VirtualBox

source: vbox/trunk/src/libs/openssl-3.4.1/test/evp_extra_test.c

Last change on this file was 109052, checked in by vboxsync, 3 weeks ago

openssl-3.4.1: Applied our changes, regenerated files, added missing files and functions. This time with a three way merge. ​bugref:10890
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 205.7 KB
Line 
1/*
2 * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/* We need to use some deprecated APIs */
11#define OPENSSL_SUPPRESS_DEPRECATED
12
13#include <stdio.h>
14#include <stdlib.h>
15#include <string.h>
16#include <openssl/bio.h>
17#include <openssl/conf.h>
18#include <openssl/crypto.h>
19#include <openssl/err.h>
20#include <openssl/evp.h>
21#include <openssl/x509.h>
22#include <openssl/pem.h>
23#include <openssl/kdf.h>
24#include <openssl/provider.h>
25#include <openssl/core_names.h>
26#include <openssl/params.h>
27#include <openssl/param_build.h>
28#include <openssl/dsa.h>
29#include <openssl/dh.h>
30#include <openssl/aes.h>
31#include <openssl/decoder.h>
32#include <openssl/rsa.h>
33#include <openssl/engine.h>
34#include <openssl/proverr.h>
35#include "testutil.h"
36#include "internal/nelem.h"
37#include "internal/sizes.h"
38#include "crypto/evp.h"
39#include "fake_rsaprov.h"
40
41#ifdef STATIC_LEGACY
42OSSL_provider_init_fn ossl_legacy_provider_init;
43#endif
44
45static OSSL_LIB_CTX *testctx = NULL;
46static char *testpropq = NULL;
47
48static OSSL_PROVIDER *nullprov = NULL;
49static OSSL_PROVIDER *deflprov = NULL;
50static OSSL_PROVIDER *lgcyprov = NULL;
51
52/*
53 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
54 * should never use this key anywhere but in an example.
55 */
56static const unsigned char kExampleRSAKeyDER[] = {
57 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
58 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
59 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
60 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
61 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
62 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
63 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
64 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
65 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
66 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
67 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
68 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
69 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
70 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
71 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
72 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
73 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
74 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
75 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
76 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
77 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
78 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
79 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
80 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
81 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
82 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
83 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
84 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
85 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
86 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
87 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
88 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
89 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
90 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
91 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
92 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
93 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
94 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
95 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
96 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
97 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
98 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
99 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
100 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
101 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
102 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
103 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
104 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
105 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
106 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
107 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
108};
109
110/* An invalid key whose prime factors exceed modulus n. */
111static const unsigned char kInvalidRSAKeyDER[] = {
112 0x30, 0x80, 0x02, 0x00, 0x02, 0x02, 0xb6, 0x00, 0x02, 0x02, 0x04, 0x80,
113 0x02, 0x00, 0x02, 0x82, 0x08, 0x01, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00,
114 0x00, 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
115 0x02, 0x00, 0x00, 0x00, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
116 0xff, 0x01, 0x04, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06,
117 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06,
118 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0xaa, 0xaa, 0xaa, 0xaa,
119 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
120 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x2b,
121 0x31, 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
122 0xaa, 0xaa, 0xaa, 0x29, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02, 0x01,
123 0xc8, 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88, 0xee,
124 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
125 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15,
126 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07,
127 0x07, 0x07, 0x07, 0x07, 0x29, 0x0f, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07,
128 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
129 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15,
130 0xec, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
131 0x15, 0xe6, 0x15, 0x15, 0x15, 0x15, 0xff, 0x03, 0x00, 0x0a, 0x00, 0x00,
132 0x00, 0x00, 0x55, 0x15, 0x15, 0x15, 0x15, 0x11, 0x05, 0x15, 0x15, 0x15,
133 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0xf9, 0xf8, 0xf9,
134 0x02, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07, 0x07,
135 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
136 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15,
137 0x00, 0x02, 0x00, 0x6d, 0x61, 0x78, 0x00, 0x02, 0x00, 0x02, 0x15, 0x59,
138 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
139 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
140 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
141 0x59, 0x59, 0x51, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0xa5, 0x59, 0x59,
142 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
143 0x5d, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
144 0x59, 0x59, 0x59, 0x59, 0x59, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15,
145 0x15, 0x15, 0x00, 0x02, 0x01, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02,
146 0x00, 0x22, 0x00, 0x15, 0x15, 0x15, 0xeb, 0xea, 0xea, 0xea, 0xea, 0xea,
147 0xea, 0xf1, 0x15, 0x15, 0x15, 0x15, 0x15, 0x40, 0x55, 0x15, 0x15, 0x15,
148 0x15, 0x15, 0x05, 0x15, 0x15, 0x30, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07,
149 0x00, 0x00, 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
150 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x11, 0x07, 0x07, 0x07, 0x07,
151 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
152 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00,
153 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x29,
154 0x07, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
155 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
156 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
157 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
158 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x59,
159 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
160 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
161 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
162 0x59, 0x59, 0x59, 0x02, 0x02, 0xb6, 0x00, 0x02, 0x02, 0x04, 0x80, 0x02,
163 0x00, 0x02, 0x82, 0x08, 0x01, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00, 0x00,
164 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
165 0x00, 0x00, 0x00, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
166 0x01, 0x04, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06,
167 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06,
168 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
169 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
170 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x2b, 0x31,
171 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
172 0xaa, 0xaa, 0x29, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02, 0x01, 0xc8,
173 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88, 0xee, 0x07,
174 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
175 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00,
176 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07,
177 0x07, 0x07, 0x07, 0x29, 0x0f, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07,
178 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
179 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0xec,
180 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
181 0xe6, 0x15, 0x15, 0x15, 0x15, 0xff, 0x03, 0x00, 0x0a, 0x00, 0x00, 0x00,
182 0x00, 0x55, 0x15, 0x15, 0x15, 0x15, 0x11, 0x05, 0x15, 0x15, 0x15, 0x07,
183 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0xf9, 0xf8, 0xf9, 0x02,
184 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07, 0x07, 0x07,
185 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
186 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00,
187 0x02, 0x00, 0x6d, 0x61, 0x78, 0x00, 0x02, 0x00, 0x02, 0x15, 0x59, 0x59,
188 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
189 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
190 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
191 0x59, 0x51, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0xa5, 0x59, 0x59, 0x59,
192 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x5d,
193 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
194 0x59, 0x59, 0x59, 0x59, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15,
195 0x15, 0x00, 0x02, 0x01, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00,
196 0x22, 0x00, 0x15, 0x15, 0x15, 0xeb, 0xea, 0xea, 0xea, 0xea, 0xea, 0xea,
197 0xf1, 0x15, 0x15, 0x15, 0x15, 0x15, 0x40, 0x55, 0x15, 0x15, 0x15, 0x15,
198 0x15, 0x05, 0x15, 0x15, 0x30, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00,
199 0x00, 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0xff,
200 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x11, 0x07, 0x07, 0x07, 0x07, 0x07,
201 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
202 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02,
203 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x29, 0x07,
204 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
205 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
206 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
207 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
208 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x59, 0x59,
209 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
210 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
211 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
212 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
213 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
214 0x59, 0x59, 0x59, 0x06, 0xce, 0x15, 0x00, 0xfe, 0xf7, 0x52, 0x53, 0x41,
215 0x31, 0x01, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
216 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
217 0xff, 0xff, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
218 0x2b, 0x31, 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
219 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02,
220 0x01, 0xc8, 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88,
221 0xee, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
222 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15,
223 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15,
224 0x07, 0x07, 0x07, 0x07, 0x07, 0x29, 0x07, 0x07, 0x07, 0x4d, 0x00, 0x07,
225 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
226 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15,
227 0x15, 0xec, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
228 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
229 0x15, 0x15, 0x15, 0x55, 0x15, 0x15, 0x15, 0x15, 0x15, 0x05, 0x15, 0x15,
230 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0x07, 0x07,
231 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07,
232 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
233 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15,
234 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15,
235 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59,
236 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x8f,
237 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f,
238 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f,
239 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f,
240 0x8f, 0x8f, 0x8f, 0x8f, 0x59, 0x59, 0x59, 0x00, 0x00, 0x00, 0x00, 0x00,
241 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc1, 0x3d, 0xc1, 0xc1,
242 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1,
243 0xc1, 0xc1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
244 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
245 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x42, 0xa5, 0x02, 0x02, 0x42, 0x02,
246 0x02, 0x51, 0x01, 0x02, 0x02, 0xd2, 0x42, 0x02, 0xe8, 0xe8, 0xe8, 0xe8,
247 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
248 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
249 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
250 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
251 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8,
252 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0x02,
253 0x02, 0x42, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
254 0x21, 0x2b, 0x02, 0x02, 0x02, 0x02, 0x02, 0x21, 0x02, 0x02, 0x32, 0x80,
255 0x02, 0x02, 0x7f, 0x1b, 0x02, 0x00, 0x1f, 0x04, 0xff, 0x80, 0x02, 0x02,
256 0x02, 0x02, 0x42, 0x02, 0x12, 0x02, 0x42, 0x02, 0x79, 0x70, 0x65, 0x36,
257 0x28, 0xc8, 0x02, 0x01, 0x81, 0x08, 0xfe, 0x00, 0xf9, 0x02, 0x42, 0x10,
258 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,
259 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,
260 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,
261 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,
262 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0xa5, 0x02,
263 0x02, 0x42, 0x02, 0x02, 0x51, 0x01, 0x02, 0x02, 0xd2, 0x42, 0x02, 0x02,
264 0x02, 0x42, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
265 0x21, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x32, 0x80, 0x02, 0x02,
266 0x7f, 0x1b, 0x02, 0x00, 0x1f, 0x04, 0xff, 0x80, 0x02, 0x02, 0x02, 0x02,
267 0x42, 0x02, 0x12, 0x02, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
268 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x47,
269 0x4f, 0x53, 0x54, 0x20, 0x52, 0x20, 0x33, 0x34, 0x2e, 0x31, 0x31, 0x2d,
270 0x32, 0x30, 0x31, 0x32, 0x20, 0x77, 0x69, 0x74, 0x68, 0x30, 0x80, 0x60,
271 0x02, 0x82, 0x24, 0x02, 0x02, 0x41, 0x52, 0x49, 0x41, 0x2d, 0x31, 0x32,
272 0x38, 0x2d, 0x43, 0x46, 0x42, 0x38, 0xff, 0xff, 0xff, 0x3a, 0x5b, 0xff,
273 0xff, 0x7f, 0x49, 0x74, 0x84, 0x00, 0x00, 0x70, 0x65, 0x00, 0x00, 0x30,
274 0x80, 0x60, 0x02, 0x82, 0x24, 0x02, 0x02, 0x41, 0x52, 0x49, 0x41, 0x2d,
275 0x31, 0x32, 0x38, 0x2d, 0x43, 0x46, 0x42, 0x38, 0xff, 0xff, 0xff, 0x3a,
276 0x5b, 0xff, 0xff, 0x7f, 0x49, 0x74, 0x84, 0x00, 0x00, 0x70, 0x65, 0x33,
277 0x28, 0xc8, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
278 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x15, 0x15, 0x15,
279 0x15, 0x05, 0x15, 0x95, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00,
280 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
281 0x07, 0x0b, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
282 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
283 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00,
284 0x02, 0x00, 0x25, 0x02, 0x02, 0x22, 0x3a, 0x02, 0x02, 0x02, 0x42, 0x02,
285 0x02, 0x02, 0x02, 0x02, 0x02, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
286 0xe2, 0x80,
287};
288
289/*
290 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
291 * should never use this key anywhere but in an example.
292 */
293#ifndef OPENSSL_NO_DSA
294static const unsigned char kExampleDSAKeyDER[] = {
295 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
296 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
297 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
298 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
299 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
300 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
301 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
302 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
303 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
304 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
305 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
306 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
307 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
308 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
309 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
310 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
311 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
312 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
313 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
314 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
315 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
316 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
317 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
318 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
319 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
320 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
321 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
322 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
323 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
324 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
325 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
326 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
327 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
328 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
329 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
330 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
331 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
332 0x40, 0x48
333};
334#endif
335
336/*
337 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
338 * components are not correct.
339 */
340static const unsigned char kExampleBadRSAKeyDER[] = {
341 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
342 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
343 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
344 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
345 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
346 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
347 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
348 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
349 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
350 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
351 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
352 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
353 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
354 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
355 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
356 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
357 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
358 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
359 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
360 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
361 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
362 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
363 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
364 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
365 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
366 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
367 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
368 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
369 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
370 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
371 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
372 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
373 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
374 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
375 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
376 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
377 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
378 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
379 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
380 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
381 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
382 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
383 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
384 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
385 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
386 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
387 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
388 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
389 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
390 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
391 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
392 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
393 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
394 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
395 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
396 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
397 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
398 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
399 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
400 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
401 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
402 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
403 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
404 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
405 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
406 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
407 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
408 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
409 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
410 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
411 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
412 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
413 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
414 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
415 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
416 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
417 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
418 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
419 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
420 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
421 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
422 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
423 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
424 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
425 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
426 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
427 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
428 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
429 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
430};
431
432/*
433 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All
434 * values are 0.
435 */
436static const unsigned char kExampleBad2RSAKeyDER[] = {
437 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
438 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
439 0x01, 0x00, 0x02, 0x01, 0x00
440};
441
442static const unsigned char kMsg[] = { 1, 2, 3, 4 };
443
444static const unsigned char kSignature[] = {
445 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
446 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
447 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
448 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
449 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
450 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
451 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
452 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
453 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
454 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
455 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
456};
457
458/*
459 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
460 * PrivateKeyInfo.
461 */
462static const unsigned char kExampleRSAKeyPKCS8[] = {
463 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
464 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
465 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
466 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
467 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
468 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
469 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
470 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
471 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
472 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
473 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
474 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
475 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
476 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
477 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
478 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
479 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
480 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
481 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
482 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
483 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
484 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
485 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
486 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
487 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
488 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
489 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
490 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
491 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
492 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
493 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
494 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
495 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
496 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
497 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
498 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
499 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
500 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
501 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
502 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
503 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
504 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
505 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
506 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
507 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
508 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
509 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
510 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
511 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
512 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
513 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
514 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
515 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
516};
517
518#ifndef OPENSSL_NO_EC
519/*
520 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
521 * structure.
522 */
523static const unsigned char kExampleECKeyDER[] = {
524 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
525 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
526 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
527 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
528 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
529 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
530 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
531 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
532 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
533 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
534 0xc1,
535};
536
537/*
538 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
539 * structure. The private key is equal to the order and will fail to import
540 */
541static const unsigned char kExampleBadECKeyDER[] = {
542 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
543 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
544 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
545 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
546 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
547 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
548 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
549 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
550 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
551};
552
553/* prime256v1 */
554static const unsigned char kExampleECPubKeyDER[] = {
555 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
556 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
557 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
558 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
559 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
560 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
561 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
562 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
563};
564
565/*
566 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
567 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
568 */
569static const unsigned char kExampleBadECPubKeyDER[] = {
570 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
571 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
572 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
573 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
574 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
575 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
576 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
577 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
578};
579
580static const unsigned char pExampleECParamDER[] = {
581 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
582};
583
584# ifndef OPENSSL_NO_ECX
585static const unsigned char kExampleED25519KeyDER[] = {
586 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
587 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
588 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
589 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
590};
591
592static const unsigned char kExampleED25519PubKeyDER[] = {
593 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
594 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
595 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
596 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
597};
598
599# ifndef OPENSSL_NO_DEPRECATED_3_0
600static const unsigned char kExampleX25519KeyDER[] = {
601 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
602 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
603 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
604 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
605};
606# endif
607# endif
608#endif
609
610/* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
611#ifndef OPENSSL_NO_DEPRECATED_3_0
612# ifndef OPENSSL_NO_DH
613static const unsigned char kExampleDHKeyDER[] = {
614 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
615 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
616 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
617 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
618 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
619 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
620 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
621 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
622 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
623 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
624 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
625 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
626 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
627 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
628 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
629 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
630 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
631 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
632 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
633 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
634 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
635 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
636 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
637 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
638 0x2e, 0x87, 0x2a, 0x0b, 0x7a
639};
640# endif
641#endif
642
643static const unsigned char kCFBDefaultKey[] = {
644 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
645 0x09, 0xCF, 0x4F, 0x3C
646};
647
648static const unsigned char kGCMDefaultKey[32] = { 0 };
649
650static const unsigned char kGCMResetKey[] = {
651 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
652 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
653 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
654};
655
656static const unsigned char iCFBIV[] = {
657 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
658 0x0C, 0x0D, 0x0E, 0x0F
659};
660
661static const unsigned char iGCMDefaultIV[12] = { 0 };
662
663static const unsigned char iGCMResetIV1[] = {
664 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
665};
666
667static const unsigned char iGCMResetIV2[] = {
668 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
669};
670
671static const unsigned char cfbPlaintext[] = {
672 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
673 0x73, 0x93, 0x17, 0x2A
674};
675static const unsigned char cfbPlaintext_partial[] = {
676 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
677 0x73, 0x93, 0x17, 0x2A, 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
678};
679
680static const unsigned char gcmDefaultPlaintext[16] = { 0 };
681
682static const unsigned char gcmResetPlaintext[] = {
683 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
684 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
685 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
686 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
687 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
688};
689
690static const unsigned char cfbCiphertext[] = {
691 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
692 0xE8, 0x3C, 0xFB, 0x4A
693};
694
695static const unsigned char cfbCiphertext_partial[] = {
696 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
697 0xE8, 0x3C, 0xFB, 0x4A, 0x0D, 0x4A, 0x71, 0x82, 0x90, 0xF0, 0x9A, 0x35
698};
699
700static const unsigned char ofbCiphertext_partial[] = {
701 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
702 0xE8, 0x3C, 0xFB, 0x4A, 0xB2, 0x65, 0x64, 0x38, 0x26, 0xD2, 0xBC, 0x09
703};
704
705static const unsigned char gcmDefaultCiphertext[] = {
706 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
707 0xba, 0xf3, 0x9d, 0x18
708};
709
710static const unsigned char gcmResetCiphertext1[] = {
711 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
712 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
713 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
714 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
715 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
716};
717
718static const unsigned char gcmResetCiphertext2[] = {
719 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
720 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
721 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
722 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
723 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
724};
725
726static const unsigned char gcmAAD[] = {
727 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
728 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
729};
730
731static const unsigned char gcmDefaultTag[] = {
732 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
733 0xd4, 0x8a, 0xb9, 0x19
734};
735
736static const unsigned char gcmResetTag1[] = {
737 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
738 0xfe, 0x2e, 0xa8, 0xf2
739};
740
741static const unsigned char gcmResetTag2[] = {
742 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
743 0xbb, 0x2d, 0x55, 0x1b
744};
745
746typedef struct APK_DATA_st {
747 const unsigned char *kder;
748 size_t size;
749 const char *keytype;
750 int evptype;
751 int check;
752 int pub_check;
753 int param_check;
754 int type; /* 0 for private, 1 for public, 2 for params */
755} APK_DATA;
756
757static APK_DATA keydata[] = {
758 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
759 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
760#ifndef OPENSSL_NO_EC
761 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
762#endif
763};
764
765static APK_DATA keycheckdata[] = {
766 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
767 0},
768 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
769 0, 1, 1, 0},
770 {kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA,
771 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0},
772#ifndef OPENSSL_NO_EC
773 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
774 /* group is also associated in our pub key */
775 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
776 1, 1},
777 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
778 2},
779# ifndef OPENSSL_NO_ECX
780 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
781 EVP_PKEY_ED25519, 1, 1, 1, 0},
782 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
783 EVP_PKEY_ED25519, 0, 1, 1, 1},
784# endif
785#endif
786};
787
788static EVP_PKEY *load_example_key(const char *keytype,
789 const unsigned char *data, size_t data_len)
790{
791 const unsigned char **pdata = &data;
792 EVP_PKEY *pkey = NULL;
793 OSSL_DECODER_CTX *dctx =
794 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
795 testctx, testpropq);
796
797 /* |pkey| will be NULL on error */
798 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
799 OSSL_DECODER_CTX_free(dctx);
800 return pkey;
801}
802
803static EVP_PKEY *load_example_rsa_key(void)
804{
805 return load_example_key("RSA", kExampleRSAKeyDER,
806 sizeof(kExampleRSAKeyDER));
807}
808
809#ifndef OPENSSL_NO_DSA
810static EVP_PKEY *load_example_dsa_key(void)
811{
812 return load_example_key("DSA", kExampleDSAKeyDER,
813 sizeof(kExampleDSAKeyDER));
814}
815#endif
816
817#ifndef OPENSSL_NO_EC
818static EVP_PKEY *load_example_ec_key(void)
819{
820 return load_example_key("EC", kExampleECKeyDER,
821 sizeof(kExampleECKeyDER));
822}
823#endif
824
825#ifndef OPENSSL_NO_DEPRECATED_3_0
826# ifndef OPENSSL_NO_DH
827static EVP_PKEY *load_example_dh_key(void)
828{
829 return load_example_key("DH", kExampleDHKeyDER,
830 sizeof(kExampleDHKeyDER));
831}
832# endif
833
834# ifndef OPENSSL_NO_ECX
835static EVP_PKEY *load_example_ed25519_key(void)
836{
837 return load_example_key("ED25519", kExampleED25519KeyDER,
838 sizeof(kExampleED25519KeyDER));
839}
840
841static EVP_PKEY *load_example_x25519_key(void)
842{
843 return load_example_key("X25519", kExampleX25519KeyDER,
844 sizeof(kExampleX25519KeyDER));
845}
846# endif
847#endif /* OPENSSL_NO_DEPRECATED_3_0 */
848
849static EVP_PKEY *load_example_hmac_key(void)
850{
851 EVP_PKEY *pkey = NULL;
852 unsigned char key[] = {
853 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
854 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
855 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
856 };
857
858 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
859 NULL, key, sizeof(key));
860 if (!TEST_ptr(pkey))
861 return NULL;
862
863 return pkey;
864}
865
866static int test_EVP_set_default_properties(void)
867{
868 OSSL_LIB_CTX *ctx;
869 EVP_MD *md = NULL;
870 int res = 0;
871
872 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
873 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
874 goto err;
875 EVP_MD_free(md);
876 md = NULL;
877
878 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
879 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
880 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
881 goto err;
882 EVP_MD_free(md);
883 md = NULL;
884
885 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
886 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
887 goto err;
888 res = 1;
889err:
890 EVP_MD_free(md);
891 OSSL_LIB_CTX_free(ctx);
892 return res;
893}
894
895#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
896static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
897{
898 EVP_PKEY_CTX *pctx = NULL;
899 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL;
900
901 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
902 goto err;
903 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
904 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
905 params), 0))
906 goto err;
907
908 if (!TEST_ptr(tmp_pkey))
909 goto err;
910
911 pkey = tmp_pkey;
912 tmp_pkey = NULL;
913 err:
914 EVP_PKEY_free(tmp_pkey);
915 EVP_PKEY_CTX_free(pctx);
916 return pkey;
917}
918
919static int test_selection(EVP_PKEY *pkey, int selection)
920{
921 int testresult = 0;
922 int ret;
923 BIO *bio = BIO_new(BIO_s_mem());
924
925 ret = PEM_write_bio_PUBKEY(bio, pkey);
926 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
927 if (!TEST_true(ret))
928 goto err;
929 } else {
930 if (!TEST_false(ret))
931 goto err;
932 }
933 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
934 testctx, NULL);
935 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
936 if (!TEST_true(ret))
937 goto err;
938 } else {
939 if (!TEST_false(ret))
940 goto err;
941 }
942
943 testresult = 1;
944 err:
945 BIO_free(bio);
946
947 return testresult;
948}
949#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
950
951/*
952 * Test combinations of private, public, missing and private + public key
953 * params to ensure they are all accepted
954 */
955#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
956static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
957{
958 OSSL_PARAM_BLD *bld = NULL;
959 OSSL_PARAM *params = NULL;
960 EVP_PKEY *just_params = NULL;
961 EVP_PKEY *params_and_priv = NULL;
962 EVP_PKEY *params_and_pub = NULL;
963 EVP_PKEY *params_and_keypair = NULL;
964 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
965 int ret = 0;
966
967 /*
968 * Setup the parameters for our pkey object. For our purposes they don't
969 * have to actually be *valid* parameters. We just need to set something.
970 */
971 if (!TEST_ptr(p = BN_new())
972 || !TEST_ptr(q = BN_new())
973 || !TEST_ptr(g = BN_new())
974 || !TEST_ptr(pub = BN_new())
975 || !TEST_ptr(priv = BN_new()))
976 goto err;
977
978 /* Test !priv and !pub */
979 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
980 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
981 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
982 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
983 goto err;
984 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
985 || !TEST_ptr(just_params = make_key_fromdata(keytype, params)))
986 goto err;
987
988 OSSL_PARAM_free(params);
989 OSSL_PARAM_BLD_free(bld);
990 params = NULL;
991 bld = NULL;
992
993 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
994 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
995 goto err;
996
997 /* Test priv and !pub */
998 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
999 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1000 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1001 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1002 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1003 priv)))
1004 goto err;
1005 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1006 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params)))
1007 goto err;
1008
1009 OSSL_PARAM_free(params);
1010 OSSL_PARAM_BLD_free(bld);
1011 params = NULL;
1012 bld = NULL;
1013
1014 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
1015 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
1016 goto err;
1017
1018 /* Test !priv and pub */
1019 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1020 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1021 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1022 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1023 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
1024 pub)))
1025 goto err;
1026 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1027 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params)))
1028 goto err;
1029
1030 OSSL_PARAM_free(params);
1031 OSSL_PARAM_BLD_free(bld);
1032 params = NULL;
1033 bld = NULL;
1034
1035 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
1036 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
1037 goto err;
1038
1039 /* Test priv and pub */
1040 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1041 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1042 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1043 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1044 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
1045 pub))
1046 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1047 priv)))
1048 goto err;
1049 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1050 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params)))
1051 goto err;
1052
1053 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
1054 goto err;
1055
1056 ret = 1;
1057 err:
1058 OSSL_PARAM_free(params);
1059 OSSL_PARAM_BLD_free(bld);
1060 EVP_PKEY_free(just_params);
1061 EVP_PKEY_free(params_and_priv);
1062 EVP_PKEY_free(params_and_pub);
1063 EVP_PKEY_free(params_and_keypair);
1064 BN_free(p);
1065 BN_free(q);
1066 BN_free(g);
1067 BN_free(pub);
1068 BN_free(priv);
1069
1070 return ret;
1071}
1072#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
1073
1074/*
1075 * Test combinations of private, public, missing and private + public key
1076 * params to ensure they are all accepted for EC keys
1077 */
1078#ifndef OPENSSL_NO_EC
1079static unsigned char ec_priv[] = {
1080 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
1081 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
1082 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
1083};
1084static unsigned char ec_pub[] = {
1085 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
1086 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
1087 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
1088 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
1089 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
1090 0x08, 0x09, 0xb8, 0xdb, 0x03
1091};
1092
1093static int test_EC_priv_pub(void)
1094{
1095 OSSL_PARAM_BLD *bld = NULL;
1096 OSSL_PARAM *params = NULL;
1097 EVP_PKEY *just_params = NULL;
1098 EVP_PKEY *params_and_priv = NULL;
1099 EVP_PKEY *params_and_pub = NULL;
1100 EVP_PKEY *params_and_keypair = NULL;
1101 BIGNUM *priv = NULL;
1102 int ret = 0;
1103 unsigned char *encoded = NULL;
1104 size_t len = 0;
1105 unsigned char buffer[128];
1106
1107 /*
1108 * Setup the parameters for our pkey object. For our purposes they don't
1109 * have to actually be *valid* parameters. We just need to set something.
1110 */
1111 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1112 goto err;
1113
1114 /* Test !priv and !pub */
1115 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1116 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1117 OSSL_PKEY_PARAM_GROUP_NAME,
1118 "P-256", 0)))
1119 goto err;
1120 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1121 || !TEST_ptr(just_params = make_key_fromdata("EC", params)))
1122 goto err;
1123
1124 OSSL_PARAM_free(params);
1125 OSSL_PARAM_BLD_free(bld);
1126 params = NULL;
1127 bld = NULL;
1128
1129 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
1130 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
1131 goto err;
1132
1133 /* Test priv and !pub */
1134 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1135 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1136 OSSL_PKEY_PARAM_GROUP_NAME,
1137 "P-256", 0))
1138 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1139 priv)))
1140 goto err;
1141 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1142 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params)))
1143 goto err;
1144
1145 OSSL_PARAM_free(params);
1146 OSSL_PARAM_BLD_free(bld);
1147 params = NULL;
1148 bld = NULL;
1149
1150 /*
1151 * We indicate only parameters here, in spite of having built a key that
1152 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
1153 * expected to fail because it does not support exporting a private EC
1154 * key without a corresponding public key
1155 */
1156 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
1157 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
1158 goto err;
1159
1160 /* Test !priv and pub */
1161 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1162 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1163 OSSL_PKEY_PARAM_GROUP_NAME,
1164 "P-256", 0))
1165 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1166 OSSL_PKEY_PARAM_PUB_KEY,
1167 ec_pub, sizeof(ec_pub))))
1168 goto err;
1169 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1170 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params)))
1171 goto err;
1172
1173 OSSL_PARAM_free(params);
1174 OSSL_PARAM_BLD_free(bld);
1175 params = NULL;
1176 bld = NULL;
1177
1178 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
1179 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
1180 goto err;
1181
1182 /* Test priv and pub */
1183 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1184 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1185 OSSL_PKEY_PARAM_GROUP_NAME,
1186 "P-256", 0))
1187 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1188 OSSL_PKEY_PARAM_PUB_KEY,
1189 ec_pub, sizeof(ec_pub)))
1190 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1191 priv)))
1192 goto err;
1193 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1194 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params)))
1195 goto err;
1196
1197 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
1198 goto err;
1199
1200 /* Try key equality */
1201 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0)
1202 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub),
1203 0)
1204 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv),
1205 0)
1206 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair),
1207 0)
1208 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0)
1209 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0)
1210 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0)
1211 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0))
1212 goto err;
1213
1214 /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */
1215 if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0))
1216 goto err;
1217 OPENSSL_free(encoded);
1218 encoded = NULL;
1219 if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) {
1220 OPENSSL_free(encoded);
1221 encoded = NULL;
1222 goto err;
1223 }
1224
1225 /* Positive and negative testcase for EVP_PKEY_get_octet_string_param */
1226 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1227 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1228 buffer, sizeof(buffer), &len), 1)
1229 || !TEST_int_eq(len, 65))
1230 goto err;
1231
1232 len = 0;
1233 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1234 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1235 NULL, 0, &len), 1)
1236 || !TEST_int_eq(len, 65))
1237 goto err;
1238
1239 /* too-short buffer len*/
1240 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1241 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1242 buffer, 10, &len), 0))
1243 goto err;
1244
1245 ret = 1;
1246 err:
1247 OSSL_PARAM_free(params);
1248 OSSL_PARAM_BLD_free(bld);
1249 EVP_PKEY_free(just_params);
1250 EVP_PKEY_free(params_and_priv);
1251 EVP_PKEY_free(params_and_pub);
1252 EVP_PKEY_free(params_and_keypair);
1253 BN_free(priv);
1254
1255 return ret;
1256}
1257
1258/* Also test that we can read the EC PUB affine coordinates */
1259static int test_evp_get_ec_pub(void)
1260{
1261 OSSL_PARAM_BLD *bld = NULL;
1262 OSSL_PARAM *params = NULL;
1263 unsigned char *pad = NULL;
1264 EVP_PKEY *keypair = NULL;
1265 BIGNUM *priv = NULL;
1266 BIGNUM *x = NULL;
1267 BIGNUM *y = NULL;
1268 int ret = 0;
1269
1270 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1271 goto err;
1272
1273 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1274 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1275 OSSL_PKEY_PARAM_GROUP_NAME,
1276 "P-256", 0))
1277 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1278 OSSL_PKEY_PARAM_PUB_KEY,
1279 ec_pub, sizeof(ec_pub)))
1280 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1281 priv)))
1282 goto err;
1283
1284 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1285 || !TEST_ptr(keypair = make_key_fromdata("EC", params)))
1286 goto err;
1287
1288 if (!test_selection(keypair, EVP_PKEY_KEYPAIR))
1289 goto err;
1290
1291 if (!EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_X, &x)
1292 || !EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_Y, &y))
1293 goto err;
1294
1295 if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub))))
1296 goto err;
1297
1298 pad[0] = ec_pub[0];
1299 BN_bn2bin(x, &pad[1]);
1300 BN_bn2bin(y, &pad[33]);
1301 if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0))
1302 goto err;
1303
1304 ret = 1;
1305
1306err:
1307 OSSL_PARAM_free(params);
1308 OSSL_PARAM_BLD_free(bld);
1309 EVP_PKEY_free(keypair);
1310 OPENSSL_free(pad);
1311 BN_free(priv);
1312 BN_free(x);
1313 BN_free(y);
1314 return ret;
1315}
1316
1317/* Test that using a legacy EC key with only a private key in it works */
1318# ifndef OPENSSL_NO_DEPRECATED_3_0
1319static int test_EC_priv_only_legacy(void)
1320{
1321 BIGNUM *priv = NULL;
1322 int ret = 0;
1323 EC_KEY *eckey = NULL;
1324 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
1325 EVP_MD_CTX *ctx = NULL;
1326
1327 /* Create the low level EC_KEY */
1328 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1329 goto err;
1330
1331 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1332 if (!TEST_ptr(eckey))
1333 goto err;
1334
1335 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1336 goto err;
1337
1338 pkey = EVP_PKEY_new();
1339 if (!TEST_ptr(pkey))
1340 goto err;
1341
1342 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1343 goto err;
1344 eckey = NULL;
1345
1346 for (;;) {
1347 ret = 0;
1348 ctx = EVP_MD_CTX_new();
1349 if (!TEST_ptr(ctx))
1350 goto err;
1351
1352 /*
1353 * The EVP_DigestSignInit function should create the key on the
1354 * provider side which is sufficient for this test.
1355 */
1356 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
1357 testpropq, pkey, NULL)))
1358 goto err;
1359 EVP_MD_CTX_free(ctx);
1360 ctx = NULL;
1361
1362 if (dup_pk != NULL)
1363 break;
1364
1365 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
1366 goto err;
1367 /* EVP_PKEY_eq() returns -2 with missing public keys */
1368 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
1369 EVP_PKEY_free(pkey);
1370 pkey = dup_pk;
1371 if (!ret)
1372 goto err;
1373 }
1374 ret = 1;
1375
1376 err:
1377 EVP_MD_CTX_free(ctx);
1378 EVP_PKEY_free(pkey);
1379 EC_KEY_free(eckey);
1380 BN_free(priv);
1381
1382 return ret;
1383}
1384
1385static int test_evp_get_ec_pub_legacy(void)
1386{
1387 OSSL_LIB_CTX *libctx = NULL;
1388 unsigned char *pad = NULL;
1389 EVP_PKEY *pkey = NULL;
1390 EC_KEY *eckey = NULL;
1391 BIGNUM *priv = NULL;
1392 BIGNUM *x = NULL;
1393 BIGNUM *y = NULL;
1394 int ret = 0;
1395
1396 if (!TEST_ptr(libctx = OSSL_LIB_CTX_new()))
1397 goto err;
1398
1399 /* Create the legacy key */
1400 if (!TEST_ptr(eckey = EC_KEY_new_by_curve_name_ex(libctx, NULL,
1401 NID_X9_62_prime256v1)))
1402 goto err;
1403
1404 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1405 goto err;
1406
1407 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1408 goto err;
1409
1410 if (!TEST_ptr(x = BN_bin2bn(&ec_pub[1], 32, NULL)))
1411 goto err;
1412
1413 if (!TEST_ptr(y = BN_bin2bn(&ec_pub[33], 32, NULL)))
1414 goto err;
1415
1416 if (!TEST_true(EC_KEY_set_public_key_affine_coordinates(eckey, x, y)))
1417 goto err;
1418
1419 if (!TEST_ptr(pkey = EVP_PKEY_new()))
1420 goto err;
1421
1422 /* Transfer the legacy key */
1423 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1424 goto err;
1425 eckey = NULL;
1426
1427 if (!TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &x))
1428 || !TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &y)))
1429 goto err;
1430
1431 if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub))))
1432 goto err;
1433
1434 pad[0] = ec_pub[0];
1435 BN_bn2bin(x, &pad[1]);
1436 BN_bn2bin(y, &pad[33]);
1437
1438 if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0))
1439 goto err;
1440
1441 ret = 1;
1442
1443err:
1444 OSSL_LIB_CTX_free(libctx);
1445 EVP_PKEY_free(pkey);
1446 EC_KEY_free(eckey);
1447 OPENSSL_free(pad);
1448 BN_free(priv);
1449 BN_free(x);
1450 BN_free(y);
1451
1452 return ret;
1453}
1454# endif /* OPENSSL_NO_DEPRECATED_3_0 */
1455#endif /* OPENSSL_NO_EC */
1456
1457static int test_EVP_PKEY_sign(int tst)
1458{
1459 int ret = 0;
1460 EVP_PKEY *pkey = NULL;
1461 unsigned char *sig = NULL;
1462 size_t sig_len = 0, shortsig_len = 1;
1463 EVP_PKEY_CTX *ctx = NULL;
1464 unsigned char tbs[] = {
1465 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1466 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1467 };
1468
1469 if (tst == 0) {
1470 if (!TEST_ptr(pkey = load_example_rsa_key()))
1471 goto out;
1472 } else if (tst == 1) {
1473#ifndef OPENSSL_NO_DSA
1474 if (!TEST_ptr(pkey = load_example_dsa_key()))
1475 goto out;
1476#else
1477 ret = 1;
1478 goto out;
1479#endif
1480 } else {
1481#ifndef OPENSSL_NO_EC
1482 if (!TEST_ptr(pkey = load_example_ec_key()))
1483 goto out;
1484#else
1485 ret = 1;
1486 goto out;
1487#endif
1488 }
1489
1490 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1491 if (!TEST_ptr(ctx)
1492 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1493 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1494 sizeof(tbs)), 0))
1495 goto out;
1496 sig = OPENSSL_malloc(sig_len);
1497 if (!TEST_ptr(sig)
1498 /* Test sending a signature buffer that is too short is rejected */
1499 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1500 sizeof(tbs)), 0)
1501 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1502 0)
1503 /* Test the signature round-trips */
1504 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1505 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1506 0))
1507 goto out;
1508
1509 ret = 1;
1510 out:
1511 EVP_PKEY_CTX_free(ctx);
1512 OPENSSL_free(sig);
1513 EVP_PKEY_free(pkey);
1514 return ret;
1515}
1516
1517#ifndef OPENSSL_NO_DEPRECATED_3_0
1518static int test_EVP_PKEY_sign_with_app_method(int tst)
1519{
1520 int ret = 0;
1521 EVP_PKEY *pkey = NULL;
1522 RSA *rsa = NULL;
1523 RSA_METHOD *rsa_meth = NULL;
1524#ifndef OPENSSL_NO_DSA
1525 DSA *dsa = NULL;
1526 DSA_METHOD *dsa_meth = NULL;
1527#endif
1528 unsigned char *sig = NULL;
1529 size_t sig_len = 0, shortsig_len = 1;
1530 EVP_PKEY_CTX *ctx = NULL;
1531 unsigned char tbs[] = {
1532 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1533 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1534 };
1535
1536 if (tst == 0) {
1537 if (!TEST_ptr(pkey = load_example_rsa_key()))
1538 goto out;
1539 if (!TEST_ptr(rsa_meth = RSA_meth_dup(RSA_get_default_method())))
1540 goto out;
1541
1542 if (!TEST_ptr(rsa = EVP_PKEY_get1_RSA(pkey))
1543 || !TEST_int_gt(RSA_set_method(rsa, rsa_meth), 0)
1544 || !TEST_int_gt(EVP_PKEY_assign_RSA(pkey, rsa), 0))
1545 goto out;
1546 rsa = NULL; /* now owned by the pkey */
1547 } else {
1548#ifndef OPENSSL_NO_DSA
1549 if (!TEST_ptr(pkey = load_example_dsa_key()))
1550 goto out;
1551 if (!TEST_ptr(dsa_meth = DSA_meth_dup(DSA_get_default_method())))
1552 goto out;
1553
1554 if (!TEST_ptr(dsa = EVP_PKEY_get1_DSA(pkey))
1555 || !TEST_int_gt(DSA_set_method(dsa, dsa_meth), 0)
1556 || !TEST_int_gt(EVP_PKEY_assign_DSA(pkey, dsa), 0))
1557 goto out;
1558 dsa = NULL; /* now owned by the pkey */
1559#else
1560 ret = 1;
1561 goto out;
1562#endif
1563 }
1564
1565 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1566 if (!TEST_ptr(ctx)
1567 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1568 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1569 sizeof(tbs)), 0))
1570 goto out;
1571 sig = OPENSSL_malloc(sig_len);
1572 if (!TEST_ptr(sig)
1573 /* Test sending a signature buffer that is too short is rejected */
1574 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1575 sizeof(tbs)), 0)
1576 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1577 0)
1578 /* Test the signature round-trips */
1579 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1580 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1581 0))
1582 goto out;
1583
1584 ret = 1;
1585 out:
1586 EVP_PKEY_CTX_free(ctx);
1587 OPENSSL_free(sig);
1588 EVP_PKEY_free(pkey);
1589 RSA_free(rsa);
1590 RSA_meth_free(rsa_meth);
1591#ifndef OPENSSL_NO_DSA
1592 DSA_free(dsa);
1593 DSA_meth_free(dsa_meth);
1594#endif
1595 return ret;
1596}
1597#endif /* !OPENSSL_NO_DEPRECATED_3_0 */
1598
1599/*
1600 * n = 0 => test using legacy cipher
1601 * n = 1 => test using fetched cipher
1602 */
1603static int test_EVP_Enveloped(int n)
1604{
1605 int ret = 0;
1606 EVP_CIPHER_CTX *ctx = NULL;
1607 EVP_PKEY *keypair = NULL;
1608 unsigned char *kek = NULL;
1609 unsigned char iv[EVP_MAX_IV_LENGTH];
1610 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1611 int len, kek_len, ciphertext_len, plaintext_len;
1612 unsigned char ciphertext[32], plaintext[16];
1613 EVP_CIPHER *type = NULL;
1614
1615 if (nullprov != NULL)
1616 return TEST_skip("Test does not support a non-default library context");
1617
1618 if (n == 0)
1619 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1620 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1621 testpropq)))
1622 goto err;
1623
1624 if (!TEST_ptr(keypair = load_example_rsa_key())
1625 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
1626 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1627 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1628 &keypair, 1))
1629 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1630 msg, sizeof(msg)))
1631 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1632 &len)))
1633 goto err;
1634
1635 ciphertext_len += len;
1636
1637 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1638 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1639 ciphertext, ciphertext_len))
1640 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1641 goto err;
1642
1643 plaintext_len += len;
1644 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1645 goto err;
1646
1647 ret = 1;
1648err:
1649 if (n != 0)
1650 EVP_CIPHER_free(type);
1651 OPENSSL_free(kek);
1652 EVP_PKEY_free(keypair);
1653 EVP_CIPHER_CTX_free(ctx);
1654 return ret;
1655}
1656
1657/*
1658 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1659 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1660 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1661 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1662 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1663 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1664 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1665 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1666 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1667 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1668 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1669 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1670 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1671 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1672 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1673 * Test 15-29: Same as above with reinitialization
1674 */
1675static int test_EVP_DigestSignInit(int tst)
1676{
1677 int ret = 0;
1678 EVP_PKEY *pkey = NULL;
1679 unsigned char *sig = NULL, *sig2 = NULL;
1680 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
1681 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1682 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1683 BIO *mdbio = NULL, *membio = NULL;
1684 size_t written;
1685 const EVP_MD *md;
1686 EVP_MD *mdexp = NULL;
1687 int reinit = 0;
1688
1689 if (nullprov != NULL)
1690 return TEST_skip("Test does not support a non-default library context");
1691
1692 if (tst >= 15) {
1693 reinit = 1;
1694 tst -= 15;
1695 }
1696
1697 if (tst >= 6 && tst <= 8) {
1698 membio = BIO_new(BIO_s_mem());
1699 mdbio = BIO_new(BIO_f_md());
1700 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1701 goto out;
1702 BIO_push(mdbio, membio);
1703 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1704 goto out;
1705 } else {
1706 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1707 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1708 goto out;
1709 }
1710
1711 if (tst % 3 == 0) {
1712 if (!TEST_ptr(pkey = load_example_rsa_key()))
1713 goto out;
1714 } else if (tst % 3 == 1) {
1715#ifndef OPENSSL_NO_DSA
1716 if (!TEST_ptr(pkey = load_example_dsa_key()))
1717 goto out;
1718#else
1719 ret = 1;
1720 goto out;
1721#endif
1722 } else {
1723 if (!TEST_ptr(pkey = load_example_hmac_key()))
1724 goto out;
1725 }
1726
1727 if (tst >= 3 && tst <= 5)
1728 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1729 else
1730 md = EVP_sha256();
1731
1732 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1733 goto out;
1734
1735 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
1736 goto out;
1737
1738 if (tst >= 6 && tst <= 8) {
1739 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1740 goto out;
1741 } else if (tst < 6) {
1742 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1743 goto out;
1744 }
1745
1746 if (tst >= 9) {
1747 /* Determine the size of the signature. */
1748 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1749 sizeof(kMsg)))
1750 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1751 goto out;
1752 if (tst <= 11) {
1753 /* Test that supply a short sig buffer fails */
1754 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1755 sizeof(kMsg))))
1756 goto out;
1757 /*
1758 * We end here because once EVP_DigestSign() has failed you should
1759 * not call it again without re-initing the ctx
1760 */
1761 ret = 1;
1762 goto out;
1763 }
1764 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1765 sizeof(kMsg))))
1766 goto out;
1767 } else {
1768 /* Determine the size of the signature. */
1769 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1770 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1771 /*
1772 * Trying to create a signature with a deliberately short
1773 * buffer should fail.
1774 */
1775 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1776 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1777 goto out;
1778 }
1779
1780 /*
1781 * Ensure that the signature round-trips (Verification isn't supported for
1782 * HMAC via EVP_DigestVerify*)
1783 */
1784 if (tst % 3 != 2) {
1785 if (tst >= 6 && tst <= 8) {
1786 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1787 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1788 goto out;
1789 }
1790
1791 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1792 NULL, pkey)))
1793 goto out;
1794
1795 if (tst >= 6 && tst <= 8) {
1796 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1797 goto out;
1798 } else {
1799 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1800 sizeof(kMsg))))
1801 goto out;
1802 }
1803 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1804 goto out;
1805
1806 /* Multiple calls to EVP_DigestVerifyFinal should work */
1807 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1808 goto out;
1809 } else {
1810 /*
1811 * For HMAC a doubled call to DigestSignFinal should produce the same
1812 * value as finalization should not happen.
1813 */
1814 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1815 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1816 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1817 goto out;
1818
1819 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1820 goto out;
1821 }
1822
1823 ret = 1;
1824
1825 out:
1826 BIO_free(membio);
1827 BIO_free(mdbio);
1828 EVP_MD_CTX_free(a_md_ctx);
1829 EVP_MD_CTX_free(a_md_ctx_verify);
1830 EVP_PKEY_free(pkey);
1831 OPENSSL_free(sig);
1832 OPENSSL_free(sig2);
1833 EVP_MD_free(mdexp);
1834
1835 return ret;
1836}
1837
1838static int test_EVP_DigestVerifyInit(void)
1839{
1840 int ret = 0;
1841 EVP_PKEY *pkey = NULL;
1842 EVP_MD_CTX *md_ctx = NULL;
1843
1844 if (nullprov != NULL)
1845 return TEST_skip("Test does not support a non-default library context");
1846
1847 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1848 || !TEST_ptr(pkey = load_example_rsa_key()))
1849 goto out;
1850
1851 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1852 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1853 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1854 sizeof(kSignature)), 0))
1855 goto out;
1856
1857 /* test with reinitialization */
1858 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
1859 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1860 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1861 sizeof(kSignature)), 0))
1862 goto out;
1863 ret = 1;
1864
1865 out:
1866 EVP_MD_CTX_free(md_ctx);
1867 EVP_PKEY_free(pkey);
1868 return ret;
1869}
1870
1871#ifndef OPENSSL_NO_SIPHASH
1872/* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
1873static int test_siphash_digestsign(void)
1874{
1875 unsigned char key[16];
1876 unsigned char buf[8], digest[8];
1877 unsigned char expected[8] = {
1878 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1879 };
1880 EVP_PKEY *pkey = NULL;
1881 EVP_MD_CTX *mdctx = NULL;
1882 EVP_PKEY_CTX *ctx = NULL;
1883 int ret = 0;
1884 size_t len = 8;
1885
1886 if (nullprov != NULL)
1887 return TEST_skip("Test does not support a non-default library context");
1888
1889 memset(buf, 0, 8);
1890 memset(key, 1, 16);
1891 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
1892 key, 16)))
1893 goto out;
1894
1895 if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
1896 goto out;
1897
1898 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
1899 goto out;
1900 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
1901 EVP_PKEY_CTRL_SET_DIGEST_SIZE,
1902 8, NULL), 1))
1903 goto out;
1904 /* reinitialize */
1905 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
1906 goto out;
1907 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
1908 goto out;
1909 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
1910 goto out;
1911 if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
1912 goto out;
1913
1914 ret = 1;
1915 out:
1916 EVP_PKEY_free(pkey);
1917 EVP_MD_CTX_free(mdctx);
1918 return ret;
1919}
1920#endif
1921
1922/*
1923 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1924 */
1925static int test_EVP_Digest(void)
1926{
1927 int ret = 0;
1928 EVP_MD_CTX *md_ctx = NULL;
1929 unsigned char md[EVP_MAX_MD_SIZE];
1930 EVP_MD *sha256 = NULL;
1931 EVP_MD *shake256 = NULL;
1932
1933 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1934 goto out;
1935
1936 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1937 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1938 goto out;
1939
1940 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1941 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1942 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1943 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1944 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1945 goto out;
1946
1947 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1948 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1949 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1950 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1951 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1952 /*
1953 * EVP_DigestInit_ex with NULL type should work on
1954 * pre-initialized context.
1955 */
1956 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1957 goto out;
1958
1959 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1960 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1961 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1962 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1963 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1964 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1965 goto out;
1966 ret = 1;
1967
1968 out:
1969 EVP_MD_CTX_free(md_ctx);
1970 EVP_MD_free(sha256);
1971 EVP_MD_free(shake256);
1972 return ret;
1973}
1974
1975static int test_EVP_md_null(void)
1976{
1977 int ret = 0;
1978 EVP_MD_CTX *md_ctx = NULL;
1979 const EVP_MD *md_null = EVP_md_null();
1980 unsigned char md_value[EVP_MAX_MD_SIZE];
1981 unsigned int md_len = sizeof(md_value);
1982
1983 if (nullprov != NULL)
1984 return TEST_skip("Test does not support a non-default library context");
1985
1986 if (!TEST_ptr(md_null)
1987 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1988 goto out;
1989
1990 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
1991 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
1992 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
1993 goto out;
1994
1995 if (!TEST_uint_eq(md_len, 0))
1996 goto out;
1997
1998 ret = 1;
1999 out:
2000 EVP_MD_CTX_free(md_ctx);
2001 return ret;
2002}
2003
2004static int test_d2i_AutoPrivateKey(int i)
2005{
2006 int ret = 0;
2007 const unsigned char *p;
2008 EVP_PKEY *pkey = NULL;
2009 const APK_DATA *ak = &keydata[i];
2010 const unsigned char *input = ak->kder;
2011 size_t input_len = ak->size;
2012 int expected_id = ak->evptype;
2013
2014 p = input;
2015 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
2016 || !TEST_ptr_eq(p, input + input_len)
2017 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2018 goto done;
2019
2020 ret = 1;
2021
2022 done:
2023 EVP_PKEY_free(pkey);
2024 return ret;
2025}
2026
2027#ifndef OPENSSL_NO_EC
2028
2029static const unsigned char ec_public_sect163k1_validxy[] = {
2030 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
2031 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
2032 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
2033 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
2034 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
2035 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
2036};
2037
2038static const unsigned char ec_public_sect163k1_badx[] = {
2039 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
2040 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
2041 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
2042 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
2043 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
2044 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
2045};
2046
2047static const unsigned char ec_public_sect163k1_bady[] = {
2048 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
2049 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
2050 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
2051 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
2052 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
2053 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
2054};
2055
2056static struct ec_der_pub_keys_st {
2057 const unsigned char *der;
2058 size_t len;
2059 int valid;
2060} ec_der_pub_keys[] = {
2061 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
2062 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
2063 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
2064};
2065
2066/*
2067 * Tests the range of the decoded EC char2 public point.
2068 * See ec_GF2m_simple_oct2point().
2069 */
2070static int test_invalide_ec_char2_pub_range_decode(int id)
2071{
2072 int ret = 0;
2073 EVP_PKEY *pkey;
2074
2075 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
2076 ec_der_pub_keys[id].len);
2077
2078 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
2079 || TEST_ptr_null(pkey);
2080 EVP_PKEY_free(pkey);
2081 return ret;
2082}
2083
2084/* Tests loading a bad key in PKCS8 format */
2085static int test_EVP_PKCS82PKEY(void)
2086{
2087 int ret = 0;
2088 const unsigned char *derp = kExampleBadECKeyDER;
2089 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
2090 EVP_PKEY *pkey = NULL;
2091
2092 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
2093 sizeof(kExampleBadECKeyDER))))
2094 goto done;
2095
2096 if (!TEST_ptr_eq(derp,
2097 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
2098 goto done;
2099
2100 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
2101 goto done;
2102
2103 ret = 1;
2104
2105 done:
2106 PKCS8_PRIV_KEY_INFO_free(p8inf);
2107 EVP_PKEY_free(pkey);
2108
2109 return ret;
2110}
2111
2112#endif
2113static int test_EVP_PKCS82PKEY_wrong_tag(void)
2114{
2115 EVP_PKEY *pkey = NULL;
2116 EVP_PKEY *pkey2 = NULL;
2117 BIO *membio = NULL;
2118 char *membuf = NULL;
2119 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
2120 int ok = 0;
2121
2122 if (testctx != NULL)
2123 /* test not supported with non-default context */
2124 return 1;
2125
2126 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
2127 || !TEST_ptr(pkey = load_example_rsa_key())
2128 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
2129 NULL, 0, NULL, NULL),
2130 0)
2131 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
2132 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
2133 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
2134 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
2135 goto done;
2136 }
2137
2138 ok = 1;
2139 done:
2140 EVP_PKEY_free(pkey);
2141 EVP_PKEY_free(pkey2);
2142 PKCS8_PRIV_KEY_INFO_free(p8inf);
2143 BIO_free_all(membio);
2144 return ok;
2145}
2146
2147/* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
2148static int test_privatekey_to_pkcs8(void)
2149{
2150 EVP_PKEY *pkey = NULL;
2151 BIO *membio = NULL;
2152 char *membuf = NULL;
2153 long membuf_len = 0;
2154 int ok = 0;
2155
2156 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
2157 || !TEST_ptr(pkey = load_example_rsa_key())
2158 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
2159 NULL, 0, NULL, NULL),
2160 0)
2161 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
2162 || !TEST_ptr(membuf)
2163 || !TEST_mem_eq(membuf, (size_t)membuf_len,
2164 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
2165 /*
2166 * We try to write PEM as well, just to see that it doesn't err, but
2167 * assume that the result is correct.
2168 */
2169 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
2170 NULL, 0, NULL, NULL),
2171 0))
2172 goto done;
2173
2174 ok = 1;
2175 done:
2176 EVP_PKEY_free(pkey);
2177 BIO_free_all(membio);
2178 return ok;
2179}
2180
2181#ifndef OPENSSL_NO_EC
2182static const struct {
2183 int encoding;
2184 const char *encoding_name;
2185} ec_encodings[] = {
2186 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
2187 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
2188};
2189
2190static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
2191{
2192 const OSSL_PARAM *p;
2193 const char *enc_name = NULL;
2194 int *enc = arg;
2195 size_t i;
2196
2197 *enc = -1;
2198
2199 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
2200 OSSL_PKEY_PARAM_EC_ENCODING))
2201 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
2202 return 0;
2203
2204 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
2205 if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
2206 *enc = ec_encodings[i].encoding;
2207 break;
2208 }
2209 }
2210
2211 return (*enc != -1);
2212}
2213
2214static int test_EC_keygen_with_enc(int idx)
2215{
2216 EVP_PKEY *params = NULL, *key = NULL;
2217 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
2218 int enc;
2219 int ret = 0;
2220
2221 enc = ec_encodings[idx].encoding;
2222
2223 /* Create key parameters */
2224 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
2225 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
2226 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0)
2227 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0)
2228 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
2229 || !TEST_ptr(params))
2230 goto done;
2231
2232 /* Create key */
2233 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
2234 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2235 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
2236 || !TEST_ptr(key))
2237 goto done;
2238
2239 /* Check that the encoding got all the way into the key */
2240 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
2241 ec_export_get_encoding_cb, &enc))
2242 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
2243 goto done;
2244
2245 ret = 1;
2246 done:
2247 EVP_PKEY_free(key);
2248 EVP_PKEY_free(params);
2249 EVP_PKEY_CTX_free(kctx);
2250 EVP_PKEY_CTX_free(pctx);
2251 return ret;
2252}
2253#endif
2254
2255#if !defined(OPENSSL_NO_SM2)
2256
2257static int test_EVP_SM2_verify(void)
2258{
2259 const char *pubkey =
2260 "-----BEGIN PUBLIC KEY-----\n"
2261 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
2262 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
2263 "-----END PUBLIC KEY-----\n";
2264
2265 const char *msg = "message digest";
2266 const char *id = "[email protected]";
2267
2268 const uint8_t signature[] = {
2269 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
2270 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
2271 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
2272 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
2273 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
2274 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
2275 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
2276 };
2277
2278 int rc = 0;
2279 BIO *bio = NULL;
2280 EVP_PKEY *pkey = NULL;
2281 EVP_MD_CTX *mctx = NULL;
2282 EVP_PKEY_CTX *pctx = NULL;
2283 EVP_MD *sm3 = NULL;
2284
2285 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
2286 if (!TEST_true(bio != NULL))
2287 goto done;
2288
2289 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
2290 if (!TEST_true(pkey != NULL))
2291 goto done;
2292
2293 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
2294 goto done;
2295
2296 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
2297 goto done;
2298
2299 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2300 goto done;
2301
2302 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
2303
2304 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
2305 goto done;
2306
2307 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
2308 goto done;
2309
2310 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
2311 goto done;
2312
2313 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
2314 goto done;
2315
2316 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
2317 goto done;
2318 rc = 1;
2319
2320 done:
2321 BIO_free(bio);
2322 EVP_PKEY_free(pkey);
2323 EVP_PKEY_CTX_free(pctx);
2324 EVP_MD_CTX_free(mctx);
2325 EVP_MD_free(sm3);
2326 return rc;
2327}
2328
2329static int test_EVP_SM2(void)
2330{
2331 int ret = 0;
2332 EVP_PKEY *pkey = NULL;
2333 EVP_PKEY *pkeyparams = NULL;
2334 EVP_PKEY_CTX *pctx = NULL;
2335 EVP_PKEY_CTX *kctx = NULL;
2336 EVP_PKEY_CTX *sctx = NULL;
2337 size_t sig_len = 0;
2338 unsigned char *sig = NULL;
2339 EVP_MD_CTX *md_ctx = NULL;
2340 EVP_MD_CTX *md_ctx_verify = NULL;
2341 EVP_PKEY_CTX *cctx = NULL;
2342 EVP_MD *check_md = NULL;
2343
2344 uint8_t ciphertext[128];
2345 size_t ctext_len = sizeof(ciphertext);
2346
2347 uint8_t plaintext[8];
2348 size_t ptext_len = sizeof(plaintext);
2349
2350 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
2351
2352 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
2353 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
2354 int i;
2355 char mdname[OSSL_MAX_NAME_SIZE];
2356
2357 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
2358 "SM2", testpropq)))
2359 goto done;
2360
2361 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
2362 goto done;
2363
2364 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0))
2365 goto done;
2366
2367 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
2368 goto done;
2369
2370 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2371 pkeyparams, testpropq)))
2372 goto done;
2373
2374 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0))
2375 goto done;
2376
2377 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
2378 goto done;
2379
2380 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
2381 goto done;
2382
2383 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
2384 goto done;
2385
2386 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2387 goto done;
2388
2389 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
2390 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
2391
2392 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
2393 goto done;
2394
2395 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
2396 goto done;
2397
2398 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
2399 goto done;
2400
2401 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
2402 goto done;
2403
2404 /* Determine the size of the signature. */
2405 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
2406 goto done;
2407
2408 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
2409 goto done;
2410
2411 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
2412 goto done;
2413
2414 /* Ensure that the signature round-trips. */
2415
2416 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
2417 pkey)))
2418 goto done;
2419
2420 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
2421 goto done;
2422
2423 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2424 goto done;
2425
2426 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2427 goto done;
2428
2429 /*
2430 * Try verify again with non-matching 0 length id but ensure that it can
2431 * be set on the context and overrides the previous value.
2432 */
2433
2434 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
2435 pkey)))
2436 goto done;
2437
2438 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0))
2439 goto done;
2440
2441 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2442 goto done;
2443
2444 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2445 goto done;
2446
2447 /* now check encryption/decryption */
2448
2449 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2450 mdname, sizeof(mdname));
2451 for (i = 0; i < 2; i++) {
2452 const char *mdnames[] = {
2453#ifndef OPENSSL_NO_SM3
2454 "SM3",
2455#else
2456 NULL,
2457#endif
2458 "SHA2-256" };
2459 EVP_PKEY_CTX_free(cctx);
2460
2461 if (mdnames[i] == NULL)
2462 continue;
2463
2464 sparams[0] =
2465 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2466 (char *)mdnames[i], 0);
2467
2468 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2469 pkey, testpropq)))
2470 goto done;
2471
2472 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
2473 goto done;
2474
2475 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2476 goto done;
2477
2478 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
2479 sizeof(kMsg))))
2480 goto done;
2481
2482 if (!TEST_int_gt(EVP_PKEY_decrypt_init(cctx), 0))
2483 goto done;
2484
2485 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2486 goto done;
2487
2488 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
2489 ctext_len), 0))
2490 goto done;
2491
2492 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
2493 goto done;
2494
2495 /*
2496 * Test we're still using the digest we think we are.
2497 * Because of aliases, the easiest is to fetch the digest and
2498 * check the name with EVP_MD_is_a().
2499 */
2500 EVP_MD_free(check_md);
2501 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
2502 goto done;
2503 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
2504 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
2505 goto done;
2506 }
2507
2508 if (!TEST_true(ptext_len == sizeof(kMsg)))
2509 goto done;
2510
2511 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
2512 goto done;
2513 }
2514
2515 ret = 1;
2516done:
2517 EVP_PKEY_CTX_free(pctx);
2518 EVP_PKEY_CTX_free(kctx);
2519 EVP_PKEY_CTX_free(sctx);
2520 EVP_PKEY_CTX_free(cctx);
2521 EVP_PKEY_free(pkey);
2522 EVP_PKEY_free(pkeyparams);
2523 EVP_MD_CTX_free(md_ctx);
2524 EVP_MD_CTX_free(md_ctx_verify);
2525 EVP_MD_free(check_md);
2526 OPENSSL_free(sig);
2527 return ret;
2528}
2529
2530#endif
2531
2532static struct keys_st {
2533 int type;
2534 char *priv;
2535 char *pub;
2536} keys[] = {
2537 {
2538 EVP_PKEY_HMAC, "0123456789", NULL
2539 },
2540 {
2541 EVP_PKEY_HMAC, "", NULL
2542#ifndef OPENSSL_NO_POLY1305
2543 }, {
2544 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
2545#endif
2546#ifndef OPENSSL_NO_SIPHASH
2547 }, {
2548 EVP_PKEY_SIPHASH, "0123456789012345", NULL
2549#endif
2550 },
2551#ifndef OPENSSL_NO_ECX
2552 {
2553 EVP_PKEY_X25519, "01234567890123456789012345678901",
2554 "abcdefghijklmnopqrstuvwxyzabcdef"
2555 }, {
2556 EVP_PKEY_ED25519, "01234567890123456789012345678901",
2557 "abcdefghijklmnopqrstuvwxyzabcdef"
2558 }, {
2559 EVP_PKEY_X448,
2560 "01234567890123456789012345678901234567890123456789012345",
2561 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2562 }, {
2563 EVP_PKEY_ED448,
2564 "012345678901234567890123456789012345678901234567890123456",
2565 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2566 }
2567#endif
2568};
2569
2570static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
2571{
2572 int ret = 0;
2573 unsigned char buf[80];
2574 unsigned char *in;
2575 size_t inlen, len = 0, shortlen = 1;
2576 EVP_PKEY *pkey;
2577
2578 /* Check if this algorithm supports public keys */
2579 if (pub && keys[tst].pub == NULL)
2580 return 1;
2581
2582 memset(buf, 0, sizeof(buf));
2583
2584 if (pub) {
2585#ifndef OPENSSL_NO_EC
2586 inlen = strlen(keys[tst].pub);
2587 in = (unsigned char *)keys[tst].pub;
2588 if (uselibctx) {
2589 pkey = EVP_PKEY_new_raw_public_key_ex(
2590 testctx,
2591 OBJ_nid2sn(keys[tst].type),
2592 NULL,
2593 in,
2594 inlen);
2595 } else {
2596 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
2597 NULL,
2598 in,
2599 inlen);
2600 }
2601#else
2602 return 1;
2603#endif
2604 } else {
2605 inlen = strlen(keys[tst].priv);
2606 in = (unsigned char *)keys[tst].priv;
2607 if (uselibctx) {
2608 pkey = EVP_PKEY_new_raw_private_key_ex(
2609 testctx, OBJ_nid2sn(keys[tst].type),
2610 NULL,
2611 in,
2612 inlen);
2613 } else {
2614 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
2615 NULL,
2616 in,
2617 inlen);
2618 }
2619 }
2620
2621 if (!TEST_ptr(pkey)
2622 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
2623 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
2624 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
2625 || !TEST_true(len == inlen))
2626 goto done;
2627 if (tst != 1) {
2628 /*
2629 * Test that supplying a buffer that is too small fails. Doesn't apply
2630 * to HMAC with a zero length key
2631 */
2632 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
2633 &shortlen)))
2634 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
2635 &shortlen))))
2636 goto done;
2637 }
2638 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
2639 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
2640 || !TEST_mem_eq(in, inlen, buf, len))
2641 goto done;
2642
2643 ret = 1;
2644 done:
2645 EVP_PKEY_free(pkey);
2646 return ret;
2647}
2648
2649static int test_set_get_raw_keys(int tst)
2650{
2651 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
2652 && test_set_get_raw_keys_int(tst, 0, 1)
2653 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
2654 && test_set_get_raw_keys_int(tst, 1, 1);
2655}
2656
2657#ifndef OPENSSL_NO_DEPRECATED_3_0
2658static int pkey_custom_check(EVP_PKEY *pkey)
2659{
2660 return 0xbeef;
2661}
2662
2663static int pkey_custom_pub_check(EVP_PKEY *pkey)
2664{
2665 return 0xbeef;
2666}
2667
2668static int pkey_custom_param_check(EVP_PKEY *pkey)
2669{
2670 return 0xbeef;
2671}
2672
2673static EVP_PKEY_METHOD *custom_pmeth;
2674#endif
2675
2676static int test_EVP_PKEY_check(int i)
2677{
2678 int ret = 0;
2679 EVP_PKEY *pkey = NULL;
2680 EVP_PKEY_CTX *ctx = NULL;
2681#ifndef OPENSSL_NO_DEPRECATED_3_0
2682 EVP_PKEY_CTX *ctx2 = NULL;
2683#endif
2684 const APK_DATA *ak = &keycheckdata[i];
2685 const unsigned char *input = ak->kder;
2686 size_t input_len = ak->size;
2687 int expected_id = ak->evptype;
2688 int expected_check = ak->check;
2689 int expected_pub_check = ak->pub_check;
2690 int expected_param_check = ak->param_check;
2691 int type = ak->type;
2692
2693 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
2694 goto done;
2695 if (type == 0
2696 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2697 goto done;
2698
2699 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2700 goto done;
2701
2702 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
2703 goto done;
2704
2705 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
2706 goto done;
2707
2708 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
2709 goto done;
2710
2711#ifndef OPENSSL_NO_DEPRECATED_3_0
2712 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
2713 /* assign the pkey directly, as an internal test */
2714 EVP_PKEY_up_ref(pkey);
2715 ctx2->pkey = pkey;
2716
2717 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
2718 goto done;
2719
2720 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
2721 goto done;
2722
2723 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
2724 goto done;
2725#endif
2726
2727 ret = 1;
2728
2729 done:
2730 EVP_PKEY_CTX_free(ctx);
2731#ifndef OPENSSL_NO_DEPRECATED_3_0
2732 EVP_PKEY_CTX_free(ctx2);
2733#endif
2734 EVP_PKEY_free(pkey);
2735 return ret;
2736}
2737
2738#ifndef OPENSSL_NO_CMAC
2739static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
2740{
2741 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
2742 const char msg[] = "Hello World";
2743 size_t maclen = AES_BLOCK_SIZE;
2744 int ret = 1;
2745
2746 if (!TEST_ptr(mdctx)
2747 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
2748 testpropq, pkey, NULL))
2749 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
2750 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
2751 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
2752 ret = 0;
2753
2754 EVP_MD_CTX_free(mdctx);
2755
2756 return ret;
2757}
2758static int test_CMAC_keygen(void)
2759{
2760 static unsigned char key[] = {
2761 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2762 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2763 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2764 };
2765 EVP_PKEY_CTX *kctx = NULL;
2766 int ret = 0;
2767 EVP_PKEY *pkey = NULL;
2768 unsigned char mac[AES_BLOCK_SIZE];
2769# if !defined(OPENSSL_NO_DEPRECATED_3_0)
2770 unsigned char mac2[AES_BLOCK_SIZE];
2771# endif
2772
2773 if (nullprov != NULL)
2774 return TEST_skip("Test does not support a non-default library context");
2775
2776 /*
2777 * This is a legacy method for CMACs, but should still work.
2778 * This verifies that it works without an ENGINE.
2779 */
2780 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2781
2782 /* Test a CMAC key created using the "generated" method */
2783 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2784 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2785 EVP_PKEY_CTRL_CIPHER,
2786 0, (void *)EVP_aes_256_cbc()), 0)
2787 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2788 EVP_PKEY_CTRL_SET_MAC_KEY,
2789 sizeof(key), (void *)key), 0)
2790 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2791 || !TEST_ptr(pkey)
2792 || !TEST_true(get_cmac_val(pkey, mac)))
2793 goto done;
2794
2795# if !defined(OPENSSL_NO_DEPRECATED_3_0)
2796 EVP_PKEY_free(pkey);
2797
2798 /*
2799 * Test a CMAC key using the direct method, and compare with the mac
2800 * created above.
2801 */
2802 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_cbc());
2803 if (!TEST_ptr(pkey)
2804 || !TEST_true(get_cmac_val(pkey, mac2))
2805 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
2806 goto done;
2807# endif
2808
2809 ret = 1;
2810
2811 done:
2812 EVP_PKEY_free(pkey);
2813 EVP_PKEY_CTX_free(kctx);
2814 return ret;
2815}
2816#endif
2817
2818static int test_HKDF(void)
2819{
2820 EVP_PKEY_CTX *pctx;
2821 unsigned char out[20];
2822 size_t outlen;
2823 int i, ret = 0;
2824 unsigned char salt[] = "0123456789";
2825 unsigned char key[] = "012345678901234567890123456789";
2826 unsigned char info[] = "infostring";
2827 const unsigned char expected[] = {
2828 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2829 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2830 };
2831 size_t expectedlen = sizeof(expected);
2832
2833 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2834 goto done;
2835
2836 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2837 for (i = 0; i < 2; i++) {
2838 outlen = sizeof(out);
2839 memset(out, 0, outlen);
2840
2841 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2842 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2843 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2844 sizeof(salt) - 1), 0)
2845 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2846 sizeof(key) - 1), 0)
2847 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2848 sizeof(info) - 1), 0)
2849 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2850 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2851 goto done;
2852 }
2853
2854 ret = 1;
2855
2856 done:
2857 EVP_PKEY_CTX_free(pctx);
2858
2859 return ret;
2860}
2861
2862static int test_emptyikm_HKDF(void)
2863{
2864 EVP_PKEY_CTX *pctx;
2865 unsigned char out[20];
2866 size_t outlen;
2867 int ret = 0;
2868 unsigned char salt[] = "9876543210";
2869 unsigned char key[] = "";
2870 unsigned char info[] = "stringinfo";
2871 const unsigned char expected[] = {
2872 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2873 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2874 };
2875 size_t expectedlen = sizeof(expected);
2876
2877 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2878 goto done;
2879
2880 outlen = sizeof(out);
2881 memset(out, 0, outlen);
2882
2883 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2884 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2885 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2886 sizeof(salt) - 1), 0)
2887 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2888 sizeof(key) - 1), 0)
2889 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2890 sizeof(info) - 1), 0)
2891 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2892 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2893 goto done;
2894
2895 ret = 1;
2896
2897 done:
2898 EVP_PKEY_CTX_free(pctx);
2899
2900 return ret;
2901}
2902
2903static int test_empty_salt_info_HKDF(void)
2904{
2905 EVP_PKEY_CTX *pctx;
2906 unsigned char out[20];
2907 size_t outlen;
2908 int ret = 0;
2909 unsigned char salt[] = "";
2910 unsigned char key[] = "012345678901234567890123456789";
2911 unsigned char info[] = "";
2912 const unsigned char expected[] = {
2913 0x67, 0x12, 0xf9, 0x27, 0x8a, 0x8a, 0x3a, 0x8f, 0x7d, 0x2c, 0xa3, 0x6a,
2914 0xaa, 0xe9, 0xb3, 0xb9, 0x52, 0x5f, 0xe0, 0x06,
2915 };
2916 size_t expectedlen = sizeof(expected);
2917
2918 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2919 goto done;
2920
2921 outlen = sizeof(out);
2922 memset(out, 0, outlen);
2923
2924 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2925 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2926 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2927 sizeof(salt) - 1), 0)
2928 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2929 sizeof(key) - 1), 0)
2930 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2931 sizeof(info) - 1), 0)
2932 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2933 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2934 goto done;
2935
2936 ret = 1;
2937
2938 done:
2939 EVP_PKEY_CTX_free(pctx);
2940
2941 return ret;
2942}
2943
2944#ifndef OPENSSL_NO_EC
2945static int test_X509_PUBKEY_inplace(void)
2946{
2947 int ret = 0;
2948 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
2949 const unsigned char *p = kExampleECPubKeyDER;
2950 size_t input_len = sizeof(kExampleECPubKeyDER);
2951
2952 if (!TEST_ptr(xp))
2953 goto done;
2954 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
2955 goto done;
2956
2957 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2958 goto done;
2959
2960 p = kExampleBadECPubKeyDER;
2961 input_len = sizeof(kExampleBadECPubKeyDER);
2962
2963 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2964 goto done;
2965
2966 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2967 goto done;
2968
2969 ret = 1;
2970
2971 done:
2972 X509_PUBKEY_free(xp);
2973 return ret;
2974}
2975
2976static int test_X509_PUBKEY_dup(void)
2977{
2978 int ret = 0;
2979 X509_PUBKEY *xp = NULL, *xq = NULL;
2980 const unsigned char *p = kExampleECPubKeyDER;
2981 size_t input_len = sizeof(kExampleECPubKeyDER);
2982
2983 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2984 if (!TEST_ptr(xp)
2985 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
2986 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2987 || !TEST_ptr_ne(xp, xq))
2988 goto done;
2989
2990 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2991 || !TEST_ptr(X509_PUBKEY_get0(xp))
2992 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
2993 goto done;
2994
2995 X509_PUBKEY_free(xq);
2996 xq = NULL;
2997 p = kExampleBadECPubKeyDER;
2998 input_len = sizeof(kExampleBadECPubKeyDER);
2999
3000 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
3001 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
3002 goto done;
3003
3004 X509_PUBKEY_free(xp);
3005 xp = NULL;
3006 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
3007 goto done;
3008
3009 ret = 1;
3010
3011 done:
3012 X509_PUBKEY_free(xp);
3013 X509_PUBKEY_free(xq);
3014 return ret;
3015}
3016#endif /* OPENSSL_NO_EC */
3017
3018/* Test getting and setting parameters on an EVP_PKEY_CTX */
3019static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
3020{
3021 EVP_MD_CTX *mdctx = NULL;
3022 EVP_PKEY_CTX *ctx = NULL;
3023 const OSSL_PARAM *params;
3024 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
3025 int ret = 0;
3026 const EVP_MD *md;
3027 char mdname[OSSL_MAX_NAME_SIZE];
3028 char ssl3ms[48];
3029
3030 /* Initialise a sign operation */
3031 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
3032 if (!TEST_ptr(ctx)
3033 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
3034 goto err;
3035
3036 /*
3037 * We should be able to query the parameters now.
3038 */
3039 params = EVP_PKEY_CTX_settable_params(ctx);
3040 if (!TEST_ptr(params)
3041 || !TEST_ptr(OSSL_PARAM_locate_const(params,
3042 OSSL_SIGNATURE_PARAM_DIGEST)))
3043 goto err;
3044
3045 params = EVP_PKEY_CTX_gettable_params(ctx);
3046 if (!TEST_ptr(params)
3047 || !TEST_ptr(OSSL_PARAM_locate_const(params,
3048 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
3049 || !TEST_ptr(OSSL_PARAM_locate_const(params,
3050 OSSL_SIGNATURE_PARAM_DIGEST)))
3051 goto err;
3052
3053 /*
3054 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
3055 * EVP_PKEY_CTX_get_params()
3056 */
3057 strcpy(mdname, "SHA512");
3058 param_md = param;
3059 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
3060 mdname, 0);
3061 *param++ = OSSL_PARAM_construct_end();
3062
3063 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
3064 goto err;
3065
3066 mdname[0] = '\0';
3067 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
3068 mdname, sizeof(mdname));
3069 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
3070 || !TEST_str_eq(mdname, "SHA512"))
3071 goto err;
3072
3073 /*
3074 * Test the TEST_PKEY_CTX_set_signature_md() and
3075 * TEST_PKEY_CTX_get_signature_md() functions
3076 */
3077 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
3078 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
3079 || !TEST_ptr_eq(md, EVP_sha256()))
3080 goto err;
3081
3082 /*
3083 * Test getting MD parameters via an associated EVP_PKEY_CTX
3084 */
3085 mdctx = EVP_MD_CTX_new();
3086 if (!TEST_ptr(mdctx)
3087 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
3088 pkey, NULL)))
3089 goto err;
3090
3091 /*
3092 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
3093 * able to obtain the digest's settable parameters from the provider.
3094 */
3095 params = EVP_MD_CTX_settable_params(mdctx);
3096 if (!TEST_ptr(params)
3097 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
3098 /* The final key should be NULL */
3099 || !TEST_ptr_null(params[1].key))
3100 goto err;
3101
3102 param = ourparams;
3103 memset(ssl3ms, 0, sizeof(ssl3ms));
3104 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
3105 ssl3ms, sizeof(ssl3ms));
3106 *param++ = OSSL_PARAM_construct_end();
3107
3108 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
3109 goto err;
3110
3111 ret = 1;
3112
3113 err:
3114 EVP_MD_CTX_free(mdctx);
3115 EVP_PKEY_CTX_free(ctx);
3116
3117 return ret;
3118}
3119
3120#ifndef OPENSSL_NO_DSA
3121static int test_DSA_get_set_params(void)
3122{
3123 OSSL_PARAM_BLD *bld = NULL;
3124 OSSL_PARAM *params = NULL;
3125 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
3126 EVP_PKEY_CTX *pctx = NULL;
3127 EVP_PKEY *pkey = NULL;
3128 int ret = 0;
3129
3130 /*
3131 * Setup the parameters for our DSA object. For our purposes they don't
3132 * have to actually be *valid* parameters. We just need to set something.
3133 */
3134 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
3135 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
3136 || !TEST_ptr(p = BN_new())
3137 || !TEST_ptr(q = BN_new())
3138 || !TEST_ptr(g = BN_new())
3139 || !TEST_ptr(pub = BN_new())
3140 || !TEST_ptr(priv = BN_new()))
3141 goto err;
3142 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
3143 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
3144 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
3145 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
3146 pub))
3147 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
3148 priv)))
3149 goto err;
3150 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
3151 goto err;
3152
3153 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
3154 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
3155 params), 0))
3156 goto err;
3157
3158 if (!TEST_ptr(pkey))
3159 goto err;
3160
3161 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
3162
3163 err:
3164 EVP_PKEY_free(pkey);
3165 EVP_PKEY_CTX_free(pctx);
3166 OSSL_PARAM_free(params);
3167 OSSL_PARAM_BLD_free(bld);
3168 BN_free(p);
3169 BN_free(q);
3170 BN_free(g);
3171 BN_free(pub);
3172 BN_free(priv);
3173
3174 return ret;
3175}
3176
3177/*
3178 * Test combinations of private, public, missing and private + public key
3179 * params to ensure they are all accepted
3180 */
3181static int test_DSA_priv_pub(void)
3182{
3183 return test_EVP_PKEY_ffc_priv_pub("DSA");
3184}
3185
3186#endif /* !OPENSSL_NO_DSA */
3187
3188static int test_RSA_get_set_params(void)
3189{
3190 OSSL_PARAM_BLD *bld = NULL;
3191 OSSL_PARAM *params = NULL;
3192 BIGNUM *n = NULL, *e = NULL, *d = NULL;
3193 EVP_PKEY_CTX *pctx = NULL;
3194 EVP_PKEY *pkey = NULL;
3195 int ret = 0;
3196
3197 /*
3198 * Setup the parameters for our RSA object. For our purposes they don't
3199 * have to actually be *valid* parameters. We just need to set something.
3200 */
3201 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
3202 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
3203 || !TEST_ptr(n = BN_new())
3204 || !TEST_ptr(e = BN_new())
3205 || !TEST_ptr(d = BN_new()))
3206 goto err;
3207 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
3208 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
3209 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
3210 goto err;
3211 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
3212 goto err;
3213
3214 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
3215 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
3216 params), 0))
3217 goto err;
3218
3219 if (!TEST_ptr(pkey))
3220 goto err;
3221
3222 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
3223
3224 err:
3225 EVP_PKEY_free(pkey);
3226 EVP_PKEY_CTX_free(pctx);
3227 OSSL_PARAM_free(params);
3228 OSSL_PARAM_BLD_free(bld);
3229 BN_free(n);
3230 BN_free(e);
3231 BN_free(d);
3232
3233 return ret;
3234}
3235
3236static int test_RSA_OAEP_set_get_params(void)
3237{
3238 int ret = 0;
3239 EVP_PKEY *key = NULL;
3240 EVP_PKEY_CTX *key_ctx = NULL;
3241
3242 if (nullprov != NULL)
3243 return TEST_skip("Test does not support a non-default library context");
3244
3245 if (!TEST_ptr(key = load_example_rsa_key())
3246 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(0, key, 0)))
3247 goto err;
3248
3249 {
3250 int padding = RSA_PKCS1_OAEP_PADDING;
3251 OSSL_PARAM params[4];
3252
3253 params[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE, &padding);
3254 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
3255 OSSL_DIGEST_NAME_SHA2_256, 0);
3256 params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
3257 OSSL_DIGEST_NAME_SHA1, 0);
3258 params[3] = OSSL_PARAM_construct_end();
3259
3260 if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params),0))
3261 goto err;
3262 }
3263 {
3264 OSSL_PARAM params[3];
3265 char oaepmd[30] = { '\0' };
3266 char mgf1md[30] = { '\0' };
3267
3268 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
3269 oaepmd, sizeof(oaepmd));
3270 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
3271 mgf1md, sizeof(mgf1md));
3272 params[2] = OSSL_PARAM_construct_end();
3273
3274 if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx, params)))
3275 goto err;
3276
3277 if (!TEST_str_eq(oaepmd, OSSL_DIGEST_NAME_SHA2_256)
3278 || !TEST_str_eq(mgf1md, OSSL_DIGEST_NAME_SHA1))
3279 goto err;
3280 }
3281
3282 ret = 1;
3283
3284 err:
3285 EVP_PKEY_free(key);
3286 EVP_PKEY_CTX_free(key_ctx);
3287
3288 return ret;
3289}
3290
3291/* https://github.com/openssl/openssl/issues/21288 */
3292static int test_RSA_OAEP_set_null_label(void)
3293{
3294 int ret = 0;
3295 EVP_PKEY *key = NULL;
3296 EVP_PKEY_CTX *key_ctx = NULL;
3297
3298 if (!TEST_ptr(key = load_example_rsa_key())
3299 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(testctx, key, NULL))
3300 || !TEST_true(EVP_PKEY_encrypt_init(key_ctx)))
3301 goto err;
3302
3303 if (!TEST_true(EVP_PKEY_CTX_set_rsa_padding(key_ctx, RSA_PKCS1_OAEP_PADDING)))
3304 goto err;
3305
3306 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, OPENSSL_strdup("foo"), 0)))
3307 goto err;
3308
3309 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, NULL, 0)))
3310 goto err;
3311
3312 ret = 1;
3313
3314 err:
3315 EVP_PKEY_free(key);
3316 EVP_PKEY_CTX_free(key_ctx);
3317
3318 return ret;
3319}
3320
3321#ifndef OPENSSL_NO_DEPRECATED_3_0
3322static int test_RSA_legacy(void)
3323{
3324 int ret = 0;
3325 BIGNUM *p = NULL;
3326 BIGNUM *q = NULL;
3327 BIGNUM *n = NULL;
3328 BIGNUM *e = NULL;
3329 BIGNUM *d = NULL;
3330 const EVP_MD *md = EVP_sha256();
3331 EVP_MD_CTX *ctx = NULL;
3332 EVP_PKEY *pkey = NULL;
3333 RSA *rsa = NULL;
3334
3335 if (nullprov != NULL)
3336 return TEST_skip("Test does not support a non-default library context");
3337
3338 if (!TEST_ptr(p = BN_dup(BN_value_one()))
3339 || !TEST_ptr(q = BN_dup(BN_value_one()))
3340 || !TEST_ptr(n = BN_dup(BN_value_one()))
3341 || !TEST_ptr(e = BN_dup(BN_value_one()))
3342 || !TEST_ptr(d = BN_dup(BN_value_one())))
3343 goto err;
3344
3345 if (!TEST_ptr(rsa = RSA_new())
3346 || !TEST_ptr(pkey = EVP_PKEY_new())
3347 || !TEST_ptr(ctx = EVP_MD_CTX_new()))
3348 goto err;
3349
3350 if (!TEST_true(RSA_set0_factors(rsa, p, q)))
3351 goto err;
3352 p = NULL;
3353 q = NULL;
3354
3355 if (!TEST_true(RSA_set0_key(rsa, n, e, d)))
3356 goto err;
3357 n = NULL;
3358 e = NULL;
3359 d = NULL;
3360
3361 if (!TEST_true(EVP_PKEY_assign_RSA(pkey, rsa)))
3362 goto err;
3363
3364 rsa = NULL;
3365
3366 if (!TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey)))
3367 goto err;
3368
3369 ret = 1;
3370
3371err:
3372 RSA_free(rsa);
3373 EVP_MD_CTX_free(ctx);
3374 EVP_PKEY_free(pkey);
3375 BN_free(p);
3376 BN_free(q);
3377 BN_free(n);
3378 BN_free(e);
3379 BN_free(d);
3380
3381 return ret;
3382}
3383#endif
3384
3385#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
3386static int test_decrypt_null_chunks(void)
3387{
3388 EVP_CIPHER_CTX* ctx = NULL;
3389 EVP_CIPHER *cipher = NULL;
3390 const unsigned char key[32] = {
3391 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
3392 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
3393 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
3394 };
3395 unsigned char iv[12] = {
3396 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
3397 };
3398 unsigned char msg[] = "It was the best of times, it was the worst of times";
3399 unsigned char ciphertext[80];
3400 unsigned char plaintext[80];
3401 /* We initialise tmp to a non zero value on purpose */
3402 int ctlen, ptlen, tmp = 99;
3403 int ret = 0;
3404 const int enc_offset = 10, dec_offset = 20;
3405
3406 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
3407 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
3408 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
3409 key, iv))
3410 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
3411 enc_offset))
3412 /* Deliberate add a zero length update */
3413 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
3414 0))
3415 || !TEST_int_eq(tmp, 0)
3416 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
3417 msg + enc_offset,
3418 sizeof(msg) - enc_offset))
3419 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
3420 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
3421 || !TEST_int_eq(tmp, 0))
3422 goto err;
3423
3424 /* Deliberately initialise tmp to a non zero value */
3425 tmp = 99;
3426 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
3427 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
3428 dec_offset))
3429 /*
3430 * Deliberately add a zero length update. We also deliberately do
3431 * this at a different offset than for encryption.
3432 */
3433 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
3434 0))
3435 || !TEST_int_eq(tmp, 0)
3436 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
3437 ciphertext + dec_offset,
3438 ctlen - dec_offset))
3439 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
3440 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
3441 || !TEST_int_eq(tmp, 0)
3442 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
3443 goto err;
3444
3445 ret = 1;
3446 err:
3447 EVP_CIPHER_CTX_free(ctx);
3448 EVP_CIPHER_free(cipher);
3449 return ret;
3450}
3451#endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
3452
3453#ifndef OPENSSL_NO_DH
3454/*
3455 * Test combinations of private, public, missing and private + public key
3456 * params to ensure they are all accepted
3457 */
3458static int test_DH_priv_pub(void)
3459{
3460 return test_EVP_PKEY_ffc_priv_pub("DH");
3461}
3462
3463# ifndef OPENSSL_NO_DEPRECATED_3_0
3464static int test_EVP_PKEY_set1_DH(void)
3465{
3466 DH *x942dh = NULL, *noqdh = NULL;
3467 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
3468 int ret = 0;
3469 BIGNUM *p, *g = NULL;
3470 BIGNUM *pubkey = NULL;
3471 unsigned char pub[2048 / 8];
3472 size_t len = 0;
3473
3474 if (!TEST_ptr(p = BN_new())
3475 || !TEST_ptr(g = BN_new())
3476 || !TEST_ptr(pubkey = BN_new())
3477 || !TEST_true(BN_set_word(p, 9999))
3478 || !TEST_true(BN_set_word(g, 2))
3479 || !TEST_true(BN_set_word(pubkey, 4321))
3480 || !TEST_ptr(noqdh = DH_new())
3481 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
3482 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
3483 || !TEST_ptr(pubkey = BN_new())
3484 || !TEST_true(BN_set_word(pubkey, 4321)))
3485 goto err;
3486 p = g = NULL;
3487
3488 x942dh = DH_get_2048_256();
3489 pkey1 = EVP_PKEY_new();
3490 pkey2 = EVP_PKEY_new();
3491 if (!TEST_ptr(x942dh)
3492 || !TEST_ptr(noqdh)
3493 || !TEST_ptr(pkey1)
3494 || !TEST_ptr(pkey2)
3495 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
3496 goto err;
3497 pubkey = NULL;
3498
3499 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
3500 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
3501 goto err;
3502
3503 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
3504 &pubkey))
3505 || !TEST_ptr(pubkey))
3506 goto err;
3507
3508 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
3509 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
3510 goto err;
3511
3512 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
3513 OSSL_PKEY_PARAM_PUB_KEY,
3514 pub, sizeof(pub), &len))
3515 || !TEST_size_t_ne(len, 0))
3516 goto err;
3517
3518 ret = 1;
3519 err:
3520 BN_free(p);
3521 BN_free(g);
3522 BN_free(pubkey);
3523 EVP_PKEY_free(pkey1);
3524 EVP_PKEY_free(pkey2);
3525 DH_free(x942dh);
3526 DH_free(noqdh);
3527
3528 return ret;
3529}
3530# endif /* !OPENSSL_NO_DEPRECATED_3_0 */
3531#endif /* !OPENSSL_NO_DH */
3532
3533/*
3534 * We test what happens with an empty template. For the sake of this test,
3535 * the template must be ignored, and we know that's the case for RSA keys
3536 * (this might arguably be a misfeature, but that's what we currently do,
3537 * even in provider code, since that's how the legacy RSA implementation
3538 * does things)
3539 */
3540static int test_keygen_with_empty_template(int n)
3541{
3542 EVP_PKEY_CTX *ctx = NULL;
3543 EVP_PKEY *pkey = NULL;
3544 EVP_PKEY *tkey = NULL;
3545 int ret = 0;
3546
3547 if (nullprov != NULL)
3548 return TEST_skip("Test does not support a non-default library context");
3549
3550 switch (n) {
3551 case 0:
3552 /* We do test with no template at all as well */
3553 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
3554 goto err;
3555 break;
3556 case 1:
3557 /* Here we create an empty RSA key that serves as our template */
3558 if (!TEST_ptr(tkey = EVP_PKEY_new())
3559 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
3560 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
3561 goto err;
3562 break;
3563 }
3564
3565 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3566 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
3567 goto err;
3568
3569 ret = 1;
3570 err:
3571 EVP_PKEY_CTX_free(ctx);
3572 EVP_PKEY_free(pkey);
3573 EVP_PKEY_free(tkey);
3574 return ret;
3575}
3576
3577/*
3578 * Test that we fail if we attempt to use an algorithm that is not available
3579 * in the current library context (unless we are using an algorithm that
3580 * should be made available via legacy codepaths).
3581 *
3582 * 0: RSA
3583 * 1: SM2
3584 */
3585static int test_pkey_ctx_fail_without_provider(int tst)
3586{
3587 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
3588 OSSL_PROVIDER *tmpnullprov = NULL;
3589 EVP_PKEY_CTX *pctx = NULL;
3590 const char *keytype = NULL;
3591 int expect_null = 0;
3592 int ret = 0;
3593
3594 if (!TEST_ptr(tmpctx))
3595 goto err;
3596
3597 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
3598 if (!TEST_ptr(tmpnullprov))
3599 goto err;
3600
3601 /*
3602 * We check for certain algos in the null provider.
3603 * If an algo is expected to have a provider keymgmt, constructing an
3604 * EVP_PKEY_CTX is expected to fail (return NULL).
3605 * Otherwise, if it's expected to have legacy support, constructing an
3606 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
3607 */
3608 switch (tst) {
3609 case 0:
3610 keytype = "RSA";
3611 expect_null = 1;
3612 break;
3613 case 1:
3614 keytype = "SM2";
3615 expect_null = 1;
3616#ifdef OPENSSL_NO_EC
3617 TEST_info("EC disable, skipping SM2 check...");
3618 goto end;
3619#endif
3620#ifdef OPENSSL_NO_SM2
3621 TEST_info("SM2 disable, skipping SM2 check...");
3622 goto end;
3623#endif
3624 break;
3625 default:
3626 TEST_error("No test for case %d", tst);
3627 goto err;
3628 }
3629
3630 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
3631 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
3632 goto err;
3633
3634#if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
3635 end:
3636#endif
3637 ret = 1;
3638
3639 err:
3640 EVP_PKEY_CTX_free(pctx);
3641 OSSL_PROVIDER_unload(tmpnullprov);
3642 OSSL_LIB_CTX_free(tmpctx);
3643 return ret;
3644}
3645
3646static int test_rand_agglomeration(void)
3647{
3648 EVP_RAND *rand;
3649 EVP_RAND_CTX *ctx;
3650 OSSL_PARAM params[3], *p = params;
3651 int res;
3652 unsigned int step = 7;
3653 static unsigned char seed[] = "It does not matter how slowly you go "
3654 "as long as you do not stop.";
3655 unsigned char out[sizeof(seed)];
3656
3657 if (!TEST_int_ne(sizeof(seed) % step, 0)
3658 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
3659 return 0;
3660 ctx = EVP_RAND_CTX_new(rand, NULL);
3661 EVP_RAND_free(rand);
3662 if (!TEST_ptr(ctx))
3663 return 0;
3664
3665 memset(out, 0, sizeof(out));
3666 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
3667 seed, sizeof(seed));
3668 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
3669 *p = OSSL_PARAM_construct_end();
3670 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
3671 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
3672 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
3673 EVP_RAND_CTX_free(ctx);
3674 return res;
3675}
3676
3677/*
3678 * Test that we correctly return the original or "running" IV after
3679 * an encryption operation.
3680 * Run multiple times for some different relevant algorithms/modes.
3681 */
3682static int test_evp_iv_aes(int idx)
3683{
3684 int ret = 0;
3685 EVP_CIPHER_CTX *ctx = NULL;
3686 unsigned char key[16] = {
3687 0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
3688 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57
3689 };
3690 unsigned char init_iv[EVP_MAX_IV_LENGTH] = {
3691 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
3692 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
3693 };
3694 static const unsigned char msg[] = {
3695 1, 2, 3, 4, 5, 6, 7, 8,
3696 9, 10, 11, 12, 13, 14, 15, 16
3697 };
3698 unsigned char ciphertext[32], oiv[16], iv[16];
3699 unsigned char *ref_iv;
3700 unsigned char cbc_state[16] = {
3701 0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
3702 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e
3703 };
3704
3705 unsigned char ofb_state[16] = {
3706 0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
3707 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd
3708 };
3709 unsigned char cfb_state[16] = {
3710 0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
3711 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed
3712 };
3713 unsigned char gcm_state[12] = {
3714 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3715 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81
3716 };
3717 unsigned char ccm_state[7] = { 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98 };
3718#ifndef OPENSSL_NO_OCB
3719 unsigned char ocb_state[12] = {
3720 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3721 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81
3722 };
3723#endif
3724 int len = sizeof(ciphertext);
3725 size_t ivlen, ref_len;
3726 const EVP_CIPHER *type = NULL;
3727 int iv_reset = 0;
3728
3729 if (nullprov != NULL && idx < 6)
3730 return TEST_skip("Test does not support a non-default library context");
3731
3732 switch (idx) {
3733 case 0:
3734 type = EVP_aes_128_cbc();
3735 /* FALLTHROUGH */
3736 case 6:
3737 type = (type != NULL) ? type :
3738 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
3739 ref_iv = cbc_state;
3740 ref_len = sizeof(cbc_state);
3741 iv_reset = 1;
3742 break;
3743 case 1:
3744 type = EVP_aes_128_ofb();
3745 /* FALLTHROUGH */
3746 case 7:
3747 type = (type != NULL) ? type :
3748 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
3749 ref_iv = ofb_state;
3750 ref_len = sizeof(ofb_state);
3751 iv_reset = 1;
3752 break;
3753 case 2:
3754 type = EVP_aes_128_cfb();
3755 /* FALLTHROUGH */
3756 case 8:
3757 type = (type != NULL) ? type :
3758 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
3759 ref_iv = cfb_state;
3760 ref_len = sizeof(cfb_state);
3761 iv_reset = 1;
3762 break;
3763 case 3:
3764 type = EVP_aes_128_gcm();
3765 /* FALLTHROUGH */
3766 case 9:
3767 type = (type != NULL) ? type :
3768 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
3769 ref_iv = gcm_state;
3770 ref_len = sizeof(gcm_state);
3771 break;
3772 case 4:
3773 type = EVP_aes_128_ccm();
3774 /* FALLTHROUGH */
3775 case 10:
3776 type = (type != NULL) ? type :
3777 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
3778 ref_iv = ccm_state;
3779 ref_len = sizeof(ccm_state);
3780 break;
3781#ifdef OPENSSL_NO_OCB
3782 case 5:
3783 case 11:
3784 return 1;
3785#else
3786 case 5:
3787 type = EVP_aes_128_ocb();
3788 /* FALLTHROUGH */
3789 case 11:
3790 type = (type != NULL) ? type :
3791 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
3792 ref_iv = ocb_state;
3793 ref_len = sizeof(ocb_state);
3794 break;
3795#endif
3796 default:
3797 return 0;
3798 }
3799
3800 if (!TEST_ptr(type)
3801 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3802 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3803 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3804 (int)sizeof(msg)))
3805 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3806 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3807 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3808 goto err;
3809 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3810
3811 if (!TEST_int_gt(ivlen, 0))
3812 goto err;
3813
3814 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3815 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3816 goto err;
3817
3818 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3819 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3820 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3821 goto err;
3822 if (iv_reset) {
3823 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3824 goto err;
3825 } else {
3826 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
3827 goto err;
3828 }
3829
3830 ret = 1;
3831err:
3832 EVP_CIPHER_CTX_free(ctx);
3833 if (idx >= 6)
3834 EVP_CIPHER_free((EVP_CIPHER *)type);
3835 return ret;
3836}
3837
3838#ifndef OPENSSL_NO_DES
3839static int test_evp_iv_des(int idx)
3840{
3841 int ret = 0;
3842 EVP_CIPHER_CTX *ctx = NULL;
3843 static const unsigned char key[24] = {
3844 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3845 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3846 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3847 };
3848 static const unsigned char init_iv[8] = {
3849 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3850 };
3851 static const unsigned char msg[] = {
3852 1, 2, 3, 4, 5, 6, 7, 8,
3853 9, 10, 11, 12, 13, 14, 15, 16
3854 };
3855 unsigned char ciphertext[32], oiv[8], iv[8];
3856 unsigned const char *ref_iv;
3857 static const unsigned char cbc_state_des[8] = {
3858 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3859 };
3860 static const unsigned char cbc_state_3des[8] = {
3861 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3862 };
3863 static const unsigned char ofb_state_des[8] = {
3864 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3865 };
3866 static const unsigned char ofb_state_3des[8] = {
3867 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3868 };
3869 static const unsigned char cfb_state_des[8] = {
3870 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3871 };
3872 static const unsigned char cfb_state_3des[8] = {
3873 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3874 };
3875 int len = sizeof(ciphertext);
3876 size_t ivlen, ref_len;
3877 EVP_CIPHER *type = NULL;
3878
3879 if (lgcyprov == NULL && idx < 3)
3880 return TEST_skip("Test requires legacy provider to be loaded");
3881
3882 switch (idx) {
3883 case 0:
3884 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
3885 ref_iv = cbc_state_des;
3886 ref_len = sizeof(cbc_state_des);
3887 break;
3888 case 1:
3889 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
3890 ref_iv = ofb_state_des;
3891 ref_len = sizeof(ofb_state_des);
3892 break;
3893 case 2:
3894 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
3895 ref_iv = cfb_state_des;
3896 ref_len = sizeof(cfb_state_des);
3897 break;
3898 case 3:
3899 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
3900 ref_iv = cbc_state_3des;
3901 ref_len = sizeof(cbc_state_3des);
3902 break;
3903 case 4:
3904 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
3905 ref_iv = ofb_state_3des;
3906 ref_len = sizeof(ofb_state_3des);
3907 break;
3908 case 5:
3909 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
3910 ref_iv = cfb_state_3des;
3911 ref_len = sizeof(cfb_state_3des);
3912 break;
3913 default:
3914 return 0;
3915 }
3916
3917 if (!TEST_ptr(type)
3918 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3919 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3920 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3921 (int)sizeof(msg)))
3922 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3923 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3924 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3925 goto err;
3926 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3927
3928 if (!TEST_int_gt(ivlen, 0))
3929 goto err;
3930
3931 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3932 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3933 goto err;
3934
3935 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3936 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3937 goto err;
3938 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3939 goto err;
3940
3941 ret = 1;
3942err:
3943 EVP_CIPHER_CTX_free(ctx);
3944 EVP_CIPHER_free(type);
3945 return ret;
3946}
3947#endif
3948
3949#ifndef OPENSSL_NO_BF
3950static int test_evp_bf_default_keylen(int idx)
3951{
3952 int ret = 0;
3953 static const char *algos[4] = {
3954 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb"
3955 };
3956 int ivlen[4] = { 0, 8, 8, 8 };
3957 EVP_CIPHER *cipher = NULL;
3958
3959 if (lgcyprov == NULL)
3960 return TEST_skip("Test requires legacy provider to be loaded");
3961
3962 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq))
3963 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16)
3964 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx]))
3965 goto err;
3966
3967 ret = 1;
3968err:
3969 EVP_CIPHER_free(cipher);
3970 return ret;
3971}
3972#endif
3973
3974#ifndef OPENSSL_NO_EC
3975static int ecpub_nids[] = {
3976 NID_brainpoolP256r1, NID_X9_62_prime256v1,
3977 NID_secp384r1, NID_secp521r1,
3978# ifndef OPENSSL_NO_EC2M
3979 NID_sect233k1, NID_sect233r1, NID_sect283r1,
3980 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
3981# endif
3982 NID_brainpoolP384r1, NID_brainpoolP512r1
3983};
3984
3985static int test_ecpub(int idx)
3986{
3987 int ret = 0, len, savelen;
3988 int nid;
3989 unsigned char buf[1024];
3990 unsigned char *p;
3991 EVP_PKEY *pkey = NULL;
3992 EVP_PKEY_CTX *ctx = NULL;
3993# ifndef OPENSSL_NO_DEPRECATED_3_0
3994 const unsigned char *q;
3995 EVP_PKEY *pkey2 = NULL;
3996 EC_KEY *ec = NULL;
3997# endif
3998
3999 if (nullprov != NULL)
4000 return TEST_skip("Test does not support a non-default library context");
4001
4002 nid = ecpub_nids[idx];
4003
4004 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4005 if (!TEST_ptr(ctx)
4006 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
4007 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0)
4008 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
4009 goto done;
4010 len = i2d_PublicKey(pkey, NULL);
4011 savelen = len;
4012 if (!TEST_int_ge(len, 1)
4013 || !TEST_int_lt(len, 1024))
4014 goto done;
4015 p = buf;
4016 len = i2d_PublicKey(pkey, &p);
4017 if (!TEST_int_ge(len, 1)
4018 || !TEST_int_eq(len, savelen))
4019 goto done;
4020
4021# ifndef OPENSSL_NO_DEPRECATED_3_0
4022 /* Now try to decode the just-created DER. */
4023 q = buf;
4024 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
4025 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
4026 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
4027 goto done;
4028 /* EC_KEY ownership transferred */
4029 ec = NULL;
4030 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
4031 goto done;
4032 /* The keys should match. */
4033 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
4034 goto done;
4035# endif
4036
4037 ret = 1;
4038
4039 done:
4040 EVP_PKEY_CTX_free(ctx);
4041 EVP_PKEY_free(pkey);
4042# ifndef OPENSSL_NO_DEPRECATED_3_0
4043 EVP_PKEY_free(pkey2);
4044 EC_KEY_free(ec);
4045# endif
4046 return ret;
4047}
4048#endif
4049
4050static int test_EVP_rsa_pss_with_keygen_bits(void)
4051{
4052 int ret = 0;
4053 EVP_PKEY_CTX *ctx = NULL;
4054 EVP_PKEY *pkey = NULL;
4055 EVP_MD *md;
4056
4057 md = EVP_MD_fetch(testctx, "sha256", testpropq);
4058 ret = TEST_ptr(md)
4059 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq)))
4060 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
4061 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
4062 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0)
4063 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
4064
4065 EVP_MD_free(md);
4066 EVP_PKEY_free(pkey);
4067 EVP_PKEY_CTX_free(ctx);
4068 return ret;
4069}
4070
4071static int test_EVP_rsa_pss_set_saltlen(void)
4072{
4073 int ret = 0;
4074 EVP_PKEY *pkey = NULL;
4075 EVP_PKEY_CTX *pkey_ctx = NULL;
4076 EVP_MD *sha256 = NULL;
4077 EVP_MD_CTX *sha256_ctx = NULL;
4078 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
4079 const int test_value = 32;
4080
4081 ret = TEST_ptr(pkey = load_example_rsa_key())
4082 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
4083 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
4084 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
4085 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
4086 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0)
4087 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0)
4088 && TEST_int_eq(saltlen, test_value);
4089
4090 EVP_MD_CTX_free(sha256_ctx);
4091 EVP_PKEY_free(pkey);
4092 EVP_MD_free(sha256);
4093
4094 return ret;
4095}
4096
4097static int test_EVP_rsa_invalid_key(void)
4098{
4099 int ret = 0;
4100 EVP_PKEY *pkey = NULL;
4101
4102 pkey = load_example_key("RSA", kInvalidRSAKeyDER, sizeof(kInvalidRSAKeyDER));
4103 /* we expect to fail to load bogus key */
4104 ret = !TEST_ptr(pkey);
4105 EVP_PKEY_free(pkey);
4106
4107 return ret;
4108}
4109
4110static int success = 1;
4111static void md_names(const char *name, void *vctx)
4112{
4113 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
4114 /* Force a namemap update */
4115 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
4116
4117 if (!TEST_ptr(aes128))
4118 success = 0;
4119
4120 EVP_CIPHER_free(aes128);
4121}
4122
4123/*
4124 * Test that changing the namemap in a user callback works in a names_do_all
4125 * function.
4126 */
4127static int test_names_do_all(void)
4128{
4129 /* We use a custom libctx so that we know the state of the namemap */
4130 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
4131 EVP_MD *sha256 = NULL;
4132 int testresult = 0;
4133
4134 if (!TEST_ptr(ctx))
4135 goto err;
4136
4137 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
4138 if (!TEST_ptr(sha256))
4139 goto err;
4140
4141 /*
4142 * We loop through all the names for a given digest. This should still work
4143 * even if the namemap changes part way through.
4144 */
4145 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
4146 goto err;
4147
4148 if (!TEST_true(success))
4149 goto err;
4150
4151 testresult = 1;
4152 err:
4153 EVP_MD_free(sha256);
4154 OSSL_LIB_CTX_free(ctx);
4155 return testresult;
4156}
4157
4158typedef struct {
4159 const char *cipher;
4160 const unsigned char *key;
4161 const unsigned char *iv;
4162 const unsigned char *input;
4163 const unsigned char *expected;
4164 const unsigned char *tag;
4165 size_t ivlen; /* 0 if we do not need to set a specific IV len */
4166 size_t inlen;
4167 size_t expectedlen;
4168 size_t taglen;
4169 int keyfirst;
4170 int initenc;
4171 int finalenc;
4172} EVP_INIT_TEST_st;
4173
4174static const EVP_INIT_TEST_st evp_init_tests[] = {
4175 {
4176 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
4177 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
4178 0, 1, 0, 1
4179 },
4180 {
4181 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
4182 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
4183 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
4184 sizeof(gcmDefaultTag), 1, 0, 1
4185 },
4186 {
4187 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
4188 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
4189 0, 0, 0, 1
4190 },
4191 {
4192 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
4193 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
4194 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
4195 sizeof(gcmDefaultTag), 0, 0, 1
4196 },
4197 {
4198 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
4199 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
4200 0, 1, 1, 0
4201 },
4202 {
4203 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
4204 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
4205 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
4206 sizeof(gcmDefaultTag), 1, 1, 0
4207 },
4208 {
4209 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
4210 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
4211 0, 0, 1, 0
4212 },
4213 {
4214 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
4215 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
4216 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
4217 sizeof(gcmDefaultTag), 0, 1, 0
4218 }
4219};
4220
4221/* use same key, iv and plaintext for cfb and ofb */
4222static const EVP_INIT_TEST_st evp_reinit_tests[] = {
4223 {
4224 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial,
4225 cfbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial),
4226 sizeof(cfbCiphertext_partial), 0, 0, 1, 0
4227 },
4228 {
4229 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext_partial,
4230 cfbPlaintext_partial, NULL, 0, sizeof(cfbCiphertext_partial),
4231 sizeof(cfbPlaintext_partial), 0, 0, 0, 0
4232 },
4233 {
4234 "aes-128-ofb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial,
4235 ofbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial),
4236 sizeof(ofbCiphertext_partial), 0, 0, 1, 0
4237 },
4238 {
4239 "aes-128-ofb", kCFBDefaultKey, iCFBIV, ofbCiphertext_partial,
4240 cfbPlaintext_partial, NULL, 0, sizeof(ofbCiphertext_partial),
4241 sizeof(cfbPlaintext_partial), 0, 0, 0, 0
4242 },
4243};
4244
4245static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
4246{
4247 int res = 0;
4248
4249 if (t->ivlen != 0) {
4250 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0))
4251 goto err;
4252 }
4253 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
4254 goto err;
4255 res = 1;
4256 err:
4257 return res;
4258}
4259
4260/*
4261 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
4262 * arguments are given one at a time and a final adjustment to the enc
4263 * parameter sets the correct operation.
4264 */
4265static int test_evp_init_seq(int idx)
4266{
4267 int outlen1, outlen2;
4268 int testresult = 0;
4269 unsigned char outbuf[1024];
4270 unsigned char tag[16];
4271 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
4272 EVP_CIPHER_CTX *ctx = NULL;
4273 EVP_CIPHER *type = NULL;
4274 size_t taglen = sizeof(tag);
4275 char *errmsg = NULL;
4276
4277 ctx = EVP_CIPHER_CTX_new();
4278 if (ctx == NULL) {
4279 errmsg = "CTX_ALLOC";
4280 goto err;
4281 }
4282 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
4283 errmsg = "CIPHER_FETCH";
4284 goto err;
4285 }
4286 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
4287 errmsg = "EMPTY_ENC_INIT";
4288 goto err;
4289 }
4290 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
4291 errmsg = "PADDING";
4292 goto err;
4293 }
4294 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
4295 errmsg = "KEY_INIT (before iv)";
4296 goto err;
4297 }
4298 if (!evp_init_seq_set_iv(ctx, t)) {
4299 errmsg = "IV_INIT";
4300 goto err;
4301 }
4302 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
4303 errmsg = "KEY_INIT (after iv)";
4304 goto err;
4305 }
4306 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
4307 errmsg = "FINAL_ENC_INIT";
4308 goto err;
4309 }
4310 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
4311 errmsg = "CIPHER_UPDATE";
4312 goto err;
4313 }
4314 if (t->finalenc == 0 && t->tag != NULL) {
4315 /* Set expected tag */
4316 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
4317 t->taglen, (void *)t->tag), 0)) {
4318 errmsg = "SET_TAG";
4319 goto err;
4320 }
4321 }
4322 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4323 errmsg = "CIPHER_FINAL";
4324 goto err;
4325 }
4326 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
4327 errmsg = "WRONG_RESULT";
4328 goto err;
4329 }
4330 if (t->finalenc != 0 && t->tag != NULL) {
4331 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4332 errmsg = "GET_TAG";
4333 goto err;
4334 }
4335 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
4336 errmsg = "TAG_ERROR";
4337 goto err;
4338 }
4339 }
4340 testresult = 1;
4341 err:
4342 if (errmsg != NULL)
4343 TEST_info("evp_init_test %d: %s", idx, errmsg);
4344 EVP_CIPHER_CTX_free(ctx);
4345 EVP_CIPHER_free(type);
4346 return testresult;
4347}
4348
4349/*
4350 * Test re-initialization of cipher context without changing key or iv.
4351 * The result of both iteration should be the same.
4352 */
4353static int test_evp_reinit_seq(int idx)
4354{
4355 int outlen1, outlen2, outlen_final;
4356 int testresult = 0;
4357 unsigned char outbuf1[1024];
4358 unsigned char outbuf2[1024];
4359 const EVP_INIT_TEST_st *t = &evp_reinit_tests[idx];
4360 EVP_CIPHER_CTX *ctx = NULL;
4361 EVP_CIPHER *type = NULL;
4362
4363 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4364 || !TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))
4365 /* setup cipher context */
4366 || !TEST_true(EVP_CipherInit_ex2(ctx, type, t->key, t->iv, t->initenc, NULL))
4367 /* first iteration */
4368 || !TEST_true(EVP_CipherUpdate(ctx, outbuf1, &outlen1, t->input, t->inlen))
4369 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf1, &outlen_final))
4370 /* check test results iteration 1 */
4371 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf1, outlen1 + outlen_final)
4372 /* now re-init the context (same cipher, key and iv) */
4373 || !TEST_true(EVP_CipherInit_ex2(ctx, NULL, NULL, NULL, -1, NULL))
4374 /* second iteration */
4375 || !TEST_true(EVP_CipherUpdate(ctx, outbuf2, &outlen2, t->input, t->inlen))
4376 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf2, &outlen_final))
4377 /* check test results iteration 2 */
4378 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf2, outlen2 + outlen_final))
4379 goto err;
4380 testresult = 1;
4381 err:
4382 EVP_CIPHER_CTX_free(ctx);
4383 EVP_CIPHER_free(type);
4384 return testresult;
4385}
4386
4387typedef struct {
4388 const unsigned char *input;
4389 const unsigned char *expected;
4390 size_t inlen;
4391 size_t expectedlen;
4392 int enc;
4393} EVP_RESET_TEST_st;
4394
4395static const EVP_RESET_TEST_st evp_reset_tests[] = {
4396 {
4397 cfbPlaintext, cfbCiphertext,
4398 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
4399 },
4400 {
4401 cfbCiphertext, cfbPlaintext,
4402 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
4403 }
4404};
4405
4406/*
4407 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
4408 * been used.
4409 */
4410static int test_evp_reset(int idx)
4411{
4412 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
4413 int outlen1, outlen2;
4414 int testresult = 0;
4415 unsigned char outbuf[1024];
4416 EVP_CIPHER_CTX *ctx = NULL;
4417 EVP_CIPHER *type = NULL;
4418 char *errmsg = NULL;
4419
4420 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
4421 errmsg = "CTX_ALLOC";
4422 goto err;
4423 }
4424 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
4425 errmsg = "CIPHER_FETCH";
4426 goto err;
4427 }
4428 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
4429 errmsg = "CIPHER_INIT";
4430 goto err;
4431 }
4432 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
4433 errmsg = "PADDING";
4434 goto err;
4435 }
4436 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
4437 errmsg = "CIPHER_UPDATE";
4438 goto err;
4439 }
4440 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4441 errmsg = "CIPHER_FINAL";
4442 goto err;
4443 }
4444 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
4445 errmsg = "WRONG_RESULT";
4446 goto err;
4447 }
4448 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
4449 errmsg = "CIPHER_REINIT";
4450 goto err;
4451 }
4452 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
4453 errmsg = "CIPHER_UPDATE (reinit)";
4454 goto err;
4455 }
4456 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4457 errmsg = "CIPHER_FINAL (reinit)";
4458 goto err;
4459 }
4460 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
4461 errmsg = "WRONG_RESULT (reinit)";
4462 goto err;
4463 }
4464 testresult = 1;
4465 err:
4466 if (errmsg != NULL)
4467 TEST_info("test_evp_reset %d: %s", idx, errmsg);
4468 EVP_CIPHER_CTX_free(ctx);
4469 EVP_CIPHER_free(type);
4470 return testresult;
4471}
4472
4473typedef struct {
4474 const char *cipher;
4475 int enc;
4476} EVP_UPDATED_IV_TEST_st;
4477
4478static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
4479 {
4480 "aes-128-cfb", 1
4481 },
4482 {
4483 "aes-128-cfb", 0
4484 },
4485 {
4486 "aes-128-cfb1", 1
4487 },
4488 {
4489 "aes-128-cfb1", 0
4490 },
4491 {
4492 "aes-128-cfb8", 1
4493 },
4494 {
4495 "aes-128-cfb8", 0
4496 },
4497 {
4498 "aes-128-ofb", 1
4499 },
4500 {
4501 "aes-128-ofb", 0
4502 },
4503 {
4504 "aes-128-ctr", 1
4505 },
4506 {
4507 "aes-128-ctr", 0
4508 },
4509 {
4510 "aes-128-cbc", 1
4511 },
4512 {
4513 "aes-128-cbc", 0
4514 }
4515};
4516
4517/*
4518 * Test that the IV in the context is updated during a crypto operation for CFB
4519 * and OFB.
4520 */
4521static int test_evp_updated_iv(int idx)
4522{
4523 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
4524 int outlen1, outlen2;
4525 int testresult = 0;
4526 unsigned char outbuf[1024];
4527 EVP_CIPHER_CTX *ctx = NULL;
4528 EVP_CIPHER *type = NULL;
4529 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
4530 int iv_len;
4531 char *errmsg = NULL;
4532
4533 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
4534 errmsg = "CTX_ALLOC";
4535 goto err;
4536 }
4537 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
4538 TEST_info("cipher %s not supported, skipping", t->cipher);
4539 goto ok;
4540 }
4541
4542 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
4543 errmsg = "CIPHER_INIT";
4544 goto err;
4545 }
4546 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
4547 errmsg = "PADDING";
4548 goto err;
4549 }
4550 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
4551 errmsg = "CIPHER_UPDATE";
4552 goto err;
4553 }
4554 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
4555 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
4556 goto err;
4557 }
4558 iv_len = EVP_CIPHER_CTX_get_iv_length(ctx);
4559 if (!TEST_int_ge(iv_len,0)) {
4560 errmsg = "CIPHER_CTX_GET_IV_LEN";
4561 goto err;
4562 }
4563 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
4564 errmsg = "IV_NOT_UPDATED";
4565 goto err;
4566 }
4567 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4568 errmsg = "CIPHER_FINAL";
4569 goto err;
4570 }
4571 ok:
4572 testresult = 1;
4573 err:
4574 if (errmsg != NULL)
4575 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
4576 EVP_CIPHER_CTX_free(ctx);
4577 EVP_CIPHER_free(type);
4578 return testresult;
4579}
4580
4581typedef struct {
4582 const unsigned char *iv1;
4583 const unsigned char *iv2;
4584 const unsigned char *expected1;
4585 const unsigned char *expected2;
4586 const unsigned char *tag1;
4587 const unsigned char *tag2;
4588 size_t ivlen1;
4589 size_t ivlen2;
4590 size_t expectedlen1;
4591 size_t expectedlen2;
4592} TEST_GCM_IV_REINIT_st;
4593
4594static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
4595 {
4596 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
4597 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
4598 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
4599 },
4600 {
4601 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
4602 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
4603 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
4604 }
4605};
4606
4607static int test_gcm_reinit(int idx)
4608{
4609 int outlen1, outlen2, outlen3;
4610 int testresult = 0;
4611 unsigned char outbuf[1024];
4612 unsigned char tag[16];
4613 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
4614 EVP_CIPHER_CTX *ctx = NULL;
4615 EVP_CIPHER *type = NULL;
4616 size_t taglen = sizeof(tag);
4617 char *errmsg = NULL;
4618
4619 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
4620 errmsg = "CTX_ALLOC";
4621 goto err;
4622 }
4623 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
4624 errmsg = "CIPHER_FETCH";
4625 goto err;
4626 }
4627 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
4628 errmsg = "ENC_INIT";
4629 goto err;
4630 }
4631 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) {
4632 errmsg = "SET_IVLEN1";
4633 goto err;
4634 }
4635 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
4636 errmsg = "SET_IV1";
4637 goto err;
4638 }
4639 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
4640 errmsg = "AAD1";
4641 goto err;
4642 }
4643 EVP_CIPHER_CTX_set_padding(ctx, 0);
4644 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
4645 sizeof(gcmResetPlaintext)))) {
4646 errmsg = "CIPHER_UPDATE1";
4647 goto err;
4648 }
4649 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4650 errmsg = "CIPHER_FINAL1";
4651 goto err;
4652 }
4653 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
4654 errmsg = "WRONG_RESULT1";
4655 goto err;
4656 }
4657 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4658 errmsg = "GET_TAG1";
4659 goto err;
4660 }
4661 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
4662 errmsg = "TAG_ERROR1";
4663 goto err;
4664 }
4665 /* Now reinit */
4666 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) {
4667 errmsg = "SET_IVLEN2";
4668 goto err;
4669 }
4670 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
4671 errmsg = "SET_IV2";
4672 goto err;
4673 }
4674 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
4675 errmsg = "AAD2";
4676 goto err;
4677 }
4678 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
4679 sizeof(gcmResetPlaintext)))) {
4680 errmsg = "CIPHER_UPDATE2";
4681 goto err;
4682 }
4683 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4684 errmsg = "CIPHER_FINAL2";
4685 goto err;
4686 }
4687 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
4688 errmsg = "WRONG_RESULT2";
4689 goto err;
4690 }
4691 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4692 errmsg = "GET_TAG2";
4693 goto err;
4694 }
4695 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
4696 errmsg = "TAG_ERROR2";
4697 goto err;
4698 }
4699 testresult = 1;
4700 err:
4701 if (errmsg != NULL)
4702 TEST_info("evp_init_test %d: %s", idx, errmsg);
4703 EVP_CIPHER_CTX_free(ctx);
4704 EVP_CIPHER_free(type);
4705 return testresult;
4706}
4707
4708static const char *ivlen_change_ciphers[] = {
4709 "AES-256-GCM",
4710#ifndef OPENSSL_NO_OCB
4711 "AES-256-OCB",
4712#endif
4713 "AES-256-CCM"
4714};
4715
4716/* Negative test for ivlen change after iv being set */
4717static int test_ivlen_change(int idx)
4718{
4719 int outlen;
4720 int res = 0;
4721 unsigned char outbuf[1024];
4722 static const unsigned char iv[] = {
4723 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
4724 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
4725 };
4726 EVP_CIPHER_CTX *ctx = NULL;
4727 EVP_CIPHER *ciph = NULL;
4728 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
4729 size_t ivlen = 13; /* non-default IV length */
4730
4731 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
4732 goto err;
4733
4734 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, ivlen_change_ciphers[idx],
4735 testpropq)))
4736 goto err;
4737
4738 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, kGCMDefaultKey, iv, 1)))
4739 goto err;
4740
4741 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4742 sizeof(gcmDefaultPlaintext))))
4743 goto err;
4744
4745 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
4746 &ivlen);
4747 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)))
4748 goto err;
4749
4750 ERR_set_mark();
4751 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4752 sizeof(gcmDefaultPlaintext)))) {
4753 ERR_clear_last_mark();
4754 goto err;
4755 }
4756 ERR_pop_to_mark();
4757
4758 res = 1;
4759 err:
4760 EVP_CIPHER_CTX_free(ctx);
4761 EVP_CIPHER_free(ciph);
4762 return res;
4763}
4764
4765static const char *keylen_change_ciphers[] = {
4766#ifndef OPENSSL_NO_BF
4767 "BF-ECB",
4768#endif
4769#ifndef OPENSSL_NO_CAST
4770 "CAST5-ECB",
4771#endif
4772#ifndef OPENSSL_NO_RC2
4773 "RC2-ECB",
4774#endif
4775#ifndef OPENSSL_NO_RC4
4776 "RC4",
4777#endif
4778#ifndef OPENSSL_NO_RC5
4779 "RC5-ECB",
4780#endif
4781 NULL
4782};
4783
4784/* Negative test for keylen change after key was set */
4785static int test_keylen_change(int idx)
4786{
4787 int outlen;
4788 int res = 0;
4789 unsigned char outbuf[1024];
4790 static const unsigned char key[] = {
4791 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
4792 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
4793 };
4794 EVP_CIPHER_CTX *ctx = NULL;
4795 EVP_CIPHER *ciph = NULL;
4796 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
4797 size_t keylen = 12; /* non-default key length */
4798
4799 if (lgcyprov == NULL)
4800 return TEST_skip("Test requires legacy provider to be loaded");
4801
4802 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
4803 goto err;
4804
4805 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, keylen_change_ciphers[idx],
4806 testpropq)))
4807 goto err;
4808
4809 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, key, NULL, 1)))
4810 goto err;
4811
4812 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4813 sizeof(gcmDefaultPlaintext))))
4814 goto err;
4815
4816 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
4817 &keylen);
4818 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)))
4819 goto err;
4820
4821 ERR_set_mark();
4822 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4823 sizeof(gcmDefaultPlaintext)))) {
4824 ERR_clear_last_mark();
4825 goto err;
4826 }
4827 ERR_pop_to_mark();
4828
4829 res = 1;
4830 err:
4831 EVP_CIPHER_CTX_free(ctx);
4832 EVP_CIPHER_free(ciph);
4833 return res;
4834}
4835
4836#ifndef OPENSSL_NO_DEPRECATED_3_0
4837static EVP_PKEY_METHOD *custom_pmeth = NULL;
4838static const EVP_PKEY_METHOD *orig_pmeth = NULL;
4839
4840# define EVP_PKEY_CTRL_MY_COMMAND 9999
4841
4842static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
4843{
4844 int (*pinit)(EVP_PKEY_CTX *ctx);
4845
4846 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
4847 return pinit(ctx);
4848}
4849
4850static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
4851{
4852 void (*pcleanup)(EVP_PKEY_CTX *ctx);
4853
4854 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
4855 pcleanup(ctx);
4856}
4857
4858static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
4859 size_t *outlen, const unsigned char *in,
4860 size_t inlen)
4861{
4862 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
4863 const unsigned char *tbs, size_t tbslen);
4864
4865 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
4866 return psign(ctx, out, outlen, in, inlen);
4867}
4868
4869static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
4870 size_t *siglen, const unsigned char *tbs,
4871 size_t tbslen)
4872{
4873 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
4874 const unsigned char *tbs, size_t tbslen);
4875
4876 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
4877 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
4878}
4879
4880static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
4881 size_t *keylen)
4882{
4883 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
4884
4885 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
4886 return pderive(ctx, key, keylen);
4887}
4888
4889static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
4890{
4891 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
4892
4893 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
4894 return pcopy(dst, src);
4895}
4896
4897static int ctrl_called;
4898
4899static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
4900{
4901 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
4902
4903 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
4904
4905 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
4906 ctrl_called = 1;
4907 return 1;
4908 }
4909
4910 return pctrl(ctx, type, p1, p2);
4911}
4912
4913static int test_custom_pmeth(int idx)
4914{
4915 EVP_PKEY_CTX *pctx = NULL;
4916 EVP_MD_CTX *ctx = NULL;
4917 EVP_PKEY *pkey = NULL;
4918 int id, orig_id, orig_flags;
4919 int testresult = 0;
4920 size_t reslen;
4921 unsigned char *res = NULL;
4922 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
4923 const EVP_MD *md = EVP_sha256();
4924 int doderive = 0;
4925
4926 ctrl_called = 0;
4927
4928 /* We call deprecated APIs so this test doesn't support a custom libctx */
4929 if (testctx != NULL)
4930 return 1;
4931
4932 switch (idx) {
4933 case 0:
4934 case 6:
4935 id = EVP_PKEY_RSA;
4936 pkey = load_example_rsa_key();
4937 break;
4938 case 1:
4939 case 7:
4940# ifndef OPENSSL_NO_DSA
4941 id = EVP_PKEY_DSA;
4942 pkey = load_example_dsa_key();
4943 break;
4944# else
4945 return 1;
4946# endif
4947 case 2:
4948 case 8:
4949# ifndef OPENSSL_NO_EC
4950 id = EVP_PKEY_EC;
4951 pkey = load_example_ec_key();
4952 break;
4953# else
4954 return 1;
4955# endif
4956 case 3:
4957 case 9:
4958# ifndef OPENSSL_NO_ECX
4959 id = EVP_PKEY_ED25519;
4960 md = NULL;
4961 pkey = load_example_ed25519_key();
4962 break;
4963# else
4964 return 1;
4965# endif
4966 case 4:
4967 case 10:
4968# ifndef OPENSSL_NO_DH
4969 id = EVP_PKEY_DH;
4970 doderive = 1;
4971 pkey = load_example_dh_key();
4972 break;
4973# else
4974 return 1;
4975# endif
4976 case 5:
4977 case 11:
4978# ifndef OPENSSL_NO_ECX
4979 id = EVP_PKEY_X25519;
4980 doderive = 1;
4981 pkey = load_example_x25519_key();
4982 break;
4983# else
4984 return 1;
4985# endif
4986 default:
4987 TEST_error("Should not happen");
4988 goto err;
4989 }
4990
4991 if (!TEST_ptr(pkey))
4992 goto err;
4993
4994 if (idx < 6) {
4995 if (!TEST_true(evp_pkey_is_provided(pkey)))
4996 goto err;
4997 } else {
4998 EVP_PKEY *tmp = pkey;
4999
5000 /* Convert to a legacy key */
5001 pkey = EVP_PKEY_new();
5002 if (!TEST_ptr(pkey)) {
5003 pkey = tmp;
5004 goto err;
5005 }
5006 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
5007 EVP_PKEY_free(tmp);
5008 goto err;
5009 }
5010 EVP_PKEY_free(tmp);
5011 if (!TEST_true(evp_pkey_is_legacy(pkey)))
5012 goto err;
5013 }
5014
5015 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
5016 || !TEST_ptr(pkey))
5017 goto err;
5018
5019 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
5020 if (!TEST_int_eq(orig_id, id)
5021 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
5022 goto err;
5023
5024 if (id == EVP_PKEY_ED25519) {
5025 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
5026 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
5027 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
5028 } else {
5029 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
5030 }
5031 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
5032 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
5033 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
5034 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
5035 }
5036 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
5037 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
5038 goto err;
5039
5040 if (doderive) {
5041 pctx = EVP_PKEY_CTX_new(pkey, NULL);
5042 if (!TEST_ptr(pctx)
5043 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
5044 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
5045 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
5046 1)
5047 || !TEST_int_eq(ctrl_called, 1)
5048 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
5049 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
5050 || !TEST_ptr(res = OPENSSL_malloc(reslen))
5051 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
5052 goto err;
5053 } else {
5054 ctx = EVP_MD_CTX_new();
5055 reslen = EVP_PKEY_size(pkey);
5056 res = OPENSSL_malloc(reslen);
5057 if (!TEST_ptr(ctx)
5058 || !TEST_ptr(res)
5059 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
5060 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
5061 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
5062 1)
5063 || !TEST_int_eq(ctrl_called, 1))
5064 goto err;
5065
5066 if (id == EVP_PKEY_ED25519) {
5067 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
5068 goto err;
5069 } else {
5070 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
5071 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
5072 goto err;
5073 }
5074 }
5075
5076 testresult = 1;
5077 err:
5078 OPENSSL_free(res);
5079 EVP_MD_CTX_free(ctx);
5080 if (doderive)
5081 EVP_PKEY_CTX_free(pctx);
5082 EVP_PKEY_free(pkey);
5083 EVP_PKEY_meth_remove(custom_pmeth);
5084 EVP_PKEY_meth_free(custom_pmeth);
5085 custom_pmeth = NULL;
5086 return testresult;
5087}
5088
5089static int test_evp_md_cipher_meth(void)
5090{
5091 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
5092 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
5093 int testresult = 0;
5094
5095 if (!TEST_ptr(md) || !TEST_ptr(ciph))
5096 goto err;
5097
5098 testresult = 1;
5099
5100 err:
5101 EVP_MD_meth_free(md);
5102 EVP_CIPHER_meth_free(ciph);
5103
5104 return testresult;
5105}
5106
5107typedef struct {
5108 int data;
5109} custom_dgst_ctx;
5110
5111static int custom_md_init_called = 0;
5112static int custom_md_cleanup_called = 0;
5113
5114static int custom_md_init(EVP_MD_CTX *ctx)
5115{
5116 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
5117
5118 if (p == NULL)
5119 return 0;
5120
5121 custom_md_init_called++;
5122 return 1;
5123}
5124
5125static int custom_md_cleanup(EVP_MD_CTX *ctx)
5126{
5127 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
5128
5129 if (p == NULL)
5130 /* Nothing to do */
5131 return 1;
5132
5133 custom_md_cleanup_called++;
5134 return 1;
5135}
5136
5137static int test_custom_md_meth(void)
5138{
5139 ASN1_OBJECT *o = NULL;
5140 EVP_MD_CTX *mdctx = NULL;
5141 EVP_MD *tmp = NULL;
5142 char mess[] = "Test Message\n";
5143 unsigned char md_value[EVP_MAX_MD_SIZE];
5144 unsigned int md_len;
5145 int testresult = 0;
5146 int nid;
5147
5148 /*
5149 * We are testing deprecated functions. We don't support a non-default
5150 * library context in this test.
5151 */
5152 if (testctx != NULL)
5153 return TEST_skip("Non-default libctx");
5154
5155 custom_md_init_called = custom_md_cleanup_called = 0;
5156
5157 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
5158 if (!TEST_int_ne(nid, NID_undef))
5159 goto err;
5160 tmp = EVP_MD_meth_new(nid, NID_undef);
5161 if (!TEST_ptr(tmp))
5162 goto err;
5163
5164 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init))
5165 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup))
5166 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp,
5167 sizeof(custom_dgst_ctx))))
5168 goto err;
5169
5170 mdctx = EVP_MD_CTX_new();
5171 if (!TEST_ptr(mdctx)
5172 /*
5173 * Initing our custom md and then initing another md should
5174 * result in the init and cleanup functions of the custom md
5175 * being called.
5176 */
5177 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL))
5178 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
5179 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess)))
5180 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len))
5181 || !TEST_int_eq(custom_md_init_called, 1)
5182 || !TEST_int_eq(custom_md_cleanup_called, 1))
5183 goto err;
5184
5185 if (!TEST_int_eq(OBJ_create("1.3.6.1.4.1.16604.998866.1",
5186 "custom-md", "custom-md"), NID_undef)
5187 || !TEST_int_eq(ERR_GET_LIB(ERR_peek_error()), ERR_LIB_OBJ)
5188 || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), OBJ_R_OID_EXISTS))
5189 goto err;
5190
5191 o = ASN1_OBJECT_create(nid, (unsigned char *)
5192 "\53\6\1\4\1\201\201\134\274\373\122\1", 12,
5193 "custom-md", "custom-md");
5194 if (!TEST_int_eq(OBJ_add_object(o), nid))
5195 goto err;
5196
5197 testresult = 1;
5198 err:
5199 ASN1_OBJECT_free(o);
5200 EVP_MD_CTX_free(mdctx);
5201 EVP_MD_meth_free(tmp);
5202 return testresult;
5203}
5204
5205typedef struct {
5206 int data;
5207} custom_ciph_ctx;
5208
5209static int custom_ciph_init_called = 0;
5210static int custom_ciph_cleanup_called = 0;
5211
5212static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
5213 const unsigned char *iv, int enc)
5214{
5215 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
5216
5217 if (p == NULL)
5218 return 0;
5219
5220 custom_ciph_init_called++;
5221 return 1;
5222}
5223
5224static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx)
5225{
5226 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
5227
5228 if (p == NULL)
5229 /* Nothing to do */
5230 return 1;
5231
5232 custom_ciph_cleanup_called++;
5233 return 1;
5234}
5235
5236static int test_custom_ciph_meth(void)
5237{
5238 EVP_CIPHER_CTX *ciphctx = NULL;
5239 EVP_CIPHER *tmp = NULL;
5240 int testresult = 0;
5241 int nid;
5242
5243 /*
5244 * We are testing deprecated functions. We don't support a non-default
5245 * library context in this test.
5246 */
5247 if (testctx != NULL)
5248 return TEST_skip("Non-default libctx");
5249
5250 custom_ciph_init_called = custom_ciph_cleanup_called = 0;
5251
5252 nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph");
5253 if (!TEST_int_ne(nid, NID_undef))
5254 goto err;
5255 tmp = EVP_CIPHER_meth_new(nid, 16, 16);
5256 if (!TEST_ptr(tmp))
5257 goto err;
5258
5259 if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init))
5260 || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT))
5261 || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup))
5262 || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp,
5263 sizeof(custom_ciph_ctx))))
5264 goto err;
5265
5266 ciphctx = EVP_CIPHER_CTX_new();
5267 if (!TEST_ptr(ciphctx)
5268 /*
5269 * Initing our custom cipher and then initing another cipher
5270 * should result in the init and cleanup functions of the custom
5271 * cipher being called.
5272 */
5273 || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1))
5274 || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL,
5275 NULL, NULL, 1))
5276 || !TEST_int_eq(custom_ciph_init_called, 1)
5277 || !TEST_int_eq(custom_ciph_cleanup_called, 1))
5278 goto err;
5279
5280 testresult = 1;
5281 err:
5282 EVP_CIPHER_CTX_free(ciphctx);
5283 EVP_CIPHER_meth_free(tmp);
5284 return testresult;
5285}
5286
5287# ifndef OPENSSL_NO_DYNAMIC_ENGINE
5288/* Test we can create a signature keys with an associated ENGINE */
5289static int test_signatures_with_engine(int tst)
5290{
5291 ENGINE *e;
5292 const char *engine_id = "dasync";
5293 EVP_PKEY *pkey = NULL;
5294 const unsigned char badcmackey[] = { 0x00, 0x01 };
5295 const unsigned char cmackey[] = {
5296 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
5297 0x0c, 0x0d, 0x0e, 0x0f
5298 };
5299 const unsigned char ed25519key[] = {
5300 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
5301 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
5302 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
5303 };
5304 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
5305 int testresult = 0;
5306 EVP_MD_CTX *ctx = NULL;
5307 unsigned char *mac = NULL;
5308 size_t maclen = 0;
5309 int ret;
5310
5311# ifdef OPENSSL_NO_CMAC
5312 /* Skip CMAC tests in a no-cmac build */
5313 if (tst <= 1)
5314 return 1;
5315# endif
5316# ifdef OPENSSL_NO_ECX
5317 /* Skip ECX tests in a no-ecx build */
5318 if (tst == 2)
5319 return 1;
5320# endif
5321
5322 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
5323 return 0;
5324
5325 if (!TEST_true(ENGINE_init(e))) {
5326 ENGINE_free(e);
5327 return 0;
5328 }
5329
5330 switch (tst) {
5331 case 0:
5332 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
5333 EVP_aes_128_cbc());
5334 break;
5335 case 1:
5336 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
5337 EVP_aes_128_cbc());
5338 break;
5339 case 2:
5340 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
5341 sizeof(ed25519key));
5342 break;
5343 default:
5344 TEST_error("Invalid test case");
5345 goto err;
5346 }
5347 if (!TEST_ptr(pkey))
5348 goto err;
5349
5350 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
5351 goto err;
5352
5353 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
5354 pkey);
5355 if (tst == 0) {
5356 if (!TEST_true(ret))
5357 goto err;
5358
5359 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
5360 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
5361 goto err;
5362
5363 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
5364 goto err;
5365
5366 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
5367 goto err;
5368 } else {
5369 /* We used a bad key. We expect a failure here */
5370 if (!TEST_false(ret))
5371 goto err;
5372 }
5373
5374 testresult = 1;
5375 err:
5376 EVP_MD_CTX_free(ctx);
5377 OPENSSL_free(mac);
5378 EVP_PKEY_free(pkey);
5379 ENGINE_finish(e);
5380 ENGINE_free(e);
5381
5382 return testresult;
5383}
5384
5385static int test_cipher_with_engine(void)
5386{
5387 ENGINE *e;
5388 const char *engine_id = "dasync";
5389 const unsigned char keyiv[] = {
5390 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
5391 0x0c, 0x0d, 0x0e, 0x0f
5392 };
5393 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
5394 int testresult = 0;
5395 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
5396 unsigned char buf[AES_BLOCK_SIZE];
5397 int len = 0;
5398
5399 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
5400 return 0;
5401
5402 if (!TEST_true(ENGINE_init(e))) {
5403 ENGINE_free(e);
5404 return 0;
5405 }
5406
5407 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
5408 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
5409 goto err;
5410
5411 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
5412 goto err;
5413
5414 /* Copy the ctx, and complete the operation with the new ctx */
5415 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
5416 goto err;
5417
5418 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
5419 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
5420 goto err;
5421
5422 testresult = 1;
5423 err:
5424 EVP_CIPHER_CTX_free(ctx);
5425 EVP_CIPHER_CTX_free(ctx2);
5426 ENGINE_finish(e);
5427 ENGINE_free(e);
5428
5429 return testresult;
5430}
5431# endif /* OPENSSL_NO_DYNAMIC_ENGINE */
5432#endif /* OPENSSL_NO_DEPRECATED_3_0 */
5433
5434#ifndef OPENSSL_NO_ECX
5435static int ecxnids[] = {
5436 NID_X25519,
5437 NID_X448,
5438 NID_ED25519,
5439 NID_ED448
5440};
5441
5442/* Test that creating ECX keys with a short private key fails as expected */
5443static int test_ecx_short_keys(int tst)
5444{
5445 unsigned char ecxkeydata = 1;
5446 EVP_PKEY *pkey;
5447
5448
5449 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, OBJ_nid2sn(ecxnids[tst]),
5450 NULL, &ecxkeydata, 1);
5451 if (!TEST_ptr_null(pkey)) {
5452 EVP_PKEY_free(pkey);
5453 return 0;
5454 }
5455
5456 return 1;
5457}
5458#endif
5459
5460typedef enum OPTION_choice {
5461 OPT_ERR = -1,
5462 OPT_EOF = 0,
5463 OPT_CONTEXT,
5464 OPT_TEST_ENUM
5465} OPTION_CHOICE;
5466
5467const OPTIONS *test_get_options(void)
5468{
5469 static const OPTIONS options[] = {
5470 OPT_TEST_OPTIONS_DEFAULT_USAGE,
5471 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
5472 { NULL }
5473 };
5474 return options;
5475}
5476
5477#ifndef OPENSSL_NO_ECX
5478/* Test that trying to sign with a public key errors out gracefully */
5479static int test_ecx_not_private_key(int tst)
5480{
5481 EVP_PKEY *pkey = NULL;
5482
5483 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
5484 int testresult = 0;
5485 EVP_MD_CTX *ctx = NULL;
5486 unsigned char *mac = NULL;
5487 size_t maclen = 0;
5488 unsigned char *pubkey;
5489 size_t pubkeylen;
5490
5491 switch (keys[tst].type) {
5492 case NID_X25519:
5493 case NID_X448:
5494 return TEST_skip("signing not supported for X25519/X448");
5495 }
5496
5497 /* Check if this algorithm supports public keys */
5498 if (keys[tst].pub == NULL)
5499 return TEST_skip("no public key present");
5500
5501 pubkey = (unsigned char *)keys[tst].pub;
5502 pubkeylen = strlen(keys[tst].pub);
5503
5504 pkey = EVP_PKEY_new_raw_public_key_ex(testctx, OBJ_nid2sn(keys[tst].type),
5505 NULL, pubkey, pubkeylen);
5506 if (!TEST_ptr(pkey))
5507 goto err;
5508
5509 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
5510 goto err;
5511
5512 if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey) != 1)
5513 goto check_err;
5514
5515 if (EVP_DigestSign(ctx, NULL, &maclen, msg, sizeof(msg)) != 1)
5516 goto check_err;
5517
5518 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
5519 goto err;
5520
5521 if (!TEST_int_eq(EVP_DigestSign(ctx, mac, &maclen, msg, sizeof(msg)), 0))
5522 goto err;
5523
5524 check_err:
5525 /*
5526 * Currently only EVP_DigestSign will throw PROV_R_NOT_A_PRIVATE_KEY,
5527 * but we relax the check to allow error also thrown by
5528 * EVP_DigestSignInit and EVP_DigestSign.
5529 */
5530 if (ERR_GET_REASON(ERR_peek_error()) == PROV_R_NOT_A_PRIVATE_KEY) {
5531 testresult = 1;
5532 ERR_clear_error();
5533 }
5534
5535 err:
5536 EVP_MD_CTX_free(ctx);
5537 OPENSSL_free(mac);
5538 EVP_PKEY_free(pkey);
5539
5540 return testresult;
5541}
5542#endif /* OPENSSL_NO_ECX */
5543
5544static int test_sign_continuation(void)
5545{
5546 OSSL_PROVIDER *fake_rsa = NULL;
5547 int testresult = 0;
5548 EVP_PKEY *pkey = NULL;
5549 EVP_PKEY_CTX *pctx = NULL;
5550 EVP_MD_CTX *mctx = NULL;
5551 const char sigbuf[] = "To Be Signed";
5552 unsigned char signature[256];
5553 size_t siglen = 256;
5554 static int nodupnum = 1;
5555 static const OSSL_PARAM nodup_params[] = {
5556 OSSL_PARAM_int("NO_DUP", &nodupnum),
5557 OSSL_PARAM_END
5558 };
5559
5560 if (!TEST_ptr(fake_rsa = fake_rsa_start(testctx)))
5561 return 0;
5562
5563 /* Construct a pkey using precise propq to use our provider */
5564 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA",
5565 "provider=fake-rsa"))
5566 || !TEST_true(EVP_PKEY_fromdata_init(pctx))
5567 || !TEST_true(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, NULL))
5568 || !TEST_ptr(pkey))
5569 goto end;
5570
5571 /* First test it continues (classic behavior) */
5572 if (!TEST_ptr(mctx = EVP_MD_CTX_new())
5573 || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx,
5574 NULL, pkey, NULL))
5575 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
5576 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen))
5577 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
5578 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen)))
5579 goto end;
5580
5581 EVP_MD_CTX_free(mctx);
5582
5583 /* try again but failing the continuation */
5584 if (!TEST_ptr(mctx = EVP_MD_CTX_new())
5585 || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx,
5586 NULL, pkey, nodup_params))
5587 || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
5588 || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen))
5589 || !TEST_false(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
5590 || !TEST_false(EVP_DigestSignFinal(mctx, signature, &siglen)))
5591 goto end;
5592
5593 testresult = 1;
5594
5595end:
5596 EVP_MD_CTX_free(mctx);
5597 EVP_PKEY_free(pkey);
5598 EVP_PKEY_CTX_free(pctx);
5599 fake_rsa_finish(fake_rsa);
5600 return testresult;
5601}
5602
5603static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s,
5604 const unsigned char *gcm_iv, size_t gcm_ivlen,
5605 const unsigned char *gcm_pt, size_t gcm_pt_s,
5606 const unsigned char *gcm_aad, size_t gcm_aad_s,
5607 const unsigned char *gcm_ct, size_t gcm_ct_s,
5608 const unsigned char *gcm_tag, size_t gcm_tag_s)
5609{
5610 int ret = 0;
5611 EVP_CIPHER_CTX *ctx;
5612 EVP_CIPHER *cipher = NULL;
5613 int outlen, tmplen;
5614 unsigned char outbuf[1024];
5615 unsigned char outtag[16];
5616 OSSL_PARAM params[2] = {
5617 OSSL_PARAM_END, OSSL_PARAM_END
5618 };
5619
5620 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
5621 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")))
5622 goto err;
5623
5624 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
5625 &gcm_ivlen);
5626
5627 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
5628 || (gcm_aad != NULL
5629 && !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen,
5630 gcm_aad, gcm_aad_s)))
5631 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen,
5632 gcm_pt, gcm_pt_s))
5633 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)))
5634 goto err;
5635
5636 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
5637 outtag, sizeof(outtag));
5638
5639 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params))
5640 || !TEST_mem_eq(outbuf, outlen, gcm_ct, gcm_ct_s)
5641 || !TEST_mem_eq(outtag, gcm_tag_s, gcm_tag, gcm_tag_s))
5642 goto err;
5643
5644 ret = 1;
5645err:
5646 EVP_CIPHER_free(cipher);
5647 EVP_CIPHER_CTX_free(ctx);
5648
5649 return ret;
5650}
5651
5652static int aes_gcm_decrypt(const unsigned char *gcm_key, size_t gcm_key_s,
5653 const unsigned char *gcm_iv, size_t gcm_ivlen,
5654 const unsigned char *gcm_pt, size_t gcm_pt_s,
5655 const unsigned char *gcm_aad, size_t gcm_aad_s,
5656 const unsigned char *gcm_ct, size_t gcm_ct_s,
5657 const unsigned char *gcm_tag, size_t gcm_tag_s)
5658{
5659 int ret = 0;
5660 EVP_CIPHER_CTX *ctx;
5661 EVP_CIPHER *cipher = NULL;
5662 int outlen;
5663 unsigned char outbuf[1024];
5664 OSSL_PARAM params[2] = {
5665 OSSL_PARAM_END, OSSL_PARAM_END
5666 };
5667
5668 if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
5669 goto err;
5670
5671 if ((cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")) == NULL)
5672 goto err;
5673
5674 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
5675 &gcm_ivlen);
5676
5677 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
5678 || (gcm_aad != NULL
5679 && !TEST_true(EVP_DecryptUpdate(ctx, NULL, &outlen,
5680 gcm_aad, gcm_aad_s)))
5681 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen,
5682 gcm_ct, gcm_ct_s))
5683 || !TEST_mem_eq(outbuf, outlen, gcm_pt, gcm_pt_s))
5684 goto err;
5685
5686 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
5687 (void*)gcm_tag, gcm_tag_s);
5688
5689 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))
5690 ||!TEST_true(EVP_DecryptFinal_ex(ctx, outbuf, &outlen)))
5691 goto err;
5692
5693 ret = 1;
5694err:
5695 EVP_CIPHER_free(cipher);
5696 EVP_CIPHER_CTX_free(ctx);
5697
5698 return ret;
5699}
5700
5701static int test_aes_gcm_ivlen_change_cve_2023_5363(void)
5702{
5703 /* AES-GCM test data obtained from NIST public test vectors */
5704 static const unsigned char gcm_key[] = {
5705 0xd0, 0xc2, 0x67, 0xc1, 0x9f, 0x30, 0xd8, 0x0b, 0x89, 0x14, 0xbb, 0xbf,
5706 0xb7, 0x2f, 0x73, 0xb8, 0xd3, 0xcd, 0x5f, 0x6a, 0x78, 0x70, 0x15, 0x84,
5707 0x8a, 0x7b, 0x30, 0xe3, 0x8f, 0x16, 0xf1, 0x8b,
5708 };
5709 static const unsigned char gcm_iv[] = {
5710 0xb6, 0xdc, 0xda, 0x95, 0xac, 0x99, 0x77, 0x76, 0x25, 0xae, 0x87, 0xf8,
5711 0xa3, 0xa9, 0xdd, 0x64, 0xd7, 0x9b, 0xbd, 0x5f, 0x4a, 0x0e, 0x54, 0xca,
5712 0x1a, 0x9f, 0xa2, 0xe3, 0xf4, 0x5f, 0x5f, 0xc2, 0xce, 0xa7, 0xb6, 0x14,
5713 0x12, 0x6f, 0xf0, 0xaf, 0xfd, 0x3e, 0x17, 0x35, 0x6e, 0xa0, 0x16, 0x09,
5714 0xdd, 0xa1, 0x3f, 0xd8, 0xdd, 0xf3, 0xdf, 0x4f, 0xcb, 0x18, 0x49, 0xb8,
5715 0xb3, 0x69, 0x2c, 0x5d, 0x4f, 0xad, 0x30, 0x91, 0x08, 0xbc, 0xbe, 0x24,
5716 0x01, 0x0f, 0xbe, 0x9c, 0xfb, 0x4f, 0x5d, 0x19, 0x7f, 0x4c, 0x53, 0xb0,
5717 0x95, 0x90, 0xac, 0x7b, 0x1f, 0x7b, 0xa0, 0x99, 0xe1, 0xf3, 0x48, 0x54,
5718 0xd0, 0xfc, 0xa9, 0xcc, 0x91, 0xf8, 0x1f, 0x9b, 0x6c, 0x9a, 0xe0, 0xdc,
5719 0x63, 0xea, 0x7d, 0x2a, 0x4a, 0x7d, 0xa5, 0xed, 0x68, 0x57, 0x27, 0x6b,
5720 0x68, 0xe0, 0xf2, 0xb8, 0x51, 0x50, 0x8d, 0x3d,
5721 };
5722 static const unsigned char gcm_pt[] = {
5723 0xb8, 0xb6, 0x88, 0x36, 0x44, 0xe2, 0x34, 0xdf, 0x24, 0x32, 0x91, 0x07,
5724 0x4f, 0xe3, 0x6f, 0x81,
5725 };
5726 static const unsigned char gcm_ct[] = {
5727 0xff, 0x4f, 0xb3, 0xf3, 0xf9, 0xa2, 0x51, 0xd4, 0x82, 0xc2, 0xbe, 0xf3,
5728 0xe2, 0xd0, 0xec, 0xed,
5729 };
5730 static const unsigned char gcm_tag[] = {
5731 0xbd, 0x06, 0x38, 0x09, 0xf7, 0xe1, 0xc4, 0x72, 0x0e, 0xf2, 0xea, 0x63,
5732 0xdb, 0x99, 0x6c, 0x21,
5733 };
5734
5735 return aes_gcm_encrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv),
5736 gcm_pt, sizeof(gcm_pt), NULL, 0,
5737 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag))
5738 && aes_gcm_decrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv),
5739 gcm_pt, sizeof(gcm_pt), NULL, 0,
5740 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag));
5741}
5742
5743#ifndef OPENSSL_NO_RC4
5744static int rc4_encrypt(const unsigned char *rc4_key, size_t rc4_key_s,
5745 const unsigned char *rc4_pt, size_t rc4_pt_s,
5746 const unsigned char *rc4_ct, size_t rc4_ct_s)
5747{
5748 int ret = 0;
5749 EVP_CIPHER_CTX *ctx;
5750 EVP_CIPHER *cipher = NULL;
5751 int outlen, tmplen;
5752 unsigned char outbuf[1024];
5753 OSSL_PARAM params[2] = {
5754 OSSL_PARAM_END, OSSL_PARAM_END
5755 };
5756
5757 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
5758 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "RC4", "")))
5759 goto err;
5760
5761 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
5762 &rc4_key_s);
5763
5764 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, rc4_key, NULL, params))
5765 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen,
5766 rc4_pt, rc4_pt_s))
5767 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)))
5768 goto err;
5769
5770 if (!TEST_mem_eq(outbuf, outlen, rc4_ct, rc4_ct_s))
5771 goto err;
5772
5773 ret = 1;
5774err:
5775 EVP_CIPHER_free(cipher);
5776 EVP_CIPHER_CTX_free(ctx);
5777
5778 return ret;
5779}
5780
5781static int rc4_decrypt(const unsigned char *rc4_key, size_t rc4_key_s,
5782 const unsigned char *rc4_pt, size_t rc4_pt_s,
5783 const unsigned char *rc4_ct, size_t rc4_ct_s)
5784{
5785 int ret = 0;
5786 EVP_CIPHER_CTX *ctx;
5787 EVP_CIPHER *cipher = NULL;
5788 int outlen;
5789 unsigned char outbuf[1024];
5790 OSSL_PARAM params[2] = {
5791 OSSL_PARAM_END, OSSL_PARAM_END
5792 };
5793
5794 if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
5795 goto err;
5796
5797 if ((cipher = EVP_CIPHER_fetch(testctx, "RC4", "")) == NULL)
5798 goto err;
5799
5800 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
5801 &rc4_key_s);
5802
5803 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, rc4_key, NULL, params))
5804 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen,
5805 rc4_ct, rc4_ct_s))
5806 || !TEST_mem_eq(outbuf, outlen, rc4_pt, rc4_pt_s))
5807 goto err;
5808
5809 ret = 1;
5810err:
5811 EVP_CIPHER_free(cipher);
5812 EVP_CIPHER_CTX_free(ctx);
5813
5814 return ret;
5815}
5816
5817static int test_aes_rc4_keylen_change_cve_2023_5363(void)
5818{
5819 /* RC4 test data obtained from RFC 6229 */
5820 static const struct {
5821 unsigned char key[5];
5822 unsigned char padding[11];
5823 } rc4_key = {
5824 { /* Five bytes of key material */
5825 0x83, 0x32, 0x22, 0x77, 0x2a,
5826 },
5827 { /* Random padding to 16 bytes */
5828 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 0xaa, 0x32, 0x91
5829 }
5830 };
5831 static const unsigned char rc4_pt[] = {
5832 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5833 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
5834 };
5835 static const unsigned char rc4_ct[] = {
5836 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a,
5837 0x2e, 0x87, 0x9e, 0x92, 0xa4, 0x97, 0xef, 0xda
5838 };
5839
5840 if (lgcyprov == NULL)
5841 return TEST_skip("Test requires legacy provider to be loaded");
5842
5843 return rc4_encrypt(rc4_key.key, sizeof(rc4_key.key),
5844 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct))
5845 && rc4_decrypt(rc4_key.key, sizeof(rc4_key.key),
5846 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct));
5847}
5848#endif
5849
5850static int test_invalid_ctx_for_digest(void)
5851{
5852 int ret;
5853 EVP_MD_CTX *mdctx;
5854
5855 mdctx = EVP_MD_CTX_new();
5856 if (!TEST_ptr(mdctx))
5857 return 0;
5858
5859 if (!TEST_int_eq(EVP_DigestUpdate(mdctx, "test", sizeof("test") - 1), 0))
5860 ret = 0;
5861 else
5862 ret = 1;
5863
5864 EVP_MD_CTX_free(mdctx);
5865
5866 return ret;
5867}
5868
5869int setup_tests(void)
5870{
5871 OPTION_CHOICE o;
5872
5873 while ((o = opt_next()) != OPT_EOF) {
5874 switch (o) {
5875 case OPT_CONTEXT:
5876 /* Set up an alternate library context */
5877 testctx = OSSL_LIB_CTX_new();
5878 if (!TEST_ptr(testctx))
5879 return 0;
5880#ifdef STATIC_LEGACY
5881 /*
5882 * This test is always statically linked against libcrypto. We must not
5883 * attempt to load legacy.so that might be dynamically linked against
5884 * libcrypto. Instead we use a built-in version of the legacy provider.
5885 */
5886 if (!OSSL_PROVIDER_add_builtin(testctx, "legacy", ossl_legacy_provider_init))
5887 return 0;
5888#endif
5889 /* Swap the libctx to test non-default context only */
5890 nullprov = OSSL_PROVIDER_load(NULL, "null");
5891 deflprov = OSSL_PROVIDER_load(testctx, "default");
5892#ifndef OPENSSL_SYS_TANDEM
5893 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
5894#endif
5895 break;
5896 case OPT_TEST_CASES:
5897 break;
5898 default:
5899 return 0;
5900 }
5901 }
5902
5903 ADD_TEST(test_EVP_set_default_properties);
5904 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
5905 ADD_TEST(test_EVP_DigestVerifyInit);
5906#ifndef OPENSSL_NO_SIPHASH
5907 ADD_TEST(test_siphash_digestsign);
5908#endif
5909 ADD_TEST(test_EVP_Digest);
5910 ADD_TEST(test_EVP_md_null);
5911 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
5912#ifndef OPENSSL_NO_DEPRECATED_3_0
5913 ADD_ALL_TESTS(test_EVP_PKEY_sign_with_app_method, 2);
5914#endif
5915 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
5916 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
5917 ADD_TEST(test_privatekey_to_pkcs8);
5918 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
5919#ifndef OPENSSL_NO_EC
5920 ADD_TEST(test_EVP_PKCS82PKEY);
5921#endif
5922#ifndef OPENSSL_NO_EC
5923 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
5924#endif
5925#if !defined(OPENSSL_NO_SM2)
5926 ADD_TEST(test_EVP_SM2);
5927 ADD_TEST(test_EVP_SM2_verify);
5928#endif
5929 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
5930#ifndef OPENSSL_NO_DEPRECATED_3_0
5931 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
5932 if (!TEST_ptr(custom_pmeth))
5933 return 0;
5934 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
5935 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
5936 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
5937 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
5938 return 0;
5939#endif
5940 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
5941#ifndef OPENSSL_NO_CMAC
5942 ADD_TEST(test_CMAC_keygen);
5943#endif
5944 ADD_TEST(test_HKDF);
5945 ADD_TEST(test_emptyikm_HKDF);
5946 ADD_TEST(test_empty_salt_info_HKDF);
5947#ifndef OPENSSL_NO_EC
5948 ADD_TEST(test_X509_PUBKEY_inplace);
5949 ADD_TEST(test_X509_PUBKEY_dup);
5950 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
5951 OSSL_NELEM(ec_der_pub_keys));
5952#endif
5953#ifndef OPENSSL_NO_DSA
5954 ADD_TEST(test_DSA_get_set_params);
5955 ADD_TEST(test_DSA_priv_pub);
5956#endif
5957 ADD_TEST(test_RSA_get_set_params);
5958 ADD_TEST(test_RSA_OAEP_set_get_params);
5959 ADD_TEST(test_RSA_OAEP_set_null_label);
5960#ifndef OPENSSL_NO_DEPRECATED_3_0
5961 ADD_TEST(test_RSA_legacy);
5962#endif
5963#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
5964 ADD_TEST(test_decrypt_null_chunks);
5965#endif
5966#ifndef OPENSSL_NO_DH
5967 ADD_TEST(test_DH_priv_pub);
5968# ifndef OPENSSL_NO_DEPRECATED_3_0
5969 ADD_TEST(test_EVP_PKEY_set1_DH);
5970# endif
5971#endif
5972#ifndef OPENSSL_NO_EC
5973 ADD_TEST(test_EC_priv_pub);
5974 ADD_TEST(test_evp_get_ec_pub);
5975# ifndef OPENSSL_NO_DEPRECATED_3_0
5976 ADD_TEST(test_EC_priv_only_legacy);
5977 ADD_TEST(test_evp_get_ec_pub_legacy);
5978# endif
5979#endif
5980 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
5981 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
5982
5983 ADD_TEST(test_rand_agglomeration);
5984 ADD_ALL_TESTS(test_evp_iv_aes, 12);
5985#ifndef OPENSSL_NO_DES
5986 ADD_ALL_TESTS(test_evp_iv_des, 6);
5987#endif
5988#ifndef OPENSSL_NO_BF
5989 ADD_ALL_TESTS(test_evp_bf_default_keylen, 4);
5990#endif
5991 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
5992 ADD_TEST(test_EVP_rsa_pss_set_saltlen);
5993 ADD_TEST(test_EVP_rsa_invalid_key);
5994#ifndef OPENSSL_NO_EC
5995 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
5996#endif
5997
5998 ADD_TEST(test_names_do_all);
5999
6000 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
6001 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
6002 ADD_ALL_TESTS(test_evp_reinit_seq, OSSL_NELEM(evp_reinit_tests));
6003 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
6004 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
6005 ADD_ALL_TESTS(test_ivlen_change, OSSL_NELEM(ivlen_change_ciphers));
6006 if (OSSL_NELEM(keylen_change_ciphers) - 1 > 0)
6007 ADD_ALL_TESTS(test_keylen_change, OSSL_NELEM(keylen_change_ciphers) - 1);
6008
6009#ifndef OPENSSL_NO_DEPRECATED_3_0
6010 ADD_ALL_TESTS(test_custom_pmeth, 12);
6011 ADD_TEST(test_evp_md_cipher_meth);
6012 ADD_TEST(test_custom_md_meth);
6013 ADD_TEST(test_custom_ciph_meth);
6014
6015# ifndef OPENSSL_NO_DYNAMIC_ENGINE
6016 /* Tests only support the default libctx */
6017 if (testctx == NULL) {
6018# ifndef OPENSSL_NO_EC
6019 ADD_ALL_TESTS(test_signatures_with_engine, 3);
6020# else
6021 ADD_ALL_TESTS(test_signatures_with_engine, 2);
6022# endif
6023 ADD_TEST(test_cipher_with_engine);
6024 }
6025# endif
6026#endif
6027
6028#ifndef OPENSSL_NO_ECX
6029 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
6030 ADD_ALL_TESTS(test_ecx_not_private_key, OSSL_NELEM(keys));
6031#endif
6032
6033 ADD_TEST(test_sign_continuation);
6034
6035 /* Test cases for CVE-2023-5363 */
6036 ADD_TEST(test_aes_gcm_ivlen_change_cve_2023_5363);
6037#ifndef OPENSSL_NO_RC4
6038 ADD_TEST(test_aes_rc4_keylen_change_cve_2023_5363);
6039#endif
6040
6041 ADD_TEST(test_invalid_ctx_for_digest);
6042
6043 return 1;
6044}
6045
6046void cleanup_tests(void)
6047{
6048 OSSL_PROVIDER_unload(nullprov);
6049 OSSL_PROVIDER_unload(deflprov);
6050#ifndef OPENSSL_SYS_TANDEM
6051 OSSL_PROVIDER_unload(lgcyprov);
6052#endif
6053 OSSL_LIB_CTX_free(testctx);
6054}
Note: See TracBrowser for help on using the repository browser.

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette