1 /*
2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include "testutil.h"
34 #include "internal/nelem.h"
35 #include "internal/sizes.h"
36 #include "crypto/evp.h"
37 #include "../e_os.h" /* strcasecmp */
38
39 static OSSL_LIB_CTX *testctx = NULL;
40 static char *testpropq = NULL;
41
42 static OSSL_PROVIDER *nullprov = NULL;
43 static OSSL_PROVIDER *deflprov = NULL;
44 static OSSL_PROVIDER *lgcyprov = NULL;
45
46 /*
47 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
48 * should never use this key anywhere but in an example.
49 */
50 static const unsigned char kExampleRSAKeyDER[] = {
51 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
52 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
53 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
54 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
55 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
56 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
57 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
58 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
59 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
60 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
61 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
62 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
63 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
64 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
65 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
66 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
67 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
68 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
69 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
70 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
71 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
72 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
73 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
74 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
75 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
76 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
77 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
78 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
79 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
80 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
81 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
82 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
83 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
84 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
85 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
86 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
87 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
88 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
89 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
90 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
91 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
92 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
93 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
94 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
95 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
96 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
97 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
98 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
99 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
100 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
101 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
102 };
103
104 /*
105 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
106 * should never use this key anywhere but in an example.
107 */
108 #ifndef OPENSSL_NO_DSA
109 static const unsigned char kExampleDSAKeyDER[] = {
110 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
111 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
112 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
113 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
114 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
115 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
116 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
117 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
118 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
119 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
120 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
121 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
122 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
123 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
124 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
125 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
126 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
127 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
128 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
129 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
130 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
131 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
132 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
133 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
134 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
135 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
136 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
137 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
138 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
139 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
140 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
141 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
142 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
143 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
144 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
145 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
146 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
147 0x40, 0x48
148 };
149 #endif
150
151 /*
152 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
153 * components are not correct.
154 */
155 static const unsigned char kExampleBadRSAKeyDER[] = {
156 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
157 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
158 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
159 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
160 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
161 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
162 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
163 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
164 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
165 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
166 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
167 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
168 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
169 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
170 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
171 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
172 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
173 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
174 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
175 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
176 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
177 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
178 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
179 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
180 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
181 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
182 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
183 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
184 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
185 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
186 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
187 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
188 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
189 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
190 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
191 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
192 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
193 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
194 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
195 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
196 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
197 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
198 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
199 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
200 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
201 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
202 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
203 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
204 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
205 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
206 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
207 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
208 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
209 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
210 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
211 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
212 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
213 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
214 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
215 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
216 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
217 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
218 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
219 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
220 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
221 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
222 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
223 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
224 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
225 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
226 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
227 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
228 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
229 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
230 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
231 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
232 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
233 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
234 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
235 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
236 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
237 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
238 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
239 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
240 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
241 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
242 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
243 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
244 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
245 };
246
247 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
248
249 static const unsigned char kSignature[] = {
250 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
251 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
252 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
253 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
254 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
255 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
256 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
257 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
258 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
259 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
260 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
261 };
262
263 /*
264 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
265 * PrivateKeyInfo.
266 */
267 static const unsigned char kExampleRSAKeyPKCS8[] = {
268 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
269 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
270 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
271 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
272 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
273 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
274 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
275 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
276 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
277 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
278 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
279 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
280 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
281 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
282 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
283 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
284 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
285 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
286 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
287 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
288 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
289 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
290 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
291 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
292 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
293 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
294 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
295 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
296 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
297 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
298 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
299 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
300 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
301 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
302 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
303 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
304 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
305 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
306 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
307 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
308 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
309 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
310 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
311 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
312 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
313 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
314 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
315 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
316 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
317 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
318 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
319 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
320 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
321 };
322
323 #ifndef OPENSSL_NO_EC
324 /*
325 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
326 * structure.
327 */
328 static const unsigned char kExampleECKeyDER[] = {
329 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
330 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
331 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
332 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
333 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
334 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
335 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
336 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
337 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
338 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
339 0xc1,
340 };
341
342 /*
343 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
344 * structure. The private key is equal to the order and will fail to import
345 */
346 static const unsigned char kExampleBadECKeyDER[] = {
347 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
348 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
349 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
350 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
351 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
352 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
353 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
354 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
355 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
356 };
357
358 /* prime256v1 */
359 static const unsigned char kExampleECPubKeyDER[] = {
360 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
361 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
362 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
363 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
364 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
365 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
366 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
367 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
368 };
369
370 /*
371 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
372 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
373 */
374 static const unsigned char kExampleBadECPubKeyDER[] = {
375 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
376 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
377 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
378 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
379 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
380 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
381 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
382 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
383 };
384
385 static const unsigned char pExampleECParamDER[] = {
386 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
387 };
388
389 static const unsigned char kExampleED25519KeyDER[] = {
390 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
391 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
392 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
393 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
394 };
395
396 static const unsigned char kExampleED25519PubKeyDER[] = {
397 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
398 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
399 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
400 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
401 };
402
403 # ifndef OPENSSL_NO_DEPRECATED_3_0
404 static const unsigned char kExampleX25519KeyDER[] = {
405 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
406 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
407 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
408 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
409 };
410 # endif
411 #endif
412
413 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
414 #ifndef OPENSSL_NO_DEPRECATED_3_0
415 # ifndef OPENSSL_NO_DH
416 static const unsigned char kExampleDHKeyDER[] = {
417 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
418 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
419 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
420 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
421 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
422 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
423 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
424 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
425 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
426 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
427 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
428 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
429 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
430 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
431 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
432 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
433 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
434 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
435 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
436 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
437 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
438 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
439 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
440 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
441 0x2e, 0x87, 0x2a, 0x0b, 0x7a
442 };
443 # endif
444 #endif
445
446 static const unsigned char kCFBDefaultKey[] = {
447 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
448 0x09, 0xCF, 0x4F, 0x3C
449 };
450
451 static const unsigned char kGCMDefaultKey[32] = { 0 };
452
453 static const unsigned char kGCMResetKey[] = {
454 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
455 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
456 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
457 };
458
459 static const unsigned char iCFBIV[] = {
460 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
461 0x0C, 0x0D, 0x0E, 0x0F
462 };
463
464 static const unsigned char iGCMDefaultIV[12] = { 0 };
465
466 static const unsigned char iGCMResetIV1[] = {
467 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
468 };
469
470 static const unsigned char iGCMResetIV2[] = {
471 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
472 };
473
474 static const unsigned char cfbPlaintext[] = {
475 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
476 0x73, 0x93, 0x17, 0x2A
477 };
478
479 static const unsigned char gcmDefaultPlaintext[16] = { 0 };
480
481 static const unsigned char gcmResetPlaintext[] = {
482 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
483 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
484 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
485 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
486 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
487 };
488
489 static const unsigned char cfbCiphertext[] = {
490 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
491 0xE8, 0x3C, 0xFB, 0x4A
492 };
493
494 static const unsigned char gcmDefaultCiphertext[] = {
495 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
496 0xba, 0xf3, 0x9d, 0x18
497 };
498
499 static const unsigned char gcmResetCiphertext1[] = {
500 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
501 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
502 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
503 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
504 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
505 };
506
507 static const unsigned char gcmResetCiphertext2[] = {
508 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
509 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
510 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
511 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
512 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
513 };
514
515 static const unsigned char gcmAAD[] = {
516 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
517 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
518 };
519
520 static const unsigned char gcmDefaultTag[] = {
521 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
522 0xd4, 0x8a, 0xb9, 0x19
523 };
524
525 static const unsigned char gcmResetTag1[] = {
526 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
527 0xfe, 0x2e, 0xa8, 0xf2
528 };
529
530 static const unsigned char gcmResetTag2[] = {
531 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
532 0xbb, 0x2d, 0x55, 0x1b
533 };
534
535 typedef struct APK_DATA_st {
536 const unsigned char *kder;
537 size_t size;
538 const char *keytype;
539 int evptype;
540 int check;
541 int pub_check;
542 int param_check;
543 int type; /* 0 for private, 1 for public, 2 for params */
544 } APK_DATA;
545
546 static APK_DATA keydata[] = {
547 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
548 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
549 #ifndef OPENSSL_NO_EC
550 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
551 #endif
552 };
553
554 static APK_DATA keycheckdata[] = {
555 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
556 0},
557 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
558 0, 1, 1, 0},
559 #ifndef OPENSSL_NO_EC
560 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
561 /* group is also associated in our pub key */
562 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
563 1, 1},
564 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
565 2},
566 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
567 EVP_PKEY_ED25519, 1, 1, 1, 0},
568 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
569 EVP_PKEY_ED25519, 0, 1, 1, 1},
570 #endif
571 };
572
load_example_key(const char * keytype,const unsigned char * data,size_t data_len)573 static EVP_PKEY *load_example_key(const char *keytype,
574 const unsigned char *data, size_t data_len)
575 {
576 const unsigned char **pdata = &data;
577 EVP_PKEY *pkey = NULL;
578 OSSL_DECODER_CTX *dctx =
579 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
580 testctx, testpropq);
581
582 /* |pkey| will be NULL on error */
583 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
584 OSSL_DECODER_CTX_free(dctx);
585 return pkey;
586 }
587
load_example_rsa_key(void)588 static EVP_PKEY *load_example_rsa_key(void)
589 {
590 return load_example_key("RSA", kExampleRSAKeyDER,
591 sizeof(kExampleRSAKeyDER));
592 }
593
594 #ifndef OPENSSL_NO_DSA
load_example_dsa_key(void)595 static EVP_PKEY *load_example_dsa_key(void)
596 {
597 return load_example_key("DSA", kExampleDSAKeyDER,
598 sizeof(kExampleDSAKeyDER));
599 }
600 #endif
601
602 #ifndef OPENSSL_NO_DEPRECATED_3_0
603 # ifndef OPENSSL_NO_DH
load_example_dh_key(void)604 static EVP_PKEY *load_example_dh_key(void)
605 {
606 return load_example_key("DH", kExampleDHKeyDER,
607 sizeof(kExampleDHKeyDER));
608 }
609 # endif
610
611 # ifndef OPENSSL_NO_EC
load_example_ec_key(void)612 static EVP_PKEY *load_example_ec_key(void)
613 {
614 return load_example_key("EC", kExampleECKeyDER,
615 sizeof(kExampleECKeyDER));
616 }
617
load_example_ed25519_key(void)618 static EVP_PKEY *load_example_ed25519_key(void)
619 {
620 return load_example_key("ED25519", kExampleED25519KeyDER,
621 sizeof(kExampleED25519KeyDER));
622 }
623
load_example_x25519_key(void)624 static EVP_PKEY *load_example_x25519_key(void)
625 {
626 return load_example_key("X25519", kExampleX25519KeyDER,
627 sizeof(kExampleX25519KeyDER));
628 }
629 # endif
630 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
631
load_example_hmac_key(void)632 static EVP_PKEY *load_example_hmac_key(void)
633 {
634 EVP_PKEY *pkey = NULL;
635 unsigned char key[] = {
636 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
637 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
638 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
639 };
640
641 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
642 NULL, key, sizeof(key));
643 if (!TEST_ptr(pkey))
644 return NULL;
645
646 return pkey;
647 }
648
test_EVP_set_default_properties(void)649 static int test_EVP_set_default_properties(void)
650 {
651 OSSL_LIB_CTX *ctx;
652 EVP_MD *md = NULL;
653 int res = 0;
654
655 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
656 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
657 goto err;
658 EVP_MD_free(md);
659 md = NULL;
660
661 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
662 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
663 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
664 goto err;
665 EVP_MD_free(md);
666 md = NULL;
667
668 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
669 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
670 goto err;
671 res = 1;
672 err:
673 EVP_MD_free(md);
674 OSSL_LIB_CTX_free(ctx);
675 return res;
676 }
677
678 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
test_fromdata(char * keytype,OSSL_PARAM * params)679 static int test_fromdata(char *keytype, OSSL_PARAM *params)
680 {
681 EVP_PKEY_CTX *pctx = NULL;
682 EVP_PKEY *pkey = NULL;
683 int testresult = 0;
684
685 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
686 goto err;
687 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
688 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
689 params), 0))
690 goto err;
691
692 if (!TEST_ptr(pkey))
693 goto err;
694
695 testresult = 1;
696 err:
697 EVP_PKEY_free(pkey);
698 EVP_PKEY_CTX_free(pctx);
699
700 return testresult;
701 }
702 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
703
704 /*
705 * Test combinations of private, public, missing and private + public key
706 * params to ensure they are all accepted
707 */
708 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
test_EVP_PKEY_ffc_priv_pub(char * keytype)709 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
710 {
711 OSSL_PARAM_BLD *bld = NULL;
712 OSSL_PARAM *params = NULL;
713 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
714 int ret = 0;
715
716 /*
717 * Setup the parameters for our pkey object. For our purposes they don't
718 * have to actually be *valid* parameters. We just need to set something.
