1 /*
2 * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
34 #include <openssl/proverr.h>
35 #include "testutil.h"
36 #include "internal/nelem.h"
37 #include "internal/sizes.h"
38 #include "crypto/evp.h"
39
40 static OSSL_LIB_CTX *testctx = NULL;
41 static char *testpropq = NULL;
42
43 static OSSL_PROVIDER *nullprov = NULL;
44 static OSSL_PROVIDER *deflprov = NULL;
45 static OSSL_PROVIDER *lgcyprov = NULL;
46
47 /*
48 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
49 * should never use this key anywhere but in an example.
50 */
51 static const unsigned char kExampleRSAKeyDER[] = {
52 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
53 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
54 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
55 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
56 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
57 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
58 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
59 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
60 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
61 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
62 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
63 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
64 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
65 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
66 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
67 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
68 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
69 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
70 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
71 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
72 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
73 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
74 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
75 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
76 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
77 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
78 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
79 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
80 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
81 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
82 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
83 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
84 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
85 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
86 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
87 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
88 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
89 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
90 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
91 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
92 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
93 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
94 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
95 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
96 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
97 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
98 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
99 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
100 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
101 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
102 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
103 };
104
105 /*
106 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
107 * should never use this key anywhere but in an example.
108 */
109 #ifndef OPENSSL_NO_DSA
110 static const unsigned char kExampleDSAKeyDER[] = {
111 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
112 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
113 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
114 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
115 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
116 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
117 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
118 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
119 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
120 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
121 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
122 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
123 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
124 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
125 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
126 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
127 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
128 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
129 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
130 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
131 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
132 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
133 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
134 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
135 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
136 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
137 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
138 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
139 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
140 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
141 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
142 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
143 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
144 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
145 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
146 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
147 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
148 0x40, 0x48
149 };
150 #endif
151
152 /*
153 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
154 * components are not correct.
155 */
156 static const unsigned char kExampleBadRSAKeyDER[] = {
157 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
158 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
159 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
160 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
161 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
162 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
163 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
164 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
165 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
166 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
167 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
168 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
169 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
170 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
171 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
172 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
173 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
174 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
175 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
176 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
177 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
178 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
179 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
180 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
181 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
182 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
183 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
184 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
185 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
186 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
187 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
188 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
189 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
190 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
191 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
192 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
193 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
194 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
195 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
196 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
197 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
198 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
199 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
200 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
201 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
202 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
203 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
204 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
205 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
206 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
207 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
208 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
209 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
210 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
211 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
212 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
213 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
214 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
215 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
216 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
217 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
218 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
219 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
220 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
221 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
222 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
223 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
224 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
225 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
226 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
227 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
228 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
229 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
230 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
231 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
232 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
233 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
234 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
235 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
236 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
237 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
238 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
239 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
240 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
241 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
242 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
243 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
244 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
245 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
246 };
247
248 /*
249 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All
250 * values are 0.
251 */
252 static const unsigned char kExampleBad2RSAKeyDER[] = {
253 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
254 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
255 0x01, 0x00, 0x02, 0x01, 0x00
256 };
257
258 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
259
260 static const unsigned char kSignature[] = {
261 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
262 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
263 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
264 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
265 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
266 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
267 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
268 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
269 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
270 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
271 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
272 };
273
274 /*
275 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
276 * PrivateKeyInfo.
277 */
278 static const unsigned char kExampleRSAKeyPKCS8[] = {
279 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
280 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
281 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
282 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
283 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
284 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
285 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
286 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
287 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
288 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
289 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
290 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
291 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
292 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
293 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
294 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
295 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
296 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
297 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
298 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
299 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
300 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
301 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
302 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
303 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
304 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
305 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
306 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
307 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
308 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
309 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
310 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
311 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
312 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
313 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
314 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
315 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
316 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
317 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
318 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
319 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
320 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
321 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
322 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
323 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
324 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
325 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
326 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
327 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
328 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
329 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
330 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
331 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
332 };
333
334 #ifndef OPENSSL_NO_EC
335 /*
336 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
337 * structure.
338 */
339 static const unsigned char kExampleECKeyDER[] = {
340 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
341 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
342 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
343 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
344 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
345 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
346 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
347 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
348 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
349 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
350 0xc1,
351 };
352
353 /*
354 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
355 * structure. The private key is equal to the order and will fail to import
356 */
357 static const unsigned char kExampleBadECKeyDER[] = {
358 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
359 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
360 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
361 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
362 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
363 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
364 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
365 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
366 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
367 };
368
369 /* prime256v1 */
370 static const unsigned char kExampleECPubKeyDER[] = {
371 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
372 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
373 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
374 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
375 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
376 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
377 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
378 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
379 };
380
381 /*
382 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
383 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
384 */
385 static const unsigned char kExampleBadECPubKeyDER[] = {
386 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
387 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
388 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
389 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
390 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
391 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
392 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
393 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
394 };
395
396 static const unsigned char pExampleECParamDER[] = {
397 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
398 };
399
400 static const unsigned char kExampleED25519KeyDER[] = {
401 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
402 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
403 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
404 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
405 };
406
407 static const unsigned char kExampleED25519PubKeyDER[] = {
408 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
409 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
410 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
411 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
412 };
413
414 # ifndef OPENSSL_NO_DEPRECATED_3_0
415 static const unsigned char kExampleX25519KeyDER[] = {
416 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
417 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
418 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
419 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
420 };
421 # endif
422 #endif
423
424 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
425 #ifndef OPENSSL_NO_DEPRECATED_3_0
426 # ifndef OPENSSL_NO_DH
427 static const unsigned char kExampleDHKeyDER[] = {
428 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
429 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
430 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
431 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
432 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
433 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
434 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
435 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
436 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
437 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
438 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
439 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
440 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
441 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
442 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
443 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
444 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
445 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
446 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
447 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
448 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
449 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
450 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
451 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
452 0x2e, 0x87, 0x2a, 0x0b, 0x7a
453 };
454 # endif
455 #endif
456
457 static const unsigned char kCFBDefaultKey[] = {
458 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
459 0x09, 0xCF, 0x4F, 0x3C
460 };
461
462 static const unsigned char kGCMDefaultKey[32] = { 0 };
463
464 static const unsigned char kGCMResetKey[] = {
465 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
466 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
467 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
468 };
469
470 static const unsigned char iCFBIV[] = {
471 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
472 0x0C, 0x0D, 0x0E, 0x0F
473 };
474
475 static const unsigned char iGCMDefaultIV[12] = { 0 };
476
477 static const unsigned char iGCMResetIV1[] = {
478 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
479 };
480
481 static const unsigned char iGCMResetIV2[] = {
482 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
483 };
484
485 static const unsigned char cfbPlaintext[] = {
486 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
487 0x73, 0x93, 0x17, 0x2A
488 };
489
490 static const unsigned char gcmDefaultPlaintext[16] = { 0 };
491
492 static const unsigned char gcmResetPlaintext[] = {
493 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
494 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
495 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
496 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
497 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
498 };
499
500 static const unsigned char cfbCiphertext[] = {
501 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
502 0xE8, 0x3C, 0xFB, 0x4A
503 };
504
505 static const unsigned char gcmDefaultCiphertext[] = {
506 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
507 0xba, 0xf3, 0x9d, 0x18
508 };
509
510 static const unsigned char gcmResetCiphertext1[] = {
511 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
512 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
513 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
514 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
515 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
516 };
517
518 static const unsigned char gcmResetCiphertext2[] = {
519 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
520 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
521 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
522 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
523 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
524 };
525
526 static const unsigned char gcmAAD[] = {
527 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
528 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
529 };
530
531 static const unsigned char gcmDefaultTag[] = {
532 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
533 0xd4, 0x8a, 0xb9, 0x19
534 };
535
536 static const unsigned char gcmResetTag1[] = {
537 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
538 0xfe, 0x2e, 0xa8, 0xf2
539 };
540
541 static const unsigned char gcmResetTag2[] = {
542 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
543 0xbb, 0x2d, 0x55, 0x1b
544 };
545
546 typedef struct APK_DATA_st {
547 const unsigned char *kder;
548 size_t size;
549 const char *keytype;
550 int evptype;
551 int check;
552 int pub_check;
553 int param_check;
554 int type; /* 0 for private, 1 for public, 2 for params */
555 } APK_DATA;
556
557 static APK_DATA keydata[] = {
558 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
559 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
560 #ifndef OPENSSL_NO_EC
561 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
562 #endif
563 };
564
565 static APK_DATA keycheckdata[] = {
566 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
567 0},
568 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
569 0, 1, 1, 0},
570 {kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA,
571 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0},
572 #ifndef OPENSSL_NO_EC
573 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
574 /* group is also associated in our pub key */
575 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
576 1, 1},
577 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
578 2},
579 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
580 EVP_PKEY_ED25519, 1, 1, 1, 0},
581 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
582 EVP_PKEY_ED25519, 0, 1, 1, 1},
583 #endif
584 };
585
load_example_key(const char * keytype,const unsigned char * data,size_t data_len)586 static EVP_PKEY *load_example_key(const char *keytype,
587 const unsigned char *data, size_t data_len)
588 {
589 const unsigned char **pdata = &data;
590 EVP_PKEY *pkey = NULL;
591 OSSL_DECODER_CTX *dctx =
592 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
593 testctx, testpropq);
594
595 /* |pkey| will be NULL on error */
596 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
597 OSSL_DECODER_CTX_free(dctx);
598 return pkey;
599 }
600
load_example_rsa_key(void)601 static EVP_PKEY *load_example_rsa_key(void)
602 {
603 return load_example_key("RSA", kExampleRSAKeyDER,
604 sizeof(kExampleRSAKeyDER));
605 }
606
607 #ifndef OPENSSL_NO_DSA
load_example_dsa_key(void)608 static EVP_PKEY *load_example_dsa_key(void)
609 {
610 return load_example_key("DSA", kExampleDSAKeyDER,
611 sizeof(kExampleDSAKeyDER));
612 }
613 #endif
614
615 #ifndef OPENSSL_NO_EC
load_example_ec_key(void)616 static EVP_PKEY *load_example_ec_key(void)
617 {
618 return load_example_key("EC", kExampleECKeyDER,
619 sizeof(kExampleECKeyDER));
620 }
621 #endif
622
623 #ifndef OPENSSL_NO_DEPRECATED_3_0
624 # ifndef OPENSSL_NO_DH
load_example_dh_key(void)625 static EVP_PKEY *load_example_dh_key(void)
626 {
627 return load_example_key("DH", kExampleDHKeyDER,
628 sizeof(kExampleDHKeyDER));
629 }
630 # endif
631
632 # ifndef OPENSSL_NO_EC
load_example_ed25519_key(void)633 static EVP_PKEY *load_example_ed25519_key(void)
634 {
635 return load_example_key("ED25519", kExampleED25519KeyDER,
636 sizeof(kExampleED25519KeyDER));
637 }
638
load_example_x25519_key(void)639 static EVP_PKEY *load_example_x25519_key(void)
640 {
641 return load_example_key("X25519", kExampleX25519KeyDER,
642 sizeof(kExampleX25519KeyDER));
643 }
644 # endif
645 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
646
load_example_hmac_key(void)647 static EVP_PKEY *load_example_hmac_key(void)
648 {
649 EVP_PKEY *pkey = NULL;
650 unsigned char key[] = {
651 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
652 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
653 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
654 };
655
656 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
657 NULL, key, sizeof(key));
658 if (!TEST_ptr(pkey))
659 return NULL;
660
661 return pkey;
662 }
663
test_EVP_set_default_properties(void)664 static int test_EVP_set_default_properties(void)
665 {
666 OSSL_LIB_CTX *ctx;
667 EVP_MD *md = NULL;
668 int res = 0;
669
670 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
671 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
672 goto err;
673 EVP_MD_free(md);
674 md = NULL;
675
676 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
677 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
678 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
679 goto err;
680 EVP_MD_free(md);
681 md = NULL;
682
683 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
684 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
685 goto err;
686 res = 1;
687 err:
688 EVP_MD_free(md);
689 OSSL_LIB_CTX_free(ctx);
690 return res;
691 }
692
693 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
make_key_fromdata(char * keytype,OSSL_PARAM * params)694 static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
695 {
696 EVP_PKEY_CTX *pctx = NULL;
697 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL;
698
699 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
700 goto err;
701 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
702 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
703 params), 0))
704 goto err;
705
706 if (!TEST_ptr(tmp_pkey))
707 goto err;
708
709 pkey = tmp_pkey;
710 tmp_pkey = NULL;
711 err:
712 EVP_PKEY_free(tmp_pkey);
713 EVP_PKEY_CTX_free(pctx);
714 return pkey;
715 }
716
test_selection(EVP_PKEY * pkey,int selection)717 static int test_selection(EVP_PKEY *pkey, int selection)
718 {
719 int testresult = 0;
720 int ret;
721 BIO *bio = BIO_new(BIO_s_mem());
722
723 ret = PEM_write_bio_PUBKEY(bio, pkey);
724 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
725 if (!TEST_true(ret))
726 goto err;
727 } else {
728 if (!TEST_false(ret))
729 goto err;
730 }
731 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
732 testctx, NULL);
733 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
734 if (!TEST_true(ret))
735 goto err;
736 } else {
737 if (!TEST_false(ret))
738 goto err;
739 }
740
741 testresult = 1;
742 err:
743 BIO_free(bio);
744
745 return testresult;
746 }
747 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
748
749 /*
750 * Test combinations of private, public, missing and private + public key
751 * params to ensure they are all accepted
752 */
753 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
test_EVP_PKEY_ffc_priv_pub(char * keytype)754 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
755 {
756 OSSL_PARAM_BLD *bld = NULL;
757 OSSL_PARAM *params = NULL;
758 EVP_PKEY *just_params = NULL;
759 EVP_PKEY *params_and_priv = NULL;
760 EVP_PKEY *params_and_pub = NULL;
761 EVP_PKEY *params_and_keypair = NULL;
762 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
763 int ret = 0;
764
765 /*
766 * Setup the parameters for our pkey object. For our purposes they don't
767 * have to actually be *valid* parameters. We just need to set something.
768 */
769 if (!TEST_ptr(p = BN_new())
770 || !TEST_ptr(q = BN_new())
771 || !TEST_ptr(g = BN_new())
772 || !TEST_ptr(pub = BN_new())
773 || !TEST_ptr(priv = BN_new()))
774 goto err;
775
776 /* Test !priv and !pub */
777 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
778 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
779 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
780 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
781 goto err;
782 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
783 || !TEST_ptr(just_params = make_key_fromdata(keytype, params)))
784 goto err;
785
786 OSSL_PARAM_free(params);
787 OSSL_PARAM_BLD_free(bld);
788 params = NULL;
789 bld = NULL;
790
791 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
792 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
793 goto err;
794
795 /* Test priv and !pub */
796 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
797 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
798 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
799 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
800 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
801 priv)))
802 goto err;
803 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
804 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params)))
805 goto err;
806
807 OSSL_PARAM_free(params);
808 OSSL_PARAM_BLD_free(bld);
809 params = NULL;
810 bld = NULL;
811
812 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
813 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
814 goto err;
815
816 /* Test !priv and pub */
817 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
818 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
819 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
820 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
821 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
822 pub)))
823 goto err;
824 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
825 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params)))
826 goto err;
827
828 OSSL_PARAM_free(params);
829 OSSL_PARAM_BLD_free(bld);
830 params = NULL;
831 bld = NULL;
832
833 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
834 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
835 goto err;
836
837 /* Test priv and pub */
838 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
839 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
840 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
841 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
842 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
843 pub))
844 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
845 priv)))
846 goto err;
847 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
848 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params)))
849 goto err;
850
851 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
852 goto err;
853
854 ret = 1;
855 err:
856 OSSL_PARAM_free(params);
857 OSSL_PARAM_BLD_free(bld);
858 EVP_PKEY_free(just_params);
859 EVP_PKEY_free(params_and_priv);
860 EVP_PKEY_free(params_and_pub);
861 EVP_PKEY_free(params_and_keypair);
862 BN_free(p);
863 BN_free(q);
864 BN_free(g);
865 BN_free(pub);
866 BN_free(priv);
867
868 return ret;
869 }
870 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
871
872 /*
873 * Test combinations of private, public, missing and private + public key
874 * params to ensure they are all accepted for EC keys
875 */
876 #ifndef OPENSSL_NO_EC
877 static unsigned char ec_priv[] = {
878 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
879 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
880 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
881 };
882 static unsigned char ec_pub[] = {
883 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
884 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
885 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
886 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
887 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
888 0x08, 0x09, 0xb8, 0xdb, 0x03
889 };
890
test_EC_priv_pub(void)891 static int test_EC_priv_pub(void)
892 {
893 OSSL_PARAM_BLD *bld = NULL;
894 OSSL_PARAM *params = NULL;
895 EVP_PKEY *just_params = NULL;
896 EVP_PKEY *params_and_priv = NULL;
897 EVP_PKEY *params_and_pub = NULL;
898 EVP_PKEY *params_and_keypair = NULL;
899 BIGNUM *priv = NULL;
900 int ret = 0;
901 unsigned char *encoded = NULL;
902 size_t len = 0;
903 unsigned char buffer[128];
904
905 /*
906 * Setup the parameters for our pkey object. For our purposes they don't
907 * have to actually be *valid* parameters. We just need to set something.
