t ivlen = 13; /* non-default IV length */
4314
4315 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
4316 goto err;
4317
4318 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, ivlen_change_ciphers[idx],
4319 testpropq)))
4320 goto err;
4321
4322 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, kGCMDefaultKey, iv, 1)))
4323 goto err;
4324
4325 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4326 sizeof(gcmDefaultPlaintext))))
4327 goto err;
4328
4329 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
4330 &ivlen);
4331 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)))
4332 goto err;
4333
4334 ERR_set_mark();
4335 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4336 sizeof(gcmDefaultPlaintext)))) {
4337 ERR_clear_last_mark();
4338 goto err;
4339 }
4340 ERR_pop_to_mark();
4341
4342 res = 1;
4343 err:
4344 EVP_CIPHER_CTX_free(ctx);
4345 EVP_CIPHER_free(ciph);
4346 return res;
4347}
4348
4349static const char *keylen_change_ciphers[] = {
4350#ifndef OPENSSL_NO_BF
4351 "BF-ECB",
4352#endif
4353#ifndef OPENSSL_NO_CAST
4354 "CAST5-ECB",
4355#endif
4356#ifndef OPENSSL_NO_RC2
4357 "RC2-ECB",
4358#endif
4359#ifndef OPENSSL_NO_RC4
4360 "RC4",
4361#endif
4362#ifndef OPENSSL_NO_RC5
4363 "RC5-ECB",
4364#endif
4365 NULL
4366};
4367
4368/* Negative test for keylen change after key was set */
4369static int test_keylen_change(int idx)
4370{
4371 int outlen;
4372 int res = 0;
4373 unsigned char outbuf[1024];
4374 static const unsigned char key[] = {
4375 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
4376 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
4377 };
4378 EVP_CIPHER_CTX *ctx = NULL;
4379 EVP_CIPHER *ciph = NULL;
4380 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
4381 size_t keylen = 12; /* non-default key length */
4382
4383 if (lgcyprov == NULL)
4384 return TEST_skip("Test requires legacy provider to be loaded");
4385
4386 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
4387 goto err;
4388
4389 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, keylen_change_ciphers[idx],
4390 testpropq)))
4391 goto err;
4392
4393 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, key, NULL, 1)))
4394 goto err;
4395
4396 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4397 sizeof(gcmDefaultPlaintext))))
4398 goto err;
4399
4400 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
4401 &keylen);
4402 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)))
4403 goto err;
4404
4405 ERR_set_mark();
4406 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4407 sizeof(gcmDefaultPlaintext)))) {
4408 ERR_clear_last_mark();
4409 goto err;
4410 }
4411 ERR_pop_to_mark();
4412
4413 res = 1;
4414 err:
4415 EVP_CIPHER_CTX_free(ctx);
4416 EVP_CIPHER_free(ciph);
4417 return res;
4418}
4419
4420#ifndef OPENSSL_NO_DEPRECATED_3_0
4421static EVP_PKEY_METHOD *custom_pmeth = NULL;
4422static const EVP_PKEY_METHOD *orig_pmeth = NULL;
4423
4424# define EVP_PKEY_CTRL_MY_COMMAND 9999
4425
4426static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
4427{
4428 int (*pinit)(EVP_PKEY_CTX *ctx);
4429
4430 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
4431 return pinit(ctx);
4432}
4433
4434static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
4435{
4436 void (*pcleanup)(EVP_PKEY_CTX *ctx);
4437
4438 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
4439 pcleanup(ctx);
4440}
4441
4442static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
4443 size_t *outlen, const unsigned char *in,
4444 size_t inlen)
4445{
4446 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
4447 const unsigned char *tbs, size_t tbslen);
4448
4449 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
4450 return psign(ctx, out, outlen, in, inlen);
4451}
4452
4453static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
4454 size_t *siglen, const unsigned char *tbs,
4455 size_t tbslen)
4456{
4457 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
4458 const unsigned char *tbs, size_t tbslen);
4459
4460 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
4461 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
4462}
4463
4464static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
4465 size_t *keylen)
4466{
4467 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
4468
4469 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
4470 return pderive(ctx, key, keylen);
4471}
4472
4473static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
4474{
4475 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
4476
4477 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
4478 return pcopy(dst, src);
4479}
4480
4481static int ctrl_called;
4482
4483static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
4484{
4485 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
4486
4487 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
4488
4489 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
4490 ctrl_called = 1;
4491 return 1;
4492 }
4493
4494 return pctrl(ctx, type, p1, p2);
4495}
4496
4497static int test_custom_pmeth(int idx)
4498{
4499 EVP_PKEY_CTX *pctx = NULL;
4500 EVP_MD_CTX *ctx = NULL;
4501 EVP_PKEY *pkey = NULL;
4502 int id, orig_id, orig_flags;
4503 int testresult = 0;
4504 size_t reslen;
4505 unsigned char *res = NULL;
4506 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
4507 const EVP_MD *md = EVP_sha256();
4508 int doderive = 0;
4509
4510 ctrl_called = 0;
4511
4512 /* We call deprecated APIs so this test doesn't support a custom libctx */
4513 if (testctx != NULL)