719 */
720 if (!TEST_ptr(p = BN_new())
721 || !TEST_ptr(q = BN_new())
722 || !TEST_ptr(g = BN_new())
723 || !TEST_ptr(pub = BN_new())
724 || !TEST_ptr(priv = BN_new()))
725 goto err;
726
727 /* Test !priv and !pub */
728 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
729 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
730 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
731 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
732 goto err;
733 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
734 goto err;
735
736 if (!test_fromdata(keytype, params))
737 goto err;
738 OSSL_PARAM_free(params);
739 params = NULL;
740 OSSL_PARAM_BLD_free(bld);
741
742 /* Test priv and !pub */
743 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
744 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
745 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
746 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
747 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
748 priv)))
749 goto err;
750 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
751 goto err;
752
753 if (!test_fromdata(keytype, params))
754 goto err;
755 OSSL_PARAM_free(params);
756 params = NULL;
757 OSSL_PARAM_BLD_free(bld);
758
759 /* Test !priv and pub */
760 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
761 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
762 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
763 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
764 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
765 pub)))
766 goto err;
767 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
768 goto err;
769
770 if (!test_fromdata(keytype, params))
771 goto err;
772 OSSL_PARAM_free(params);
773 params = NULL;
774 OSSL_PARAM_BLD_free(bld);
775
776 /* Test priv and pub */
777 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
778 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
779 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
780 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
781 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
782 pub))
783 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
784 priv)))
785 goto err;
786 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
787 goto err;
788
789 if (!test_fromdata(keytype, params))
790 goto err;
791
792 ret = 1;
793 err:
794 OSSL_PARAM_free(params);
795 OSSL_PARAM_BLD_free(bld);
796 BN_free(p);
797 BN_free(q);
798 BN_free(g);
799 BN_free(pub);
800 BN_free(priv);
801
802 return ret;
803 }
804 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
805
806 /*
807 * Test combinations of private, public, missing and private + public key
808 * params to ensure they are all accepted for EC keys
809 */
810 #ifndef OPENSSL_NO_EC
811 static unsigned char ec_priv[] = {
812 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
813 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
814 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
815 };
816 static unsigned char ec_pub[] = {
817 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
818 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
819 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
820 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
821 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
822 0x08, 0x09, 0xb8, 0xdb, 0x03
823 };
824
test_EC_priv_pub(void)825 static int test_EC_priv_pub(void)
826 {
827 OSSL_PARAM_BLD *bld = NULL;
828 OSSL_PARAM *params = NULL;
829 BIGNUM *priv = NULL;
830 int ret = 0;
831
832 /*
833 * Setup the parameters for our pkey object. For our purposes they don't
834 * have to actually be *valid* parameters. We just need to set something.
835 */
836 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
837 goto err;
838
839 /* Test !priv and !pub */
840 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
841 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
842 OSSL_PKEY_PARAM_GROUP_NAME,
843 "P-256", 0)))
844 goto err;
845 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
846 goto err;
847
848 if (!test_fromdata("EC", params))
849 goto err;
850 OSSL_PARAM_free(params);
851 params = NULL;
852 OSSL_PARAM_BLD_free(bld);
853
854 /* Test priv and !pub */
855 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
856 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
857 OSSL_PKEY_PARAM_GROUP_NAME,
858 "P-256", 0))
859 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
860 priv)))
861 goto err;
862 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
863 goto err;
864
865 if (!test_fromdata("EC", params))
866 goto err;
867 OSSL_PARAM_free(params);
868 params = NULL;
869 OSSL_PARAM_BLD_free(bld);
870
871 /* Test !priv and pub */
872 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
873 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
874 OSSL_PKEY_PARAM_GROUP_NAME,
875 "P-256", 0))
876 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
877 OSSL_PKEY_PARAM_PUB_KEY,
878 ec_pub, sizeof(ec_pub))))
879 goto err;
880 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
881 goto err;
882
883 if (!test_fromdata("EC", params))
884 goto err;
885 OSSL_PARAM_free(params);
886 params = NULL;
887 OSSL_PARAM_BLD_free(bld);
888
889 /* Test priv and pub */
890 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
891 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
892 OSSL_PKEY_PARAM_GROUP_NAME,
893 "P-256", 0))
894 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
895 OSSL_PKEY_PARAM_PUB_KEY,
896 ec_pub, sizeof(ec_pub)))
897 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
898 priv)))
899 goto err;
900 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
901 goto err;
902
903 if (!test_fromdata("EC", params))
904 goto err;
905
906 ret = 1;
907 err:
908 OSSL_PARAM_free(params);
909 OSSL_PARAM_BLD_free(bld);
910 BN_free(priv);
911
912 return ret;
913 }
914
915 /* Test that using a legacy EC key with only a private key in it works */
916 # ifndef OPENSSL_NO_DEPRECATED_3_0
test_EC_priv_only_legacy(void)917 static int test_EC_priv_only_legacy(void)
918 {
919 BIGNUM *priv = NULL;
920 int ret = 0;
921 EC_KEY *eckey = NULL;
922 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
923 EVP_MD_CTX *ctx = NULL;
924
925 /* Create the low level EC_KEY */
926 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
927 goto err;
928
929 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
930 if (!TEST_ptr(eckey))
931 goto err;
932
933 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
934 goto err;
935
936 pkey = EVP_PKEY_new();
937 if (!TEST_ptr(pkey))
938 goto err;
939
940 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
941 goto err;
942 eckey = NULL;
943
944 while (dup_pk == NULL) {
945 ret = 0;
946 ctx = EVP_MD_CTX_new();
947 if (!TEST_ptr(ctx))
948 goto err;
949
950 /*
951 * The EVP_DigestSignInit function should create the key on the
952 * provider side which is sufficient for this test.
953 */
954 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
955 testpropq, pkey, NULL)))
956 goto err;
957 EVP_MD_CTX_free(ctx);
958 ctx = NULL;
959
960 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
961 goto err;
962 /* EVP_PKEY_eq() returns -2 with missing public keys */
963 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
964 EVP_PKEY_free(pkey);
965 pkey = dup_pk;
966 if (!ret)
967 goto err;
968 }
969
970 err:
971 EVP_MD_CTX_free(ctx);
972 EVP_PKEY_free(pkey);
973 EC_KEY_free(eckey);
974 BN_free(priv);
975
976 return ret;
977 }
978 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
979 #endif /* OPENSSL_NO_EC */
980
981 /*
982 * n = 0 => test using legacy cipher
983 * n = 1 => test using fetched cipher
984 */
test_EVP_Enveloped(int n)985 static int test_EVP_Enveloped(int n)
986 {
987 int ret = 0;
988 EVP_CIPHER_CTX *ctx = NULL;
989 EVP_PKEY *keypair = NULL;
990 unsigned char *kek = NULL;
991 unsigned char iv[EVP_MAX_IV_LENGTH];
992 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
993 int len, kek_len, ciphertext_len, plaintext_len;
994 unsigned char ciphertext[32], plaintext[16];
995 EVP_CIPHER *type = NULL;
996
997 if (nullprov != NULL)
998 return TEST_skip("Test does not support a non-default library context");
999
1000 if (n == 0)
1001 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1002 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1003 testpropq)))
1004 goto err;
1005
1006 if (!TEST_ptr(keypair = load_example_rsa_key())
1007 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
1008 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1009 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1010 &keypair, 1))
1011 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1012 msg, sizeof(msg)))
1013 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1014 &len)))
1015 goto err;
1016
1017 ciphertext_len += len;
1018
1019 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1020 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1021 ciphertext, ciphertext_len))
1022 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1023 goto err;
1024
1025 plaintext_len += len;
1026 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1027 goto err;
1028
1029 ret = 1;
1030 err:
1031 if (n != 0)
1032 EVP_CIPHER_free(type);
1033 OPENSSL_free(kek);
1034 EVP_PKEY_free(keypair);
1035 EVP_CIPHER_CTX_free(ctx);
1036 return ret;
1037 }
1038
1039 /*
1040 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1041 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1042 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1043 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1044 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1045 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1046 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1047 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1048 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1049 */
test_EVP_DigestSignInit(int tst)1050 static int test_EVP_DigestSignInit(int tst)
1051 {
1052 int ret = 0;
1053 EVP_PKEY *pkey = NULL;
1054 unsigned char *sig = NULL, *sig2 = NULL;
1055 size_t sig_len = 0, sig2_len = 0;
1056 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1057 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1058 BIO *mdbio = NULL, *membio = NULL;
1059 size_t written;
1060 const EVP_MD *md;
1061 EVP_MD *mdexp = NULL;
1062
1063 if (nullprov != NULL)
1064 return TEST_skip("Test does not support a non-default library context");
1065
1066 if (tst >= 6) {
1067 membio = BIO_new(BIO_s_mem());
1068 mdbio = BIO_new(BIO_f_md());
1069 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1070 goto out;
1071 BIO_push(mdbio, membio);
1072 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1073 goto out;
1074 } else {
1075 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1076 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1077 goto out;
1078 }
1079
1080 if (tst == 0 || tst == 3 || tst == 6) {
1081 if (!TEST_ptr(pkey = load_example_rsa_key()))
1082 goto out;
1083 } else if (tst == 1 || tst == 4 || tst == 7) {
1084 #ifndef OPENSSL_NO_DSA
1085 if (!TEST_ptr(pkey = load_example_dsa_key()))
1086 goto out;
1087 #else
1088 ret = 1;
1089 goto out;
1090 #endif
1091 } else {
1092 if (!TEST_ptr(pkey = load_example_hmac_key()))
1093 goto out;
1094 }
1095
1096 if (tst >= 3 && tst <= 5)
1097 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1098 else
1099 md = EVP_sha256();
1100
1101 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1102 goto out;
1103
1104 if (tst >= 6) {
1105 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1106 goto out;
1107 } else {
1108 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1109 goto out;
1110 }
1111
1112 /* Determine the size of the signature. */
1113 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1114 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1115 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1116 goto out;
1117
1118 /*
1119 * Ensure that the signature round-trips (Verification isn't supported for
1120 * HMAC via EVP_DigestVerify*)
1121 */
1122 if (tst != 2 && tst != 5 && tst != 8) {
1123 if (tst >= 6) {
1124 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1125 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1126 goto out;
1127 }
1128
1129 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1130 NULL, pkey)))
1131 goto out;
1132
1133 if (tst >= 6) {
1134 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1135 goto out;
1136 } else {
1137 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1138 sizeof(kMsg))))
1139 goto out;
1140 }
1141 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1142 goto out;
1143
1144 /* Multiple calls to EVP_DigestVerifyFinal should work */
1145 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1146 goto out;
1147 } else {
1148 /*
1149 * For HMAC a doubled call to DigestSignFinal should produce the same
1150 * value as finalization should not happen.
1151 */
1152 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1153 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1154 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1155 goto out;
1156
1157 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1158 goto out;
1159 }
1160
1161 ret = 1;
1162
1163 out:
1164 BIO_free(membio);
1165 BIO_free(mdbio);
1166 EVP_MD_CTX_free(a_md_ctx);
1167 EVP_MD_CTX_free(a_md_ctx_verify);
1168 EVP_PKEY_free(pkey);
1169 OPENSSL_free(sig);
1170 OPENSSL_free(sig2);
1171 EVP_MD_free(mdexp);
1172
1173 return ret;
1174 }
1175
test_EVP_DigestVerifyInit(void)1176 static int test_EVP_DigestVerifyInit(void)
1177 {
1178 int ret = 0;
1179 EVP_PKEY *pkey = NULL;
1180 EVP_MD_CTX *md_ctx = NULL;
1181
1182 if (nullprov != NULL)
1183 return TEST_skip("Test does not support a non-default library context");
1184
1185 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1186 || !TEST_ptr(pkey = load_example_rsa_key()))
1187 goto out;
1188
1189 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1190 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1191 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
1192 sizeof(kSignature))))
1193 goto out;
1194 ret = 1;
1195
1196 out:
1197 EVP_MD_CTX_free(md_ctx);
1198 EVP_PKEY_free(pkey);
1199 return ret;
1200 }
1201
1202 /*
1203 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1204 */
test_EVP_Digest(void)1205 static int test_EVP_Digest(void)
1206 {
1207 int ret = 0;
1208 EVP_MD_CTX *md_ctx = NULL;
1209 unsigned char md[EVP_MAX_MD_SIZE];
1210 EVP_MD *sha256 = NULL;
1211 EVP_MD *shake256 = NULL;
1212
1213 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1214 goto out;
1215
1216 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1217 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1218 goto out;
1219
1220 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1221 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1222 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1223 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1224 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1225 goto out;
1226
1227 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1228 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1229 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1230 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1231 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1232 /*
1233 * EVP_DigestInit_ex with NULL type should work on
1234 * pre-initialized context.
1235 */
1236 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1237 goto out;
1238
1239 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1240 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1241 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1242 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1243 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1244 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1245 goto out;
1246 ret = 1;
1247
1248 out:
1249 EVP_MD_CTX_free(md_ctx);
1250 EVP_MD_free(sha256);
1251 EVP_MD_free(shake256);
1252 return ret;
1253 }
1254
test_d2i_AutoPrivateKey(int i)1255 static int test_d2i_AutoPrivateKey(int i)
1256 {
1257 int ret = 0;
1258 const unsigned char *p;
1259 EVP_PKEY *pkey = NULL;
1260 const APK_DATA *ak = &keydata[i];
1261 const unsigned char *input = ak->kder;
1262 size_t input_len = ak->size;
1263 int expected_id = ak->evptype;
1264
1265 p = input;
1266 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1267 || !TEST_ptr_eq(p, input + input_len)
1268 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
1269 goto done;
1270
1271 ret = 1;
1272
1273 done:
1274 EVP_PKEY_free(pkey);
1275 return ret;
1276 }
1277
1278 #ifndef OPENSSL_NO_EC
1279
1280 static const unsigned char ec_public_sect163k1_validxy[] = {
1281 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1282 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1283 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1284 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1285 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1286 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1287 };
1288
1289 static const unsigned char ec_public_sect163k1_badx[] = {
1290 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1291 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1292 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1293 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1294 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1295 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1296 };
1297
1298 static const unsigned char ec_public_sect163k1_bady[] = {
1299 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1300 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1301 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1302 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1303 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1304 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1305 };
1306
1307 static struct ec_der_pub_keys_st {
1308 const unsigned char *der;
1309 size_t len;
1310 int valid;
1311 } ec_der_pub_keys[] = {
1312 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1313 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1314 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1315 };
1316
1317 /*
1318 * Tests the range of the decoded EC char2 public point.
1319 * See ec_GF2m_simple_oct2point().
1320 */
test_invalide_ec_char2_pub_range_decode(int id)1321 static int test_invalide_ec_char2_pub_range_decode(int id)
1322 {
1323 int ret = 0;
1324 EVP_PKEY *pkey;
1325
1326 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1327 ec_der_pub_keys[id].len);
1328
1329 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1330 || TEST_ptr_null(pkey);
1331 EVP_PKEY_free(pkey);
1332 return ret;
1333 }
1334
1335 /* Tests loading a bad key in PKCS8 format */
test_EVP_PKCS82PKEY(void)1336 static int test_EVP_PKCS82PKEY(void)
1337 {
1338 int ret = 0;
1339 const unsigned char *derp = kExampleBadECKeyDER;
1340 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1341 EVP_PKEY *pkey = NULL;
1342
1343 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1344 sizeof(kExampleBadECKeyDER))))
1345 goto done;
1346
1347 if (!TEST_ptr_eq(derp,
1348 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1349 goto done;
1350
1351 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1352 goto done;
1353
1354 ret = 1;
1355
1356 done:
1357 PKCS8_PRIV_KEY_INFO_free(p8inf);
1358 EVP_PKEY_free(pkey);
1359
1360 return ret;
1361 }
1362
1363 #endif
test_EVP_PKCS82PKEY_wrong_tag(void)1364 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1365 {
1366 EVP_PKEY *pkey = NULL;
1367 EVP_PKEY *pkey2 = NULL;
1368 BIO *membio = NULL;
1369 char *membuf = NULL;
1370 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1371 int ok = 0;
1372
1373 if (testctx != NULL)
1374 /* test not supported with non-default context */
1375 return 1;
1376
1377 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1378 || !TEST_ptr(pkey = load_example_rsa_key())
1379 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1380 NULL, 0, NULL, NULL),
1381 0)
1382 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1383 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1384 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
1385 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1386 goto done;
1387 }
1388
1389 ok = 1;
1390 done:
1391 EVP_PKEY_free(pkey);
1392 EVP_PKEY_free(pkey2);
1393 PKCS8_PRIV_KEY_INFO_free(p8inf);
1394 BIO_free_all(membio);
1395 return ok;
1396 }
1397
1398 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
test_privatekey_to_pkcs8(void)1399 static int test_privatekey_to_pkcs8(void)
1400 {
1401 EVP_PKEY *pkey = NULL;
1402 BIO *membio = NULL;
1403 char *membuf = NULL;
1404 long membuf_len = 0;
1405 int ok = 0;
1406
1407 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1408 || !TEST_ptr(pkey = load_example_rsa_key())
1409 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1410 NULL, 0, NULL, NULL),
1411 0)
1412 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1413 || !TEST_ptr(membuf)
1414 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1415 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1416 /*
1417 * We try to write PEM as well, just to see that it doesn't err, but
1418 * assume that the result is correct.
1419 */
1420 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1421 NULL, 0, NULL, NULL),
1422 0))
1423 goto done;
1424
1425 ok = 1;
1426 done:
1427 EVP_PKEY_free(pkey);
1428 BIO_free_all(membio);
1429 return ok;
1430 }
1431
1432 #ifndef OPENSSL_NO_EC
1433 static const struct {
1434 int encoding;
1435 const char *encoding_name;
1436 } ec_encodings[] = {
1437 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1438 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1439 };
1440
ec_export_get_encoding_cb(const OSSL_PARAM params[],void * arg)1441 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1442 {
1443 const OSSL_PARAM *p;
1444 const char *enc_name = NULL;
1445 int *enc = arg;
1446 size_t i;
1447
1448 *enc = -1;
1449
1450 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1451 OSSL_PKEY_PARAM_EC_ENCODING))
1452 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1453 return 0;
1454
1455 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1456 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1457 *enc = ec_encodings[i].encoding;
1458 break;
1459 }
1460 }
1461
1462 return (*enc != -1);
1463 }
1464
test_EC_keygen_with_enc(int idx)1465 static int test_EC_keygen_with_enc(int idx)
1466 {
1467 EVP_PKEY *params = NULL, *key = NULL;
1468 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1469 int enc;
1470 int ret = 0;
1471
1472 enc = ec_encodings[idx].encoding;
1473
1474 /* Create key parameters */
1475 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1476 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
1477 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
1478 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1479 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))
1480 || !TEST_ptr(params))
1481 goto done;
1482
1483 /* Create key */
1484 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1485 || !TEST_true(EVP_PKEY_keygen_init(kctx))
1486 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1487 || !TEST_ptr(key))
1488 goto done;
1489
1490 /* Check that the encoding got all the way into the key */
1491 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1492 ec_export_get_encoding_cb, &enc))
1493 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1494 goto done;
1495
1496 ret = 1;
1497 done:
1498 EVP_PKEY_free(key);
1499 EVP_PKEY_free(params);
1500 EVP_PKEY_CTX_free(kctx);
1501 EVP_PKEY_CTX_free(pctx);
1502 return ret;
1503 }
1504 #endif
1505
1506 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1507
test_EVP_SM2_verify(void)1508 static int test_EVP_SM2_verify(void)
1509 {
1510 const char *pubkey =
1511 "-----BEGIN PUBLIC KEY-----\n"
1512 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1513 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1514 "-----END PUBLIC KEY-----\n";
1515
1516 const char *msg = "message digest";
1517 const char *id = "ALICE123@YAHOO.COM";
1518
1519 const uint8_t signature[] = {
1520 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1521 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1522 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1523 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1524 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1525 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1526 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1527 };
1528
1529 int rc = 0;
1530 BIO *bio = NULL;
1531 EVP_PKEY *pkey = NULL;
1532 EVP_MD_CTX *mctx = NULL;
1533 EVP_PKEY_CTX *pctx = NULL;
1534 EVP_MD *sm3 = NULL;
1535
1536 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1537 if (!TEST_true(bio != NULL))
1538 goto done;
1539
1540 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
1541 if (!TEST_true(pkey != NULL))
1542 goto done;
1543
1544 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1545 goto done;
1546
1547 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1548 goto done;
1549
1550 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1551 goto done;
1552
1553 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1554
1555 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1556 goto done;
1557
1558 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
1559 goto done;
1560
1561 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1562 goto done;
1563
1564 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1565 goto done;
1566
1567 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
1568 goto done;
1569 rc = 1;
1570
1571 done:
1572 BIO_free(bio);
1573 EVP_PKEY_free(pkey);
1574 EVP_PKEY_CTX_free(pctx);
1575 EVP_MD_CTX_free(mctx);
1576 EVP_MD_free(sm3);
1577 return rc;
1578 }
1579
test_EVP_SM2(void)1580 static int test_EVP_SM2(void)
1581 {
1582 int ret = 0;
1583 EVP_PKEY *pkey = NULL;
1584 EVP_PKEY *pkeyparams = NULL;
1585 EVP_PKEY_CTX *pctx = NULL;
1586 EVP_PKEY_CTX *kctx = NULL;
1587 EVP_PKEY_CTX *sctx = NULL;
1588 size_t sig_len = 0;
1589 unsigned char *sig = NULL;
1590 EVP_MD_CTX *md_ctx = NULL;
1591 EVP_MD_CTX *md_ctx_verify = NULL;
1592 EVP_PKEY_CTX *cctx = NULL;
1593 EVP_MD *check_md = NULL;
1594
1595 uint8_t ciphertext[128];
1596 size_t ctext_len = sizeof(ciphertext);
1597
1598 uint8_t plaintext[8];
1599 size_t ptext_len = sizeof(plaintext);
1600
1601 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1602
1603 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1604 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1605 int i;
1606 char mdname[OSSL_MAX_NAME_SIZE];
1607
1608 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
1609 "SM2", testpropq)))
1610 goto done;
1611
1612 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1613 goto done;
1614
1615 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1616 goto done;
1617
1618 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1619 goto done;
1620
1621 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1622 pkeyparams, testpropq)))
1623 goto done;
1624
1625 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1626 goto done;
1627
1628 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1629 goto done;
1630
1631 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1632 goto done;
1633
1634 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1635 goto done;
1636
1637 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1638 goto done;
1639
1640 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1641 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1642
1643 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
1644 goto done;
1645
1646 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
1647 goto done;
1648
1649 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1650 goto done;
1651
1652 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1653 goto done;
1654
1655 /* Determine the size of the signature. */
1656 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1657 goto done;
1658
1659 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1660 goto done;
1661
1662 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1663 goto done;
1664
1665 /* Ensure that the signature round-trips. */
1666
1667 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1668 pkey)))
1669 goto done;
1670
1671 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1672 goto done;
1673
1674 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1675 goto done;
1676
1677 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1678 goto done;
1679
1680 /* now check encryption/decryption */
1681
1682 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1683 mdname, sizeof(mdname));
1684 for (i = 0; i < 2; i++) {
1685 const char *mdnames[] = {
1686 #ifndef OPENSSL_NO_SM3
1687 "SM3",
1688 #else
1689 NULL,
1690 #endif
1691 "SHA2-256" };
1692 EVP_PKEY_CTX_free(cctx);
1693
1694 if (mdnames[i] == NULL)
1695 continue;
1696
1697 sparams[0] =
1698 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1699 (char *)mdnames[i], 0);
1700
1701 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1702 pkey, testpropq)))
1703 goto done;
1704
1705 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1706 goto done;
1707
1708 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1709 goto done;
1710
1711 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1712 sizeof(kMsg))))
1713 goto done;
1714
1715 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1716 goto done;
1717
1718 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1719 goto done;
1720
1721 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1722 ctext_len)))
1723 goto done;
1724
1725 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1726 goto done;
1727
1728 /*
1729 * Test we're still using the digest we think we are.
1730 * Because of aliases, the easiest is to fetch the digest and
1731 * check the name with EVP_MD_is_a().
1732 */
1733 EVP_MD_free(check_md);
1734 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
1735 goto done;
1736 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
1737 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
1738 goto done;
1739 }
1740
1741 if (!TEST_true(ptext_len == sizeof(kMsg)))
1742 goto done;
1743
1744 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1745 goto done;
1746 }
1747
1748 ret = 1;
1749 done:
1750 EVP_PKEY_CTX_free(pctx);
1751 EVP_PKEY_CTX_free(kctx);
1752 EVP_PKEY_CTX_free(sctx);
1753 EVP_PKEY_CTX_free(cctx);
1754 EVP_PKEY_free(pkey);
1755 EVP_PKEY_free(pkeyparams);
1756 EVP_MD_CTX_free(md_ctx);
1757 EVP_MD_CTX_free(md_ctx_verify);
1758 EVP_MD_free(check_md);
1759 OPENSSL_free(sig);
1760 return ret;
1761 }
1762
1763 #endif
1764
1765 static struct keys_st {
1766 int type;
1767 char *priv;
1768 char *pub;
1769 } keys[] = {
1770 {
1771 EVP_PKEY_HMAC, "0123456789", NULL
1772 },
1773 {
1774 EVP_PKEY_HMAC, "", NULL
1775 #ifndef OPENSSL_NO_POLY1305
1776 }, {
1777 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1778 #endif
1779 #ifndef OPENSSL_NO_SIPHASH
1780 }, {
1781 EVP_PKEY_SIPHASH, "0123456789012345", NULL
1782 #endif
1783 },
1784 #ifndef OPENSSL_NO_EC
1785 {
1786 EVP_PKEY_X25519, "01234567890123456789012345678901",
1787 "abcdefghijklmnopqrstuvwxyzabcdef"
1788 }, {
1789 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1790 "abcdefghijklmnopqrstuvwxyzabcdef"
1791 }, {
1792 EVP_PKEY_X448,
1793 "01234567890123456789012345678901234567890123456789012345",
1794 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1795 }, {
1796 EVP_PKEY_ED448,
1797 "012345678901234567890123456789012345678901234567890123456",
1798 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1799 }
1800 #endif
1801 };
1802
test_set_get_raw_keys_int(int tst,int pub,int uselibctx)1803 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
1804 {
1805 int ret = 0;
1806 unsigned char buf[80];
1807 unsigned char *in;
1808 size_t inlen, len = 0;
1809 EVP_PKEY *pkey;
1810
1811 /* Check if this algorithm supports public keys */
1812 if (pub && keys[tst].pub == NULL)
1813 return 1;
1814
1815 memset(buf, 0, sizeof(buf));
1816
1817 if (pub) {
1818 #ifndef OPENSSL_NO_EC
1819 inlen = strlen(keys[tst].pub);
1820 in = (unsigned char *)keys[tst].pub;
1821 if (uselibctx) {
1822 pkey = EVP_PKEY_new_raw_public_key_ex(
1823 testctx,
1824 OBJ_nid2sn(keys[tst].type),
1825 NULL,
1826 in,
1827 inlen);
1828 } else {
1829 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1830 NULL,
1831 in,
1832 inlen);
1833 }
1834 #else
1835 return 1;
1836 #endif
1837 } else {
1838 inlen = strlen(keys[tst].priv);
1839 in = (unsigned char *)keys[tst].priv;
1840 if (uselibctx) {
1841 pkey = EVP_PKEY_new_raw_private_key_ex(
1842 testctx, OBJ_nid2sn(keys[tst].type),
1843 NULL,
1844 in,
1845 inlen);
1846 } else {
1847 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1848 NULL,
1849 in,
1850 inlen);
1851 }
1852 }
1853
1854 if (!TEST_ptr(pkey)
1855 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
1856 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1857 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1858 || !TEST_true(len == inlen)
1859 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1860 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1861 || !TEST_mem_eq(in, inlen, buf, len))
1862 goto done;
1863
1864 ret = 1;
1865 done:
1866 EVP_PKEY_free(pkey);
1867 return ret;
1868 }
1869
test_set_get_raw_keys(int tst)1870 static int test_set_get_raw_keys(int tst)
1871 {
1872 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
1873 && test_set_get_raw_keys_int(tst, 0, 1)
1874 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
1875 && test_set_get_raw_keys_int(tst, 1, 1);
1876 }
1877
1878 #ifndef OPENSSL_NO_DEPRECATED_3_0
pkey_custom_check(EVP_PKEY * pkey)1879 static int pkey_custom_check(EVP_PKEY *pkey)
1880 {
1881 return 0xbeef;
1882 }
1883
pkey_custom_pub_check(EVP_PKEY * pkey)1884 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1885 {
1886 return 0xbeef;
1887 }
1888
pkey_custom_param_check(EVP_PKEY * pkey)1889 static int pkey_custom_param_check(EVP_PKEY *pkey)
1890 {
1891 return 0xbeef;
1892 }
1893
1894 static EVP_PKEY_METHOD *custom_pmeth;
1895 #endif
1896
test_EVP_PKEY_check(int i)1897 static int test_EVP_PKEY_check(int i)
1898 {
1899 int ret = 0;
1900 EVP_PKEY *pkey = NULL;
1901 EVP_PKEY_CTX *ctx = NULL;
1902 #ifndef OPENSSL_NO_DEPRECATED_3_0
1903 EVP_PKEY_CTX *ctx2 = NULL;
1904 #endif
1905 const APK_DATA *ak = &keycheckdata[i];
1906 const unsigned char *input = ak->kder;
1907 size_t input_len = ak->size;
1908 int expected_id = ak->evptype;
1909 int expected_check = ak->check;
1910 int expected_pub_check = ak->pub_check;
1911 int expected_param_check = ak->param_check;
1912 int type = ak->type;
1913
1914 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
1915 goto done;
1916 if (type == 0
1917 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
1918 goto done;
1919
1920 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1921 goto done;
1922
1923 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1924 goto done;
1925
1926 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1927 goto done;
1928
1929 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1930 goto done;
1931
1932 #ifndef OPENSSL_NO_DEPRECATED_3_0
1933 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1934 /* assign the pkey directly, as an internal test */
1935 EVP_PKEY_up_ref(pkey);
1936 ctx2->pkey = pkey;
1937
1938 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1939 goto done;
1940
1941 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1942 goto done;
1943
1944 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1945 goto done;
1946 #endif
1947
1948 ret = 1;
1949
1950 done:
1951 EVP_PKEY_CTX_free(ctx);
1952 #ifndef OPENSSL_NO_DEPRECATED_3_0
1953 EVP_PKEY_CTX_free(ctx2);
1954 #endif
1955 EVP_PKEY_free(pkey);
1956 return ret;
1957 }
1958
1959 #ifndef OPENSSL_NO_CMAC
get_cmac_val(EVP_PKEY * pkey,unsigned char * mac)1960 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
1961 {
1962 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
1963 const char msg[] = "Hello World";
1964 size_t maclen;
1965 int ret = 1;
1966
1967 if (!TEST_ptr(mdctx)
1968 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
1969 testpropq, pkey, NULL))
1970 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
1971 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
1972 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
1973 ret = 0;
1974
1975 EVP_MD_CTX_free(mdctx);
1976
1977 return ret;
1978 }
test_CMAC_keygen(void)1979 static int test_CMAC_keygen(void)
1980 {
1981 static unsigned char key[] = {
1982 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1983 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1984 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1985 };
1986 EVP_PKEY_CTX *kctx = NULL;
1987 int ret = 0;
1988 EVP_PKEY *pkey = NULL;
1989 unsigned char mac[AES_BLOCK_SIZE];
1990 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1991 unsigned char mac2[AES_BLOCK_SIZE];
1992 # endif
1993
1994 if (nullprov != NULL)
1995 return TEST_skip("Test does not support a non-default library context");
1996
1997 /*
1998 * This is a legacy method for CMACs, but should still work.
1999 * This verifies that it works without an ENGINE.
2000 */
2001 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2002
2003 /* Test a CMAC key created using the "generated" method */
2004 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2005 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2006 EVP_PKEY_CTRL_CIPHER,
2007 0, (void *)EVP_aes_256_ecb()), 0)
2008 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2009 EVP_PKEY_CTRL_SET_MAC_KEY,
2010 sizeof(key), (void *)key), 0)
2011 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2012 || !TEST_ptr(pkey)
2013 || !TEST_true(get_cmac_val(pkey, mac)))
2014 goto done;
2015
2016 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2017 EVP_PKEY_free(pkey);
2018
2019 /*
2020 * Test a CMAC key using the direct method, and compare with the mac
2021 * created above.
2022 */
2023 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
2024 if (!TEST_ptr(pkey)
2025 || !TEST_true(get_cmac_val(pkey, mac2))
2026 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
2027 goto done;
2028 # endif
2029
2030 ret = 1;
2031
2032 done:
2033 EVP_PKEY_free(pkey);
2034 EVP_PKEY_CTX_free(kctx);
2035 return ret;
2036 }
2037 #endif
2038
test_HKDF(void)2039 static int test_HKDF(void)
2040 {
2041 EVP_PKEY_CTX *pctx;
2042 unsigned char out[20];
2043 size_t outlen;
2044 int i, ret = 0;
2045 unsigned char salt[] = "0123456789";
2046 unsigned char key[] = "012345678901234567890123456789";
2047 unsigned char info[] = "infostring";
2048 const unsigned char expected[] = {
2049 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2050 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2051 };
2052 size_t expectedlen = sizeof(expected);
2053
2054 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2055 goto done;
2056
2057 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2058 for (i = 0; i < 2; i++) {
2059 outlen = sizeof(out);
2060 memset(out, 0, outlen);
2061
2062 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2063 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2064 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2065 sizeof(salt) - 1), 0)
2066 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2067 sizeof(key) - 1), 0)
2068 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2069 sizeof(info) - 1), 0)
2070 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2071 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2072 goto done;
2073 }
2074
2075 ret = 1;
2076
2077 done:
2078 EVP_PKEY_CTX_free(pctx);
2079
2080 return ret;
2081 }
2082
test_emptyikm_HKDF(void)2083 static int test_emptyikm_HKDF(void)
2084 {
2085 EVP_PKEY_CTX *pctx;
2086 unsigned char out[20];
2087 size_t outlen;
2088 int ret = 0;
2089 unsigned char salt[] = "9876543210";
2090 unsigned char key[] = "";
2091 unsigned char info[] = "stringinfo";
2092 const unsigned char expected[] = {
2093 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2094 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2095 };
2096 size_t expectedlen = sizeof(expected);
2097
2098 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2099 goto done;
2100
2101 outlen = sizeof(out);
2102 memset(out, 0, outlen);
2103
2104 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2105 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2106 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2107 sizeof(salt) - 1), 0)
2108 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2109 sizeof(key) - 1), 0)
2110 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2111 sizeof(info) - 1), 0)
2112 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2113 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2114 goto done;
2115
2116 ret = 1;
2117
2118 done:
2119 EVP_PKEY_CTX_free(pctx);
2120
2121 return ret;
2122 }
2123
2124 #ifndef OPENSSL_NO_EC
test_X509_PUBKEY_inplace(void)2125 static int test_X509_PUBKEY_inplace(void)
2126 {
2127 int ret = 0;
2128 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
2129 const unsigned char *p = kExampleECPubKeyDER;
2130 size_t input_len = sizeof(kExampleECPubKeyDER);
2131
2132 if (!TEST_ptr(xp))
2133 goto done;
2134 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
2135 goto done;
2136
2137 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2138 goto done;
2139
2140 p = kExampleBadECPubKeyDER;
2141 input_len = sizeof(kExampleBadECPubKeyDER);
2142
2143 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2144 goto done;
2145
2146 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2147 goto done;
2148
2149 ret = 1;
2150
2151 done:
2152 X509_PUBKEY_free(xp);
2153 return ret;
2154 }
2155
test_X509_PUBKEY_dup(void)2156 static int test_X509_PUBKEY_dup(void)
2157 {
2158 int ret = 0;
2159 X509_PUBKEY *xp = NULL, *xq = NULL;
2160 const unsigned char *p = kExampleECPubKeyDER;
2161 size_t input_len = sizeof(kExampleECPubKeyDER);
2162
2163 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2164 if (!TEST_ptr(xp)
2165 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
2166 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2167 || !TEST_ptr_ne(xp, xq))
2168 goto done;
2169
2170 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2171 || !TEST_ptr(X509_PUBKEY_get0(xp))
2172 || !TEST_ptr_eq(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
2173 goto done;
2174
2175 X509_PUBKEY_free(xq);
2176 xq = NULL;
2177 p = kExampleBadECPubKeyDER;
2178 input_len = sizeof(kExampleBadECPubKeyDER);
2179
2180 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2181 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2182 goto done;
2183
2184 X509_PUBKEY_free(xp);
2185 xp = NULL;
2186 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2187 goto done;
2188
2189 ret = 1;
2190
2191 done:
2192 X509_PUBKEY_free(xp);
2193 X509_PUBKEY_free(xq);
2194 return ret;
2195 }
2196 #endif /* OPENSSL_NO_EC */
2197
2198 /* Test getting and setting parameters on an EVP_PKEY_CTX */
test_EVP_PKEY_CTX_get_set_params(EVP_PKEY * pkey)2199 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
2200 {
2201 EVP_MD_CTX *mdctx = NULL;
2202 EVP_PKEY_CTX *ctx = NULL;
2203 const OSSL_PARAM *params;
2204 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
2205 int ret = 0;
2206 const EVP_MD *md;
2207 char mdname[OSSL_MAX_NAME_SIZE];
2208 char ssl3ms[48];
2209
2210 /* Initialise a sign operation */
2211 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
2212 if (!TEST_ptr(ctx)
2213 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
2214 goto err;
2215
2216 /*
2217 * We should be able to query the parameters now.
2218 */
2219 params = EVP_PKEY_CTX_settable_params(ctx);
2220 if (!TEST_ptr(params)
2221 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2222 OSSL_SIGNATURE_PARAM_DIGEST)))
2223 goto err;
2224
2225 params = EVP_PKEY_CTX_gettable_params(ctx);
2226 if (!TEST_ptr(params)
2227 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2228 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
2229 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2230 OSSL_SIGNATURE_PARAM_DIGEST)))
2231 goto err;
2232
2233 /*
2234 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2235 * EVP_PKEY_CTX_get_params()
2236 */
2237 strcpy(mdname, "SHA512");
2238 param_md = param;
2239 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2240 mdname, 0);
2241 *param++ = OSSL_PARAM_construct_end();
2242
2243 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2244 goto err;
2245
2246 mdname[0] = '\0';
2247 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2248 mdname, sizeof(mdname));
2249 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
2250 || !TEST_str_eq(mdname, "SHA512"))
2251 goto err;
2252
2253 /*
2254 * Test the TEST_PKEY_CTX_set_signature_md() and
2255 * TEST_PKEY_CTX_get_signature_md() functions
2256 */
2257 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2258 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2259 || !TEST_ptr_eq(md, EVP_sha256()))
2260 goto err;
2261
2262 /*
2263 * Test getting MD parameters via an associated EVP_PKEY_CTX
2264 */
2265 mdctx = EVP_MD_CTX_new();
2266 if (!TEST_ptr(mdctx)
2267 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2268 pkey, NULL)))
2269 goto err;
2270
2271 /*
2272 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2273 * able to obtain the digest's settable parameters from the provider.
2274 */
2275 params = EVP_MD_CTX_settable_params(mdctx);
2276 if (!TEST_ptr(params)
2277 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2278 /* The final key should be NULL */
2279 || !TEST_ptr_null(params[1].key))
2280 goto err;
2281
2282 param = ourparams;
2283 memset(ssl3ms, 0, sizeof(ssl3ms));
2284 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2285 ssl3ms, sizeof(ssl3ms));
2286 *param++ = OSSL_PARAM_construct_end();
2287
2288 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2289 goto err;
2290
2291 ret = 1;
2292
2293 err:
2294 EVP_MD_CTX_free(mdctx);
2295 EVP_PKEY_CTX_free(ctx);
2296
2297 return ret;
2298 }
2299
2300 #ifndef OPENSSL_NO_DSA
test_DSA_get_set_params(void)2301 static int test_DSA_get_set_params(void)
2302 {
2303 OSSL_PARAM_BLD *bld = NULL;
2304 OSSL_PARAM *params = NULL;
2305 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2306 EVP_PKEY_CTX *pctx = NULL;
2307 EVP_PKEY *pkey = NULL;
2308 int ret = 0;
2309
2310 /*
2311 * Setup the parameters for our DSA object. For our purposes they don't
2312 * have to actually be *valid* parameters. We just need to set something.
2313 */
2314 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2315 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2316 || !TEST_ptr(p = BN_new())
2317 || !TEST_ptr(q = BN_new())
2318 || !TEST_ptr(g = BN_new())
2319 || !TEST_ptr(pub = BN_new())
2320 || !TEST_ptr(priv = BN_new()))
2321 goto err;
2322 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2323 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2324 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2325 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2326 pub))
2327 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2328 priv)))
2329 goto err;
2330 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2331 goto err;
2332
2333 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2334 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2335 params), 0))
2336 goto err;
2337
2338 if (!TEST_ptr(pkey))
2339 goto err;
2340
2341 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2342
2343 err:
2344 EVP_PKEY_free(pkey);
2345 EVP_PKEY_CTX_free(pctx);
2346 OSSL_PARAM_free(params);
2347 OSSL_PARAM_BLD_free(bld);
2348 BN_free(p);
2349 BN_free(q);
2350 BN_free(g);
2351 BN_free(pub);
2352 BN_free(priv);
2353
2354 return ret;
2355 }
2356
2357 /*
2358 * Test combinations of private, public, missing and private + public key
2359 * params to ensure they are all accepted
2360 */
test_DSA_priv_pub(void)2361 static int test_DSA_priv_pub(void)
2362 {
2363 return test_EVP_PKEY_ffc_priv_pub("DSA");
2364 }
2365
2366 #endif /* !OPENSSL_NO_DSA */
2367
test_RSA_get_set_params(void)2368 static int test_RSA_get_set_params(void)
2369 {
2370 OSSL_PARAM_BLD *bld = NULL;
2371 OSSL_PARAM *params = NULL;
2372 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2373 EVP_PKEY_CTX *pctx = NULL;
2374 EVP_PKEY *pkey = NULL;
2375 int ret = 0;
2376
2377 /*
2378 * Setup the parameters for our RSA object. For our purposes they don't
2379 * have to actually be *valid* parameters. We just need to set something.
2380 */
2381 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2382 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2383 || !TEST_ptr(n = BN_new())
2384 || !TEST_ptr(e = BN_new())
2385 || !TEST_ptr(d = BN_new()))
2386 goto err;
2387 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2388 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2389 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2390 goto err;
2391 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2392 goto err;
2393
2394 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2395 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2396 params), 0))
2397 goto err;
2398
2399 if (!TEST_ptr(pkey))
2400 goto err;
2401
2402 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2403
2404 err:
2405 EVP_PKEY_free(pkey);
2406 EVP_PKEY_CTX_free(pctx);
2407 OSSL_PARAM_free(params);
2408 OSSL_PARAM_BLD_free(bld);
2409 BN_free(n);
2410 BN_free(e);
2411 BN_free(d);
2412
2413 return ret;
2414 }
2415
2416 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
test_decrypt_null_chunks(void)2417 static int test_decrypt_null_chunks(void)
2418 {
2419 EVP_CIPHER_CTX* ctx = NULL;
2420 EVP_CIPHER *cipher = NULL;
2421 const unsigned char key[32] = {
2422 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2423 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2424 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2425 };
2426 unsigned char iv[12] = {
2427 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2428 };
2429 unsigned char msg[] = "It was the best of times, it was the worst of times";
2430 unsigned char ciphertext[80];
2431 unsigned char plaintext[80];
2432 /* We initialise tmp to a non zero value on purpose */
2433 int ctlen, ptlen, tmp = 99;
2434 int ret = 0;
2435 const int enc_offset = 10, dec_offset = 20;
2436
2437 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2438 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2439 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
2440 key, iv))
2441 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2442 enc_offset))
2443 /* Deliberate add a zero length update */
2444 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2445 0))
2446 || !TEST_int_eq(tmp, 0)
2447 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2448 msg + enc_offset,
2449 sizeof(msg) - enc_offset))
2450 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2451 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2452 || !TEST_int_eq(tmp, 0))
2453 goto err;
2454
2455 /* Deliberately initialise tmp to a non zero value */
2456 tmp = 99;
2457 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
2458 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2459 dec_offset))
2460 /*
2461 * Deliberately add a zero length update. We also deliberately do
2462 * this at a different offset than for encryption.
2463 */
2464 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2465 0))
2466 || !TEST_int_eq(tmp, 0)
2467 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2468 ciphertext + dec_offset,
2469 ctlen - dec_offset))
2470 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2471 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2472 || !TEST_int_eq(tmp, 0)
2473 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2474 goto err;
2475
2476 ret = 1;
2477 err:
2478 EVP_CIPHER_CTX_free(ctx);
2479 EVP_CIPHER_free(cipher);
2480 return ret;
2481 }
2482 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2483
2484 #ifndef OPENSSL_NO_DH
2485 /*
2486 * Test combinations of private, public, missing and private + public key
2487 * params to ensure they are all accepted
2488 */
test_DH_priv_pub(void)2489 static int test_DH_priv_pub(void)
2490 {
2491 return test_EVP_PKEY_ffc_priv_pub("DH");
2492 }
2493
2494 # ifndef OPENSSL_NO_DEPRECATED_3_0
test_EVP_PKEY_set1_DH(void)2495 static int test_EVP_PKEY_set1_DH(void)
2496 {
2497 DH *x942dh = NULL, *noqdh = NULL;
2498 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
2499 int ret = 0;
2500 BIGNUM *p, *g = NULL;
2501 BIGNUM *pubkey = NULL;
2502 unsigned char pub[2048 / 8];
2503 size_t len = 0;
2504
2505 if (!TEST_ptr(p = BN_new())
2506 || !TEST_ptr(g = BN_new())
2507 || !TEST_ptr(pubkey = BN_new())
2508 || !TEST_true(BN_set_word(p, 9999))
2509 || !TEST_true(BN_set_word(g, 2))
2510 || !TEST_true(BN_set_word(pubkey, 4321))
2511 || !TEST_ptr(noqdh = DH_new())
2512 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
2513 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
2514 || !TEST_ptr(pubkey = BN_new())
2515 || !TEST_true(BN_set_word(pubkey, 4321)))
2516 goto err;
2517 p = g = NULL;
2518
2519 x942dh = DH_get_2048_256();
2520 pkey1 = EVP_PKEY_new();
2521 pkey2 = EVP_PKEY_new();
2522 if (!TEST_ptr(x942dh)
2523 || !TEST_ptr(noqdh)
2524 || !TEST_ptr(pkey1)
2525 || !TEST_ptr(pkey2)
2526 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
2527 goto err;
2528 pubkey = NULL;
2529
2530 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2531 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
2532 goto err;
2533
2534 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
2535 &pubkey))
2536 || !TEST_ptr(pubkey))
2537 goto err;
2538
2539 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
2540 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
2541 goto err;
2542
2543 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
2544 OSSL_PKEY_PARAM_PUB_KEY,
2545 pub, sizeof(pub), &len))
2546 || !TEST_size_t_ne(len, 0))
2547 goto err;
2548
2549 ret = 1;
2550 err:
2551 BN_free(p);
2552 BN_free(g);
2553 BN_free(pubkey);
2554 EVP_PKEY_free(pkey1);
2555 EVP_PKEY_free(pkey2);
2556 DH_free(x942dh);
2557 DH_free(noqdh);
2558
2559 return ret;
2560 }
2561 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2562 #endif /* !OPENSSL_NO_DH */
2563
2564 /*
2565 * We test what happens with an empty template. For the sake of this test,
2566 * the template must be ignored, and we know that's the case for RSA keys
2567 * (this might arguably be a misfeature, but that's what we currently do,
2568 * even in provider code, since that's how the legacy RSA implementation
2569 * does things)
2570 */
test_keygen_with_empty_template(int n)2571 static int test_keygen_with_empty_template(int n)
2572 {
2573 EVP_PKEY_CTX *ctx = NULL;
2574 EVP_PKEY *pkey = NULL;
2575 EVP_PKEY *tkey = NULL;
2576 int ret = 0;
2577
2578 if (nullprov != NULL)
2579 return TEST_skip("Test does not support a non-default library context");
2580
2581 switch (n) {
2582 case 0:
2583 /* We do test with no template at all as well */
2584 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2585 goto err;
2586 break;
2587 case 1:
2588 /* Here we create an empty RSA key that serves as our template */
2589 if (!TEST_ptr(tkey = EVP_PKEY_new())
2590 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2591 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2592 goto err;
2593 break;
2594 }
2595
2596 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2597 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2598 goto err;
2599
2600 ret = 1;
2601 err:
2602 EVP_PKEY_CTX_free(ctx);
2603 EVP_PKEY_free(pkey);
2604 EVP_PKEY_free(tkey);
2605 return ret;
2606 }
2607
2608 /*
2609 * Test that we fail if we attempt to use an algorithm that is not available
2610 * in the current library context (unless we are using an algorithm that
2611 * should be made available via legacy codepaths).
2612 *
2613 * 0: RSA
2614 * 1: SM2
2615 */
test_pkey_ctx_fail_without_provider(int tst)2616 static int test_pkey_ctx_fail_without_provider(int tst)
2617 {
2618 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
2619 OSSL_PROVIDER *tmpnullprov = NULL;
2620 EVP_PKEY_CTX *pctx = NULL;
2621 const char *keytype = NULL;
2622 int expect_null = 0;
2623 int ret = 0;
2624
2625 if (!TEST_ptr(tmpctx))
2626 goto err;
2627
2628 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
2629 if (!TEST_ptr(tmpnullprov))
2630 goto err;
2631
2632 /*
2633 * We check for certain algos in the null provider.
2634 * If an algo is expected to have a provider keymgmt, contructing an
2635 * EVP_PKEY_CTX is expected to fail (return NULL).
2636 * Otherwise, if it's expected to have legacy support, contructing an
2637 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2638 */
2639 switch (tst) {
2640 case 0:
2641 keytype = "RSA";
2642 expect_null = 1;
2643 break;
2644 case 1:
2645 keytype = "SM2";
2646 expect_null = 1;
2647 #ifdef OPENSSL_NO_EC
2648 TEST_info("EC disable, skipping SM2 check...");
2649 goto end;
2650 #endif
2651 #ifdef OPENSSL_NO_SM2
2652 TEST_info("SM2 disable, skipping SM2 check...");
2653 goto end;
2654 #endif
2655 break;
2656 default:
2657 TEST_error("No test for case %d", tst);
2658 goto err;
2659 }
2660
2661 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2662 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
2663 goto err;
2664
2665 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2666 end:
2667 #endif
2668 ret = 1;
2669
2670 err:
2671 EVP_PKEY_CTX_free(pctx);
2672 OSSL_PROVIDER_unload(tmpnullprov);
2673 OSSL_LIB_CTX_free(tmpctx);
2674 return ret;
2675 }
2676
test_rand_agglomeration(void)2677 static int test_rand_agglomeration(void)
2678 {
2679 EVP_RAND *rand;
2680 EVP_RAND_CTX *ctx;
2681 OSSL_PARAM params[3], *p = params;
2682 int res;
2683 unsigned int step = 7;
2684 static unsigned char seed[] = "It does not matter how slowly you go "
2685 "as long as you do not stop.";
2686 unsigned char out[sizeof(seed)];
2687
2688 if (!TEST_int_ne(sizeof(seed) % step, 0)
2689 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
2690 return 0;
2691 ctx = EVP_RAND_CTX_new(rand, NULL);
2692 EVP_RAND_free(rand);
2693 if (!TEST_ptr(ctx))
2694 return 0;
2695
2696 memset(out, 0, sizeof(out));
2697 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2698 seed, sizeof(seed));
2699 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
2700 *p = OSSL_PARAM_construct_end();
2701 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
2702 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
2703 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
2704 EVP_RAND_CTX_free(ctx);
2705 return res;
2706 }
2707
2708 /*
2709 * Test that we correctly return the original or "running" IV after
2710 * an encryption operation.
2711 * Run multiple times for some different relevant algorithms/modes.
2712 */
test_evp_iv_aes(int idx)2713 static int test_evp_iv_aes(int idx)
2714 {
2715 int ret = 0;
2716 EVP_CIPHER_CTX *ctx = NULL;
2717 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2718 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2719 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
2720 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2721 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2722 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2723 9, 10, 11, 12, 13, 14, 15, 16 };
2724 unsigned char ciphertext[32], oiv[16], iv[16];
2725 unsigned char *ref_iv;
2726 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2727 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2728
2729 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2730 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2731 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
2732 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
2733 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2734 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2735 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2736 #ifndef OPENSSL_NO_OCB
2737 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2738 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2739 #endif
2740 int len = sizeof(ciphertext);
2741 size_t ivlen, ref_len;
2742 const EVP_CIPHER *type = NULL;
2743 int iv_reset = 0;
2744
2745 if (nullprov != NULL && idx < 6)
2746 return TEST_skip("Test does not support a non-default library context");
2747
2748 switch(idx) {
2749 case 0:
2750 type = EVP_aes_128_cbc();
2751 /* FALLTHROUGH */
2752 case 6:
2753 type = (type != NULL) ? type :
2754 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
2755 ref_iv = cbc_state;
2756 ref_len = sizeof(cbc_state);
2757 iv_reset = 1;
2758 break;
2759 case 1:
2760 type = EVP_aes_128_ofb();
2761 /* FALLTHROUGH */
2762 case 7:
2763 type = (type != NULL) ? type :
2764 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
2765 ref_iv = ofb_state;
2766 ref_len = sizeof(ofb_state);
2767 iv_reset = 1;
2768 break;
2769 case 2:
2770 type = EVP_aes_128_cfb();
2771 /* FALLTHROUGH */
2772 case 8:
2773 type = (type != NULL) ? type :
2774 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
2775 ref_iv = cfb_state;
2776 ref_len = sizeof(cfb_state);
2777 iv_reset = 1;
2778 break;
2779 case 3:
2780 type = EVP_aes_128_gcm();
2781 /* FALLTHROUGH */
2782 case 9:
2783 type = (type != NULL) ? type :
2784 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
2785 ref_iv = gcm_state;
2786 ref_len = sizeof(gcm_state);
2787 break;
2788 case 4:
2789 type = EVP_aes_128_ccm();
2790 /* FALLTHROUGH */
2791 case 10:
2792 type = (type != NULL) ? type :
2793 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
2794 ref_iv = ccm_state;
2795 ref_len = sizeof(ccm_state);
2796 break;
2797 #ifdef OPENSSL_NO_OCB
2798 case 5:
2799 case 11:
2800 return 1;
2801 #else
2802 case 5:
2803 type = EVP_aes_128_ocb();
2804 /* FALLTHROUGH */
2805 case 11:
2806 type = (type != NULL) ? type :
2807 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
2808 ref_iv = ocb_state;
2809 ref_len = sizeof(ocb_state);
2810 break;
2811 #endif
2812 default:
2813 return 0;
2814 }
2815
2816 if (!TEST_ptr(type)
2817 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2818 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2819 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2820 (int)sizeof(msg)))
2821 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2822 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
2823 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2824 goto err;
2825 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
2826 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2827 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2828 goto err;
2829
2830 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
2831 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
2832 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
2833 goto err;
2834 if (iv_reset) {
2835 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
2836 goto err;
2837 } else {
2838 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
2839 goto err;
2840 }
2841
2842 ret = 1;
2843 err:
2844 EVP_CIPHER_CTX_free(ctx);
2845 if (idx >= 6)
2846 EVP_CIPHER_free((EVP_CIPHER *)type);
2847 return ret;
2848 }
2849
2850 #ifndef OPENSSL_NO_DES
test_evp_iv_des(int idx)2851 static int test_evp_iv_des(int idx)
2852 {
2853 int ret = 0;
2854 EVP_CIPHER_CTX *ctx = NULL;
2855 static const unsigned char key[24] = {
2856 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
2857 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
2858 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2859 };
2860 static const unsigned char init_iv[8] = {
2861 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2862 };
2863 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2864 9, 10, 11, 12, 13, 14, 15, 16 };
2865 unsigned char ciphertext[32], oiv[8], iv[8];
2866 unsigned const char *ref_iv;
2867 static const unsigned char cbc_state_des[8] = {
2868 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
2869 };
2870 static const unsigned char cbc_state_3des[8] = {
2871 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
2872 };
2873 static const unsigned char ofb_state_des[8] = {
2874 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
2875 };
2876 static const unsigned char ofb_state_3des[8] = {
2877 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
2878 };
2879 static const unsigned char cfb_state_des[8] = {
2880 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
2881 };
2882 static const unsigned char cfb_state_3des[8] = {
2883 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
2884 };
2885 int len = sizeof(ciphertext);
2886 size_t ivlen, ref_len;
2887 EVP_CIPHER *type = NULL;
2888
2889 if (lgcyprov == NULL && idx < 3)
2890 return TEST_skip("Test requires legacy provider to be loaded");
2891
2892 switch(idx) {
2893 case 0:
2894 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
2895 ref_iv = cbc_state_des;
2896 ref_len = sizeof(cbc_state_des);
2897 break;
2898 case 1:
2899 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
2900 ref_iv = ofb_state_des;
2901 ref_len = sizeof(ofb_state_des);
2902 break;
2903 case 2:
2904 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
2905 ref_iv = cfb_state_des;
2906 ref_len = sizeof(cfb_state_des);
2907 break;
2908 case 3:
2909 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
2910 ref_iv = cbc_state_3des;
2911 ref_len = sizeof(cbc_state_3des);
2912 break;
2913 case 4:
2914 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
2915 ref_iv = ofb_state_3des;
2916 ref_len = sizeof(ofb_state_3des);
2917 break;
2918 case 5:
2919 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
2920 ref_iv = cfb_state_3des;
2921 ref_len = sizeof(cfb_state_3des);
2922 break;
2923 default:
2924 return 0;
2925 }
2926
2927 if (!TEST_ptr(type)
2928 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2929 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2930 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2931 (int)sizeof(msg)))
2932 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2933 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
2934 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2935 goto err;
2936 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
2937 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2938 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2939 goto err;
2940
2941 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
2942 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
2943 goto err;
2944 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
2945 goto err;
2946
2947 ret = 1;
2948 err:
2949 EVP_CIPHER_CTX_free(ctx);
2950 EVP_CIPHER_free(type);
2951 return ret;
2952 }
2953 #endif
2954
2955 #ifndef OPENSSL_NO_EC
2956 static int ecpub_nids[] = {
2957 NID_brainpoolP256r1, NID_X9_62_prime256v1,
2958 NID_secp384r1, NID_secp521r1,
2959 # ifndef OPENSSL_NO_EC2M
2960 NID_sect233k1, NID_sect233r1, NID_sect283r1,
2961 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
2962 # endif
2963 NID_brainpoolP384r1, NID_brainpoolP512r1
2964 };
2965
test_ecpub(int idx)2966 static int test_ecpub(int idx)
2967 {
2968 int ret = 0, len, savelen;
2969 int nid;
2970 unsigned char buf[1024];
2971 unsigned char *p;
2972 EVP_PKEY *pkey = NULL;
2973 EVP_PKEY_CTX *ctx = NULL;
2974 # ifndef OPENSSL_NO_DEPRECATED_3_0
2975 const unsigned char *q;
2976 EVP_PKEY *pkey2 = NULL;
2977 EC_KEY *ec = NULL;
2978 # endif
2979
2980 if (nullprov != NULL)
2981 return TEST_skip("Test does not support a non-default library context");
2982
2983 nid = ecpub_nids[idx];
2984
2985 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
2986 if (!TEST_ptr(ctx)
2987 || !TEST_true(EVP_PKEY_keygen_init(ctx))
2988 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid))
2989 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
2990 goto done;
2991 len = i2d_PublicKey(pkey, NULL);
2992 savelen = len;
2993 if (!TEST_int_ge(len, 1)
2994 || !TEST_int_lt(len, 1024))
2995 goto done;
2996 p = buf;
2997 len = i2d_PublicKey(pkey, &p);
2998 if (!TEST_int_ge(len, 1)
2999 || !TEST_int_eq(len, savelen))
3000 goto done;
3001
3002 # ifndef OPENSSL_NO_DEPRECATED_3_0
3003 /* Now try to decode the just-created DER. */
3004 q = buf;
3005 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
3006 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
3007 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
3008 goto done;
3009 /* EC_KEY ownership transferred */
3010 ec = NULL;
3011 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
3012 goto done;
3013 /* The keys should match. */
3014 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
3015 goto done;
3016 # endif
3017
3018 ret = 1;
3019
3020 done:
3021 EVP_PKEY_CTX_free(ctx);
3022 EVP_PKEY_free(pkey);
3023 # ifndef OPENSSL_NO_DEPRECATED_3_0
3024 EVP_PKEY_free(pkey2);
3025 EC_KEY_free(ec);
3026 # endif
3027 return ret;
3028 }
3029 #endif
3030
test_EVP_rsa_pss_with_keygen_bits(void)3031 static int test_EVP_rsa_pss_with_keygen_bits(void)
3032 {
3033 int ret = 0;
3034 EVP_PKEY_CTX *ctx = NULL;
3035 EVP_PKEY *pkey = NULL;
3036 EVP_MD *md;
3037
3038 md = EVP_MD_fetch(testctx, "sha256", testpropq);
3039 ret = TEST_ptr(md)
3040 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", testpropq)))
3041 && TEST_true(EVP_PKEY_keygen_init(ctx))
3042 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
3043 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
3044 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
3045
3046 EVP_MD_free(md);
3047 EVP_PKEY_free(pkey);
3048 EVP_PKEY_CTX_free(ctx);
3049 return ret;
3050 }
3051
3052 static int success = 1;
md_names(const char * name,void * vctx)3053 static void md_names(const char *name, void *vctx)
3054 {
3055 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
3056 /* Force a namemap update */
3057 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
3058
3059 if (!TEST_ptr(aes128))
3060 success = 0;
3061
3062 EVP_CIPHER_free(aes128);
3063 }
3064
3065 /*
3066 * Test that changing the namemap in a user callback works in a names_do_all
3067 * function.
3068 */
test_names_do_all(void)3069 static int test_names_do_all(void)
3070 {
3071 /* We use a custom libctx so that we know the state of the namemap */
3072 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
3073 EVP_MD *sha256 = NULL;
3074 int testresult = 0;
3075
3076 if (!TEST_ptr(ctx))
3077 goto err;
3078
3079 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
3080 if (!TEST_ptr(sha256))
3081 goto err;
3082
3083 /*
3084 * We loop through all the names for a given digest. This should still work
3085 * even if the namemap changes part way through.
3086 */
3087 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
3088 goto err;
3089
3090 if (!TEST_true(success))
3091 goto err;
3092
3093 testresult = 1;
3094 err:
3095 EVP_MD_free(sha256);
3096 OSSL_LIB_CTX_free(ctx);
3097 return testresult;
3098 }
3099
3100 typedef struct {
3101 const char *cipher;
3102 const unsigned char *key;
3103 const unsigned char *iv;
3104 const unsigned char *input;
3105 const unsigned char *expected;
3106 const unsigned char *tag;
3107 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3108 size_t inlen;
3109 size_t expectedlen;
3110 size_t taglen;
3111 int keyfirst;
3112 int initenc;
3113 int finalenc;
3114 } EVP_INIT_TEST_st;
3115
3116 static const EVP_INIT_TEST_st evp_init_tests[] = {
3117 {
3118 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3119 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3120 0, 1, 0, 1
3121 },
3122 {
3123 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3124 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3125 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3126 sizeof(gcmDefaultTag), 1, 0, 1
3127 },
3128 {
3129 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3130 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3131 0, 0, 0, 1
3132 },
3133 {
3134 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3135 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3136 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3137 sizeof(gcmDefaultTag), 0, 0, 1
3138 },
3139 {
3140 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3141 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3142 0, 1, 1, 0
3143 },
3144 {
3145 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3146 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3147 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3148 sizeof(gcmDefaultTag), 1, 1, 0
3149 },
3150 {
3151 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3152 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3153 0, 0, 1, 0
3154 },
3155 {
3156 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3157 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3158 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3159 sizeof(gcmDefaultTag), 0, 1, 0
3160 }
3161 };
3162
evp_init_seq_set_iv(EVP_CIPHER_CTX * ctx,const EVP_INIT_TEST_st * t)3163 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
3164 {
3165 int res = 0;
3166
3167 if (t->ivlen != 0) {
3168 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL)))
3169 goto err;
3170 }
3171 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
3172 goto err;
3173 res = 1;
3174 err:
3175 return res;
3176 }
3177
3178 /*
3179 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3180 * arguments are given one at a time and a final adjustment to the enc
3181 * parameter sets the correct operation.
3182 */
test_evp_init_seq(int idx)3183 static int test_evp_init_seq(int idx)
3184 {
3185 int outlen1, outlen2;
3186 int testresult = 0;
3187 unsigned char outbuf[1024];
3188 unsigned char tag[16];
3189 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
3190 EVP_CIPHER_CTX *ctx = NULL;
3191 EVP_CIPHER *type = NULL;
3192 size_t taglen = sizeof(tag);
3193 char *errmsg = NULL;
3194
3195 ctx = EVP_CIPHER_CTX_new();
3196 if (ctx == NULL) {
3197 errmsg = "CTX_ALLOC";
3198 goto err;
3199 }
3200 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
3201 errmsg = "CIPHER_FETCH";
3202 goto err;
3203 }
3204 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
3205 errmsg = "EMPTY_ENC_INIT";
3206 goto err;
3207 }
3208 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3209 errmsg = "PADDING";
3210 goto err;
3211 }
3212 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3213 errmsg = "KEY_INIT (before iv)";
3214 goto err;
3215 }
3216 if (!evp_init_seq_set_iv(ctx, t)) {
3217 errmsg = "IV_INIT";
3218 goto err;
3219 }
3220 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3221 errmsg = "KEY_INIT (after iv)";
3222 goto err;
3223 }
3224 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
3225 errmsg = "FINAL_ENC_INIT";
3226 goto err;
3227 }
3228 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3229 errmsg = "CIPHER_UPDATE";
3230 goto err;
3231 }
3232 if (t->finalenc == 0 && t->tag != NULL) {
3233 /* Set expected tag */
3234 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
3235 t->taglen, (void *)t->tag))) {
3236 errmsg = "SET_TAG";
3237 goto err;
3238 }
3239 }
3240 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3241 errmsg = "CIPHER_FINAL";
3242 goto err;
3243 }
3244 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3245 errmsg = "WRONG_RESULT";
3246 goto err;
3247 }
3248 if (t->finalenc != 0 && t->tag != NULL) {
3249 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3250 errmsg = "GET_TAG";
3251 goto err;
3252 }
3253 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
3254 errmsg = "TAG_ERROR";
3255 goto err;
3256 }
3257 }
3258 testresult = 1;
3259 err:
3260 if (errmsg != NULL)
3261 TEST_info("evp_init_test %d: %s", idx, errmsg);
3262 EVP_CIPHER_CTX_free(ctx);
3263 EVP_CIPHER_free(type);
3264 return testresult;
3265 }
3266
3267 typedef struct {
3268 const unsigned char *input;
3269 const unsigned char *expected;
3270 size_t inlen;
3271 size_t expectedlen;
3272 int enc;
3273 } EVP_RESET_TEST_st;
3274
3275 static const EVP_RESET_TEST_st evp_reset_tests[] = {
3276 {
3277 cfbPlaintext, cfbCiphertext,
3278 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
3279 },
3280 {
3281 cfbCiphertext, cfbPlaintext,
3282 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
3283 }
3284 };
3285
3286 /*
3287 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3288 * been used.
3289 */
test_evp_reset(int idx)3290 static int test_evp_reset(int idx)
3291 {
3292 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
3293 int outlen1, outlen2;
3294 int testresult = 0;
3295 unsigned char outbuf[1024];
3296 EVP_CIPHER_CTX *ctx = NULL;
3297 EVP_CIPHER *type = NULL;
3298 char *errmsg = NULL;
3299
3300 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3301 errmsg = "CTX_ALLOC";
3302 goto err;
3303 }
3304 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
3305 errmsg = "CIPHER_FETCH";
3306 goto err;
3307 }
3308 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3309 errmsg = "CIPHER_INIT";
3310 goto err;
3311 }
3312 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3313 errmsg = "PADDING";
3314 goto err;
3315 }
3316 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3317 errmsg = "CIPHER_UPDATE";
3318 goto err;
3319 }
3320 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3321 errmsg = "CIPHER_FINAL";
3322 goto err;
3323 }
3324 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3325 errmsg = "WRONG_RESULT";
3326 goto err;
3327 }
3328 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
3329 errmsg = "CIPHER_REINIT";
3330 goto err;
3331 }
3332 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3333 errmsg = "CIPHER_UPDATE (reinit)";
3334 goto err;
3335 }
3336 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3337 errmsg = "CIPHER_FINAL (reinit)";
3338 goto err;
3339 }
3340 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3341 errmsg = "WRONG_RESULT (reinit)";
3342 goto err;
3343 }
3344 testresult = 1;
3345 err:
3346 if (errmsg != NULL)
3347 TEST_info("test_evp_reset %d: %s", idx, errmsg);
3348 EVP_CIPHER_CTX_free(ctx);
3349 EVP_CIPHER_free(type);
3350 return testresult;
3351 }
3352
3353 typedef struct {
3354 const char *cipher;
3355 int enc;
3356 } EVP_UPDATED_IV_TEST_st;
3357
3358 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
3359 {
3360 "aes-128-cfb", 1
3361 },
3362 {
3363 "aes-128-cfb", 0
3364 },
3365 {
3366 "aes-128-cfb1", 1
3367 },
3368 {
3369 "aes-128-cfb1", 0
3370 },
3371 {
3372 "aes-128-cfb8", 1
3373 },
3374 {
3375 "aes-128-cfb8", 0
3376 },
3377 {
3378 "aes-128-ofb", 1
3379 },
3380 {
3381 "aes-128-ofb", 0
3382 },
3383 {
3384 "aes-128-ctr", 1
3385 },
3386 {
3387 "aes-128-ctr", 0
3388 },
3389 {
3390 "aes-128-cbc", 1
3391 },
3392 {
3393 "aes-128-cbc", 0
3394 }
3395 };
3396
3397 /*
3398 * Test that the IV in the context is updated during a crypto operation for CFB
3399 * and OFB.
3400 */
test_evp_updated_iv(int idx)3401 static int test_evp_updated_iv(int idx)
3402 {
3403 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
3404 int outlen1, outlen2;
3405 int testresult = 0;
3406 unsigned char outbuf[1024];
3407 EVP_CIPHER_CTX *ctx = NULL;
3408 EVP_CIPHER *type = NULL;
3409 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
3410 int iv_len;
3411 char *errmsg = NULL;
3412
3413 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3414 errmsg = "CTX_ALLOC";
3415 goto err;
3416 }
3417 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
3418 TEST_info("cipher %s not supported, skipping", t->cipher);
3419 goto ok;
3420 }
3421
3422 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3423 errmsg = "CIPHER_INIT";
3424 goto err;
3425 }
3426 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3427 errmsg = "PADDING";
3428 goto err;
3429 }
3430 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
3431 errmsg = "CIPHER_UPDATE";
3432 goto err;
3433 }
3434 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
3435 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
3436 goto err;
3437 }
3438 if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) {
3439 errmsg = "CIPHER_CTX_GET_IV_LEN";
3440 goto err;
3441 }
3442 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
3443 errmsg = "IV_NOT_UPDATED";
3444 goto err;
3445 }
3446 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3447 errmsg = "CIPHER_FINAL";
3448 goto err;
3449 }
3450 ok:
3451 testresult = 1;
3452 err:
3453 if (errmsg != NULL)
3454 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
3455 EVP_CIPHER_CTX_free(ctx);
3456 EVP_CIPHER_free(type);
3457 return testresult;
3458 }
3459
3460 typedef struct {
3461 const unsigned char *iv1;
3462 const unsigned char *iv2;
3463 const unsigned char *expected1;
3464 const unsigned char *expected2;
3465 const unsigned char *tag1;
3466 const unsigned char *tag2;
3467 size_t ivlen1;
3468 size_t ivlen2;
3469 size_t expectedlen1;
3470 size_t expectedlen2;
3471 } TEST_GCM_IV_REINIT_st;
3472
3473 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
3474 {
3475 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
3476 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
3477 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
3478 },
3479 {
3480 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
3481 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
3482 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
3483 }
3484 };
3485
test_gcm_reinit(int idx)3486 static int test_gcm_reinit(int idx)
3487 {
3488 int outlen1, outlen2, outlen3;
3489 int testresult = 0;
3490 unsigned char outbuf[1024];
3491 unsigned char tag[16];
3492 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
3493 EVP_CIPHER_CTX *ctx = NULL;
3494 EVP_CIPHER *type = NULL;
3495 size_t taglen = sizeof(tag);
3496 char *errmsg = NULL;
3497
3498 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3499 errmsg = "CTX_ALLOC";
3500 goto err;
3501 }
3502 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
3503 errmsg = "CIPHER_FETCH";
3504 goto err;
3505 }
3506 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
3507 errmsg = "ENC_INIT";
3508 goto err;
3509 }
3510 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL))) {
3511 errmsg = "SET_IVLEN1";
3512 goto err;
3513 }
3514 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
3515 errmsg = "SET_IV1";
3516 goto err;
3517 }
3518 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3519 errmsg = "AAD1";
3520 goto err;
3521 }
3522 EVP_CIPHER_CTX_set_padding(ctx, 0);
3523 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3524 sizeof(gcmResetPlaintext)))) {
3525 errmsg = "CIPHER_UPDATE1";
3526 goto err;
3527 }
3528 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3529 errmsg = "CIPHER_FINAL1";
3530 goto err;
3531 }
3532 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
3533 errmsg = "WRONG_RESULT1";
3534 goto err;
3535 }
3536 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3537 errmsg = "GET_TAG1";
3538 goto err;
3539 }
3540 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
3541 errmsg = "TAG_ERROR1";
3542 goto err;
3543 }
3544 /* Now reinit */
3545 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL))) {
3546 errmsg = "SET_IVLEN2";
3547 goto err;
3548 }
3549 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
3550 errmsg = "SET_IV2";
3551 goto err;
3552 }
3553 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3554 errmsg = "AAD2";
3555 goto err;
3556 }
3557 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3558 sizeof(gcmResetPlaintext)))) {
3559 errmsg = "CIPHER_UPDATE2";
3560 goto err;
3561 }
3562 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3563 errmsg = "CIPHER_FINAL2";
3564 goto err;
3565 }
3566 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
3567 errmsg = "WRONG_RESULT2";
3568 goto err;
3569 }
3570 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
3571 errmsg = "GET_TAG2";
3572 goto err;
3573 }
3574 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
3575 errmsg = "TAG_ERROR2";
3576 goto err;
3577 }
3578 testresult = 1;
3579 err:
3580 if (errmsg != NULL)
3581 TEST_info("evp_init_test %d: %s", idx, errmsg);
3582 EVP_CIPHER_CTX_free(ctx);
3583 EVP_CIPHER_free(type);
3584 return testresult;
3585 }
3586
3587 #ifndef OPENSSL_NO_DEPRECATED_3_0
3588 static EVP_PKEY_METHOD *custom_pmeth = NULL;
3589 static const EVP_PKEY_METHOD *orig_pmeth = NULL;
3590
3591 # define EVP_PKEY_CTRL_MY_COMMAND 9999
3592
custom_pmeth_init(EVP_PKEY_CTX * ctx)3593 static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
3594 {
3595 int (*pinit)(EVP_PKEY_CTX *ctx);
3596
3597 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
3598 return pinit(ctx);
3599 }
3600
custom_pmeth_cleanup(EVP_PKEY_CTX * ctx)3601 static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
3602 {
3603 void (*pcleanup)(EVP_PKEY_CTX *ctx);
3604
3605 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
3606 pcleanup(ctx);
3607 }
3608
custom_pmeth_sign(EVP_PKEY_CTX * ctx,unsigned char * out,size_t * outlen,const unsigned char * in,size_t inlen)3609 static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
3610 size_t *outlen, const unsigned char *in,
3611 size_t inlen)
3612 {
3613 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
3614 const unsigned char *tbs, size_t tbslen);
3615
3616 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
3617 return psign(ctx, out, outlen, in, inlen);
3618 }
3619
custom_pmeth_digestsign(EVP_MD_CTX * ctx,unsigned char * sig,size_t * siglen,const unsigned char * tbs,size_t tbslen)3620 static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
3621 size_t *siglen, const unsigned char *tbs,
3622 size_t tbslen)
3623 {
3624 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
3625 const unsigned char *tbs, size_t tbslen);
3626
3627 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
3628 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
3629 }
3630
custom_pmeth_derive(EVP_PKEY_CTX * ctx,unsigned char * key,size_t * keylen)3631 static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
3632 size_t *keylen)
3633 {
3634 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
3635
3636 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
3637 return pderive(ctx, key, keylen);
3638 }
3639
custom_pmeth_copy(EVP_PKEY_CTX * dst,const EVP_PKEY_CTX * src)3640 static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
3641 {
3642 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
3643
3644 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
3645 return pcopy(dst, src);
3646 }
3647
3648 static int ctrl_called;
3649
custom_pmeth_ctrl(EVP_PKEY_CTX * ctx,int type,int p1,void * p2)3650 static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
3651 {
3652 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
3653
3654 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
3655
3656 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
3657 ctrl_called = 1;
3658 return 1;
3659 }
3660
3661 return pctrl(ctx, type, p1, p2);
3662 }
3663
test_custom_pmeth(int idx)3664 static int test_custom_pmeth(int idx)
3665 {
3666 EVP_PKEY_CTX *pctx = NULL;
3667 EVP_MD_CTX *ctx = NULL;
3668 EVP_PKEY *pkey = NULL;
3669 int id, orig_id, orig_flags;
3670 int testresult = 0;
3671 size_t reslen;
3672 unsigned char *res = NULL;
3673 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
3674 const EVP_MD *md = EVP_sha256();
3675 int doderive = 0;
3676
3677 ctrl_called = 0;
3678
3679 /* We call deprecated APIs so this test doesn't support a custom libctx */
3680 if (testctx != NULL)
3681 return 1;
3682
3683 switch(idx) {
3684 case 0:
3685 case 6:
3686 id = EVP_PKEY_RSA;
3687 pkey = load_example_rsa_key();
3688 break;
3689 case 1:
3690 case 7:
3691 # ifndef OPENSSL_NO_DSA
3692 id = EVP_PKEY_DSA;
3693 pkey = load_example_dsa_key();
3694 break;
3695 # else
3696 return 1;
3697 # endif
3698 case 2:
3699 case 8:
3700 # ifndef OPENSSL_NO_EC
3701 id = EVP_PKEY_EC;
3702 pkey = load_example_ec_key();
3703 break;
3704 # else
3705 return 1;
3706 # endif
3707 case 3:
3708 case 9:
3709 # ifndef OPENSSL_NO_EC
3710 id = EVP_PKEY_ED25519;
3711 md = NULL;
3712 pkey = load_example_ed25519_key();
3713 break;
3714 # else
3715 return 1;
3716 # endif
3717 case 4:
3718 case 10:
3719 # ifndef OPENSSL_NO_DH
3720 id = EVP_PKEY_DH;
3721 doderive = 1;
3722 pkey = load_example_dh_key();
3723 break;
3724 # else
3725 return 1;
3726 # endif
3727 case 5:
3728 case 11:
3729 # ifndef OPENSSL_NO_EC
3730 id = EVP_PKEY_X25519;
3731 doderive = 1;
3732 pkey = load_example_x25519_key();
3733 break;
3734 # else
3735 return 1;
3736 # endif
3737 default:
3738 TEST_error("Should not happen");
3739 goto err;
3740 }
3741
3742 if (!TEST_ptr(pkey))
3743 goto err;
3744
3745 if (idx < 6) {
3746 if (!TEST_true(evp_pkey_is_provided(pkey)))
3747 goto err;
3748 } else {
3749 EVP_PKEY *tmp = pkey;
3750
3751 /* Convert to a legacy key */
3752 pkey = EVP_PKEY_new();
3753 if (!TEST_ptr(pkey)) {
3754 pkey = tmp;
3755 goto err;
3756 }
3757 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
3758 EVP_PKEY_free(tmp);
3759 goto err;
3760 }
3761 EVP_PKEY_free(tmp);
3762 if (!TEST_true(evp_pkey_is_legacy(pkey)))
3763 goto err;
3764 }
3765
3766 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
3767 || !TEST_ptr(pkey))
3768 goto err;
3769
3770 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
3771 if (!TEST_int_eq(orig_id, id)
3772 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
3773 goto err;
3774
3775 if (id == EVP_PKEY_ED25519) {
3776 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
3777 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
3778 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
3779 } else {
3780 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
3781 }
3782 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
3783 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
3784 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
3785 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
3786 }
3787 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
3788 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
3789 goto err;
3790
3791 if (doderive) {
3792 pctx = EVP_PKEY_CTX_new(pkey, NULL);
3793 if (!TEST_ptr(pctx)
3794 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
3795 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
3796 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
3797 1)
3798 || !TEST_int_eq(ctrl_called, 1)
3799 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
3800 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
3801 || !TEST_ptr(res = OPENSSL_malloc(reslen))
3802 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
3803 goto err;
3804 } else {
3805 ctx = EVP_MD_CTX_new();
3806 reslen = EVP_PKEY_size(pkey);
3807 res = OPENSSL_malloc(reslen);
3808 if (!TEST_ptr(ctx)
3809 || !TEST_ptr(res)
3810 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
3811 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
3812 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
3813 1)
3814 || !TEST_int_eq(ctrl_called, 1))
3815 goto err;
3816
3817 if (id == EVP_PKEY_ED25519) {
3818 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
3819 goto err;
3820 } else {
3821 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
3822 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
3823 goto err;
3824 }
3825 }
3826
3827 testresult = 1;
3828 err:
3829 OPENSSL_free(res);
3830 EVP_MD_CTX_free(ctx);
3831 if (doderive)
3832 EVP_PKEY_CTX_free(pctx);
3833 EVP_PKEY_free(pkey);
3834 EVP_PKEY_meth_remove(custom_pmeth);
3835 EVP_PKEY_meth_free(custom_pmeth);
3836 custom_pmeth = NULL;
3837 return testresult;
3838 }
3839
test_evp_md_cipher_meth(void)3840 static int test_evp_md_cipher_meth(void)
3841 {
3842 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
3843 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
3844 int testresult = 0;
3845
3846 if (!TEST_ptr(md) || !TEST_ptr(ciph))
3847 goto err;
3848
3849 testresult = 1;
3850
3851 err:
3852 EVP_MD_meth_free(md);
3853 EVP_CIPHER_meth_free(ciph);
3854
3855 return testresult;
3856 }
3857 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
3858
3859 typedef enum OPTION_choice {
3860 OPT_ERR = -1,
3861 OPT_EOF = 0,
3862 OPT_CONTEXT,
3863 OPT_TEST_ENUM
3864 } OPTION_CHOICE;
3865
test_get_options(void)3866 const OPTIONS *test_get_options(void)
3867 {
3868 static const OPTIONS options[] = {
3869 OPT_TEST_OPTIONS_DEFAULT_USAGE,
3870 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
3871 { NULL }
3872 };
3873 return options;
3874 }
3875
setup_tests(void)3876 int setup_tests(void)
3877 {
3878 OPTION_CHOICE o;
3879
3880 while ((o = opt_next()) != OPT_EOF) {
3881 switch (o) {
3882 case OPT_CONTEXT:
3883 /* Set up an alternate library context */
3884 testctx = OSSL_LIB_CTX_new();
3885 if (!TEST_ptr(testctx))
3886 return 0;
3887 /* Swap the libctx to test non-default context only */
3888 nullprov = OSSL_PROVIDER_load(NULL, "null");
3889 deflprov = OSSL_PROVIDER_load(testctx, "default");
3890 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
3891 break;
3892 case OPT_TEST_CASES:
3893 break;
3894 default:
3895 return 0;
3896 }
3897 }
3898
3899 ADD_TEST(test_EVP_set_default_properties);
3900 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
3901 ADD_TEST(test_EVP_DigestVerifyInit);
3902 ADD_TEST(test_EVP_Digest);
3903 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
3904 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
3905 ADD_TEST(test_privatekey_to_pkcs8);
3906 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
3907 #ifndef OPENSSL_NO_EC
3908 ADD_TEST(test_EVP_PKCS82PKEY);
3909 #endif
3910 #ifndef OPENSSL_NO_EC
3911 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
3912 #endif
3913 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
3914 ADD_TEST(test_EVP_SM2);
3915 ADD_TEST(test_EVP_SM2_verify);
3916 #endif
3917 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
3918 #ifndef OPENSSL_NO_DEPRECATED_3_0
3919 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
3920 if (!TEST_ptr(custom_pmeth))
3921 return 0;
3922 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
3923 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
3924 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
3925 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
3926 return 0;
3927 #endif
3928 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
3929 #ifndef OPENSSL_NO_CMAC
3930 ADD_TEST(test_CMAC_keygen);
3931 #endif
3932 ADD_TEST(test_HKDF);
3933 ADD_TEST(test_emptyikm_HKDF);
3934 #ifndef OPENSSL_NO_EC
3935 ADD_TEST(test_X509_PUBKEY_inplace);
3936 ADD_TEST(test_X509_PUBKEY_dup);
3937 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
3938 OSSL_NELEM(ec_der_pub_keys));
3939 #endif
3940 #ifndef OPENSSL_NO_DSA
3941 ADD_TEST(test_DSA_get_set_params);
3942 ADD_TEST(test_DSA_priv_pub);
3943 #endif
3944 ADD_TEST(test_RSA_get_set_params);
3945 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
3946 ADD_TEST(test_decrypt_null_chunks);
3947 #endif
3948 #ifndef OPENSSL_NO_DH
3949 ADD_TEST(test_DH_priv_pub);
3950 # ifndef OPENSSL_NO_DEPRECATED_3_0
3951 ADD_TEST(test_EVP_PKEY_set1_DH);
3952 # endif
3953 #endif
3954 #ifndef OPENSSL_NO_EC
3955 ADD_TEST(test_EC_priv_pub);
3956 # ifndef OPENSSL_NO_DEPRECATED_3_0
3957 ADD_TEST(test_EC_priv_only_legacy);
3958 # endif
3959 #endif
3960 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
3961 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
3962
3963 ADD_TEST(test_rand_agglomeration);
3964 ADD_ALL_TESTS(test_evp_iv_aes, 12);
3965 #ifndef OPENSSL_NO_DES
3966 ADD_ALL_TESTS(test_evp_iv_des, 6);
3967 #endif
3968 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
3969 #ifndef OPENSSL_NO_EC
3970 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
3971 #endif
3972
3973 ADD_TEST(test_names_do_all);
3974
3975 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
3976 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
3977 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
3978 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
3979
3980 #ifndef OPENSSL_NO_DEPRECATED_3_0
3981 ADD_ALL_TESTS(test_custom_pmeth, 12);
3982 ADD_TEST(test_evp_md_cipher_meth);
3983 #endif
3984
3985 return 1;
3986 }
3987
cleanup_tests(void)3988 void cleanup_tests(void)
3989 {
3990 OSSL_PROVIDER_unload(nullprov);
3991 OSSL_PROVIDER_unload(deflprov);
3992 OSSL_PROVIDER_unload(lgcyprov);
3993 OSSL_LIB_CTX_free(testctx);
3994 }
3995