908 */
909 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
910 goto err;
911
912 /* Test !priv and !pub */
913 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
914 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
915 OSSL_PKEY_PARAM_GROUP_NAME,
916 "P-256", 0)))
917 goto err;
918 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
919 || !TEST_ptr(just_params = make_key_fromdata("EC", params)))
920 goto err;
921
922 OSSL_PARAM_free(params);
923 OSSL_PARAM_BLD_free(bld);
924 params = NULL;
925 bld = NULL;
926
927 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
928 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
929 goto err;
930
931 /* Test priv and !pub */
932 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
933 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
934 OSSL_PKEY_PARAM_GROUP_NAME,
935 "P-256", 0))
936 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
937 priv)))
938 goto err;
939 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
940 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params)))
941 goto err;
942
943 OSSL_PARAM_free(params);
944 OSSL_PARAM_BLD_free(bld);
945 params = NULL;
946 bld = NULL;
947
948 /*
949 * We indicate only parameters here, in spite of having built a key that
950 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
951 * expected to fail because it does not support exporting a private EC
952 * key without a corresponding public key
953 */
954 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
955 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
956 goto err;
957
958 /* Test !priv and pub */
959 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
960 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
961 OSSL_PKEY_PARAM_GROUP_NAME,
962 "P-256", 0))
963 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
964 OSSL_PKEY_PARAM_PUB_KEY,
965 ec_pub, sizeof(ec_pub))))
966 goto err;
967 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
968 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params)))
969 goto err;
970
971 OSSL_PARAM_free(params);
972 OSSL_PARAM_BLD_free(bld);
973 params = NULL;
974 bld = NULL;
975
976 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
977 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
978 goto err;
979
980 /* Test priv and pub */
981 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
982 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
983 OSSL_PKEY_PARAM_GROUP_NAME,
984 "P-256", 0))
985 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
986 OSSL_PKEY_PARAM_PUB_KEY,
987 ec_pub, sizeof(ec_pub)))
988 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
989 priv)))
990 goto err;
991 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
992 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params)))
993 goto err;
994
995 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
996 goto err;
997
998 /* Try key equality */
999 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0)
1000 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub),
1001 0)
1002 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv),
1003 0)
1004 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair),
1005 0)
1006 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0)
1007 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0)
1008 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0)
1009 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0))
1010 goto err;
1011
1012 /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */
1013 if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0))
1014 goto err;
1015 OPENSSL_free(encoded);
1016 encoded = NULL;
1017 if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) {
1018 OPENSSL_free(encoded);
1019 encoded = NULL;
1020 goto err;
1021 }
1022
1023 /* Positive and negative testcase for EVP_PKEY_get_octet_string_param */
1024 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1025 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1026 buffer, sizeof(buffer), &len), 1)
1027 || !TEST_int_eq(len, 65))
1028 goto err;
1029
1030 len = 0;
1031 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1032 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1033 NULL, 0, &len), 1)
1034 || !TEST_int_eq(len, 65))
1035 goto err;
1036
1037 /* too-short buffer len*/
1038 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1039 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1040 buffer, 10, &len), 0))
1041 goto err;
1042
1043 ret = 1;
1044 err:
1045 OSSL_PARAM_free(params);
1046 OSSL_PARAM_BLD_free(bld);
1047 EVP_PKEY_free(just_params);
1048 EVP_PKEY_free(params_and_priv);
1049 EVP_PKEY_free(params_and_pub);
1050 EVP_PKEY_free(params_and_keypair);
1051 BN_free(priv);
1052
1053 return ret;
1054 }
1055
1056 /* Test that using a legacy EC key with only a private key in it works */
1057 # ifndef OPENSSL_NO_DEPRECATED_3_0
test_EC_priv_only_legacy(void)1058 static int test_EC_priv_only_legacy(void)
1059 {
1060 BIGNUM *priv = NULL;
1061 int ret = 0;
1062 EC_KEY *eckey = NULL;
1063 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
1064 EVP_MD_CTX *ctx = NULL;
1065
1066 /* Create the low level EC_KEY */
1067 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1068 goto err;
1069
1070 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1071 if (!TEST_ptr(eckey))
1072 goto err;
1073
1074 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1075 goto err;
1076
1077 pkey = EVP_PKEY_new();
1078 if (!TEST_ptr(pkey))
1079 goto err;
1080
1081 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1082 goto err;
1083 eckey = NULL;
1084
1085 while (dup_pk == NULL) {
1086 ret = 0;
1087 ctx = EVP_MD_CTX_new();
1088 if (!TEST_ptr(ctx))
1089 goto err;
1090
1091 /*
1092 * The EVP_DigestSignInit function should create the key on the
1093 * provider side which is sufficient for this test.
1094 */
1095 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
1096 testpropq, pkey, NULL)))
1097 goto err;
1098 EVP_MD_CTX_free(ctx);
1099 ctx = NULL;
1100
1101 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
1102 goto err;
1103 /* EVP_PKEY_eq() returns -2 with missing public keys */
1104 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
1105 EVP_PKEY_free(pkey);
1106 pkey = dup_pk;
1107 if (!ret)
1108 goto err;
1109 }
1110
1111 err:
1112 EVP_MD_CTX_free(ctx);
1113 EVP_PKEY_free(pkey);
1114 EC_KEY_free(eckey);
1115 BN_free(priv);
1116
1117 return ret;
1118 }
1119 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
1120 #endif /* OPENSSL_NO_EC */
1121
test_EVP_PKEY_sign(int tst)1122 static int test_EVP_PKEY_sign(int tst)
1123 {
1124 int ret = 0;
1125 EVP_PKEY *pkey = NULL;
1126 unsigned char *sig = NULL;
1127 size_t sig_len = 0, shortsig_len = 1;
1128 EVP_PKEY_CTX *ctx = NULL;
1129 unsigned char tbs[] = {
1130 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1131 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1132 };
1133
1134 if (tst == 0 ) {
1135 if (!TEST_ptr(pkey = load_example_rsa_key()))
1136 goto out;
1137 } else if (tst == 1) {
1138 #ifndef OPENSSL_NO_DSA
1139 if (!TEST_ptr(pkey = load_example_dsa_key()))
1140 goto out;
1141 #else
1142 ret = 1;
1143 goto out;
1144 #endif
1145 } else {
1146 #ifndef OPENSSL_NO_EC
1147 if (!TEST_ptr(pkey = load_example_ec_key()))
1148 goto out;
1149 #else
1150 ret = 1;
1151 goto out;
1152 #endif
1153 }
1154
1155 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1156 if (!TEST_ptr(ctx)
1157 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1158 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1159 sizeof(tbs)), 0))
1160 goto out;
1161 sig = OPENSSL_malloc(sig_len);
1162 if (!TEST_ptr(sig)
1163 /* Test sending a signature buffer that is too short is rejected */
1164 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1165 sizeof(tbs)), 0)
1166 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1167 0)
1168 /* Test the signature round-trips */
1169 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1170 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1171 0))
1172 goto out;
1173
1174 ret = 1;
1175 out:
1176 EVP_PKEY_CTX_free(ctx);
1177 OPENSSL_free(sig);
1178 EVP_PKEY_free(pkey);
1179 return ret;
1180 }
1181
1182 /*
1183 * n = 0 => test using legacy cipher
1184 * n = 1 => test using fetched cipher
1185 */
test_EVP_Enveloped(int n)1186 static int test_EVP_Enveloped(int n)
1187 {
1188 int ret = 0;
1189 EVP_CIPHER_CTX *ctx = NULL;
1190 EVP_PKEY *keypair = NULL;
1191 unsigned char *kek = NULL;
1192 unsigned char iv[EVP_MAX_IV_LENGTH];
1193 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1194 int len, kek_len, ciphertext_len, plaintext_len;
1195 unsigned char ciphertext[32], plaintext[16];
1196 EVP_CIPHER *type = NULL;
1197
1198 if (nullprov != NULL)
1199 return TEST_skip("Test does not support a non-default library context");
1200
1201 if (n == 0)
1202 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1203 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1204 testpropq)))
1205 goto err;
1206
1207 if (!TEST_ptr(keypair = load_example_rsa_key())
1208 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
1209 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1210 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1211 &keypair, 1))
1212 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1213 msg, sizeof(msg)))
1214 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1215 &len)))
1216 goto err;
1217
1218 ciphertext_len += len;
1219
1220 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1221 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1222 ciphertext, ciphertext_len))
1223 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1224 goto err;
1225
1226 plaintext_len += len;
1227 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1228 goto err;
1229
1230 ret = 1;
1231 err:
1232 if (n != 0)
1233 EVP_CIPHER_free(type);
1234 OPENSSL_free(kek);
1235 EVP_PKEY_free(keypair);
1236 EVP_CIPHER_CTX_free(ctx);
1237 return ret;
1238 }
1239
1240 /*
1241 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1242 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1243 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1244 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1245 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1246 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1247 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1248 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1249 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1250 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1251 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1252 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1253 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1254 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1255 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1256 * Test 15-29: Same as above with reinitialization
1257 */
test_EVP_DigestSignInit(int tst)1258 static int test_EVP_DigestSignInit(int tst)
1259 {
1260 int ret = 0;
1261 EVP_PKEY *pkey = NULL;
1262 unsigned char *sig = NULL, *sig2 = NULL;
1263 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
1264 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1265 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1266 BIO *mdbio = NULL, *membio = NULL;
1267 size_t written;
1268 const EVP_MD *md;
1269 EVP_MD *mdexp = NULL;
1270 int reinit = 0;
1271
1272 if (nullprov != NULL)
1273 return TEST_skip("Test does not support a non-default library context");
1274
1275 if (tst >= 15) {
1276 reinit = 1;
1277 tst -= 15;
1278 }
1279
1280 if (tst >= 6 && tst <= 8) {
1281 membio = BIO_new(BIO_s_mem());
1282 mdbio = BIO_new(BIO_f_md());
1283 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1284 goto out;
1285 BIO_push(mdbio, membio);
1286 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1287 goto out;
1288 } else {
1289 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1290 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1291 goto out;
1292 }
1293
1294 if (tst % 3 == 0) {
1295 if (!TEST_ptr(pkey = load_example_rsa_key()))
1296 goto out;
1297 } else if (tst % 3 == 1) {
1298 #ifndef OPENSSL_NO_DSA
1299 if (!TEST_ptr(pkey = load_example_dsa_key()))
1300 goto out;
1301 #else
1302 ret = 1;
1303 goto out;
1304 #endif
1305 } else {
1306 if (!TEST_ptr(pkey = load_example_hmac_key()))
1307 goto out;
1308 }
1309
1310 if (tst >= 3 && tst <= 5)
1311 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1312 else
1313 md = EVP_sha256();
1314
1315 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1316 goto out;
1317
1318 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
1319 goto out;
1320
1321 if (tst >= 6 && tst <= 8) {
1322 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1323 goto out;
1324 } else if (tst < 6) {
1325 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1326 goto out;
1327 }
1328
1329 if (tst >= 9) {
1330 /* Determine the size of the signature. */
1331 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1332 sizeof(kMsg)))
1333 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1334 goto out;
1335 if (tst <= 11) {
1336 /* Test that supply a short sig buffer fails */
1337 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1338 sizeof(kMsg))))
1339 goto out;
1340 /*
1341 * We end here because once EVP_DigestSign() has failed you should
1342 * not call it again without re-initing the ctx
1343 */
1344 ret = 1;
1345 goto out;
1346 }
1347 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1348 sizeof(kMsg))))
1349 goto out;
1350 } else {
1351 /* Determine the size of the signature. */
1352 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1353 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1354 /*
1355 * Trying to create a signature with a deliberately short
1356 * buffer should fail.
1357 */
1358 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1359 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1360 goto out;
1361 }
1362
1363 /*
1364 * Ensure that the signature round-trips (Verification isn't supported for
1365 * HMAC via EVP_DigestVerify*)
1366 */
1367 if (tst % 3 != 2) {
1368 if (tst >= 6 && tst <= 8) {
1369 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1370 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1371 goto out;
1372 }
1373
1374 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1375 NULL, pkey)))
1376 goto out;
1377
1378 if (tst >= 6 && tst <= 8) {
1379 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1380 goto out;
1381 } else {
1382 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1383 sizeof(kMsg))))
1384 goto out;
1385 }
1386 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1387 goto out;
1388
1389 /* Multiple calls to EVP_DigestVerifyFinal should work */
1390 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1391 goto out;
1392 } else {
1393 /*
1394 * For HMAC a doubled call to DigestSignFinal should produce the same
1395 * value as finalization should not happen.
1396 */
1397 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1398 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1399 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1400 goto out;
1401
1402 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1403 goto out;
1404 }
1405
1406 ret = 1;
1407
1408 out:
1409 BIO_free(membio);
1410 BIO_free(mdbio);
1411 EVP_MD_CTX_free(a_md_ctx);
1412 EVP_MD_CTX_free(a_md_ctx_verify);
1413 EVP_PKEY_free(pkey);
1414 OPENSSL_free(sig);
1415 OPENSSL_free(sig2);
1416 EVP_MD_free(mdexp);
1417
1418 return ret;
1419 }
1420
test_EVP_DigestVerifyInit(void)1421 static int test_EVP_DigestVerifyInit(void)
1422 {
1423 int ret = 0;
1424 EVP_PKEY *pkey = NULL;
1425 EVP_MD_CTX *md_ctx = NULL;
1426
1427 if (nullprov != NULL)
1428 return TEST_skip("Test does not support a non-default library context");
1429
1430 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1431 || !TEST_ptr(pkey = load_example_rsa_key()))
1432 goto out;
1433
1434 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1435 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1436 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1437 sizeof(kSignature)), 0))
1438 goto out;
1439
1440 /* test with reinitialization */
1441 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
1442 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1443 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1444 sizeof(kSignature)), 0))
1445 goto out;
1446 ret = 1;
1447
1448 out:
1449 EVP_MD_CTX_free(md_ctx);
1450 EVP_PKEY_free(pkey);
1451 return ret;
1452 }
1453
1454 #ifndef OPENSSL_NO_SIPHASH
1455 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
test_siphash_digestsign(void)1456 static int test_siphash_digestsign(void)
1457 {
1458 unsigned char key[16];
1459 unsigned char buf[8], digest[8];
1460 unsigned char expected[8] = {
1461 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1462 };
1463 EVP_PKEY *pkey = NULL;
1464 EVP_MD_CTX *mdctx = NULL;
1465 EVP_PKEY_CTX *ctx = NULL;
1466 int ret = 0;
1467 size_t len = 8;
1468
1469 if (nullprov != NULL)
1470 return TEST_skip("Test does not support a non-default library context");
1471
1472 memset(buf, 0, 8);
1473 memset(key, 1, 16);
1474 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
1475 key, 16)))
1476 goto out;
1477
1478 if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
1479 goto out;
1480
1481 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
1482 goto out;
1483 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
1484 EVP_PKEY_CTRL_SET_DIGEST_SIZE,
1485 8, NULL), 1))
1486 goto out;
1487 /* reinitialize */
1488 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
1489 goto out;
1490 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
1491 goto out;
1492 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
1493 goto out;
1494 if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
1495 goto out;
1496
1497 ret = 1;
1498 out:
1499 EVP_PKEY_free(pkey);
1500 EVP_MD_CTX_free(mdctx);
1501 return ret;
1502 }
1503 #endif
1504
1505 /*
1506 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1507 */
test_EVP_Digest(void)1508 static int test_EVP_Digest(void)
1509 {
1510 int ret = 0;
1511 EVP_MD_CTX *md_ctx = NULL;
1512 unsigned char md[EVP_MAX_MD_SIZE];
1513 EVP_MD *sha256 = NULL;
1514 EVP_MD *shake256 = NULL;
1515
1516 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1517 goto out;
1518
1519 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1520 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1521 goto out;
1522
1523 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1524 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1525 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1526 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1527 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1528 goto out;
1529
1530 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1531 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1532 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1533 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1534 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1535 /*
1536 * EVP_DigestInit_ex with NULL type should work on
1537 * pre-initialized context.
1538 */
1539 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1540 goto out;
1541
1542 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1543 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1544 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1545 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1546 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1547 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1548 goto out;
1549 ret = 1;
1550
1551 out:
1552 EVP_MD_CTX_free(md_ctx);
1553 EVP_MD_free(sha256);
1554 EVP_MD_free(shake256);
1555 return ret;
1556 }
1557
test_EVP_md_null(void)1558 static int test_EVP_md_null(void)
1559 {
1560 int ret = 0;
1561 EVP_MD_CTX *md_ctx = NULL;
1562 const EVP_MD *md_null = EVP_md_null();
1563 unsigned char md_value[EVP_MAX_MD_SIZE];
1564 unsigned int md_len = sizeof(md_value);
1565
1566 if (nullprov != NULL)
1567 return TEST_skip("Test does not support a non-default library context");
1568
1569 if (!TEST_ptr(md_null)
1570 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1571 goto out;
1572
1573 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
1574 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
1575 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
1576 goto out;
1577
1578 if (!TEST_uint_eq(md_len, 0))
1579 goto out;
1580
1581 ret = 1;
1582 out:
1583 EVP_MD_CTX_free(md_ctx);
1584 return ret;
1585 }
1586
test_d2i_AutoPrivateKey(int i)1587 static int test_d2i_AutoPrivateKey(int i)
1588 {
1589 int ret = 0;
1590 const unsigned char *p;
1591 EVP_PKEY *pkey = NULL;
1592 const APK_DATA *ak = &keydata[i];
1593 const unsigned char *input = ak->kder;
1594 size_t input_len = ak->size;
1595 int expected_id = ak->evptype;
1596
1597 p = input;
1598 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1599 || !TEST_ptr_eq(p, input + input_len)
1600 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
1601 goto done;
1602
1603 ret = 1;
1604
1605 done:
1606 EVP_PKEY_free(pkey);
1607 return ret;
1608 }
1609
1610 #ifndef OPENSSL_NO_EC
1611
1612 static const unsigned char ec_public_sect163k1_validxy[] = {
1613 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1614 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1615 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1616 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1617 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1618 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1619 };
1620
1621 static const unsigned char ec_public_sect163k1_badx[] = {
1622 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1623 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1624 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1625 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1626 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1627 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1628 };
1629
1630 static const unsigned char ec_public_sect163k1_bady[] = {
1631 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1632 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1633 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1634 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1635 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1636 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1637 };
1638
1639 static struct ec_der_pub_keys_st {
1640 const unsigned char *der;
1641 size_t len;
1642 int valid;
1643 } ec_der_pub_keys[] = {
1644 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1645 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1646 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1647 };
1648
1649 /*
1650 * Tests the range of the decoded EC char2 public point.
1651 * See ec_GF2m_simple_oct2point().
1652 */
test_invalide_ec_char2_pub_range_decode(int id)1653 static int test_invalide_ec_char2_pub_range_decode(int id)
1654 {
1655 int ret = 0;
1656 EVP_PKEY *pkey;
1657
1658 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1659 ec_der_pub_keys[id].len);
1660
1661 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1662 || TEST_ptr_null(pkey);
1663 EVP_PKEY_free(pkey);
1664 return ret;
1665 }
1666
1667 /* Tests loading a bad key in PKCS8 format */
test_EVP_PKCS82PKEY(void)1668 static int test_EVP_PKCS82PKEY(void)
1669 {
1670 int ret = 0;
1671 const unsigned char *derp = kExampleBadECKeyDER;
1672 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1673 EVP_PKEY *pkey = NULL;
1674
1675 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1676 sizeof(kExampleBadECKeyDER))))
1677 goto done;
1678
1679 if (!TEST_ptr_eq(derp,
1680 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1681 goto done;
1682
1683 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1684 goto done;
1685
1686 ret = 1;
1687
1688 done:
1689 PKCS8_PRIV_KEY_INFO_free(p8inf);
1690 EVP_PKEY_free(pkey);
1691
1692 return ret;
1693 }
1694
1695 #endif
test_EVP_PKCS82PKEY_wrong_tag(void)1696 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1697 {
1698 EVP_PKEY *pkey = NULL;
1699 EVP_PKEY *pkey2 = NULL;
1700 BIO *membio = NULL;
1701 char *membuf = NULL;
1702 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1703 int ok = 0;
1704
1705 if (testctx != NULL)
1706 /* test not supported with non-default context */
1707 return 1;
1708
1709 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1710 || !TEST_ptr(pkey = load_example_rsa_key())
1711 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1712 NULL, 0, NULL, NULL),
1713 0)
1714 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1715 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1716 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
1717 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1718 goto done;
1719 }
1720
1721 ok = 1;
1722 done:
1723 EVP_PKEY_free(pkey);
1724 EVP_PKEY_free(pkey2);
1725 PKCS8_PRIV_KEY_INFO_free(p8inf);
1726 BIO_free_all(membio);
1727 return ok;
1728 }
1729
1730 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
test_privatekey_to_pkcs8(void)1731 static int test_privatekey_to_pkcs8(void)
1732 {
1733 EVP_PKEY *pkey = NULL;
1734 BIO *membio = NULL;
1735 char *membuf = NULL;
1736 long membuf_len = 0;
1737 int ok = 0;
1738
1739 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1740 || !TEST_ptr(pkey = load_example_rsa_key())
1741 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1742 NULL, 0, NULL, NULL),
1743 0)
1744 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1745 || !TEST_ptr(membuf)
1746 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1747 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1748 /*
1749 * We try to write PEM as well, just to see that it doesn't err, but
1750 * assume that the result is correct.
1751 */
1752 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1753 NULL, 0, NULL, NULL),
1754 0))
1755 goto done;
1756
1757 ok = 1;
1758 done:
1759 EVP_PKEY_free(pkey);
1760 BIO_free_all(membio);
1761 return ok;
1762 }
1763
1764 #ifndef OPENSSL_NO_EC
1765 static const struct {
1766 int encoding;
1767 const char *encoding_name;
1768 } ec_encodings[] = {
1769 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1770 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1771 };
1772
ec_export_get_encoding_cb(const OSSL_PARAM params[],void * arg)1773 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1774 {
1775 const OSSL_PARAM *p;
1776 const char *enc_name = NULL;
1777 int *enc = arg;
1778 size_t i;
1779
1780 *enc = -1;
1781
1782 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1783 OSSL_PKEY_PARAM_EC_ENCODING))
1784 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1785 return 0;
1786
1787 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1788 if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1789 *enc = ec_encodings[i].encoding;
1790 break;
1791 }
1792 }
1793
1794 return (*enc != -1);
1795 }
1796
test_EC_keygen_with_enc(int idx)1797 static int test_EC_keygen_with_enc(int idx)
1798 {
1799 EVP_PKEY *params = NULL, *key = NULL;
1800 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1801 int enc;
1802 int ret = 0;
1803
1804 enc = ec_encodings[idx].encoding;
1805
1806 /* Create key parameters */
1807 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1808 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
1809 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0)
1810 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0)
1811 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))
1812 || !TEST_ptr(params))
1813 goto done;
1814
1815 /* Create key */
1816 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1817 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1818 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1819 || !TEST_ptr(key))
1820 goto done;
1821
1822 /* Check that the encoding got all the way into the key */
1823 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1824 ec_export_get_encoding_cb, &enc))
1825 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1826 goto done;
1827
1828 ret = 1;
1829 done:
1830 EVP_PKEY_free(key);
1831 EVP_PKEY_free(params);
1832 EVP_PKEY_CTX_free(kctx);
1833 EVP_PKEY_CTX_free(pctx);
1834 return ret;
1835 }
1836 #endif
1837
1838 #if !defined(OPENSSL_NO_SM2)
1839
test_EVP_SM2_verify(void)1840 static int test_EVP_SM2_verify(void)
1841 {
1842 const char *pubkey =
1843 "-----BEGIN PUBLIC KEY-----\n"
1844 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1845 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1846 "-----END PUBLIC KEY-----\n";
1847
1848 const char *msg = "message digest";
1849 const char *id = "ALICE123@YAHOO.COM";
1850
1851 const uint8_t signature[] = {
1852 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1853 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1854 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1855 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1856 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1857 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1858 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1859 };
1860
1861 int rc = 0;
1862 BIO *bio = NULL;
1863 EVP_PKEY *pkey = NULL;
1864 EVP_MD_CTX *mctx = NULL;
1865 EVP_PKEY_CTX *pctx = NULL;
1866 EVP_MD *sm3 = NULL;
1867
1868 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1869 if (!TEST_true(bio != NULL))
1870 goto done;
1871
1872 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
1873 if (!TEST_true(pkey != NULL))
1874 goto done;
1875
1876 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1877 goto done;
1878
1879 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1880 goto done;
1881
1882 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1883 goto done;
1884
1885 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1886
1887 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1888 goto done;
1889
1890 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
1891 goto done;
1892
1893 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1894 goto done;
1895
1896 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1897 goto done;
1898
1899 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
1900 goto done;
1901 rc = 1;
1902
1903 done:
1904 BIO_free(bio);
1905 EVP_PKEY_free(pkey);
1906 EVP_PKEY_CTX_free(pctx);
1907 EVP_MD_CTX_free(mctx);
1908 EVP_MD_free(sm3);
1909 return rc;
1910 }
1911
test_EVP_SM2(void)1912 static int test_EVP_SM2(void)
1913 {
1914 int ret = 0;
1915 EVP_PKEY *pkey = NULL;
1916 EVP_PKEY *pkeyparams = NULL;
1917 EVP_PKEY_CTX *pctx = NULL;
1918 EVP_PKEY_CTX *kctx = NULL;
1919 EVP_PKEY_CTX *sctx = NULL;
1920 size_t sig_len = 0;
1921 unsigned char *sig = NULL;
1922 EVP_MD_CTX *md_ctx = NULL;
1923 EVP_MD_CTX *md_ctx_verify = NULL;
1924 EVP_PKEY_CTX *cctx = NULL;
1925 EVP_MD *check_md = NULL;
1926
1927 uint8_t ciphertext[128];
1928 size_t ctext_len = sizeof(ciphertext);
1929
1930 uint8_t plaintext[8];
1931 size_t ptext_len = sizeof(plaintext);
1932
1933 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1934
1935 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1936 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1937 int i;
1938 char mdname[OSSL_MAX_NAME_SIZE];
1939
1940 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
1941 "SM2", testpropq)))
1942 goto done;
1943
1944 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1945 goto done;
1946
1947 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0))
1948 goto done;
1949
1950 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1951 goto done;
1952
1953 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1954 pkeyparams, testpropq)))
1955 goto done;
1956
1957 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0))
1958 goto done;
1959
1960 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1961 goto done;
1962
1963 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1964 goto done;
1965
1966 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1967 goto done;
1968
1969 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1970 goto done;
1971
1972 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1973 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1974
1975 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
1976 goto done;
1977
1978 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
1979 goto done;
1980
1981 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1982 goto done;
1983
1984 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1985 goto done;
1986
1987 /* Determine the size of the signature. */
1988 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1989 goto done;
1990
1991 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1992 goto done;
1993
1994 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1995 goto done;
1996
1997 /* Ensure that the signature round-trips. */
1998
1999 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
2000 pkey)))
2001 goto done;
2002
2003 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
2004 goto done;
2005
2006 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2007 goto done;
2008
2009 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2010 goto done;
2011
2012 /*
2013 * Try verify again with non-matching 0 length id but ensure that it can
2014 * be set on the context and overrides the previous value.
2015 */
2016
2017 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
2018 pkey)))
2019 goto done;
2020
2021 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0))
2022 goto done;
2023
2024 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2025 goto done;
2026
2027 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2028 goto done;
2029
2030 /* now check encryption/decryption */
2031
2032 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2033 mdname, sizeof(mdname));
2034 for (i = 0; i < 2; i++) {
2035 const char *mdnames[] = {
2036 #ifndef OPENSSL_NO_SM3
2037 "SM3",
2038 #else
2039 NULL,
2040 #endif
2041 "SHA2-256" };
2042 EVP_PKEY_CTX_free(cctx);
2043
2044 if (mdnames[i] == NULL)
2045 continue;
2046
2047 sparams[0] =
2048 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2049 (char *)mdnames[i], 0);
2050
2051 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2052 pkey, testpropq)))
2053 goto done;
2054
2055 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
2056 goto done;
2057
2058 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2059 goto done;
2060
2061 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
2062 sizeof(kMsg))))
2063 goto done;
2064
2065 if (!TEST_int_gt(EVP_PKEY_decrypt_init(cctx), 0))
2066 goto done;
2067
2068 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2069 goto done;
2070
2071 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
2072 ctext_len), 0))
2073 goto done;
2074
2075 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
2076 goto done;
2077
2078 /*
2079 * Test we're still using the digest we think we are.
2080 * Because of aliases, the easiest is to fetch the digest and
2081 * check the name with EVP_MD_is_a().
2082 */
2083 EVP_MD_free(check_md);
2084 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
2085 goto done;
2086 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
2087 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
2088 goto done;
2089 }
2090
2091 if (!TEST_true(ptext_len == sizeof(kMsg)))
2092 goto done;
2093
2094 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
2095 goto done;
2096 }
2097
2098 ret = 1;
2099 done:
2100 EVP_PKEY_CTX_free(pctx);
2101 EVP_PKEY_CTX_free(kctx);
2102 EVP_PKEY_CTX_free(sctx);
2103 EVP_PKEY_CTX_free(cctx);
2104 EVP_PKEY_free(pkey);
2105 EVP_PKEY_free(pkeyparams);
2106 EVP_MD_CTX_free(md_ctx);
2107 EVP_MD_CTX_free(md_ctx_verify);
2108 EVP_MD_free(check_md);
2109 OPENSSL_free(sig);
2110 return ret;
2111 }
2112
2113 #endif
2114
2115 static struct keys_st {
2116 int type;
2117 char *priv;
2118 char *pub;
2119 } keys[] = {
2120 {
2121 EVP_PKEY_HMAC, "0123456789", NULL
2122 },
2123 {
2124 EVP_PKEY_HMAC, "", NULL
2125 #ifndef OPENSSL_NO_POLY1305
2126 }, {
2127 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
2128 #endif
2129 #ifndef OPENSSL_NO_SIPHASH
2130 }, {
2131 EVP_PKEY_SIPHASH, "0123456789012345", NULL
2132 #endif
2133 },
2134 #ifndef OPENSSL_NO_EC
2135 {
2136 EVP_PKEY_X25519, "01234567890123456789012345678901",
2137 "abcdefghijklmnopqrstuvwxyzabcdef"
2138 }, {
2139 EVP_PKEY_ED25519, "01234567890123456789012345678901",
2140 "abcdefghijklmnopqrstuvwxyzabcdef"
2141 }, {
2142 EVP_PKEY_X448,
2143 "01234567890123456789012345678901234567890123456789012345",
2144 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2145 }, {
2146 EVP_PKEY_ED448,
2147 "012345678901234567890123456789012345678901234567890123456",
2148 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2149 }
2150 #endif
2151 };
2152
test_set_get_raw_keys_int(int tst,int pub,int uselibctx)2153 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
2154 {
2155 int ret = 0;
2156 unsigned char buf[80];
2157 unsigned char *in;
2158 size_t inlen, len = 0, shortlen = 1;
2159 EVP_PKEY *pkey;
2160
2161 /* Check if this algorithm supports public keys */
2162 if (pub && keys[tst].pub == NULL)
2163 return 1;
2164
2165 memset(buf, 0, sizeof(buf));
2166
2167 if (pub) {
2168 #ifndef OPENSSL_NO_EC
2169 inlen = strlen(keys[tst].pub);
2170 in = (unsigned char *)keys[tst].pub;
2171 if (uselibctx) {
2172 pkey = EVP_PKEY_new_raw_public_key_ex(
2173 testctx,
2174 OBJ_nid2sn(keys[tst].type),
2175 NULL,
2176 in,
2177 inlen);
2178 } else {
2179 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
2180 NULL,
2181 in,
2182 inlen);
2183 }
2184 #else
2185 return 1;
2186 #endif
2187 } else {
2188 inlen = strlen(keys[tst].priv);
2189 in = (unsigned char *)keys[tst].priv;
2190 if (uselibctx) {
2191 pkey = EVP_PKEY_new_raw_private_key_ex(
2192 testctx, OBJ_nid2sn(keys[tst].type),
2193 NULL,
2194 in,
2195 inlen);
2196 } else {
2197 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
2198 NULL,
2199 in,
2200 inlen);
2201 }
2202 }
2203
2204 if (!TEST_ptr(pkey)
2205 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
2206 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
2207 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
2208 || !TEST_true(len == inlen))
2209 goto done;
2210 if (tst != 1) {
2211 /*
2212 * Test that supplying a buffer that is too small fails. Doesn't apply
2213 * to HMAC with a zero length key
2214 */
2215 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
2216 &shortlen)))
2217 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
2218 &shortlen))))
2219 goto done;
2220 }
2221 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
2222 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
2223 || !TEST_mem_eq(in, inlen, buf, len))
2224 goto done;
2225
2226 ret = 1;
2227 done:
2228 EVP_PKEY_free(pkey);
2229 return ret;
2230 }
2231
test_set_get_raw_keys(int tst)2232 static int test_set_get_raw_keys(int tst)
2233 {
2234 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
2235 && test_set_get_raw_keys_int(tst, 0, 1)
2236 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
2237 && test_set_get_raw_keys_int(tst, 1, 1);
2238 }
2239
2240 #ifndef OPENSSL_NO_DEPRECATED_3_0
pkey_custom_check(EVP_PKEY * pkey)2241 static int pkey_custom_check(EVP_PKEY *pkey)
2242 {
2243 return 0xbeef;
2244 }
2245
pkey_custom_pub_check(EVP_PKEY * pkey)2246 static int pkey_custom_pub_check(EVP_PKEY *pkey)
2247 {
2248 return 0xbeef;
2249 }
2250
pkey_custom_param_check(EVP_PKEY * pkey)2251 static int pkey_custom_param_check(EVP_PKEY *pkey)
2252 {
2253 return 0xbeef;
2254 }
2255
2256 static EVP_PKEY_METHOD *custom_pmeth;
2257 #endif
2258
test_EVP_PKEY_check(int i)2259 static int test_EVP_PKEY_check(int i)
2260 {
2261 int ret = 0;
2262 EVP_PKEY *pkey = NULL;
2263 EVP_PKEY_CTX *ctx = NULL;
2264 #ifndef OPENSSL_NO_DEPRECATED_3_0
2265 EVP_PKEY_CTX *ctx2 = NULL;
2266 #endif
2267 const APK_DATA *ak = &keycheckdata[i];
2268 const unsigned char *input = ak->kder;
2269 size_t input_len = ak->size;
2270 int expected_id = ak->evptype;
2271 int expected_check = ak->check;
2272 int expected_pub_check = ak->pub_check;
2273 int expected_param_check = ak->param_check;
2274 int type = ak->type;
2275
2276 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
2277 goto done;
2278 if (type == 0
2279 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2280 goto done;
2281
2282 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2283 goto done;
2284
2285 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
2286 goto done;
2287
2288 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
2289 goto done;
2290
2291 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
2292 goto done;
2293
2294 #ifndef OPENSSL_NO_DEPRECATED_3_0
2295 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
2296 /* assign the pkey directly, as an internal test */
2297 EVP_PKEY_up_ref(pkey);
2298 ctx2->pkey = pkey;
2299
2300 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
2301 goto done;
2302
2303 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
2304 goto done;
2305
2306 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
2307 goto done;
2308 #endif
2309
2310 ret = 1;
2311
2312 done:
2313 EVP_PKEY_CTX_free(ctx);
2314 #ifndef OPENSSL_NO_DEPRECATED_3_0
2315 EVP_PKEY_CTX_free(ctx2);
2316 #endif
2317 EVP_PKEY_free(pkey);
2318 return ret;
2319 }
2320
2321 #ifndef OPENSSL_NO_CMAC
get_cmac_val(EVP_PKEY * pkey,unsigned char * mac)2322 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
2323 {
2324 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
2325 const char msg[] = "Hello World";
2326 size_t maclen = AES_BLOCK_SIZE;
2327 int ret = 1;
2328
2329 if (!TEST_ptr(mdctx)
2330 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
2331 testpropq, pkey, NULL))
2332 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
2333 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
2334 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
2335 ret = 0;
2336
2337 EVP_MD_CTX_free(mdctx);
2338
2339 return ret;
2340 }
test_CMAC_keygen(void)2341 static int test_CMAC_keygen(void)
2342 {
2343 static unsigned char key[] = {
2344 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2345 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2346 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2347 };
2348 EVP_PKEY_CTX *kctx = NULL;
2349 int ret = 0;
2350 EVP_PKEY *pkey = NULL;
2351 unsigned char mac[AES_BLOCK_SIZE];
2352 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2353 unsigned char mac2[AES_BLOCK_SIZE];
2354 # endif
2355
2356 if (nullprov != NULL)
2357 return TEST_skip("Test does not support a non-default library context");
2358
2359 /*
2360 * This is a legacy method for CMACs, but should still work.
2361 * This verifies that it works without an ENGINE.
2362 */
2363 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2364
2365 /* Test a CMAC key created using the "generated" method */
2366 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2367 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2368 EVP_PKEY_CTRL_CIPHER,
2369 0, (void *)EVP_aes_256_ecb()), 0)
2370 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2371 EVP_PKEY_CTRL_SET_MAC_KEY,
2372 sizeof(key), (void *)key), 0)
2373 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2374 || !TEST_ptr(pkey)
2375 || !TEST_true(get_cmac_val(pkey, mac)))
2376 goto done;
2377
2378 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2379 EVP_PKEY_free(pkey);
2380
2381 /*
2382 * Test a CMAC key using the direct method, and compare with the mac
2383 * created above.
2384 */
2385 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
2386 if (!TEST_ptr(pkey)
2387 || !TEST_true(get_cmac_val(pkey, mac2))
2388 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
2389 goto done;
2390 # endif
2391
2392 ret = 1;
2393
2394 done:
2395 EVP_PKEY_free(pkey);
2396 EVP_PKEY_CTX_free(kctx);
2397 return ret;
2398 }
2399 #endif
2400
test_HKDF(void)2401 static int test_HKDF(void)
2402 {
2403 EVP_PKEY_CTX *pctx;
2404 unsigned char out[20];
2405 size_t outlen;
2406 int i, ret = 0;
2407 unsigned char salt[] = "0123456789";
2408 unsigned char key[] = "012345678901234567890123456789";
2409 unsigned char info[] = "infostring";
2410 const unsigned char expected[] = {
2411 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2412 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2413 };
2414 size_t expectedlen = sizeof(expected);
2415
2416 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2417 goto done;
2418
2419 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2420 for (i = 0; i < 2; i++) {
2421 outlen = sizeof(out);
2422 memset(out, 0, outlen);
2423
2424 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2425 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2426 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2427 sizeof(salt) - 1), 0)
2428 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2429 sizeof(key) - 1), 0)
2430 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2431 sizeof(info) - 1), 0)
2432 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2433 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2434 goto done;
2435 }
2436
2437 ret = 1;
2438
2439 done:
2440 EVP_PKEY_CTX_free(pctx);
2441
2442 return ret;
2443 }
2444
test_emptyikm_HKDF(void)2445 static int test_emptyikm_HKDF(void)
2446 {
2447 EVP_PKEY_CTX *pctx;
2448 unsigned char out[20];
2449 size_t outlen;
2450 int ret = 0;
2451 unsigned char salt[] = "9876543210";
2452 unsigned char key[] = "";
2453 unsigned char info[] = "stringinfo";
2454 const unsigned char expected[] = {
2455 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2456 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2457 };
2458 size_t expectedlen = sizeof(expected);
2459
2460 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2461 goto done;
2462
2463 outlen = sizeof(out);
2464 memset(out, 0, outlen);
2465
2466 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2467 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2468 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2469 sizeof(salt) - 1), 0)
2470 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2471 sizeof(key) - 1), 0)
2472 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2473 sizeof(info) - 1), 0)
2474 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2475 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2476 goto done;
2477
2478 ret = 1;
2479
2480 done:
2481 EVP_PKEY_CTX_free(pctx);
2482
2483 return ret;
2484 }
2485
2486 #ifndef OPENSSL_NO_EC
test_X509_PUBKEY_inplace(void)2487 static int test_X509_PUBKEY_inplace(void)
2488 {
2489 int ret = 0;
2490 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
2491 const unsigned char *p = kExampleECPubKeyDER;
2492 size_t input_len = sizeof(kExampleECPubKeyDER);
2493
2494 if (!TEST_ptr(xp))
2495 goto done;
2496 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
2497 goto done;
2498
2499 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2500 goto done;
2501
2502 p = kExampleBadECPubKeyDER;
2503 input_len = sizeof(kExampleBadECPubKeyDER);
2504
2505 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2506 goto done;
2507
2508 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2509 goto done;
2510
2511 ret = 1;
2512
2513 done:
2514 X509_PUBKEY_free(xp);
2515 return ret;
2516 }
2517
test_X509_PUBKEY_dup(void)2518 static int test_X509_PUBKEY_dup(void)
2519 {
2520 int ret = 0;
2521 X509_PUBKEY *xp = NULL, *xq = NULL;
2522 const unsigned char *p = kExampleECPubKeyDER;
2523 size_t input_len = sizeof(kExampleECPubKeyDER);
2524
2525 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2526 if (!TEST_ptr(xp)
2527 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
2528 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2529 || !TEST_ptr_ne(xp, xq))
2530 goto done;
2531
2532 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2533 || !TEST_ptr(X509_PUBKEY_get0(xp))
2534 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
2535 goto done;
2536
2537 X509_PUBKEY_free(xq);
2538 xq = NULL;
2539 p = kExampleBadECPubKeyDER;
2540 input_len = sizeof(kExampleBadECPubKeyDER);
2541
2542 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2543 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2544 goto done;
2545
2546 X509_PUBKEY_free(xp);
2547 xp = NULL;
2548 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2549 goto done;
2550
2551 ret = 1;
2552
2553 done:
2554 X509_PUBKEY_free(xp);
2555 X509_PUBKEY_free(xq);
2556 return ret;
2557 }
2558 #endif /* OPENSSL_NO_EC */
2559
2560 /* Test getting and setting parameters on an EVP_PKEY_CTX */
test_EVP_PKEY_CTX_get_set_params(EVP_PKEY * pkey)2561 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
2562 {
2563 EVP_MD_CTX *mdctx = NULL;
2564 EVP_PKEY_CTX *ctx = NULL;
2565 const OSSL_PARAM *params;
2566 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
2567 int ret = 0;
2568 const EVP_MD *md;
2569 char mdname[OSSL_MAX_NAME_SIZE];
2570 char ssl3ms[48];
2571
2572 /* Initialise a sign operation */
2573 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
2574 if (!TEST_ptr(ctx)
2575 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
2576 goto err;
2577
2578 /*
2579 * We should be able to query the parameters now.
2580 */
2581 params = EVP_PKEY_CTX_settable_params(ctx);
2582 if (!TEST_ptr(params)
2583 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2584 OSSL_SIGNATURE_PARAM_DIGEST)))
2585 goto err;
2586
2587 params = EVP_PKEY_CTX_gettable_params(ctx);
2588 if (!TEST_ptr(params)
2589 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2590 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
2591 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2592 OSSL_SIGNATURE_PARAM_DIGEST)))
2593 goto err;
2594
2595 /*
2596 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2597 * EVP_PKEY_CTX_get_params()
2598 */
2599 strcpy(mdname, "SHA512");
2600 param_md = param;
2601 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2602 mdname, 0);
2603 *param++ = OSSL_PARAM_construct_end();
2604
2605 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2606 goto err;
2607
2608 mdname[0] = '\0';
2609 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2610 mdname, sizeof(mdname));
2611 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
2612 || !TEST_str_eq(mdname, "SHA512"))
2613 goto err;
2614
2615 /*
2616 * Test the TEST_PKEY_CTX_set_signature_md() and
2617 * TEST_PKEY_CTX_get_signature_md() functions
2618 */
2619 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2620 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2621 || !TEST_ptr_eq(md, EVP_sha256()))
2622 goto err;
2623
2624 /*
2625 * Test getting MD parameters via an associated EVP_PKEY_CTX
2626 */
2627 mdctx = EVP_MD_CTX_new();
2628 if (!TEST_ptr(mdctx)
2629 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2630 pkey, NULL)))
2631 goto err;
2632
2633 /*
2634 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2635 * able to obtain the digest's settable parameters from the provider.
2636 */
2637 params = EVP_MD_CTX_settable_params(mdctx);
2638 if (!TEST_ptr(params)
2639 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2640 /* The final key should be NULL */
2641 || !TEST_ptr_null(params[1].key))
2642 goto err;
2643
2644 param = ourparams;
2645 memset(ssl3ms, 0, sizeof(ssl3ms));
2646 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2647 ssl3ms, sizeof(ssl3ms));
2648 *param++ = OSSL_PARAM_construct_end();
2649
2650 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2651 goto err;
2652
2653 ret = 1;
2654
2655 err:
2656 EVP_MD_CTX_free(mdctx);
2657 EVP_PKEY_CTX_free(ctx);
2658
2659 return ret;
2660 }
2661
2662 #ifndef OPENSSL_NO_DSA
test_DSA_get_set_params(void)2663 static int test_DSA_get_set_params(void)
2664 {
2665 OSSL_PARAM_BLD *bld = NULL;
2666 OSSL_PARAM *params = NULL;
2667 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2668 EVP_PKEY_CTX *pctx = NULL;
2669 EVP_PKEY *pkey = NULL;
2670 int ret = 0;
2671
2672 /*
2673 * Setup the parameters for our DSA object. For our purposes they don't
2674 * have to actually be *valid* parameters. We just need to set something.
2675 */
2676 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2677 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2678 || !TEST_ptr(p = BN_new())
2679 || !TEST_ptr(q = BN_new())
2680 || !TEST_ptr(g = BN_new())
2681 || !TEST_ptr(pub = BN_new())
2682 || !TEST_ptr(priv = BN_new()))
2683 goto err;
2684 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2685 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2686 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2687 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2688 pub))
2689 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2690 priv)))
2691 goto err;
2692 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2693 goto err;
2694
2695 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2696 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2697 params), 0))
2698 goto err;
2699
2700 if (!TEST_ptr(pkey))
2701 goto err;
2702
2703 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2704
2705 err:
2706 EVP_PKEY_free(pkey);
2707 EVP_PKEY_CTX_free(pctx);
2708 OSSL_PARAM_free(params);
2709 OSSL_PARAM_BLD_free(bld);
2710 BN_free(p);
2711 BN_free(q);
2712 BN_free(g);
2713 BN_free(pub);
2714 BN_free(priv);
2715
2716 return ret;
2717 }
2718
2719 /*
2720 * Test combinations of private, public, missing and private + public key
2721 * params to ensure they are all accepted
2722 */
test_DSA_priv_pub(void)2723 static int test_DSA_priv_pub(void)
2724 {
2725 return test_EVP_PKEY_ffc_priv_pub("DSA");
2726 }
2727
2728 #endif /* !OPENSSL_NO_DSA */
2729
test_RSA_get_set_params(void)2730 static int test_RSA_get_set_params(void)
2731 {
2732 OSSL_PARAM_BLD *bld = NULL;
2733 OSSL_PARAM *params = NULL;
2734 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2735 EVP_PKEY_CTX *pctx = NULL;
2736 EVP_PKEY *pkey = NULL;
2737 int ret = 0;
2738
2739 /*
2740 * Setup the parameters for our RSA object. For our purposes they don't
2741 * have to actually be *valid* parameters. We just need to set something.
2742 */
2743 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2744 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2745 || !TEST_ptr(n = BN_new())
2746 || !TEST_ptr(e = BN_new())
2747 || !TEST_ptr(d = BN_new()))
2748 goto err;
2749 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2750 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2751 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2752 goto err;
2753 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2754 goto err;
2755
2756 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2757 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2758 params), 0))
2759 goto err;
2760
2761 if (!TEST_ptr(pkey))
2762 goto err;
2763
2764 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2765
2766 err:
2767 EVP_PKEY_free(pkey);
2768 EVP_PKEY_CTX_free(pctx);
2769 OSSL_PARAM_free(params);
2770 OSSL_PARAM_BLD_free(bld);
2771 BN_free(n);
2772 BN_free(e);
2773 BN_free(d);
2774
2775 return ret;
2776 }
2777
test_RSA_OAEP_set_get_params(void)2778 static int test_RSA_OAEP_set_get_params(void)
2779 {
2780 int ret = 0;
2781 EVP_PKEY *key = NULL;
2782 EVP_PKEY_CTX *key_ctx = NULL;
2783
2784 if (nullprov != NULL)
2785 return TEST_skip("Test does not support a non-default library context");
2786
2787 if (!TEST_ptr(key = load_example_rsa_key())
2788 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(0, key, 0)))
2789 goto err;
2790
2791 {
2792 int padding = RSA_PKCS1_OAEP_PADDING;
2793 OSSL_PARAM params[4];
2794
2795 params[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE, &padding);
2796 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
2797 OSSL_DIGEST_NAME_SHA2_256, 0);
2798 params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
2799 OSSL_DIGEST_NAME_SHA1, 0);
2800 params[3] = OSSL_PARAM_construct_end();
2801
2802 if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params),0))
2803 goto err;
2804 }
2805 {
2806 OSSL_PARAM params[3];
2807 char oaepmd[30] = { '\0' };
2808 char mgf1md[30] = { '\0' };
2809
2810 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
2811 oaepmd, sizeof(oaepmd));
2812 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
2813 mgf1md, sizeof(mgf1md));
2814 params[2] = OSSL_PARAM_construct_end();
2815
2816 if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx, params)))
2817 goto err;
2818
2819 if (!TEST_str_eq(oaepmd, OSSL_DIGEST_NAME_SHA2_256)
2820 || !TEST_str_eq(mgf1md, OSSL_DIGEST_NAME_SHA1))
2821 goto err;
2822 }
2823
2824 ret = 1;
2825
2826 err:
2827 EVP_PKEY_free(key);
2828 EVP_PKEY_CTX_free(key_ctx);
2829
2830 return ret;
2831 }
2832
2833 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
test_decrypt_null_chunks(void)2834 static int test_decrypt_null_chunks(void)
2835 {
2836 EVP_CIPHER_CTX* ctx = NULL;
2837 EVP_CIPHER *cipher = NULL;
2838 const unsigned char key[32] = {
2839 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2840 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2841 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2842 };
2843 unsigned char iv[12] = {
2844 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2845 };
2846 unsigned char msg[] = "It was the best of times, it was the worst of times";
2847 unsigned char ciphertext[80];
2848 unsigned char plaintext[80];
2849 /* We initialise tmp to a non zero value on purpose */
2850 int ctlen, ptlen, tmp = 99;
2851 int ret = 0;
2852 const int enc_offset = 10, dec_offset = 20;
2853
2854 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2855 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2856 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
2857 key, iv))
2858 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2859 enc_offset))
2860 /* Deliberate add a zero length update */
2861 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2862 0))
2863 || !TEST_int_eq(tmp, 0)
2864 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2865 msg + enc_offset,
2866 sizeof(msg) - enc_offset))
2867 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2868 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2869 || !TEST_int_eq(tmp, 0))
2870 goto err;
2871
2872 /* Deliberately initialise tmp to a non zero value */
2873 tmp = 99;
2874 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
2875 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2876 dec_offset))
2877 /*
2878 * Deliberately add a zero length update. We also deliberately do
2879 * this at a different offset than for encryption.
2880 */
2881 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2882 0))
2883 || !TEST_int_eq(tmp, 0)
2884 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2885 ciphertext + dec_offset,
2886 ctlen - dec_offset))
2887 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2888 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2889 || !TEST_int_eq(tmp, 0)
2890 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2891 goto err;
2892
2893 ret = 1;
2894 err:
2895 EVP_CIPHER_CTX_free(ctx);
2896 EVP_CIPHER_free(cipher);
2897 return ret;
2898 }
2899 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2900
2901 #ifndef OPENSSL_NO_DH
2902 /*
2903 * Test combinations of private, public, missing and private + public key
2904 * params to ensure they are all accepted
2905 */
test_DH_priv_pub(void)2906 static int test_DH_priv_pub(void)
2907 {
2908 return test_EVP_PKEY_ffc_priv_pub("DH");
2909 }
2910
2911 # ifndef OPENSSL_NO_DEPRECATED_3_0
test_EVP_PKEY_set1_DH(void)2912 static int test_EVP_PKEY_set1_DH(void)
2913 {
2914 DH *x942dh = NULL, *noqdh = NULL;
2915 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
2916 int ret = 0;
2917 BIGNUM *p, *g = NULL;
2918 BIGNUM *pubkey = NULL;
2919 unsigned char pub[2048 / 8];
2920 size_t len = 0;
2921
2922 if (!TEST_ptr(p = BN_new())
2923 || !TEST_ptr(g = BN_new())
2924 || !TEST_ptr(pubkey = BN_new())
2925 || !TEST_true(BN_set_word(p, 9999))
2926 || !TEST_true(BN_set_word(g, 2))
2927 || !TEST_true(BN_set_word(pubkey, 4321))
2928 || !TEST_ptr(noqdh = DH_new())
2929 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
2930 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
2931 || !TEST_ptr(pubkey = BN_new())
2932 || !TEST_true(BN_set_word(pubkey, 4321)))
2933 goto err;
2934 p = g = NULL;
2935
2936 x942dh = DH_get_2048_256();
2937 pkey1 = EVP_PKEY_new();
2938 pkey2 = EVP_PKEY_new();
2939 if (!TEST_ptr(x942dh)
2940 || !TEST_ptr(noqdh)
2941 || !TEST_ptr(pkey1)
2942 || !TEST_ptr(pkey2)
2943 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
2944 goto err;
2945 pubkey = NULL;
2946
2947 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2948 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
2949 goto err;
2950
2951 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
2952 &pubkey))
2953 || !TEST_ptr(pubkey))
2954 goto err;
2955
2956 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
2957 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
2958 goto err;
2959
2960 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
2961 OSSL_PKEY_PARAM_PUB_KEY,
2962 pub, sizeof(pub), &len))
2963 || !TEST_size_t_ne(len, 0))
2964 goto err;
2965
2966 ret = 1;
2967 err:
2968 BN_free(p);
2969 BN_free(g);
2970 BN_free(pubkey);
2971 EVP_PKEY_free(pkey1);
2972 EVP_PKEY_free(pkey2);
2973 DH_free(x942dh);
2974 DH_free(noqdh);
2975
2976 return ret;
2977 }
2978 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2979 #endif /* !OPENSSL_NO_DH */
2980
2981 /*
2982 * We test what happens with an empty template. For the sake of this test,
2983 * the template must be ignored, and we know that's the case for RSA keys
2984 * (this might arguably be a misfeature, but that's what we currently do,
2985 * even in provider code, since that's how the legacy RSA implementation
2986 * does things)
2987 */
test_keygen_with_empty_template(int n)2988 static int test_keygen_with_empty_template(int n)
2989 {
2990 EVP_PKEY_CTX *ctx = NULL;
2991 EVP_PKEY *pkey = NULL;
2992 EVP_PKEY *tkey = NULL;
2993 int ret = 0;
2994
2995 if (nullprov != NULL)
2996 return TEST_skip("Test does not support a non-default library context");
2997
2998 switch (n) {
2999 case 0:
3000 /* We do test with no template at all as well */
3001 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
3002 goto err;
3003 break;
3004 case 1:
3005 /* Here we create an empty RSA key that serves as our template */
3006 if (!TEST_ptr(tkey = EVP_PKEY_new())
3007 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
3008 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
3009 goto err;
3010 break;
3011 }
3012
3013 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3014 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
3015 goto err;
3016
3017 ret = 1;
3018 err:
3019 EVP_PKEY_CTX_free(ctx);
3020 EVP_PKEY_free(pkey);
3021 EVP_PKEY_free(tkey);
3022 return ret;
3023 }
3024
3025 /*
3026 * Test that we fail if we attempt to use an algorithm that is not available
3027 * in the current library context (unless we are using an algorithm that
3028 * should be made available via legacy codepaths).
3029 *
3030 * 0: RSA
3031 * 1: SM2
3032 */
test_pkey_ctx_fail_without_provider(int tst)3033 static int test_pkey_ctx_fail_without_provider(int tst)
3034 {
3035 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
3036 OSSL_PROVIDER *tmpnullprov = NULL;
3037 EVP_PKEY_CTX *pctx = NULL;
3038 const char *keytype = NULL;
3039 int expect_null = 0;
3040 int ret = 0;
3041
3042 if (!TEST_ptr(tmpctx))
3043 goto err;
3044
3045 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
3046 if (!TEST_ptr(tmpnullprov))
3047 goto err;
3048
3049 /*
3050 * We check for certain algos in the null provider.
3051 * If an algo is expected to have a provider keymgmt, contructing an
3052 * EVP_PKEY_CTX is expected to fail (return NULL).
3053 * Otherwise, if it's expected to have legacy support, contructing an
3054 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
3055 */
3056 switch (tst) {
3057 case 0:
3058 keytype = "RSA";
3059 expect_null = 1;
3060 break;
3061 case 1:
3062 keytype = "SM2";
3063 expect_null = 1;
3064 #ifdef OPENSSL_NO_EC
3065 TEST_info("EC disable, skipping SM2 check...");
3066 goto end;
3067 #endif
3068 #ifdef OPENSSL_NO_SM2
3069 TEST_info("SM2 disable, skipping SM2 check...");
3070 goto end;
3071 #endif
3072 break;
3073 default:
3074 TEST_error("No test for case %d", tst);
3075 goto err;
3076 }
3077
3078 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
3079 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
3080 goto err;
3081
3082 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
3083 end:
3084 #endif
3085 ret = 1;
3086
3087 err:
3088 EVP_PKEY_CTX_free(pctx);
3089 OSSL_PROVIDER_unload(tmpnullprov);
3090 OSSL_LIB_CTX_free(tmpctx);
3091 return ret;
3092 }
3093
test_rand_agglomeration(void)3094 static int test_rand_agglomeration(void)
3095 {
3096 EVP_RAND *rand;
3097 EVP_RAND_CTX *ctx;
3098 OSSL_PARAM params[3], *p = params;
3099 int res;
3100 unsigned int step = 7;
3101 static unsigned char seed[] = "It does not matter how slowly you go "
3102 "as long as you do not stop.";
3103 unsigned char out[sizeof(seed)];
3104
3105 if (!TEST_int_ne(sizeof(seed) % step, 0)
3106 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
3107 return 0;
3108 ctx = EVP_RAND_CTX_new(rand, NULL);
3109 EVP_RAND_free(rand);
3110 if (!TEST_ptr(ctx))
3111 return 0;
3112
3113 memset(out, 0, sizeof(out));
3114 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
3115 seed, sizeof(seed));
3116 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
3117 *p = OSSL_PARAM_construct_end();
3118 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
3119 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
3120 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
3121 EVP_RAND_CTX_free(ctx);
3122 return res;
3123 }
3124
3125 /*
3126 * Test that we correctly return the original or "running" IV after
3127 * an encryption operation.
3128 * Run multiple times for some different relevant algorithms/modes.
3129 */
test_evp_iv_aes(int idx)3130 static int test_evp_iv_aes(int idx)
3131 {
3132 int ret = 0;
3133 EVP_CIPHER_CTX *ctx = NULL;
3134 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
3135 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
3136 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
3137 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
3138 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
3139 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3140 9, 10, 11, 12, 13, 14, 15, 16 };
3141 unsigned char ciphertext[32], oiv[16], iv[16];
3142 unsigned char *ref_iv;
3143 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
3144 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
3145
3146 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
3147 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
3148 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
3149 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
3150 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3151 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3152 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
3153 #ifndef OPENSSL_NO_OCB
3154 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3155 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3156 #endif
3157 int len = sizeof(ciphertext);
3158 size_t ivlen, ref_len;
3159 const EVP_CIPHER *type = NULL;
3160 int iv_reset = 0;
3161
3162 if (nullprov != NULL && idx < 6)
3163 return TEST_skip("Test does not support a non-default library context");
3164
3165 switch(idx) {
3166 case 0:
3167 type = EVP_aes_128_cbc();
3168 /* FALLTHROUGH */
3169 case 6:
3170 type = (type != NULL) ? type :
3171 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
3172 ref_iv = cbc_state;
3173 ref_len = sizeof(cbc_state);
3174 iv_reset = 1;
3175 break;
3176 case 1:
3177 type = EVP_aes_128_ofb();
3178 /* FALLTHROUGH */
3179 case 7:
3180 type = (type != NULL) ? type :
3181 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
3182 ref_iv = ofb_state;
3183 ref_len = sizeof(ofb_state);
3184 iv_reset = 1;
3185 break;
3186 case 2:
3187 type = EVP_aes_128_cfb();
3188 /* FALLTHROUGH */
3189 case 8:
3190 type = (type != NULL) ? type :
3191 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
3192 ref_iv = cfb_state;
3193 ref_len = sizeof(cfb_state);
3194 iv_reset = 1;
3195 break;
3196 case 3:
3197 type = EVP_aes_128_gcm();
3198 /* FALLTHROUGH */
3199 case 9:
3200 type = (type != NULL) ? type :
3201 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
3202 ref_iv = gcm_state;
3203 ref_len = sizeof(gcm_state);
3204 break;
3205 case 4:
3206 type = EVP_aes_128_ccm();
3207 /* FALLTHROUGH */
3208 case 10:
3209 type = (type != NULL) ? type :
3210 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
3211 ref_iv = ccm_state;
3212 ref_len = sizeof(ccm_state);
3213 break;
3214 #ifdef OPENSSL_NO_OCB
3215 case 5:
3216 case 11:
3217 return 1;
3218 #else
3219 case 5:
3220 type = EVP_aes_128_ocb();
3221 /* FALLTHROUGH */
3222 case 11:
3223 type = (type != NULL) ? type :
3224 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
3225 ref_iv = ocb_state;
3226 ref_len = sizeof(ocb_state);
3227 break;
3228 #endif
3229 default:
3230 return 0;
3231 }
3232
3233 if (!TEST_ptr(type)
3234 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3235 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3236 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3237 (int)sizeof(msg)))
3238 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3239 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3240 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3241 goto err;
3242 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3243 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3244 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3245 goto err;
3246
3247 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3248 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3249 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3250 goto err;
3251 if (iv_reset) {
3252 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3253 goto err;
3254 } else {
3255 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
3256 goto err;
3257 }
3258
3259 ret = 1;
3260 err:
3261 EVP_CIPHER_CTX_free(ctx);
3262 if (idx >= 6)
3263 EVP_CIPHER_free((EVP_CIPHER *)type);
3264 return ret;
3265 }
3266
3267 #ifndef OPENSSL_NO_DES
test_evp_iv_des(int idx)3268 static int test_evp_iv_des(int idx)
3269 {
3270 int ret = 0;
3271 EVP_CIPHER_CTX *ctx = NULL;
3272 static const unsigned char key[24] = {
3273 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3274 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3275 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3276 };
3277 static const unsigned char init_iv[8] = {
3278 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3279 };
3280 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3281 9, 10, 11, 12, 13, 14, 15, 16 };
3282 unsigned char ciphertext[32], oiv[8], iv[8];
3283 unsigned const char *ref_iv;
3284 static const unsigned char cbc_state_des[8] = {
3285 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3286 };
3287 static const unsigned char cbc_state_3des[8] = {
3288 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3289 };
3290 static const unsigned char ofb_state_des[8] = {
3291 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3292 };
3293 static const unsigned char ofb_state_3des[8] = {
3294 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3295 };
3296 static const unsigned char cfb_state_des[8] = {
3297 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3298 };
3299 static const unsigned char cfb_state_3des[8] = {
3300 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3301 };
3302 int len = sizeof(ciphertext);
3303 size_t ivlen, ref_len;
3304 EVP_CIPHER *type = NULL;
3305
3306 if (lgcyprov == NULL && idx < 3)
3307 return TEST_skip("Test requires legacy provider to be loaded");
3308
3309 switch(idx) {
3310 case 0:
3311 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
3312 ref_iv = cbc_state_des;
3313 ref_len = sizeof(cbc_state_des);
3314 break;
3315 case 1:
3316 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
3317 ref_iv = ofb_state_des;
3318 ref_len = sizeof(ofb_state_des);
3319 break;
3320 case 2:
3321 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
3322 ref_iv = cfb_state_des;
3323 ref_len = sizeof(cfb_state_des);
3324 break;
3325 case 3:
3326 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
3327 ref_iv = cbc_state_3des;
3328 ref_len = sizeof(cbc_state_3des);
3329 break;
3330 case 4:
3331 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
3332 ref_iv = ofb_state_3des;
3333 ref_len = sizeof(ofb_state_3des);
3334 break;
3335 case 5:
3336 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
3337 ref_iv = cfb_state_3des;
3338 ref_len = sizeof(cfb_state_3des);
3339 break;
3340 default:
3341 return 0;
3342 }
3343
3344 if (!TEST_ptr(type)
3345 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3346 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3347 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3348 (int)sizeof(msg)))
3349 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3350 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3351 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3352 goto err;
3353 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3354 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3355 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3356 goto err;
3357
3358 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3359 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3360 goto err;
3361 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3362 goto err;
3363
3364 ret = 1;
3365 err:
3366 EVP_CIPHER_CTX_free(ctx);
3367 EVP_CIPHER_free(type);
3368 return ret;
3369 }
3370 #endif
3371
3372 #ifndef OPENSSL_NO_BF
test_evp_bf_default_keylen(int idx)3373 static int test_evp_bf_default_keylen(int idx)
3374 {
3375 int ret = 0;
3376 static const char *algos[4] = {
3377 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb"
3378 };
3379 int ivlen[4] = { 0, 8, 8, 8 };
3380 EVP_CIPHER *cipher = NULL;
3381
3382 if (lgcyprov == NULL)
3383 return TEST_skip("Test requires legacy provider to be loaded");
3384
3385 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq))
3386 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16)
3387 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx]))
3388 goto err;
3389
3390 ret = 1;
3391 err:
3392 EVP_CIPHER_free(cipher);
3393 return ret;
3394 }
3395 #endif
3396
3397 #ifndef OPENSSL_NO_EC
3398 static int ecpub_nids[] = {
3399 NID_brainpoolP256r1, NID_X9_62_prime256v1,
3400 NID_secp384r1, NID_secp521r1,
3401 # ifndef OPENSSL_NO_EC2M
3402 NID_sect233k1, NID_sect233r1, NID_sect283r1,
3403 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
3404 # endif
3405 NID_brainpoolP384r1, NID_brainpoolP512r1
3406 };
3407
test_ecpub(int idx)3408 static int test_ecpub(int idx)
3409 {
3410 int ret = 0, len, savelen;
3411 int nid;
3412 unsigned char buf[1024];
3413 unsigned char *p;
3414 EVP_PKEY *pkey = NULL;
3415 EVP_PKEY_CTX *ctx = NULL;
3416 # ifndef OPENSSL_NO_DEPRECATED_3_0
3417 const unsigned char *q;
3418 EVP_PKEY *pkey2 = NULL;
3419 EC_KEY *ec = NULL;
3420 # endif
3421
3422 if (nullprov != NULL)
3423 return TEST_skip("Test does not support a non-default library context");
3424
3425 nid = ecpub_nids[idx];
3426
3427 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
3428 if (!TEST_ptr(ctx)
3429 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3430 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0)
3431 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
3432 goto done;
3433 len = i2d_PublicKey(pkey, NULL);
3434 savelen = len;
3435 if (!TEST_int_ge(len, 1)
3436 || !TEST_int_lt(len, 1024))
3437 goto done;
3438 p = buf;
3439 len = i2d_PublicKey(pkey, &p);
3440 if (!TEST_int_ge(len, 1)
3441 || !TEST_int_eq(len, savelen))
3442 goto done;
3443
3444 # ifndef OPENSSL_NO_DEPRECATED_3_0
3445 /* Now try to decode the just-created DER. */
3446 q = buf;
3447 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
3448 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
3449 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
3450 goto done;
3451 /* EC_KEY ownership transferred */
3452 ec = NULL;
3453 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
3454 goto done;
3455 /* The keys should match. */
3456 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
3457 goto done;
3458 # endif
3459
3460 ret = 1;
3461
3462 done:
3463 EVP_PKEY_CTX_free(ctx);
3464 EVP_PKEY_free(pkey);
3465 # ifndef OPENSSL_NO_DEPRECATED_3_0
3466 EVP_PKEY_free(pkey2);
3467 EC_KEY_free(ec);
3468 # endif
3469 return ret;
3470 }
3471 #endif
3472
test_EVP_rsa_pss_with_keygen_bits(void)3473 static int test_EVP_rsa_pss_with_keygen_bits(void)
3474 {
3475 int ret = 0;
3476 EVP_PKEY_CTX *ctx = NULL;
3477 EVP_PKEY *pkey = NULL;
3478 EVP_MD *md;
3479
3480 md = EVP_MD_fetch(testctx, "sha256", testpropq);
3481 ret = TEST_ptr(md)
3482 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq)))
3483 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3484 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
3485 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0)
3486 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
3487
3488 EVP_MD_free(md);
3489 EVP_PKEY_free(pkey);
3490 EVP_PKEY_CTX_free(ctx);
3491 return ret;
3492 }
3493
test_EVP_rsa_pss_set_saltlen(void)3494 static int test_EVP_rsa_pss_set_saltlen(void)
3495 {
3496 int ret = 0;
3497 EVP_PKEY *pkey = NULL;
3498 EVP_PKEY_CTX *pkey_ctx = NULL;
3499 EVP_MD *sha256 = NULL;
3500 EVP_MD_CTX *sha256_ctx = NULL;
3501 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
3502 const int test_value = 32;
3503
3504 ret = TEST_ptr(pkey = load_example_rsa_key())
3505 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
3506 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
3507 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
3508 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
3509 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0)
3510 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0)
3511 && TEST_int_eq(saltlen, test_value);
3512
3513 EVP_MD_CTX_free(sha256_ctx);
3514 EVP_PKEY_free(pkey);
3515 EVP_MD_free(sha256);
3516
3517 return ret;
3518 }
3519
3520 static int success = 1;
md_names(const char * name,void * vctx)3521 static void md_names(const char *name, void *vctx)
3522 {
3523 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
3524 /* Force a namemap update */
3525 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
3526
3527 if (!TEST_ptr(aes128))
3528 success = 0;
3529
3530 EVP_CIPHER_free(aes128);
3531 }
3532
3533 /*
3534 * Test that changing the namemap in a user callback works in a names_do_all
3535 * function.
3536 */
test_names_do_all(void)3537 static int test_names_do_all(void)
3538 {
3539 /* We use a custom libctx so that we know the state of the namemap */
3540 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
3541 EVP_MD *sha256 = NULL;
3542 int testresult = 0;
3543
3544 if (!TEST_ptr(ctx))
3545 goto err;
3546
3547 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
3548 if (!TEST_ptr(sha256))
3549 goto err;
3550
3551 /*
3552 * We loop through all the names for a given digest. This should still work
3553 * even if the namemap changes part way through.
3554 */
3555 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
3556 goto err;
3557
3558 if (!TEST_true(success))
3559 goto err;
3560
3561 testresult = 1;
3562 err:
3563 EVP_MD_free(sha256);
3564 OSSL_LIB_CTX_free(ctx);
3565 return testresult;
3566 }
3567
3568 typedef struct {
3569 const char *cipher;
3570 const unsigned char *key;
3571 const unsigned char *iv;
3572 const unsigned char *input;
3573 const unsigned char *expected;
3574 const unsigned char *tag;
3575 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3576 size_t inlen;
3577 size_t expectedlen;
3578 size_t taglen;
3579 int keyfirst;
3580 int initenc;
3581 int finalenc;
3582 } EVP_INIT_TEST_st;
3583
3584 static const EVP_INIT_TEST_st evp_init_tests[] = {
3585 {
3586 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3587 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3588 0, 1, 0, 1
3589 },
3590 {
3591 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3592 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3593 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3594 sizeof(gcmDefaultTag), 1, 0, 1
3595 },
3596 {
3597 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3598 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3599 0, 0, 0, 1
3600 },
3601 {
3602 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3603 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3604 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3605 sizeof(gcmDefaultTag), 0, 0, 1
3606 },
3607 {
3608 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3609 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3610 0, 1, 1, 0
3611 },
3612 {
3613 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3614 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3615 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3616 sizeof(gcmDefaultTag), 1, 1, 0
3617 },
3618 {
3619 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3620 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3621 0, 0, 1, 0
3622 },
3623 {
3624 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3625 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3626 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3627 sizeof(gcmDefaultTag), 0, 1, 0
3628 }
3629 };
3630
evp_init_seq_set_iv(EVP_CIPHER_CTX * ctx,const EVP_INIT_TEST_st * t)3631 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
3632 {
3633 int res = 0;
3634
3635 if (t->ivlen != 0) {
3636 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0))
3637 goto err;
3638 }
3639 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
3640 goto err;
3641 res = 1;
3642 err:
3643 return res;
3644 }
3645
3646 /*
3647 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3648 * arguments are given one at a time and a final adjustment to the enc
3649 * parameter sets the correct operation.
3650 */
test_evp_init_seq(int idx)3651 static int test_evp_init_seq(int idx)
3652 {
3653 int outlen1, outlen2;
3654 int testresult = 0;
3655 unsigned char outbuf[1024];
3656 unsigned char tag[16];
3657 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
3658 EVP_CIPHER_CTX *ctx = NULL;
3659 EVP_CIPHER *type = NULL;
3660 size_t taglen = sizeof(tag);
3661 char *errmsg = NULL;
3662
3663 ctx = EVP_CIPHER_CTX_new();
3664 if (ctx == NULL) {
3665 errmsg = "CTX_ALLOC";
3666 goto err;
3667 }
3668 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
3669 errmsg = "CIPHER_FETCH";
3670 goto err;
3671 }
3672 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
3673 errmsg = "EMPTY_ENC_INIT";
3674 goto err;
3675 }
3676 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3677 errmsg = "PADDING";
3678 goto err;
3679 }
3680 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3681 errmsg = "KEY_INIT (before iv)";
3682 goto err;
3683 }
3684 if (!evp_init_seq_set_iv(ctx, t)) {
3685 errmsg = "IV_INIT";
3686 goto err;
3687 }
3688 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3689 errmsg = "KEY_INIT (after iv)";
3690 goto err;
3691 }
3692 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
3693 errmsg = "FINAL_ENC_INIT";
3694 goto err;
3695 }
3696 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3697 errmsg = "CIPHER_UPDATE";
3698 goto err;
3699 }
3700 if (t->finalenc == 0 && t->tag != NULL) {
3701 /* Set expected tag */
3702 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
3703 t->taglen, (void *)t->tag), 0)) {
3704 errmsg = "SET_TAG";
3705 goto err;
3706 }
3707 }
3708 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3709 errmsg = "CIPHER_FINAL";
3710 goto err;
3711 }
3712 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3713 errmsg = "WRONG_RESULT";
3714 goto err;
3715 }
3716 if (t->finalenc != 0 && t->tag != NULL) {
3717 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
3718 errmsg = "GET_TAG";
3719 goto err;
3720 }
3721 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
3722 errmsg = "TAG_ERROR";
3723 goto err;
3724 }
3725 }
3726 testresult = 1;
3727 err:
3728 if (errmsg != NULL)
3729 TEST_info("evp_init_test %d: %s", idx, errmsg);
3730 EVP_CIPHER_CTX_free(ctx);
3731 EVP_CIPHER_free(type);
3732 return testresult;
3733 }
3734
3735 typedef struct {
3736 const unsigned char *input;
3737 const unsigned char *expected;
3738 size_t inlen;
3739 size_t expectedlen;
3740 int enc;
3741 } EVP_RESET_TEST_st;
3742
3743 static const EVP_RESET_TEST_st evp_reset_tests[] = {
3744 {
3745 cfbPlaintext, cfbCiphertext,
3746 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
3747 },
3748 {
3749 cfbCiphertext, cfbPlaintext,
3750 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
3751 }
3752 };
3753
3754 /*
3755 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3756 * been used.
3757 */
test_evp_reset(int idx)3758 static int test_evp_reset(int idx)
3759 {
3760 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
3761 int outlen1, outlen2;
3762 int testresult = 0;
3763 unsigned char outbuf[1024];
3764 EVP_CIPHER_CTX *ctx = NULL;
3765 EVP_CIPHER *type = NULL;
3766 char *errmsg = NULL;
3767
3768 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3769 errmsg = "CTX_ALLOC";
3770 goto err;
3771 }
3772 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
3773 errmsg = "CIPHER_FETCH";
3774 goto err;
3775 }
3776 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3777 errmsg = "CIPHER_INIT";
3778 goto err;
3779 }
3780 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3781 errmsg = "PADDING";
3782 goto err;
3783 }
3784 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3785 errmsg = "CIPHER_UPDATE";
3786 goto err;
3787 }
3788 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3789 errmsg = "CIPHER_FINAL";
3790 goto err;
3791 }
3792 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3793 errmsg = "WRONG_RESULT";
3794 goto err;
3795 }
3796 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
3797 errmsg = "CIPHER_REINIT";
3798 goto err;
3799 }
3800 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3801 errmsg = "CIPHER_UPDATE (reinit)";
3802 goto err;
3803 }
3804 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3805 errmsg = "CIPHER_FINAL (reinit)";
3806 goto err;
3807 }
3808 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3809 errmsg = "WRONG_RESULT (reinit)";
3810 goto err;
3811 }
3812 testresult = 1;
3813 err:
3814 if (errmsg != NULL)
3815 TEST_info("test_evp_reset %d: %s", idx, errmsg);
3816 EVP_CIPHER_CTX_free(ctx);
3817 EVP_CIPHER_free(type);
3818 return testresult;
3819 }
3820
3821 typedef struct {
3822 const char *cipher;
3823 int enc;
3824 } EVP_UPDATED_IV_TEST_st;
3825
3826 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
3827 {
3828 "aes-128-cfb", 1
3829 },
3830 {
3831 "aes-128-cfb", 0
3832 },
3833 {
3834 "aes-128-cfb1", 1
3835 },
3836 {
3837 "aes-128-cfb1", 0
3838 },
3839 {
3840 "aes-128-cfb8", 1
3841 },
3842 {
3843 "aes-128-cfb8", 0
3844 },
3845 {
3846 "aes-128-ofb", 1
3847 },
3848 {
3849 "aes-128-ofb", 0
3850 },
3851 {
3852 "aes-128-ctr", 1
3853 },
3854 {
3855 "aes-128-ctr", 0
3856 },
3857 {
3858 "aes-128-cbc", 1
3859 },
3860 {
3861 "aes-128-cbc", 0
3862 }
3863 };
3864
3865 /*
3866 * Test that the IV in the context is updated during a crypto operation for CFB
3867 * and OFB.
3868 */
test_evp_updated_iv(int idx)3869 static int test_evp_updated_iv(int idx)
3870 {
3871 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
3872 int outlen1, outlen2;
3873 int testresult = 0;
3874 unsigned char outbuf[1024];
3875 EVP_CIPHER_CTX *ctx = NULL;
3876 EVP_CIPHER *type = NULL;
3877 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
3878 int iv_len;
3879 char *errmsg = NULL;
3880
3881 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3882 errmsg = "CTX_ALLOC";
3883 goto err;
3884 }
3885 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
3886 TEST_info("cipher %s not supported, skipping", t->cipher);
3887 goto ok;
3888 }
3889
3890 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3891 errmsg = "CIPHER_INIT";
3892 goto err;
3893 }
3894 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3895 errmsg = "PADDING";
3896 goto err;
3897 }
3898 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
3899 errmsg = "CIPHER_UPDATE";
3900 goto err;
3901 }
3902 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
3903 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
3904 goto err;
3905 }
3906 if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) {
3907 errmsg = "CIPHER_CTX_GET_IV_LEN";
3908 goto err;
3909 }
3910 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
3911 errmsg = "IV_NOT_UPDATED";
3912 goto err;
3913 }
3914 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3915 errmsg = "CIPHER_FINAL";
3916 goto err;
3917 }
3918 ok:
3919 testresult = 1;
3920 err:
3921 if (errmsg != NULL)
3922 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
3923 EVP_CIPHER_CTX_free(ctx);
3924 EVP_CIPHER_free(type);
3925 return testresult;
3926 }
3927
3928 typedef struct {
3929 const unsigned char *iv1;
3930 const unsigned char *iv2;
3931 const unsigned char *expected1;
3932 const unsigned char *expected2;
3933 const unsigned char *tag1;
3934 const unsigned char *tag2;
3935 size_t ivlen1;
3936 size_t ivlen2;
3937 size_t expectedlen1;
3938 size_t expectedlen2;
3939 } TEST_GCM_IV_REINIT_st;
3940
3941 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
3942 {
3943 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
3944 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
3945 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
3946 },
3947 {
3948 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
3949 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
3950 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
3951 }
3952 };
3953
test_gcm_reinit(int idx)3954 static int test_gcm_reinit(int idx)
3955 {
3956 int outlen1, outlen2, outlen3;
3957 int testresult = 0;
3958 unsigned char outbuf[1024];
3959 unsigned char tag[16];
3960 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
3961 EVP_CIPHER_CTX *ctx = NULL;
3962 EVP_CIPHER *type = NULL;
3963 size_t taglen = sizeof(tag);
3964 char *errmsg = NULL;
3965
3966 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3967 errmsg = "CTX_ALLOC";
3968 goto err;
3969 }
3970 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
3971 errmsg = "CIPHER_FETCH";
3972 goto err;
3973 }
3974 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
3975 errmsg = "ENC_INIT";
3976 goto err;
3977 }
3978 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) {
3979 errmsg = "SET_IVLEN1";
3980 goto err;
3981 }
3982 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
3983 errmsg = "SET_IV1";
3984 goto err;
3985 }
3986 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3987 errmsg = "AAD1";
3988 goto err;
3989 }
3990 EVP_CIPHER_CTX_set_padding(ctx, 0);
3991 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3992 sizeof(gcmResetPlaintext)))) {
3993 errmsg = "CIPHER_UPDATE1";
3994 goto err;
3995 }
3996 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3997 errmsg = "CIPHER_FINAL1";
3998 goto err;
3999 }
4000 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
4001 errmsg = "WRONG_RESULT1";
4002 goto err;
4003 }
4004 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4005 errmsg = "GET_TAG1";
4006 goto err;
4007 }
4008 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
4009 errmsg = "TAG_ERROR1";
4010 goto err;
4011 }
4012 /* Now reinit */
4013 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) {
4014 errmsg = "SET_IVLEN2";
4015 goto err;
4016 }
4017 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
4018 errmsg = "SET_IV2";
4019 goto err;
4020 }
4021 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
4022 errmsg = "AAD2";
4023 goto err;
4024 }
4025 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
4026 sizeof(gcmResetPlaintext)))) {
4027 errmsg = "CIPHER_UPDATE2";
4028 goto err;
4029 }
4030 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4031 errmsg = "CIPHER_FINAL2";
4032 goto err;
4033 }
4034 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
4035 errmsg = "WRONG_RESULT2";
4036 goto err;
4037 }
4038 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4039 errmsg = "GET_TAG2";
4040 goto err;
4041 }
4042 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
4043 errmsg = "TAG_ERROR2";
4044 goto err;
4045 }
4046 testresult = 1;
4047 err:
4048 if (errmsg != NULL)
4049 TEST_info("evp_init_test %d: %s", idx, errmsg);
4050 EVP_CIPHER_CTX_free(ctx);
4051 EVP_CIPHER_free(type);
4052 return testresult;
4053 }
4054
4055 #ifndef OPENSSL_NO_DEPRECATED_3_0
4056 static EVP_PKEY_METHOD *custom_pmeth = NULL;
4057 static const EVP_PKEY_METHOD *orig_pmeth = NULL;
4058
4059 # define EVP_PKEY_CTRL_MY_COMMAND 9999
4060
custom_pmeth_init(EVP_PKEY_CTX * ctx)4061 static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
4062 {
4063 int (*pinit)(EVP_PKEY_CTX *ctx);
4064
4065 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
4066 return pinit(ctx);
4067 }
4068
custom_pmeth_cleanup(EVP_PKEY_CTX * ctx)4069 static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
4070 {
4071 void (*pcleanup)(EVP_PKEY_CTX *ctx);
4072
4073 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
4074 pcleanup(ctx);
4075 }
4076
custom_pmeth_sign(EVP_PKEY_CTX * ctx,unsigned char * out,size_t * outlen,const unsigned char * in,size_t inlen)4077 static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
4078 size_t *outlen, const unsigned char *in,
4079 size_t inlen)
4080 {
4081 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
4082 const unsigned char *tbs, size_t tbslen);
4083
4084 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
4085 return psign(ctx, out, outlen, in, inlen);
4086 }
4087
custom_pmeth_digestsign(EVP_MD_CTX * ctx,unsigned char * sig,size_t * siglen,const unsigned char * tbs,size_t tbslen)4088 static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
4089 size_t *siglen, const unsigned char *tbs,
4090 size_t tbslen)
4091 {
4092 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
4093 const unsigned char *tbs, size_t tbslen);
4094
4095 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
4096 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
4097 }
4098
custom_pmeth_derive(EVP_PKEY_CTX * ctx,unsigned char * key,size_t * keylen)4099 static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
4100 size_t *keylen)
4101 {
4102 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
4103
4104 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
4105 return pderive(ctx, key, keylen);
4106 }
4107
custom_pmeth_copy(EVP_PKEY_CTX * dst,const EVP_PKEY_CTX * src)4108 static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
4109 {
4110 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
4111
4112 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
4113 return pcopy(dst, src);
4114 }
4115
4116 static int ctrl_called;
4117
custom_pmeth_ctrl(EVP_PKEY_CTX * ctx,int type,int p1,void * p2)4118 static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
4119 {
4120 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
4121
4122 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
4123
4124 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
4125 ctrl_called = 1;
4126 return 1;
4127 }
4128
4129 return pctrl(ctx, type, p1, p2);
4130 }
4131
test_custom_pmeth(int idx)4132 static int test_custom_pmeth(int idx)
4133 {
4134 EVP_PKEY_CTX *pctx = NULL;
4135 EVP_MD_CTX *ctx = NULL;
4136 EVP_PKEY *pkey = NULL;
4137 int id, orig_id, orig_flags;
4138 int testresult = 0;
4139 size_t reslen;
4140 unsigned char *res = NULL;
4141 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
4142 const EVP_MD *md = EVP_sha256();
4143 int doderive = 0;
4144
4145 ctrl_called = 0;
4146
4147 /* We call deprecated APIs so this test doesn't support a custom libctx */
4148 if (testctx != NULL)
4149 return 1;
4150
4151 switch(idx) {
4152 case 0:
4153 case 6:
4154 id = EVP_PKEY_RSA;
4155 pkey = load_example_rsa_key();
4156 break;
4157 case 1:
4158 case 7:
4159 # ifndef OPENSSL_NO_DSA
4160 id = EVP_PKEY_DSA;
4161 pkey = load_example_dsa_key();
4162 break;
4163 # else
4164 return 1;
4165 # endif
4166 case 2:
4167 case 8:
4168 # ifndef OPENSSL_NO_EC
4169 id = EVP_PKEY_EC;
4170 pkey = load_example_ec_key();
4171 break;
4172 # else
4173 return 1;
4174 # endif
4175 case 3:
4176 case 9:
4177 # ifndef OPENSSL_NO_EC
4178 id = EVP_PKEY_ED25519;
4179 md = NULL;
4180 pkey = load_example_ed25519_key();
4181 break;
4182 # else
4183 return 1;
4184 # endif
4185 case 4:
4186 case 10:
4187 # ifndef OPENSSL_NO_DH
4188 id = EVP_PKEY_DH;
4189 doderive = 1;
4190 pkey = load_example_dh_key();
4191 break;
4192 # else
4193 return 1;
4194 # endif
4195 case 5:
4196 case 11:
4197 # ifndef OPENSSL_NO_EC
4198 id = EVP_PKEY_X25519;
4199 doderive = 1;
4200 pkey = load_example_x25519_key();
4201 break;
4202 # else
4203 return 1;
4204 # endif
4205 default:
4206 TEST_error("Should not happen");
4207 goto err;
4208 }
4209
4210 if (!TEST_ptr(pkey))
4211 goto err;
4212
4213 if (idx < 6) {
4214 if (!TEST_true(evp_pkey_is_provided(pkey)))
4215 goto err;
4216 } else {
4217 EVP_PKEY *tmp = pkey;
4218
4219 /* Convert to a legacy key */
4220 pkey = EVP_PKEY_new();
4221 if (!TEST_ptr(pkey)) {
4222 pkey = tmp;
4223 goto err;
4224 }
4225 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
4226 EVP_PKEY_free(tmp);
4227 goto err;
4228 }
4229 EVP_PKEY_free(tmp);
4230 if (!TEST_true(evp_pkey_is_legacy(pkey)))
4231 goto err;
4232 }
4233
4234 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
4235 || !TEST_ptr(pkey))
4236 goto err;
4237
4238 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
4239 if (!TEST_int_eq(orig_id, id)
4240 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
4241 goto err;
4242
4243 if (id == EVP_PKEY_ED25519) {
4244 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
4245 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
4246 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
4247 } else {
4248 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
4249 }
4250 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
4251 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
4252 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
4253 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
4254 }
4255 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
4256 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
4257 goto err;
4258
4259 if (doderive) {
4260 pctx = EVP_PKEY_CTX_new(pkey, NULL);
4261 if (!TEST_ptr(pctx)
4262 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
4263 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4264 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4265 1)
4266 || !TEST_int_eq(ctrl_called, 1)
4267 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
4268 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
4269 || !TEST_ptr(res = OPENSSL_malloc(reslen))
4270 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
4271 goto err;
4272 } else {
4273 ctx = EVP_MD_CTX_new();
4274 reslen = EVP_PKEY_size(pkey);
4275 res = OPENSSL_malloc(reslen);
4276 if (!TEST_ptr(ctx)
4277 || !TEST_ptr(res)
4278 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
4279 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4280 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4281 1)
4282 || !TEST_int_eq(ctrl_called, 1))
4283 goto err;
4284
4285 if (id == EVP_PKEY_ED25519) {
4286 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
4287 goto err;
4288 } else {
4289 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
4290 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
4291 goto err;
4292 }
4293 }
4294
4295 testresult = 1;
4296 err:
4297 OPENSSL_free(res);
4298 EVP_MD_CTX_free(ctx);
4299 if (doderive)
4300 EVP_PKEY_CTX_free(pctx);
4301 EVP_PKEY_free(pkey);
4302 EVP_PKEY_meth_remove(custom_pmeth);
4303 EVP_PKEY_meth_free(custom_pmeth);
4304 custom_pmeth = NULL;
4305 return testresult;
4306 }
4307
test_evp_md_cipher_meth(void)4308 static int test_evp_md_cipher_meth(void)
4309 {
4310 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
4311 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
4312 int testresult = 0;
4313
4314 if (!TEST_ptr(md) || !TEST_ptr(ciph))
4315 goto err;
4316
4317 testresult = 1;
4318
4319 err:
4320 EVP_MD_meth_free(md);
4321 EVP_CIPHER_meth_free(ciph);
4322
4323 return testresult;
4324 }
4325
4326 typedef struct {
4327 int data;
4328 } custom_dgst_ctx;
4329
4330 static int custom_md_init_called = 0;
4331 static int custom_md_cleanup_called = 0;
4332
custom_md_init(EVP_MD_CTX * ctx)4333 static int custom_md_init(EVP_MD_CTX *ctx)
4334 {
4335 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4336
4337 if (p == NULL)
4338 return 0;
4339
4340 custom_md_init_called++;
4341 return 1;
4342 }
4343
custom_md_cleanup(EVP_MD_CTX * ctx)4344 static int custom_md_cleanup(EVP_MD_CTX *ctx)
4345 {
4346 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4347
4348 if (p == NULL)
4349 /* Nothing to do */
4350 return 1;
4351
4352 custom_md_cleanup_called++;
4353 return 1;
4354 }
4355
test_custom_md_meth(void)4356 static int test_custom_md_meth(void)
4357 {
4358 EVP_MD_CTX *mdctx = NULL;
4359 EVP_MD *tmp = NULL;
4360 char mess[] = "Test Message\n";
4361 unsigned char md_value[EVP_MAX_MD_SIZE];
4362 unsigned int md_len;
4363 int testresult = 0;
4364 int nid;
4365
4366 /*
4367 * We are testing deprecated functions. We don't support a non-default
4368 * library context in this test.
4369 */
4370 if (testctx != NULL)
4371 return TEST_skip("Non-default libctx");
4372
4373 custom_md_init_called = custom_md_cleanup_called = 0;
4374
4375 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
4376 if (!TEST_int_ne(nid, NID_undef))
4377 goto err;
4378 tmp = EVP_MD_meth_new(nid, NID_undef);
4379 if (!TEST_ptr(tmp))
4380 goto err;
4381
4382 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init))
4383 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup))
4384 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp,
4385 sizeof(custom_dgst_ctx))))
4386 goto err;
4387
4388 mdctx = EVP_MD_CTX_new();
4389 if (!TEST_ptr(mdctx)
4390 /*
4391 * Initing our custom md and then initing another md should
4392 * result in the init and cleanup functions of the custom md
4393 * being called.
4394 */
4395 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL))
4396 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
4397 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess)))
4398 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len))
4399 || !TEST_int_eq(custom_md_init_called, 1)
4400 || !TEST_int_eq(custom_md_cleanup_called, 1))
4401 goto err;
4402
4403 testresult = 1;
4404 err:
4405 EVP_MD_CTX_free(mdctx);
4406 EVP_MD_meth_free(tmp);
4407 return testresult;
4408 }
4409
4410 typedef struct {
4411 int data;
4412 } custom_ciph_ctx;
4413
4414 static int custom_ciph_init_called = 0;
4415 static int custom_ciph_cleanup_called = 0;
4416
custom_ciph_init(EVP_CIPHER_CTX * ctx,const unsigned char * key,const unsigned char * iv,int enc)4417 static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
4418 const unsigned char *iv, int enc)
4419 {
4420 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
4421
4422 if (p == NULL)
4423 return 0;
4424
4425 custom_ciph_init_called++;
4426 return 1;
4427 }
4428
custom_ciph_cleanup(EVP_CIPHER_CTX * ctx)4429 static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx)
4430 {
4431 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
4432
4433 if (p == NULL)
4434 /* Nothing to do */
4435 return 1;
4436
4437 custom_ciph_cleanup_called++;
4438 return 1;
4439 }
4440
test_custom_ciph_meth(void)4441 static int test_custom_ciph_meth(void)
4442 {
4443 EVP_CIPHER_CTX *ciphctx = NULL;
4444 EVP_CIPHER *tmp = NULL;
4445 int testresult = 0;
4446 int nid;
4447
4448 /*
4449 * We are testing deprecated functions. We don't support a non-default
4450 * library context in this test.
4451 */
4452 if (testctx != NULL)
4453 return TEST_skip("Non-default libctx");
4454
4455 custom_ciph_init_called = custom_ciph_cleanup_called = 0;
4456
4457 nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph");
4458 if (!TEST_int_ne(nid, NID_undef))
4459 goto err;
4460 tmp = EVP_CIPHER_meth_new(nid, 16, 16);
4461 if (!TEST_ptr(tmp))
4462 goto err;
4463
4464 if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init))
4465 || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT))
4466 || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup))
4467 || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp,
4468 sizeof(custom_ciph_ctx))))
4469 goto err;
4470
4471 ciphctx = EVP_CIPHER_CTX_new();
4472 if (!TEST_ptr(ciphctx)
4473 /*
4474 * Initing our custom cipher and then initing another cipher
4475 * should result in the init and cleanup functions of the custom
4476 * cipher being called.
4477 */
4478 || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1))
4479 || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL,
4480 NULL, NULL, 1))
4481 || !TEST_int_eq(custom_ciph_init_called, 1)
4482 || !TEST_int_eq(custom_ciph_cleanup_called, 1))
4483 goto err;
4484
4485 testresult = 1;
4486 err:
4487 EVP_CIPHER_CTX_free(ciphctx);
4488 EVP_CIPHER_meth_free(tmp);
4489 return testresult;
4490 }
4491
4492 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4493 /* Test we can create a signature keys with an associated ENGINE */
test_signatures_with_engine(int tst)4494 static int test_signatures_with_engine(int tst)
4495 {
4496 ENGINE *e;
4497 const char *engine_id = "dasync";
4498 EVP_PKEY *pkey = NULL;
4499 const unsigned char badcmackey[] = { 0x00, 0x01 };
4500 const unsigned char cmackey[] = {
4501 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4502 0x0c, 0x0d, 0x0e, 0x0f
4503 };
4504 const unsigned char ed25519key[] = {
4505 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4506 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4507 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
4508 };
4509 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4510 int testresult = 0;
4511 EVP_MD_CTX *ctx = NULL;
4512 unsigned char *mac = NULL;
4513 size_t maclen = 0;
4514 int ret;
4515
4516 # ifdef OPENSSL_NO_CMAC
4517 /* Skip CMAC tests in a no-cmac build */
4518 if (tst <= 1)
4519 return 1;
4520 # endif
4521
4522 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4523 return 0;
4524
4525 if (!TEST_true(ENGINE_init(e))) {
4526 ENGINE_free(e);
4527 return 0;
4528 }
4529
4530 switch (tst) {
4531 case 0:
4532 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
4533 EVP_aes_128_cbc());
4534 break;
4535 case 1:
4536 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
4537 EVP_aes_128_cbc());
4538 break;
4539 case 2:
4540 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
4541 sizeof(ed25519key));
4542 break;
4543 default:
4544 TEST_error("Invalid test case");
4545 goto err;
4546 }
4547 if (!TEST_ptr(pkey))
4548 goto err;
4549
4550 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
4551 goto err;
4552
4553 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
4554 pkey);
4555 if (tst == 0) {
4556 if (!TEST_true(ret))
4557 goto err;
4558
4559 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
4560 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
4561 goto err;
4562
4563 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
4564 goto err;
4565
4566 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
4567 goto err;
4568 } else {
4569 /* We used a bad key. We expect a failure here */
4570 if (!TEST_false(ret))
4571 goto err;
4572 }
4573
4574 testresult = 1;
4575 err:
4576 EVP_MD_CTX_free(ctx);
4577 OPENSSL_free(mac);
4578 EVP_PKEY_free(pkey);
4579 ENGINE_finish(e);
4580 ENGINE_free(e);
4581
4582 return testresult;
4583 }
4584
test_cipher_with_engine(void)4585 static int test_cipher_with_engine(void)
4586 {
4587 ENGINE *e;
4588 const char *engine_id = "dasync";
4589 const unsigned char keyiv[] = {
4590 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4591 0x0c, 0x0d, 0x0e, 0x0f
4592 };
4593 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4594 int testresult = 0;
4595 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
4596 unsigned char buf[AES_BLOCK_SIZE];
4597 int len = 0;
4598
4599 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4600 return 0;
4601
4602 if (!TEST_true(ENGINE_init(e))) {
4603 ENGINE_free(e);
4604 return 0;
4605 }
4606
4607 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4608 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
4609 goto err;
4610
4611 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
4612 goto err;
4613
4614 /* Copy the ctx, and complete the operation with the new ctx */
4615 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
4616 goto err;
4617
4618 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
4619 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
4620 goto err;
4621
4622 testresult = 1;
4623 err:
4624 EVP_CIPHER_CTX_free(ctx);
4625 EVP_CIPHER_CTX_free(ctx2);
4626 ENGINE_finish(e);
4627 ENGINE_free(e);
4628
4629 return testresult;
4630 }
4631 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
4632 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
4633
4634 static int ecxnids[] = {
4635 NID_X25519,
4636 NID_X448,
4637 NID_ED25519,
4638 NID_ED448
4639 };
4640
4641 /* Test that creating ECX keys with a short private key fails as expected */
test_ecx_short_keys(int tst)4642 static int test_ecx_short_keys(int tst)
4643 {
4644 unsigned char ecxkeydata = 1;
4645 EVP_PKEY *pkey;
4646
4647
4648 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, OBJ_nid2sn(ecxnids[tst]),
4649 NULL, &ecxkeydata, 1);
4650 if (!TEST_ptr_null(pkey)) {
4651 EVP_PKEY_free(pkey);
4652 return 0;
4653 }
4654
4655 return 1;
4656 }
4657
4658 typedef enum OPTION_choice {
4659 OPT_ERR = -1,
4660 OPT_EOF = 0,
4661 OPT_CONTEXT,
4662 OPT_TEST_ENUM
4663 } OPTION_CHOICE;
4664
test_get_options(void)4665 const OPTIONS *test_get_options(void)
4666 {
4667 static const OPTIONS options[] = {
4668 OPT_TEST_OPTIONS_DEFAULT_USAGE,
4669 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
4670 { NULL }
4671 };
4672 return options;
4673 }
4674
4675 #ifndef OPENSSL_NO_EC
4676 /* Test that trying to sign with a public key errors out gracefully */
test_ecx_not_private_key(int tst)4677 static int test_ecx_not_private_key(int tst)
4678 {
4679 EVP_PKEY *pkey = NULL;
4680
4681 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4682 int testresult = 0;
4683 EVP_MD_CTX *ctx = NULL;
4684 unsigned char *mac = NULL;
4685 size_t maclen = 0;
4686 unsigned char *pubkey;
4687 size_t pubkeylen;
4688
4689 switch (keys[tst].type) {
4690 case NID_X25519:
4691 case NID_X448:
4692 return TEST_skip("signing not supported for X25519/X448");
4693 }
4694
4695 /* Check if this algorithm supports public keys */
4696 if (keys[tst].pub == NULL)
4697 return TEST_skip("no public key present");
4698
4699 pubkey = (unsigned char *)keys[tst].pub;
4700 pubkeylen = strlen(keys[tst].pub);
4701
4702 pkey = EVP_PKEY_new_raw_public_key_ex(testctx, OBJ_nid2sn(keys[tst].type),
4703 NULL, pubkey, pubkeylen);
4704 if (!TEST_ptr(pkey))
4705 goto err;
4706
4707 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
4708 goto err;
4709
4710 if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey) != 1)
4711 goto check_err;
4712
4713 if (EVP_DigestSign(ctx, NULL, &maclen, msg, sizeof(msg)) != 1)
4714 goto check_err;
4715
4716 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
4717 goto err;
4718
4719 if (!TEST_int_eq(EVP_DigestSign(ctx, mac, &maclen, msg, sizeof(msg)), 0))
4720 goto err;
4721
4722 check_err:
4723 /*
4724 * Currently only EVP_DigestSign will throw PROV_R_NOT_A_PRIVATE_KEY,
4725 * but we relax the check to allow error also thrown by
4726 * EVP_DigestSignInit and EVP_DigestSign.
4727 */
4728 if (ERR_GET_REASON(ERR_peek_error()) == PROV_R_NOT_A_PRIVATE_KEY) {
4729 testresult = 1;
4730 ERR_clear_error();
4731 }
4732
4733 err:
4734 EVP_MD_CTX_free(ctx);
4735 OPENSSL_free(mac);
4736 EVP_PKEY_free(pkey);
4737
4738 return testresult;
4739 }
4740 #endif /* OPENSSL_NO_EC */
4741
setup_tests(void)4742 int setup_tests(void)
4743 {
4744 OPTION_CHOICE o;
4745
4746 while ((o = opt_next()) != OPT_EOF) {
4747 switch (o) {
4748 case OPT_CONTEXT:
4749 /* Set up an alternate library context */
4750 testctx = OSSL_LIB_CTX_new();
4751 if (!TEST_ptr(testctx))
4752 return 0;
4753 /* Swap the libctx to test non-default context only */
4754 nullprov = OSSL_PROVIDER_load(NULL, "null");
4755 deflprov = OSSL_PROVIDER_load(testctx, "default");
4756 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
4757 break;
4758 case OPT_TEST_CASES:
4759 break;
4760 default:
4761 return 0;
4762 }
4763 }
4764
4765 ADD_TEST(test_EVP_set_default_properties);
4766 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
4767 ADD_TEST(test_EVP_DigestVerifyInit);
4768 #ifndef OPENSSL_NO_SIPHASH
4769 ADD_TEST(test_siphash_digestsign);
4770 #endif
4771 ADD_TEST(test_EVP_Digest);
4772 ADD_TEST(test_EVP_md_null);
4773 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
4774 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
4775 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
4776 ADD_TEST(test_privatekey_to_pkcs8);
4777 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
4778 #ifndef OPENSSL_NO_EC
4779 ADD_TEST(test_EVP_PKCS82PKEY);
4780 #endif
4781 #ifndef OPENSSL_NO_EC
4782 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
4783 #endif
4784 #if !defined(OPENSSL_NO_SM2)
4785 ADD_TEST(test_EVP_SM2);
4786 ADD_TEST(test_EVP_SM2_verify);
4787 #endif
4788 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
4789 #ifndef OPENSSL_NO_DEPRECATED_3_0
4790 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
4791 if (!TEST_ptr(custom_pmeth))
4792 return 0;
4793 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
4794 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
4795 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
4796 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
4797 return 0;
4798 #endif
4799 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
4800 #ifndef OPENSSL_NO_CMAC
4801 ADD_TEST(test_CMAC_keygen);
4802 #endif
4803 ADD_TEST(test_HKDF);
4804 ADD_TEST(test_emptyikm_HKDF);
4805 #ifndef OPENSSL_NO_EC
4806 ADD_TEST(test_X509_PUBKEY_inplace);
4807 ADD_TEST(test_X509_PUBKEY_dup);
4808 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
4809 OSSL_NELEM(ec_der_pub_keys));
4810 #endif
4811 #ifndef OPENSSL_NO_DSA
4812 ADD_TEST(test_DSA_get_set_params);
4813 ADD_TEST(test_DSA_priv_pub);
4814 #endif
4815 ADD_TEST(test_RSA_get_set_params);
4816 ADD_TEST(test_RSA_OAEP_set_get_params);
4817 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
4818 ADD_TEST(test_decrypt_null_chunks);
4819 #endif
4820 #ifndef OPENSSL_NO_DH
4821 ADD_TEST(test_DH_priv_pub);
4822 # ifndef OPENSSL_NO_DEPRECATED_3_0
4823 ADD_TEST(test_EVP_PKEY_set1_DH);
4824 # endif
4825 #endif
4826 #ifndef OPENSSL_NO_EC
4827 ADD_TEST(test_EC_priv_pub);
4828 # ifndef OPENSSL_NO_DEPRECATED_3_0
4829 ADD_TEST(test_EC_priv_only_legacy);
4830 # endif
4831 #endif
4832 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
4833 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
4834
4835 ADD_TEST(test_rand_agglomeration);
4836 ADD_ALL_TESTS(test_evp_iv_aes, 12);
4837 #ifndef OPENSSL_NO_DES
4838 ADD_ALL_TESTS(test_evp_iv_des, 6);
4839 #endif
4840 #ifndef OPENSSL_NO_BF
4841 ADD_ALL_TESTS(test_evp_bf_default_keylen, 4);
4842 #endif
4843 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
4844 ADD_TEST(test_EVP_rsa_pss_set_saltlen);
4845 #ifndef OPENSSL_NO_EC
4846 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
4847 #endif
4848
4849 ADD_TEST(test_names_do_all);
4850
4851 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
4852 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
4853 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
4854 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
4855
4856 #ifndef OPENSSL_NO_DEPRECATED_3_0
4857 ADD_ALL_TESTS(test_custom_pmeth, 12);
4858 ADD_TEST(test_evp_md_cipher_meth);
4859 ADD_TEST(test_custom_md_meth);
4860 ADD_TEST(test_custom_ciph_meth);
4861
4862 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4863 /* Tests only support the default libctx */
4864 if (testctx == NULL) {
4865 # ifndef OPENSSL_NO_EC
4866 ADD_ALL_TESTS(test_signatures_with_engine, 3);
4867 # else
4868 ADD_ALL_TESTS(test_signatures_with_engine, 2);
4869 # endif
4870 ADD_TEST(test_cipher_with_engine);
4871 }
4872 # endif
4873 #endif
4874
4875 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
4876
4877 #ifndef OPENSSL_NO_EC
4878 ADD_ALL_TESTS(test_ecx_not_private_key, OSSL_NELEM(keys));
4879 #endif
4880
4881 return 1;
4882 }
4883
cleanup_tests(void)4884 void cleanup_tests(void)
4885 {
4886 OSSL_PROVIDER_unload(nullprov);
4887 OSSL_PROVIDER_unload(deflprov);
4888 OSSL_PROVIDER_unload(lgcyprov);
4889 OSSL_LIB_CTX_free(testctx);
4890 }
4891