4514 return 1;
4515
4516 switch(idx) {
4517 case 0:
4518 case 6:
4519 id = EVP_PKEY_RSA;
4520 pkey = load_example_rsa_key();
4521 break;
4522 case 1:
4523 case 7:
4524# ifndef OPENSSL_NO_DSA
4525 id = EVP_PKEY_DSA;
4526 pkey = load_example_dsa_key();
4527 break;
4528# else
4529 return 1;
4530# endif
4531 case 2:
4532 case 8:
4533# ifndef OPENSSL_NO_EC
4534 id = EVP_PKEY_EC;
4535 pkey = load_example_ec_key();
4536 break;
4537# else
4538 return 1;
4539# endif
4540 case 3:
4541 case 9:
4542# ifndef OPENSSL_NO_EC
4543 id = EVP_PKEY_ED25519;
4544 md = NULL;
4545 pkey = load_example_ed25519_key();
4546 break;
4547# else
4548 return 1;
4549# endif
4550 case 4:
4551 case 10:
4552# ifndef OPENSSL_NO_DH
4553 id = EVP_PKEY_DH;
4554 doderive = 1;
4555 pkey = load_example_dh_key();
4556 break;
4557# else
4558 return 1;
4559# endif
4560 case 5:
4561 case 11:
4562# ifndef OPENSSL_NO_EC
4563 id = EVP_PKEY_X25519;
4564 doderive = 1;
4565 pkey = load_example_x25519_key();
4566 break;
4567# else
4568 return 1;
4569# endif
4570 default:
4571 TEST_error("Should not happen");
4572 goto err;
4573 }
4574
4575 if (!TEST_ptr(pkey))
4576 goto err;
4577
4578 if (idx < 6) {
4579 if (!TEST_true(evp_pkey_is_provided(pkey)))
4580 goto err;
4581 } else {
4582 EVP_PKEY *tmp = pkey;
4583
4584 /* Convert to a legacy key */
4585 pkey = EVP_PKEY_new();
4586 if (!TEST_ptr(pkey)) {
4587 pkey = tmp;
4588 goto err;
4589 }
4590 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
4591 EVP_PKEY_free(tmp);
4592 goto err;
4593 }
4594 EVP_PKEY_free(tmp);
4595 if (!TEST_true(evp_pkey_is_legacy(pkey)))
4596 goto err;
4597 }
4598
4599 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
4600 || !TEST_ptr(pkey))
4601 goto err;
4602
4603 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
4604 if (!TEST_int_eq(orig_id, id)
4605 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
4606 goto err;
4607
4608 if (id == EVP_PKEY_ED25519) {
4609 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
4610 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
4611 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
4612 } else {
4613 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
4614 }
4615 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
4616 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
4617 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
4618 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
4619 }
4620 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
4621 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
4622 goto err;
4623
4624 if (doderive) {
4625 pctx = EVP_PKEY_CTX_new(pkey, NULL);
4626 if (!TEST_ptr(pctx)
4627 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
4628 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4629 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4630 1)
4631 || !TEST_int_eq(ctrl_called, 1)
4632 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
4633 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
4634 || !TEST_ptr(res = OPENSSL_malloc(reslen))
4635 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
4636 goto err;
4637 } else {
4638 ctx = EVP_MD_CTX_new();
4639 reslen = EVP_PKEY_size(pkey);
4640 res = OPENSSL_malloc(reslen);
4641 if (!TEST_ptr(ctx)
4642 || !TEST_ptr(res)
4643 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
4644 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4645 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4646 1)
4647 || !TEST_int_eq(ctrl_called, 1))
4648 goto err;
4649
4650 if (id == EVP_PKEY_ED25519) {
4651 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
4652 goto err;
4653 } else {
4654 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
4655 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
4656 goto err;
4657 }
4658 }
4659
4660 testresult = 1;
4661 err:
4662 OPENSSL_free(res);
4663 EVP_MD_CTX_free(ctx);
4664 if (doderive)
4665 EVP_PKEY_CTX_free(pctx);
4666 EVP_PKEY_free(pkey);
4667 EVP_PKEY_meth_remove(custom_pmeth);
4668 EVP_PKEY_meth_free(custom_pmeth);
4669 custom_pmeth = NULL;
4670 return testresult;
4671}
4672
4673static int test_evp_md_cipher_meth(void)
4674{
4675 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
4676 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
4677 int testresult = 0;
4678
4679 if (!TEST_ptr(md) || !TEST_ptr(ciph))
4680 goto err;
4681
4682 testresult = 1;
4683
4684 err:
4685 EVP_MD_meth_free(md);
4686 EVP_CIPHER_meth_free(ciph);
4687
4688 return testresult;
4689}
4690
4691typedef struct {
4692 int data;
4693} custom_dgst_ctx;
4694
4695static int custom_md_init_called = 0;
4696static int custom_md_cleanup_called = 0;
4697
4698static int custom_md_init(EVP_MD_CTX *ctx)
4699{
4700 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4701
4702 if (p == NULL)
4703 return 0;
4704
4705 custom_md_init_called++;
4706 return 1;
4707}
4708
4709static int custom_md_cleanup(EVP_MD_CTX *ctx)
4710{
4711 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4712
4713 if (p == NULL)
4714 /* Nothing to do */
4715 return 1;
4716
4717 custom_md_cleanup_called++;
4718 return 1;
4719}
4720
4721static int test_custom_md_meth(void)
4722{
4723 ASN1_OBJECT *o = NULL;
4724 EVP_MD_CTX *mdctx = NULL;
4725 EVP_MD *tmp = NULL;
4726 char mess[] = "Test Message\n";
4727 unsigned char md_value[EVP_MAX_MD_SIZE];
4728 unsigned int md_len;
4729 int testresult = 0;
4730 int nid;
4731
4732 /*
4733 * We are testing deprecated functions. We don't support a non-default
4734 * library context in this test.
4735 */
4736 if (testctx != NULL)
4737 return TEST_skip("Non-default libctx");
4738
4739 custom_md_init_called = custom_md_cleanup_called = 0;
4740
4741 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
4742 if (!TEST_int_ne(nid, NID_undef))
4743 goto err;
4744 tmp = EVP_MD_meth_new(nid, NID_undef);
4745 if (!TEST_ptr(tmp))
4746 goto err;
4747
4748 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init))
4749 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup))
4750 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp,
4751 sizeof(custom_dgst_ctx))))
4752 goto err;
4753
4754 mdctx = EVP_MD_CTX_new();
4755 if (!TEST_ptr(mdctx)
4756 /*
4757 * Initing our custom md and then initing another md should
4758 * result in the init and cleanup functions of the custom md
4759 * being called.
4760 */
4761 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL))
4762 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
4763 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess)))
4764 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len))
4765 || !TEST_int_eq(custom_md_init_called, 1)
4766 || !TEST_int_eq(custom_md_cleanup_called, 1))
4767 goto err;
4768
4769 if (!TEST_int_eq(OBJ_create("1.3.6.1.4.1.16604.998866.1",
4770 "custom-md", "custom-md"), NID_undef)
4771 || !TEST_int_eq(ERR_GET_LIB(ERR_peek_error()), ERR_LIB_OBJ)
4772 || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), OBJ_R_OID_EXISTS))
4773 goto err;
4774
4775 o = ASN1_OBJECT_create(nid, (unsigned char *)
4776 "\53\6\1\4\1\201\201\134\274\373\122\1", 12,
4777 "custom-md", "custom-md");
4778 if (!TEST_int_eq(OBJ_add_object(o), nid))
4779 goto err;
4780
4781 testresult = 1;
4782 err:
4783 ASN1_OBJECT_free(o);
4784 EVP_MD_CTX_free(mdctx);
4785 EVP_MD_meth_free(tmp);
4786 return testresult;
4787}
4788
4789typedef struct {
4790 int data;
4791} custom_ciph_ctx;
4792
4793static int custom_ciph_init_called = 0;
4794static int custom_ciph_cleanup_called = 0;
4795
4796static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
4797 const unsigned char *iv, int enc)
4798{
4799 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
4800
4801 if (p == NULL)
4802 return 0;
4803
4804 custom_ciph_init_called++;
4805 return 1;
4806}
4807
4808static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx)
4809{
4810 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
4811
4812 if (p == NULL)
4813 /* Nothing to do */
4814 return 1;
4815
4816 custom_ciph_cleanup_called++;
4817 return 1;
4818}
4819
4820static int test_custom_ciph_meth(void)
4821{
4822 EVP_CIPHER_CTX *ciphctx = NULL;
4823 EVP_CIPHER *tmp = NULL;
4824 int testresult = 0;
4825 int nid;
4826
4827 /*
4828 * We are testing deprecated functions. We don't support a non-default
4829 * library context in this test.
4830 */
4831 if (testctx != NULL)
4832 return TEST_skip("Non-default libctx");
4833
4834 custom_ciph_init_called = custom_ciph_cleanup_called = 0;
4835
4836 nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph");
4837 if (!TEST_int_ne(nid, NID_undef))
4838 goto err;
4839 tmp = EVP_CIPHER_meth_new(nid, 16, 16);
4840 if (!TEST_ptr(tmp))
4841 goto err;
4842
4843 if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init))
4844 || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT))
4845 || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup))
4846 || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp,
4847 sizeof(custom_ciph_ctx))))
4848 goto err;
4849
4850 ciphctx = EVP_CIPHER_CTX_new();
4851 if (!TEST_ptr(ciphctx)
4852 /*
4853 * Initing our custom cipher and then initing another cipher
4854 * should result in the init and cleanup functions of the custom
4855 * cipher being called.
4856 */
4857 || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1))
4858 || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL,
4859 NULL, NULL, 1))
4860 || !TEST_int_eq(custom_ciph_init_called, 1)
4861 || !TEST_int_eq(custom_ciph_cleanup_called, 1))
4862 goto err;
4863
4864 testresult = 1;
4865 err:
4866 EVP_CIPHER_CTX_free(ciphctx);
4867 EVP_CIPHER_meth_free(tmp);
4868 return testresult;
4869}
4870
4871# ifndef OPENSSL_NO_DYNAMIC_ENGINE
4872/* Test we can create a signature keys with an associated ENGINE */
4873static int test_signatures_with_engine(int tst)
4874{
4875 ENGINE *e;
4876 const char *engine_id = "dasync";
4877 EVP_PKEY *pkey = NULL;
4878 const unsigned char badcmackey[] = { 0x00, 0x01 };
4879 const unsigned char cmackey[] = {
4880 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4881 0x0c, 0x0d, 0x0e, 0x0f
4882 };
4883 const unsigned char ed25519key[] = {
4884 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4885 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4886 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
4887 };
4888 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4889 int testresult = 0;
4890 EVP_MD_CTX *ctx = NULL;
4891 unsigned char *mac = NULL;
4892 size_t maclen = 0;
4893 int ret;
4894
4895# ifdef OPENSSL_NO_CMAC
4896 /* Skip CMAC tests in a no-cmac build */
4897 if (tst <= 1)
4898 return 1;
4899# endif
4900
4901 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4902 return 0;
4903
4904 if (!TEST_true(ENGINE_init(e))) {
4905 ENGINE_free(e);
4906 return 0;
4907 }
4908
4909 switch (tst) {
4910 case 0:
4911 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
4912 EVP_aes_128_cbc());
4913 break;
4914 case 1:
4915 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
4916 EVP_aes_128_cbc());
4917 break;
4918 case 2:
4919 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
4920 sizeof(ed25519key));
4921 break;
4922 default:
4923 TEST_error("Invalid test case");
4924 goto err;
4925 }
4926 if (!TEST_ptr(pkey))
4927 goto err;
4928
4929 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
4930 goto err;
4931
4932 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
4933 pkey);
4934 if (tst == 0) {
4935 if (!TEST_true(ret))
4936 goto err;
4937
4938 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
4939 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
4940 goto err;
4941
4942 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
4943 goto err;
4944
4945 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
4946 goto err;
4947 } else {
4948 /* We used a bad key. We expect a failure here */
4949 if (!TEST_false(ret))
4950 goto err;
4951 }
4952
4953 testresult = 1;
4954 err:
4955 EVP_MD_CTX_free(ctx);
4956 OPENSSL_free(mac);
4957 EVP_PKEY_free(pkey);
4958 ENGINE_finish(e);
4959 ENGINE_free(e);
4960
4961 return testresult;
4962}
4963
4964static int test_cipher_with_engine(void)
4965{
4966 ENGINE *e;
4967 const char *engine_id = "dasync";
4968 const unsigned char keyiv[] = {
4969 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4970 0x0c, 0x0d, 0x0e, 0x0f
4971 };
4972 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4973 int testresult = 0;
4974 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
4975 unsigned char buf[AES_BLOCK_SIZE];
4976 int len = 0;
4977
4978 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4979 return 0;
4980
4981 if (!TEST_true(ENGINE_init(e))) {
4982 ENGINE_free(e);
4983 return 0;
4984 }
4985
4986 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4987 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
4988 goto err;
4989
4990 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
4991 goto err;
4992
4993 /* Copy the ctx, and complete the operation with the new ctx */
4994 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
4995 goto err;
4996
4997 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
4998 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
4999 goto err;
5000
5001 testresult = 1;
5002 err:
5003 EVP_CIPHER_CTX_free(ctx);
5004 EVP_CIPHER_CTX_free(ctx2);
5005 ENGINE_finish(e);
5006 ENGINE_free(e);
5007
5008 return testresult;
5009}
5010# endif /* OPENSSL_NO_DYNAMIC_ENGINE */
5011#endif /* OPENSSL_NO_DEPRECATED_3_0 */
5012
5013static int ecxnids[] = {
5014 NID_X25519,
5015 NID_X448,
5016 NID_ED25519,
5017 NID_ED448
5018};
5019
5020/* Test that creating ECX keys with a short private key fails as expected */
5021static int test_ecx_short_keys(int tst)
5022{
5023 unsigned char ecxkeydata = 1;
5024 EVP_PKEY *pkey;
5025
5026
5027 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, OBJ_nid2sn(ecxnids[tst]),
5028 NULL, &ecxkeydata, 1);
5029 if (!TEST_ptr_null(pkey)) {
5030 EVP_PKEY_free(pkey);
5031 return 0;
5032 }
5033
5034 return 1;
5035}
5036
5037typedef enum OPTION_choice {
5038 OPT_ERR = -1,
5039 OPT_EOF = 0,
5040 OPT_CONTEXT,
5041 OPT_TEST_ENUM
5042} OPTION_CHOICE;
5043
5044const OPTIONS *test_get_options(void)
5045{
5046 static const OPTIONS options[] = {
5047 OPT_TEST_OPTIONS_DEFAULT_USAGE,
5048 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
5049 { NULL }
5050 };
5051 return options;
5052}
5053
5054#ifndef OPENSSL_NO_EC
5055/* Test that trying to sign with a public key errors out gracefully */
5056static int test_ecx_not_private_key(int tst)
5057{
5058 EVP_PKEY *pkey = NULL;
5059
5060 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
5061 int testresult = 0;
5062 EVP_MD_CTX *ctx = NULL;
5063 unsigned char *mac = NULL;
5064 size_t maclen = 0;
5065 unsigned char *pubkey;
5066 size_t pubkeylen;
5067
5068 switch (keys[tst].type) {
5069 case NID_X25519:
5070 case NID_X448:
5071 return TEST_skip("signing not supported for X25519/X448");
5072 }
5073
5074 /* Check if this algorithm supports public keys */
5075 if (keys[tst].pub == NULL)
5076 return TEST_skip("no public key present");
5077
5078 pubkey = (unsigned char *)keys[tst].pub;
5079 pubkeylen = strlen(keys[tst].pub);
5080
5081 pkey = EVP_PKEY_new_raw_public_key_ex(testctx, OBJ_nid2sn(keys[tst].type),
5082 NULL, pubkey, pubkeylen);
5083 if (!TEST_ptr(pkey))
5084 goto err;
5085
5086 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
5087 goto err;
5088
5089 if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey) != 1)
5090 goto check_err;
5091
5092 if (EVP_DigestSign(ctx, NULL, &maclen, msg, sizeof(msg)) != 1)
5093 goto check_err;
5094
5095 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
5096 goto err;
5097
5098 if (!TEST_int_eq(EVP_DigestSign(ctx, mac, &maclen, msg, sizeof(msg)), 0))
5099 goto err;
5100
5101 check_err:
5102 /*
5103 * Currently only EVP_DigestSign will throw PROV_R_NOT_A_PRIVATE_KEY,
5104 * but we relax the check to allow error also thrown by
5105 * EVP_DigestSignInit and EVP_DigestSign.
5106 */
5107 if (ERR_GET_REASON(ERR_peek_error()) == PROV_R_NOT_A_PRIVATE_KEY) {
5108 testresult = 1;
5109 ERR_clear_error();
5110 }
5111
5112 err:
5113 EVP_MD_CTX_free(ctx);
5114 OPENSSL_free(mac);
5115 EVP_PKEY_free(pkey);
5116
5117 return testresult;
5118}
5119#endif /* OPENSSL_NO_EC */
5120
5121static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s,
5122 const unsigned char *gcm_iv, size_t gcm_ivlen,
5123 const unsigned char *gcm_pt, size_t gcm_pt_s,
5124 const unsigned char *gcm_aad, size_t gcm_aad_s,
5125 const unsigned char *gcm_ct, size_t gcm_ct_s,
5126 const unsigned char *gcm_tag, size_t gcm_tag_s)
5127{
5128 int ret = 0;
5129 EVP_CIPHER_CTX *ctx;
5130 EVP_CIPHER *cipher = NULL;
5131 int outlen, tmplen;
5132 unsigned char outbuf[1024];
5133 unsigned char outtag[16];
5134 OSSL_PARAM params[2] = {
5135 OSSL_PARAM_END, OSSL_PARAM_END
5136 };
5137
5138 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
5139 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")))
5140 goto err;
5141
5142 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
5143 &gcm_ivlen);
5144
5145 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
5146 || (gcm_aad != NULL
5147 && !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen,
5148 gcm_aad, gcm_aad_s)))
5149 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen,
5150 gcm_pt, gcm_pt_s))
5151 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)))
5152 goto err;
5153
5154 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
5155 outtag, sizeof(outtag));
5156
5157 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params))
5158 || !TEST_mem_eq(outbuf, outlen, gcm_ct, gcm_ct_s)
5159 || !TEST_mem_eq(outtag, gcm_tag_s, gcm_tag, gcm_tag_s))
5160 goto err;
5161
5162 ret = 1;
5163err:
5164 EVP_CIPHER_free(cipher);
5165 EVP_CIPHER_CTX_free(ctx);
5166
5167 return ret;
5168}
5169
5170static int aes_gcm_decrypt(const unsigned char *gcm_key, size_t gcm_key_s,
5171 const unsigned char *gcm_iv, size_t gcm_ivlen,
5172 const unsigned char *gcm_pt, size_t gcm_pt_s,
5173 const unsigned char *gcm_aad, size_t gcm_aad_s,
5174 const unsigned char *gcm_ct, size_t gcm_ct_s,
5175 const unsigned char *gcm_tag, size_t gcm_tag_s)
5176{
5177 int ret = 0;
5178 EVP_CIPHER_CTX *ctx;
5179 EVP_CIPHER *cipher = NULL;
5180 int outlen;
5181 unsigned char outbuf[1024];
5182 OSSL_PARAM params[2] = {
5183 OSSL_PARAM_END, OSSL_PARAM_END
5184 };
5185
5186 if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
5187 goto err;
5188
5189 if ((cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")) == NULL)
5190 goto err;
5191
5192 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
5193 &gcm_ivlen);
5194
5195 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
5196 || (gcm_aad != NULL
5197 && !TEST_true(EVP_DecryptUpdate(ctx, NULL, &outlen,
5198 gcm_aad, gcm_aad_s)))
5199 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen,
5200 gcm_ct, gcm_ct_s))
5201 || !TEST_mem_eq(outbuf, outlen, gcm_pt, gcm_pt_s))
5202 goto err;
5203
5204 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
5205 (void*)gcm_tag, gcm_tag_s);
5206
5207 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))
5208 ||!TEST_true(EVP_DecryptFinal_ex(ctx, outbuf, &outlen)))
5209 goto err;
5210
5211 ret = 1;
5212err:
5213 EVP_CIPHER_free(cipher);
5214 EVP_CIPHER_CTX_free(ctx);
5215
5216 return ret;
5217}
5218
5219static int test_aes_gcm_ivlen_change_cve_2023_5363(void)
5220{
5221 /* AES-GCM test data obtained from NIST public test vectors */
5222 static const unsigned char gcm_key[] = {
5223 0xd0, 0xc2, 0x67, 0xc1, 0x9f, 0x30, 0xd8, 0x0b, 0x89, 0x14, 0xbb, 0xbf,
5224 0xb7, 0x2f, 0x73, 0xb8, 0xd3, 0xcd, 0x5f, 0x6a, 0x78, 0x70, 0x15, 0x84,
5225 0x8a, 0x7b, 0x30, 0xe3, 0x8f, 0x16, 0xf1, 0x8b,
5226 };
5227 static const unsigned char gcm_iv[] = {
5228 0xb6, 0xdc, 0xda, 0x95, 0xac, 0x99, 0x77, 0x76, 0x25, 0xae, 0x87, 0xf8,
5229 0xa3, 0xa9, 0xdd, 0x64, 0xd7, 0x9b, 0xbd, 0x5f, 0x4a, 0x0e, 0x54, 0xca,
5230 0x1a, 0x9f, 0xa2, 0xe3, 0xf4, 0x5f, 0x5f, 0xc2, 0xce, 0xa7, 0xb6, 0x14,
5231 0x12, 0x6f, 0xf0, 0xaf, 0xfd, 0x3e, 0x17, 0x35, 0x6e, 0xa0, 0x16, 0x09,
5232 0xdd, 0xa1, 0x3f, 0xd8, 0xdd, 0xf3, 0xdf, 0x4f, 0xcb, 0x18, 0x49, 0xb8,
5233 0xb3, 0x69, 0x2c, 0x5d, 0x4f, 0xad, 0x30, 0x91, 0x08, 0xbc, 0xbe, 0x24,
5234 0x01, 0x0f, 0xbe, 0x9c, 0xfb, 0x4f, 0x5d, 0x19, 0x7f, 0x4c, 0x53, 0xb0,
5235 0x95, 0x90, 0xac, 0x7b, 0x1f, 0x7b, 0xa0, 0x99, 0xe1, 0xf3, 0x48, 0x54,
5236 0xd0, 0xfc, 0xa9, 0xcc, 0x91, 0xf8, 0x1f, 0x9b, 0x6c, 0x9a, 0xe0, 0xdc,
5237 0x63, 0xea, 0x7d, 0x2a, 0x4a, 0x7d, 0xa5, 0xed, 0x68, 0x57, 0x27, 0x6b,
5238 0x68, 0xe0, 0xf2, 0xb8, 0x51, 0x50, 0x8d, 0x3d,
5239 };
5240 static const unsigned char gcm_pt[] = {
5241 0xb8, 0xb6, 0x88, 0x36, 0x44, 0xe2, 0x34, 0xdf, 0x24, 0x32, 0x91, 0x07,
5242 0x4f, 0xe3, 0x6f, 0x81,
5243 };
5244 static const unsigned char gcm_ct[] = {
5245 0xff, 0x4f, 0xb3, 0xf3, 0xf9, 0xa2, 0x51, 0xd4, 0x82, 0xc2, 0xbe, 0xf3,
5246 0xe2, 0xd0, 0xec, 0xed,
5247 };
5248 static const unsigned char gcm_tag[] = {
5249 0xbd, 0x06, 0x38, 0x09, 0xf7, 0xe1, 0xc4, 0x72, 0x0e, 0xf2, 0xea, 0x63,
5250 0xdb, 0x99, 0x6c, 0x21,
5251 };
5252
5253 return aes_gcm_encrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv),
5254 gcm_pt, sizeof(gcm_pt), NULL, 0,
5255 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag))
5256 && aes_gcm_decrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv),
5257 gcm_pt, sizeof(gcm_pt), NULL, 0,
5258 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag));
5259}
5260
5261#ifndef OPENSSL_NO_RC4
5262static int rc4_encrypt(const unsigned char *rc4_key, size_t rc4_key_s,
5263 const unsigned char *rc4_pt, size_t rc4_pt_s,
5264 const unsigned char *rc4_ct, size_t rc4_ct_s)
5265{
5266 int ret = 0;
5267 EVP_CIPHER_CTX *ctx;
5268 EVP_CIPHER *cipher = NULL;
5269 int outlen, tmplen;
5270 unsigned char outbuf[1024];
5271 OSSL_PARAM params[2] = {
5272 OSSL_PARAM_END, OSSL_PARAM_END
5273 };
5274
5275 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
5276 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "RC4", "")))
5277 goto err;
5278
5279 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
5280 &rc4_key_s);
5281
5282 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, rc4_key, NULL, params))
5283 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen,
5284 rc4_pt, rc4_pt_s))
5285 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)))
5286 goto err;
5287
5288 if (!TEST_mem_eq(outbuf, outlen, rc4_ct, rc4_ct_s))
5289 goto err;
5290
5291 ret = 1;
5292err:
5293 EVP_CIPHER_free(cipher);
5294 EVP_CIPHER_CTX_free(ctx);
5295
5296 return ret;
5297}
5298
5299static int rc4_decrypt(const unsigned char *rc4_key, size_t rc4_key_s,
5300 const unsigned char *rc4_pt, size_t rc4_pt_s,
5301 const unsigned char *rc4_ct, size_t rc4_ct_s)
5302{
5303 int ret = 0;
5304 EVP_CIPHER_CTX *ctx;
5305 EVP_CIPHER *cipher = NULL;
5306 int outlen;
5307 unsigned char outbuf[1024];
5308 OSSL_PARAM params[2] = {
5309 OSSL_PARAM_END, OSSL_PARAM_END
5310 };
5311
5312 if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
5313 goto err;
5314
5315 if ((cipher = EVP_CIPHER_fetch(testctx, "RC4", "")) == NULL)
5316 goto err;
5317
5318 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
5319 &rc4_key_s);
5320
5321 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, rc4_key, NULL, params))
5322 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen,
5323 rc4_ct, rc4_ct_s))
5324 || !TEST_mem_eq(outbuf, outlen, rc4_pt, rc4_pt_s))
5325 goto err;
5326
5327 ret = 1;
5328err:
5329 EVP_CIPHER_free(cipher);
5330 EVP_CIPHER_CTX_free(ctx);
5331
5332 return ret;
5333}
5334
5335static int test_aes_rc4_keylen_change_cve_2023_5363(void)
5336{
5337 /* RC4 test data obtained from RFC 6229 */
5338 static const struct {
5339 unsigned char key[5];
5340 unsigned char padding[11];
5341 } rc4_key = {
5342 { /* Five bytes of key material */
5343 0x83, 0x32, 0x22, 0x77, 0x2a,
5344 },
5345 { /* Random padding to 16 bytes */
5346 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 0xaa, 0x32, 0x91
5347 }
5348 };
5349 static const unsigned char rc4_pt[] = {
5350 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5351 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
5352 };
5353 static const unsigned char rc4_ct[] = {
5354 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a,
5355 0x2e, 0x87, 0x9e, 0x92, 0xa4, 0x97, 0xef, 0xda
5356 };
5357
5358 if (lgcyprov == NULL)
5359 return TEST_skip("Test requires legacy provider to be loaded");
5360
5361 return rc4_encrypt(rc4_key.key, sizeof(rc4_key.key),
5362 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct))
5363 && rc4_decrypt(rc4_key.key, sizeof(rc4_key.key),
5364 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct));
5365}
5366#endif
5367
5368static int test_invalid_ctx_for_digest(void)
5369{
5370 int ret;
5371 EVP_MD_CTX *mdctx;
5372
5373 mdctx = EVP_MD_CTX_new();
5374 if (!TEST_ptr(mdctx))
5375 return 0;
5376
5377 if (!TEST_int_eq(EVP_DigestUpdate(mdctx, "test", sizeof("test") - 1), 0))
5378 ret = 0;
5379 else
5380 ret = 1;
5381
5382 EVP_MD_CTX_free(mdctx);
5383
5384 return ret;
5385}
5386
5387int setup_tests(void)
5388{
5389 OPTION_CHOICE o;
5390
5391 while ((o = opt_next()) != OPT_EOF) {
5392 switch (o) {
5393 case OPT_CONTEXT:
5394 /* Set up an alternate library context */
5395 testctx = OSSL_LIB_CTX_new();
5396 if (!TEST_ptr(testctx))
5397 return 0;
5398#ifdef STATIC_LEGACY
5399 /*
5400 * This test is always statically linked against libcrypto. We must not
5401 * attempt to load legacy.so that might be dynamically linked against
5402 * libcrypto. Instead we use a built-in version of the legacy provider.
5403 */
5404 if (!OSSL_PROVIDER_add_builtin(testctx, "legacy", ossl_legacy_provider_init))
5405 return 0;
5406#endif
5407 /* Swap the libctx to test non-default context only */
5408 nullprov = OSSL_PROVIDER_load(NULL, "null");
5409 deflprov = OSSL_PROVIDER_load(testctx, "default");
5410#ifndef OPENSSL_SYS_TANDEM
5411 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
5412#endif
5413 break;
5414 case OPT_TEST_CASES:
5415 break;
5416 default:
5417 return 0;
5418 }
5419 }
5420
5421 ADD_TEST(test_EVP_set_default_properties);
5422 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
5423 ADD_TEST(test_EVP_DigestVerifyInit);
5424#ifndef OPENSSL_NO_SIPHASH
5425 ADD_TEST(test_siphash_digestsign);
5426#endif
5427 ADD_TEST(test_EVP_Digest);
5428 ADD_TEST(test_EVP_md_null);
5429 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
5430#ifndef OPENSSL_NO_DEPRECATED_3_0
5431 ADD_ALL_TESTS(test_EVP_PKEY_sign_with_app_method, 2);
5432#endif
5433 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
5434 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
5435 ADD_TEST(test_privatekey_to_pkcs8);
5436 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
5437#ifndef OPENSSL_NO_EC
5438 ADD_TEST(test_EVP_PKCS82PKEY);
5439#endif
5440#ifndef OPENSSL_NO_EC
5441 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
5442#endif
5443#if !defined(OPENSSL_NO_SM2)
5444 ADD_TEST(test_EVP_SM2);
5445 ADD_TEST(test_EVP_SM2_verify);
5446#endif
5447 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
5448#ifndef OPENSSL_NO_DEPRECATED_3_0
5449 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
5450 if (!TEST_ptr(custom_pmeth))
5451 return 0;
5452 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
5453 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
5454 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
5455 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
5456 return 0;
5457#endif
5458 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
5459#ifndef OPENSSL_NO_CMAC
5460 ADD_TEST(test_CMAC_keygen);
5461#endif
5462 ADD_TEST(test_HKDF);
5463 ADD_TEST(test_emptyikm_HKDF);
5464 ADD_TEST(test_empty_salt_info_HKDF);
5465#ifndef OPENSSL_NO_EC
5466 ADD_TEST(test_X509_PUBKEY_inplace);
5467 ADD_TEST(test_X509_PUBKEY_dup);
5468 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
5469 OSSL_NELEM(ec_der_pub_keys));
5470#endif
5471#ifndef OPENSSL_NO_DSA
5472 ADD_TEST(test_DSA_get_set_params);
5473 ADD_TEST(test_DSA_priv_pub);
5474#endif
5475 ADD_TEST(test_RSA_get_set_params);
5476 ADD_TEST(test_RSA_OAEP_set_get_params);
5477 ADD_TEST(test_RSA_OAEP_set_null_label);
5478#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
5479 ADD_TEST(test_decrypt_null_chunks);
5480#endif
5481#ifndef OPENSSL_NO_DH
5482 ADD_TEST(test_DH_priv_pub);
5483# ifndef OPENSSL_NO_DEPRECATED_3_0
5484 ADD_TEST(test_EVP_PKEY_set1_DH);
5485# endif
5486#endif
5487#ifndef OPENSSL_NO_EC
5488 ADD_TEST(test_EC_priv_pub);
5489# ifndef OPENSSL_NO_DEPRECATED_3_0
5490 ADD_TEST(test_EC_priv_only_legacy);
5491# endif
5492#endif
5493 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
5494 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
5495
5496 ADD_TEST(test_rand_agglomeration);
5497 ADD_ALL_TESTS(test_evp_iv_aes, 12);
5498#ifndef OPENSSL_NO_DES
5499 ADD_ALL_TESTS(test_evp_iv_des, 6);
5500#endif
5501#ifndef OPENSSL_NO_BF
5502 ADD_ALL_TESTS(test_evp_bf_default_keylen, 4);
5503#endif
5504 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
5505 ADD_TEST(test_EVP_rsa_pss_set_saltlen);
5506#ifndef OPENSSL_NO_EC
5507 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
5508#endif
5509
5510 ADD_TEST(test_names_do_all);
5511
5512 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
5513 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
5514 ADD_ALL_TESTS(test_evp_reinit_seq, OSSL_NELEM(evp_reinit_tests));
5515 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
5516 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
5517 ADD_ALL_TESTS(test_ivlen_change, OSSL_NELEM(ivlen_change_ciphers));
5518 if (OSSL_NELEM(keylen_change_ciphers) - 1 > 0)
5519 ADD_ALL_TESTS(test_keylen_change, OSSL_NELEM(keylen_change_ciphers) - 1);
5520
5521#ifndef OPENSSL_NO_DEPRECATED_3_0
5522 ADD_ALL_TESTS(test_custom_pmeth, 12);
5523 ADD_TEST(test_evp_md_cipher_meth);
5524 ADD_TEST(test_custom_md_meth);
5525 ADD_TEST(test_custom_ciph_meth);
5526
5527# ifndef OPENSSL_NO_DYNAMIC_ENGINE
5528 /* Tests only support the default libctx */
5529 if (testctx == NULL) {
5530# ifndef OPENSSL_NO_EC
5531 ADD_ALL_TESTS(test_signatures_with_engine, 3);
5532# else
5533 ADD_ALL_TESTS(test_signatures_with_engine, 2);
5534# endif
5535 ADD_TEST(test_cipher_with_engine);
5536 }
5537# endif
5538#endif
5539
5540 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
5541
5542#ifndef OPENSSL_NO_EC
5543 ADD_ALL_TESTS(test_ecx_not_private_key, OSSL_NELEM(keys));
5544#endif
5545
5546 /* Test cases for CVE-2023-5363 */
5547 ADD_TEST(test_aes_gcm_ivlen_change_cve_2023_5363);
5548#ifndef OPENSSL_NO_RC4
5549 ADD_TEST(test_aes_rc4_keylen_change_cve_2023_5363);
5550#endif
5551
5552 ADD_TEST(test_invalid_ctx_for_digest);
5553
5554 return 1;
5555}
5556
5557void cleanup_tests(void)
5558{
5559 OSSL_PROVIDER_unload(nullprov);
5560 OSSL_PROVIDER_unload(deflprov);
5561#ifndef OPENSSL_SYS_TANDEM
5562 OSSL_PROVIDER_unload(lgcyprov);
5563#endif
5564 OSSL_LIB_CTX_free(testctx);
5565}
Note: See TracBrowser for help on using the repository browser.

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette